Recap & Poll Results: COVID-19 – Returning To Work, Remediating And Rethinking Risk Management Programs
Written by Supply Wisdom Team
- COVID-19 risk event has gone on for a prolonged period of time – risks have not gone away and there are a lot of unknowns
- Current situation unlike our past experience – risk events diminished quickly and disappeared – the lag between the start and end was brief, remediation was also quick.
- With companies around the world turning their focus to people coming back to work, it becomes really important for risk leaders to think about:
1) How do you protect your workforce as they start coming back into the office?
2) What can we learn from this remediation to rethink our risk programs?
RISKS THAT NEED TO BE MANAGED AS WORKFORCE RETURNS TO THE OFFICE:
- Mindful of employees concerns – mental health – manage fear and doubt
- Need to understand the implications of coming back too soon
- Compliance risks – different regulations state by state
- Unprecedented shift to remote working – increased cyber risks from lack of controlled networks, use of personal devices, reliance on home network access, potentially compromised IPs, etc.
- Risks will evolve again as remote workers return to the office
- Rapid response required to enable remote working resulted in some concessions – now is the time to rethink our programs related to people, cyber, financial, etc.
- Work from home programs are here to stay – maybe not at the level they are presently -but it will be a much larger number than existed before COVID.
WHAT WE HAVE LEARNED?
- While Risk and Compliance Professionals are focused on COVID, all other risks are still there (i.e. hurricane season is coming)
- Static information does not work – it’s all about dynamic / real-time information
- Risk intelligence will be more important than ever before – not just for Risk Leaders – everyone in the organization will have a need for it
- Risk profiles of third parties can possibly change on a daily basis – need continuous monitoring
RETHINKING RISK PROGRAMS:
This crisis has forced Compliance and Risks Leaders to rethink:
- How to manage risk?
- How to manage third parties?
- How to look at risk assessments?
- How to plan for future scenarios (i.e. second wave)?
ANTICIPATED CHANGES IN REGULATORY LANDSCAPE:
- Regulators will be more focused on continuous monitoring and on end-to-end type oversight – operational resiliency
- Regulations becoming more jurisdictional – state by state
- Data privacy – people working remotely in non-secure locations
HOW WILL RISK ASSESSMENTS CHANGE?
- More focused and streamlined – no more 1000 question assessments
- Real-time and continuous risk intelligence will enable targeting of prioritized risks
- Go deep in prioritized risks and continuously monitor others
- Understand the end-to-end risk associated with core processes
- Leverage ongoing monitoring to get a good picture of third-parties’ risk profiles and how it’s changing
HOW WILL RISK PRACTICES EVOLVE TO AVOID AND BE BETTER PREPARED FOR FUTURE DISRUPTIONS?
- Focused and deeper with reliance on risk data
- Faster, more agile, ready to adapt and change
- Leverage playbook of responses to enable quick action
- Need an all hazards approach to dealing with risks
- More imaginative approaches, different tools and scenarios
- Change the paradigm of risk from episodic monitoring to knowing changes in real-time
- Continuously monitoring wider range of risks – early warning enables quick actions
- Risk intelligence should be embedded in the culture and disseminated across the organization beyond the risk group
- Risk management decision cycles need to be shorter to enable quick action