Sofia van Berlekom: Why Risk Management and Business Continuity Must Exist Together

The last 18 months have been synonymous with risk and uncertainty. More organizations are pushing risk management initiatives to the top of their agenda to prepare for unprecedented threats in the new world of work.  

In this article, we share highlights from our conversation with Sofia van Berlekom, Risk, Business Continuity and Compliance Director at AstraZeneca Sweden Operations; on emerging risk & compliance trends, effective risk & compliance communication and the importance of risk management in business continuity.  

Risk as a Vital Process in Business Continuity 

An effective risk management system not only protects an organization, but helps in recognizing new market opportunities. According to van Berlekom, “The pandemic has taught us that we have a lot of common risks and compliances regardless of business sector. But there are opportunities as well, not just risk and compliance issues that have emerged.”  

Risk management is one of the most vital processes companies can do, allowing them to be prepared and mitigate whatever they can in a proper fashion. “Business continuity and risk are linked from a risk perspective, and you know what to focus as resources never are unlimited.,” van Berlekom says. When it comes to allocation of resources, she stresses that “it’s also about priorities, and not wasting resources on something that is not needed.” 

A high level of organizational flexibility is needed for viable business continuity, especially in the wake of a global health crisis. “With the pandemic hitting hard, it was important to be agile and be able to think differently,” van Berlekom says. 

Communication Challenges in the Risk Space 

NAVEX Global predicts a rise in Chief Risk Officer (CRO) or Chief Risk and Compliance Officer (CRCO) appointments in the next few years. More organizations will have a more holistic risk management strategy, integrating compliance, IT, operational, reputational, third-party, and ESG practices. The success of this rests heavily on effective communication and van Berlekom says it’s much broader than the 3LoD.  

“Communication around risk is difficult because it’s a specialized area. It’s also an area which is very general and generalized in the everyday life of people.” There is difficulty speaking the right language that can be understood company-wide. “It’s quite easy to get people confused when you’re talking about business risks compared to the general risks people encounter in their everyday life,” van Berlekom states.  

“Risk & compliance managers on all levels need to practice good oversight without getting lost in the details,” van Berlekom adds. In risk management, a big communication challenge is to find that balance and ensure employees understand “what they can do and what they are obliged to do.” At AstraZeneca, risk identification and risk discussions are incorporated into the tier structure. Regular meetings are held where questions such as “Has anybody seen any risks?” and “Are there any risks that should be mitigated?” are commonplace. Risk awareness at all levels of an organization will improve decision-making and support a culture of innovation. 

Effective Digital Tools in Risk & Compliance  

The shift towards cloud technology has resulted in an exponential increase in data. There is a high demand for trusted data for compliance purposes in addition to real-time data to deal with unexpected events. Therefore, companies need to have a good grasp of technologies that can help them understand and interpret important data about potential risks. Another use of digital tools in the risk space is to increase transparency, according to van Berlekom. 

Here are the top technologies used in risk & compliance: 

• Robotic process automation (RPA) is helpful in automating rules-based GRC processes. With RPA, all business tasks can be managed through a single device, effectively facilitating compliance.  
• Advanced data analytics in risk data management is useful for predicting, measuring and reducing risk. 
• AI and its subsets — machine learning, and natural language processing — can be applied to large data sets to help find indicators of known and unknown risks. 

Risk & Compliance in 2022

“The digital world presents a lot of threats such as cyber threats and information threats,” van Berlekom says. It is no secret that the remote working environment brought IT risks such as data breaches, policy violations, audit failures, and third-party risk to the GRC space.  

Therefore, it makes sense that cybersecurity is now weaved into an organization’s risk management strategy. “At AstraZeneca, digital threats and cyber threats are a part of our risk landscape. We also have the IT department connected to the global operations network, which means that it is a natural part of the risk discussion,” van Berlekom states.   

In addition, van Berlekom says that the effects of the global political landscape should not be underestimated, as they can impact an organization’s operations and value chain. Moving forward, companies must be aware of the latest developments in today’s geopolitical environment and the possible regulations and enforcements that will follow. Risk & compliance officers must also extend their expertise to supply chain teams to build a strong supplier risk management strategy.  

Risk management professionals will play a key role in creating future-proof business continuity plans alongside C-level peers. As workplaces continue to evolve, risk & compliance initiatives will remain a priority as organizations find new and innovative ways to do business.