Identifying new risks to ensure business continuity amid a pandemic
By Sam Abadir, Director of Industry Solutions at NAVEX Global
The world knew that a viral outbreak was possible, especially in the wake of viruses such as Ebola and Zika. However, no one could have predicted the widespread impact that COVID-19 would have on individuals and businesses across the globe.
In the U.S. alone, more than 100,000 small businesses have shut down permanently since the beginning of March due to the coronavirus outbreak, according to a study by researchers at the University of Illinois, Harvard Business School, and the University of Chicago. Between January and February, industrial production in China fell by 13.5%, according to the World Economic Forum, which resulted in a significant number of halted or broken supply chains.
While leaders cannot predict when, exactly, emergencies such as a pandemic will occur, they can create risk-based business continuity plans to limit the impact. As the economy begins to reopen and a “new normal” unfolds for employees everywhere, leaders need to repeat risk assessments that take emerging challenges into account. Upon developing such plans, the following guidelines and technologies should be considered.
Getting back to the fundamentals
The pandemic has brought new rules to live by, from social distancing regulations to different channels of communication and interaction with suppliers, customers, and partners. With these changes come new risks, and each needs to be evaluated and accounted for in business continuity plans.
Knowledge managers can help identify where information needs to be shared, and how different departments can best leverage and utilize it.
Business continuity plans have typically focused on risks such as IT failures, natural disasters, and power outages. But now, after the pandemic has shed light on the importance of backup strategies—and with additional waves of COVID-19 potentially underway—businesses are looking to refresh and expand business continuity plans to account for all scenarios and their intersecting risks.
It’s critical, as these plans are developed, that businesses have an integrated view of all risks to understand where resources overlap and bottlenecks exist, and where supplier and customer channels might be impacted. They need to have confidence that their solutions are both rooted in ethics as well as compliance. But, in order for that to happen, businesses need to get back to the basics, with leaders conducting new risk assessments—this time, in coordination with knowledge managers. Knowledge managers can help identify where information needs to be shared, and how different departments can best leverage and utilize it.
Identifying new risk scenarios
To begin the process of updating continuity strategies, leaders and knowledge managers will have to question new risk scenarios and their potential impact. They need to address the following questions:
What will we do differently if there is a second wave of the pandemic, or another pandemic in the future?
Many scientists and researchers have stepped forward to state that there will likely be additional waves of the pandemic. This could mean another round of the same risks the world just faced—from remote work and sick employees to a closed economy and broken supply chains.
What if new COVID-19 barriers prevent your suppliers from trading?
Global supply chains had already become exceptionally complex prior to COVID-19. Nestle, for instance, has stated that it works with 165,000 direct suppliers. The pandemic further complicated things, with social distancing and lockdown orders forcing factories everywhere to close or reduce capacity. In severely impacted countries, some suppliers may not recover in time, or be legally able, to reopen in coordination with their partners' or customer' timeline.
What are the additional or heightened data security risks?
The pandemic quickly forced masses of people to work remotely. With this sudden change, employees began accessing files from remote servers and personal WiFi networks, causing privacy and security concerns and impacting compliance activity. Having a workforce on many different networks makes the business more vulnerable to a cybersecurity breach. While cybersecurity and data privacy regulations are not a new problem, it is important to account for these newly introduced ways the risk could present itself.
Leveraging knowledge managers to inform the business continuity strategy
After identifying newly exposed risks, leaders are equipped with the information needed to prepare an updated business continuity strategy. For example, in the data security example, a third party with access to sensitive information may not be properly managing their work from home policies to comply with privacy regulations and vendor contracts. As a result, the business might terminate the relationship or send them compliant, secure equipment to continue.
It’s critical, as these plans are developed, that businesses have an integrated view of all risks to understand where resources overlap and bottlenecks exist, and where supplier and customer channels might be impacted.
However, simply identifying the strategy is only the beginning. Businesses then need to distribute the plan to the entire organization.
As the key source of information for an organization, knowledge managers must leverage and distribute new information using learning techniques that are most appropriate for the organization’s varying audiences. Those in this role hold an understanding of how new risks might overlap with existing challenges, other newly introduced risks, or across departments. As such, they can ensure that the right business units have the information and visibility necessary to execute against the overall business continuity plan, as it relates to their department.
Creating a risk-aware workplace culture
All employees must understand and be aware of business continuity plans and their roles within them in order for it to be effective. The knowledge manager can help inform all employees of these details by ensuring that risk-based information can be easily found in information systems, such as governance, risk, and compliance (GRC) and integrated risk management platforms (IRM). Equipped with the right information and an appreciation for the types of risks the broader organization faces (and at least a basic understanding of their severity), the organization can take steps toward becoming a risk-aware workplace.
As the key source of information for an organization, knowledge managers must leverage and distribute new information using learning techniques that are most appropriate for the organization’s varying audiences.
A risk-aware workplace is an environment where all employees understand, at a high level, what the potential hazards for the business are, as well as what the risk appetite is and the risk tolerance level. It’s important to recognize that, if not already in place, creating a risk-aware culture—just like any other cultural change—takes time.
While the middle of a pandemic might not seem like a good time to start this cultural shift, the timing is actually perfect. Risks have never been so present, and employees likely expect their organizations to promote a successful risk-based culture as part of the new business continuity strategy and overall plan to get back to normal operations after the COVID-19 disruption is passed.
Utilizing tools that can help
These steps might seem daunting, but they do not need to be conducted manually. There are tools that can help make the processes of identifying risk, developing a plan and communicating with stakeholders seamless. Business continuity management and planning tools, such as an integrated risk management platform, can help organizations plan and prepare for business interruptions to minimize their impact. This software allows businesses to do the following:
- Conduct organizational business continuity planning
- Perform risk assessment and business impact analysis
- Leverage information to determine business continuity management strategy
- Develop business continuity and business resiliency plan
- Confirm plan and conduct table-top testing
- Handle ongoing monitoring of plan fluctuations
- Conduct internal audits
- Evaluate program’s overall effectiveness and evolution
- Continuity strategies informed by KM
Many organizations were unfortunately not prepared for COVID-19. But now, as leaders reopen in the wake of the pandemic, the importance of an effective continuity strategy—informed by knowledge managers—has become clear. With the right strategy, planning, and tools in place to assess and handle risks, businesses will be equipped to combat the next challenge that lies ahead.
Article Link: https://www.kmworld.com/Articles/Editorial/ViewPoints/Identifying-new-risks-to-ensure-business-continuity-amid-a-pandemic-142870.aspx