Now more than ever, it is crucial for businesses to prepare for multiple dimensions of COVID-19-related risk. MetricStream’s Executive Chairman Gunjan Sinha outlines the key areas where leaders should focus to guide their companies.
As we move through 2020, the COVID-19 pandemic caused by the novel coronavirus continues to cripple global business with more than 2 million people globally contracting the virus. The last time the world saw such a widespread crisis was from the subprime mortgage crisis in 2008 that caused the worst U.S. recession since the Great Depression.
While we are still riding out the storm of COVID-19, businesses must draw on the insights gained over the last 12 years to address Unknown Unknowns.
Where GRC Can Help
In 2008, governance, risk and compliance (GRC) was just being established in response to banks’ needs for systems to deal with the uncertain times and landscape. With banks facing new regulations, insights into their financial systems would be crucial to properly deal with issues across the globe. GRC software was created to help these entities enact compliance controls, apply them effectively and measure risk management. Since then, GRC software has assisted companies in almost every vertical and provides versatile tools for organizations navigating the COVID-19 crisis. With organizations, governments and health care institutions being stretched in ways unimaginable four months ago, having a plan to address risk is paramount.
In order to enact a strong risk governance program, companies need to review their key risks on a quarterly basis to stay prepared. Organizations looking to avoid unnecessary risk should attempt to identify where and when potential hot spots may arise. Risk stemming from COVID-19 – in terms of geographies, customers, suppliers, business lines and other company assets – needs to be accounted for to provide visibility during a response. Once the relevant hot spots have been located, be sure you have a system in place to assess risk and coordinate with the appropriate parties.
Below are four dimensions of risks to be aware of to maintain risk fitness and overall corporate compliance.
1. Operational Risk
Operational risk covers a company’s people, including third parties, who often form the nucleus to support key business operations. Business systems and processes are increasingly becoming intertwined, so if an incident was to occur inside a supplier’s system, the wider organization and supply chain associated could be impacted. Because of this, the speed of any response is key to a company’s ability to surmount a crisis.
The ripple effect of COVID-19 is causing offices to shut down, suppliers to function on a reduced capacity and employees to work remotely. Businesses can remain resilient by making sure the right controls are in place. Measuring the scope of impact through rapid assessments to employees and third parties can assist in predicting workforce changes or supply chain disruptions.
Technology plays an important role in automating the functions people rely on when we are forced to stay isolated. With IT systems facing unprecedented remote access and usage demands, the risk of high threat levels and vulnerabilities means that cybersecurity plans should also be in place.
2. Financial Risk
Financial risk increases when companies run into issues obtaining financing or when revenues and margins drop. Disruptions within the supply chain can also create problems in distribution and production, impacting sales. This, in turn, can cause missed revenue targets, a lack of clarity to provide forward-looking guidance and facility closures.
Developing a process playbook to serve as a roadmap can help mitigate risk. This playbook gets the essence of the right actions into the hands of the best team members who can take action. As the landscape shifts, the playbook can be adjusted to adapt to the risks that arise. Crises like this require quick action to prevent financial risk. By avoiding reinventing the wheel wherever possible you can save time without cutting corners. Conducting accurate business impact assessments, mass notifications and solid business continuity management are key to avoiding financial challenges.
Any crisis creates opportunities to excel within an industry, bringing forth a chance to show how you responded better than competitors did. On the other hand, a lack of leadership can create mistrust and confusion within your organization and customer base. The question can arise, if the firm can’t handle the crisis, can they handle my business?
A detailed, compliant framework allows companies to easily coordinate the systems of GRC properly. This can involve unwritten social contracts – think goodwill and reputation – or written contracts with suppliers, regulators, customers and partners.
Another important factor is to review corporate policies to ensure you are complying with regulations laid out by your country or state. Be sure to tighten existing controls in cybersecurity and workplace health. Avoiding risk and ensuring the safety of your workers and business assets should remain a top priority. As consumers and regulatory bodies such as the FCA and SEC push for stronger conduct rules, not addressing reputation risk can damage a company’s reputation even after a crisis is resolved.
4. Strategic Risk
Companies need a complete understanding of how the risks associated with all aspects of their business coexist. During an unprecedented time such as the COVID-19 pandemic, it will not be uncommon for businesses to have to pivot away from tried-and-true business models or processes. A company’s ability to quickly triangulate key personnel risk, business resumption risk and operational risks will separate it from the competition.
The makeup of larger corporations can often be extremely complex. In order to properly pivot, senior management must have a deep understanding of how everything is interconnected; if something goes really wrong, they’ll know how to problem-solve effectively. However, small companies are just as much at risk, as their resources to outlast a crisis may be limited.
What is on the Horizon?
The financial crisis in 2008 has paved the way for 12 years of strong growth from companies that both survived and were able to thrive in a time of economic recovery. With COVID-19, GRC is even more important as workers and business go digital, cybersecurity risks increase and growing globalization forces companies to follow regulations across the globe.
Whether you are part of a large, global bank or smaller local business, GRC is a powerful tool for business leaders to manage compliance policies now and in a post COVID-19 world. There is no one-size-fits all approach to a compliance program. However, the common thread is building a program that is future-proof (i.e., agile and scalable to respond to changes in the market).
By preparing for and investing in a plan to handle future events, your business can hit the ground running during a future crisis. Remember, being prepared is the first stepping stone to eliminating panic and building toward success.