The COVID-19 pandemic has fundamentally shifted not only global business and the economy, but our entire world as we know it. But who better to lead organisations through these unprecedented times than GRC professionals?
If you’re like us, the first thing that came to mind when this pandemic started to spread was “how can we help?” We’re not doctors. We’re not nurses. We can’t help on the “front-lines.” But as risk managers, compliance and controls professionals, and auditors, we’re in a unique position to help our organisations respond effectively to the almost-daily risks emerging from this crisis.
At Galvanize, we’ve had to learn and adjust quickly to the challenges that have been thrust upon us over these past months. And while we’ve never experienced anything like this before, we decided to build on a number of powerful tools, combined with tried-and-tested tactics, to help us navigate risk, business continuity, and communications.
8 core business aspects
As part of this initiative, we focused on eight core elements. We included a few examples of what, specifically, you can drill into to help guide risk-based decision-making.
1. Workforce health: Are we keeping our employees safe and happy?
• Are we mandating that employees work-from-home (WFH)?
• Do we have a self-reporting tool?
• Do we need to provide facility access?
• Are our remote workers properly equipped?
• How are our employees feeling overall?
2. Workforce effectiveness: Are employees maintaining productivity?
• Are we adjusting the way we work in this new WFH reality, with things like daily stand-ups or virtual water coolers?
• Do we need to reassess our vacation policy?
• Does our compensation strategy need reviewing?
• Are employees working on the things that will move the needle?
3. Customer continuity: How is customer activity changing over time?
• Are customers still using our software as frequently?
• Is there an increase or decrease in support tickets?
• Is new business continuing to flow in?
• Are new projects being started with the same consistency as before?
• Are customers continuing to renew their software at the same pace?
4. Third-party continuity: How are partners, vendors, and other third parties managing?
• How are supply chains around the globe being impacted?
• Are vendors still delivering at previous levels?
• Are partners in different geographical areas facing unflagged risks or challenges?
5. Financial contingency: Are we forecasting and adjusting correctly?
• Are revenues trending into negative territory?
• Where can we cut back on discretionary spending?
• How are our competitors faring?
• Are there any opportunities for mergers and acquisitions during this time?
6. Communications: Are we updating employees, partners, customers, and vendors regularly?
• Are we ensuring our internal and external communications are open, that we’re being authentic and maintaining credibility?
• Is there a single source where all employees can go for updates?
• Are there daily management and C-suite stand-ups to review new developments?
• Do partners get regular updates from their contacts?
• Are we reassuring customers of our continuity, sharing our Pandemic Preparedness Plan? Our CEO Laurie Schultz crafted and shared a message on that topic.
7. Security: Are the organisation’s assets protected against these new risks?
• Are we adjusting our controls to meet the developing cyber risks as more of the workforce goes remote?
• While all workers are remote, is our physical site secure?
• Are the organisation’s assets secure in the homes of our employees? (Is there a secure place to store laptops so they don’t get stepped on.)
8. Reputational monitoring: How can we continue to ensure the organisation’s reputation isn’t at risk?
• Are we monitoring social media for customer sentiment and satisfaction levels, and responding before issues escalate?
• Are we being agile and responding to customer/client concerns quickly?
• Are we reacting appropriately? If there’s an existing crisis plan, are we following it, and if not, how are we developing/implementing one?
Be proactive, not reactive
We’ve never experienced a global pandemic on this scale before, and certainly no crisis event that has been this disruptive to global business and life. Whether your organisation has an established crisis management plan to deal with a pandemic of this scale or not, all compliance and risk officers are currently dealing with similar challenges.
When it comes to responding to risk during a global crisis, you could take the approach of reacting to the events after they happen. Or, using your data and a strategic risk-based approach, you could create a longer line of sight to see the risk coming, and act to mitigate it.
We will be holding a webinar on April 15th at 10am BST where we will share guidance on developing these eight core business objectives to maintain operations during this pandemic, and provide a methodology for managing and monitoring your risk response around these objectives and the controls you need to implement.