The world is currently navigating through uncharted territory, facing a crisis unprecedented in its scope and spread. Coronavirus, a disease that birthed in China has now meandered to new epicentres in the US and Europe. It is always challenging to fight an unknown enemy and stave off risks that seemingly do not exist.

However, now that the enemy is known and we have a better understanding of the risks that have germinated, it is incumbent upon organisations to reinvent and reboot for a new normal. If done the right way, companies can create value from the current high risk environment to build more enduring businesses.

Crises generally tend to be highly dynamic in nature, necessitating the need to constantly re-frame existing risk policies and models. This process needs to be top-down in nature and ideally led by the board. A very effective risk governance mechanism can be to set up a board level risk oversight committee. Such a committee periodically assesses the prevailing risks, determines the governance needs of the organisation and then takes the steps deemed necessary to address those needs.

An additional responsibility of the risk committee could be to anticipate risks and stress test the current risk-management plan. A board-level risk committee, whether standalone or hybrid, can be highly effective in cutting through organisational complexity, attaining the necessary visibility into risks and risk management and in exercising risk oversight. If your board doesn’t already have a risk management committee, then it is time to consider instituting one.

We have all grown to understand and appreciate the role that technology plays in our lives. The current crisis further underscores the importance of technology and its ability to help businesses function effectively even in the most extreme circumstances. With the constraints on physical mobility, all companies have had to migrate to a work from home (WFH) model and a new normal of virtual events.

However, there are multiple risks stemming from the WFH model. Key among them are risks to data security, maintaining client confidentiality, access to uninterrupted networks and sufficient hardware inventory. As the pandemic continues, companies need to gear up for a future where maybe 20-30 per cent of the workforce would work from home. Businesses now need to create a renewed cyber and technology policy to reflect the changing environment.

Business continuity plan

The suddenness of Covid and the subsequent lockdown had companies scrambling to implement their BCP. This included migrating to a WFH model, getting together the necessary hardware, updating compliance policies and communicating proactively with employees and clients. The current crisis has given businesses an opportunity to reassess the efficacy of their existing BCP. As the crisis is unfolding, businesses should document the impacts and responses clearly so that they can be reviewed later and learnings can be distilled from the same, just like they do in the airline industry. This will allow businesses to better anticipate future risks and become more proactive and resilient.

Crises can push people and businesses to the wall, testing their mettle and stretching them to the limit. However, they also afford companies the unique opportunity to gain deeper insights into the impact of expected and unexpected risks on their businesses and take these learnings to become better prepared for the future. This could be anything from making wearing masks a part of an employees’ KRAs, as one company in China has done, to following a rotational WFH model through the year.

The writer is President, Risk Advisory, Deloitte India

Related Topics
comment COMMENT NOW