While the COVID-19 crisis has affected every company worldwide in some way, each is different and facing its own unique challenges. Business continuity planning may help mitigate some of the damage caused by the outbreak, but the scope of the crisis and the nature of response measures will certain be testing any plan to its limits. Although risk professionals try to prepare for every eventuality, few will have drafted a complete plan to address a global pandemic that strikes so quickly and broadly, and has no clear endpoint.
Amid the COVID-19 crisis, there are a number of important issues companies need to consider to manage associated risks. According to PwC, risk professionals should ask themselves six key questions.
First, where did pandemic risk fall within the latest risk assessment results, and has a risk interconnectivity analysis been completed to understand other key business risks triggered by the pandemic risk?
Second, are technology tools being leveraged for consolidated risk reporting, including the rapid development of key risk indicators that are specific to pandemic risk?
Third, in light of the pandemic risk event, is there a need to review the current risk appetite framework with the board and senior management in order to understand the impact on the company’s current risk profile?
Fourth, are current internal audit and second-line risk function testing plans being reevaluated to ensure they adequately cover pandemic risk elements?
Fifth, what risks have emerged (such as heightened cyber risks due to a remote workforce or a third-party response to the pandemic) that need to be addressed, and are there protocols in place to report, aggregate and analyse emerging risks as this situation evolves?
Finally, how will COVID-19 impact your controls reporting to stakeholders and your service organisation’s controls reporting to you?
Companies that have not undertaken a pandemic risk assessment are advised to do so immediately. As Aon notes: “The source of exposure as a result of the coronavirus can be far-reaching – from employee health, to supply chain disruption, to rapidly changing government advice or regulation. Companies must understand the main scenarios that could most impact them and invest in appropriate control and response measures that reflect the exposure.”
It is also prudent to review insurance policies and seek professional advice on whether and how current policies may provide coverage. Understandably, the outbreak is a complex insurance issue, so professional advice should be sought. In many cases, traditional insurance, such as business interruption policies, is unlikely to be triggered by COVID-19.
Companies should also use the COVID-19 crisis as a learning experience. Those that have not will almost certainly incorporate pandemic planning into enterprise risk management. In addition to promoting a risk culture throughout their organisations, risk executives should also take steps to increase collaboration across risk functions and leverage new technologies and tools. “By increasing the speed and accuracy of data collection and analysis, these tools can help swiftly provide risk insights to the business to support informed decisions”, notes PwC.
Existing technology systems have been stretched by the COVID-19 outbreak, with additional strain on IT infrastructure as more people are forced to work remotely. There are both opportunities and risks involved with remote working. While remote working may provide a better work/life balance for some, and has been found to increase productivity, time management and quality of work, it also raises concerns over cyber and data security.
Many companies now face heightened risks around technology and the threat of malware, ransomware and other attacks. In response to these growing threats risk management professionals should place cyber security at the heart of their business continuity and resilience planning. Companies with a strategic, rather than operational, approach to cyber security tend to be more able to withstand the stresses caused by these threats.
Many organisations are resistant to change. But in an interconnected economy, the scale of COVID-19 will force them to adapt or fail.
To optimise risk management, companies need to allocate resources to research and adopt new technology solutions that keep services running, business operational and people healthy. Technology’s ability to deliver innovative solutions quickly and efficiently will make it a key part of risk management strategies and help companies to prepare for the next crisis, whenever it may come.
© Financier Worldwide
BY
Richard Summerfield