The coronavirus or COVID-19 presents significant risks to your business .
- lockdowns causing a sudden fall in demand for your products or services,
- staff shortages
- supply chain disruption.
- your business may be more fragile or cash-strapped due to lowered demand.
Some key questions are front of mind
- What is this crisis is long term?
- Will your customers consume less or change the way they purchase?
- What do you need to be ready for a rapid recovery when things show positive signs?
Managing risk follows the same processes of managing any effective system
- PLAN – Know Your Hot Spots to prioritize action plans and execution efforts
- ACT – Keep a tight handle the right actions to take through dynamic risk intelligence
- ADAPT – As the crisis unfolds, know how and when to shift resources and adjust business processes
Similar to Eli Goldratt’s “theory of constraints” methodology to achieve your goal is to
- identify the constraint
- put all resources to mitigate the constraint - release the constraint
- go for the ride - and boom -
- there will be another constraint - rinse and repeat
And David Hodes 5-Step Focus
- Find the constraint
- Optimise the constraint
- Collaborate around the constraint
- Uplift
- Start Again
(David Hodes had a brilliant presentation at our BBG Enterprise forum - “your constraints are your best friend”)
It’s the same with risk
Here are the 4 steps of risk management to help you navigate through the crisis
- IDENTIFY AND ASSESS THE RISK
- DEVELOP MITIGATION STRATEGIES,
- REMOTE AUDITING and
- PUTTING A BUSINESS CONTINUITY AND RECOVERY STRATEGY IN PLACE
Priyabrata Sahoo unpacks this into 4 sections
1. IDENTIFY and ASSESS THE RISKS
Before you can mitigate the risk - you need to know what the risks are - (the basic premise of what you can measure you can manage.
- Identify and understand the risks affecting your business - Create a risk register
- Assess the level of each risk on how it will affect the overall business goal
- Develope strategies to mitigate the risk
Identifying the risk
These are the 5 areas of risk to look at in a business
Strategic Risk
– make sure you have strong leadership , with a clear purpose and solid values
- Are you prepared to pivot?
- Do you have a full understanding of how the risks associated with all aspects of your business are interrelated.
- Your ability to effectively manage personnel risk, business resumption risk and operational risks will separate themselves from the pack
Operational Risk
– This includes your
- people, and key stakeholders including third parties who form the nucleus to support key business operations.
- premises
- product
- assets
- supply chain - distribution and production
Financial Risk
– Financial risk increases when your business is facing hurdles - it’s easy raising finance when things are good - try get a loan from your bank when revenues and margins drop!
Reputation Risk
– The way your business handles the crisis will affect the way your customers look at you in the future. Good leadership will make your business shine in times of crisis - potential acquisitions and opportunities will flow.
- lack of leadership creates mistrust and confusion.
Digital Risk
The role of technology to automate functions that rely on people becomes paramount when people get isolated.
cyber security is a biggie
The weaknesses and threats of the SWOT analysis - should clearly identify these risks (ps ... be sure to identify the strengths and opportunities as well)
Identify what the biggest risk is from COVID- 19. Infection to those who may be at risk may include
- Physical risk of your staff, visitors to your business facility, cleaners, contractors, customers
- disruption due to social distancing,
- plummeting employee productivity,
- tensed supply chains,
- recession,
- unemployment,
- investment pull-back and civil unrest.
Ensure there are Business continuity systems and strategies - Are there disaster recovery (DR) strategies across your organizational functions, to improve response time during critical events, and more.
Ensure there is an Internal Audit risk assessments and define action plans to remediate issues and monitor them to closure.
Assessing the risk
Risk assessment is key in managing risk , improving safety and improving business performance!
How to Assess Risks
Steps to follow are:
- Risk identification which follows event identification and precedes risk response
- Develop assessment criteria
- Assess risk interactions
- Prioritise risks as per their probability, vulnerability and speed of onset. You can define these under 4 criteria like high/some/small/very little probability.
The steps in risk assessment steps include risk analysis, risk evaluation, risk communication, and risk response.
2. Develop Mitigation Strategies
Depending on your industry, company size, location, and other factors, you can make a wide range of preparations. Your risk response should be driven by the decision of risk acceptance, reduction, sharing, avoidance or complete elimination of each risk.
Below are some common areas that will help you plan your risk mitigation:
- You can consider moving your budget from fixed cost to variable spending. Reconsider the rent on office space as more employees will be working remotely.
- Cash is king for businesses – it is wise to cut down unnecessary spending or expansion plans to conserve the cash.
- While focusing on the operational elements of risk management such as taking care of people, having them work from home, it is also critical to think from the viewpoint of compliance by publishing clear HR policies, data security policies, confidentiality and other policies.
- You may choose to shift toward the localization of your supply chain so that you can be immune to the increasing protectionism and risk aversion due to a recessionary climate.
- Digitization: More than ever before, digitization is getting a real push, and everybody is on a fast forward mode to experiment with digital channels into every aspect of their business. But this calls for more investment in the cloud, data, cybersecurity, and digital risk management.
- Increase supply chain resilience: While it is good to localize supply chains, it is required to build capabilities in your supply chain to respond to unexpected events quickly or return to the earlier supply chain as soon as possible or innovate to get to a better state.
- Be sure to connect and maintain repositories of all risk mitigation activities, procedures, and controls in one place to make it easily accessible when needed.
- Put internal controls in place to mitigate risks. For example, in the context of COVID-19, simple controls may include hand washing, cleaning, social distancing, etc.
- Properly document all processes and systems to ensure that there is no reliance on any one person and business continuity can be maintained.
- A key factor is putting in place a continuous training programme - to upskill and reskill your team. To train them on your various processes.
3. Audit
After you have put all risk mitigation strategies and controls in place, you need to do auditing to check if all is working well.
The use of audit functionalities on smart devices has been greatly transforming the changing audit landscape.
This is done by
- Simulating face-to-face working environments with virtual environments including phones, computers, and services.
- Capture organizational communication processes when defining remote auditing
- Virtual storage of records (shared or isolated)
- Broadcast messages – video conferencing, teleconferencing, email or group meetings
- Prepare well before virtual meetings to ensure every dialogue for decision making is covered and before concluding the meeting, clarify action items, owners, and deadlines.
- Have a central location that contains an up-to-date contact list with email, phone numbers with work time or work shifts.
- Set up online audit scheduling, format, and checklist.
- Use desktop sharing features extensively as necessary for reviewing records, procedures, documents, audit trails, procedure reviews, recording meetings, video conferencing, and audio conferencing.
- Use Asynchronous communication such as SharePoint offices.
Ian Abrahams - Corprofit - Developed a risk management system called “knowrisk”
4. PUT A BUSINESS CONTINUITY AND RECOVERY STRATEGY IN PLACE
Whether you already have a business continuity plan or are putting a plan in place now, consider addressing COVID-19 in the plan.
A continuity plan calls out the critical and time sensitive applications, vital records, processes, and functions to be maintained, as well as the personnel and procedures necessary to do so, while the entity is being recovered. It needs to have six major components:
Data critical analysis and data back-up plan ( DCA & DBP ),
Business Continuity Plan (BCP),
Emergency Response Plan (ERP),
Contingency Testing Plan (CTP) and
Disaster Response Plan (DRP)
Here are a few important steps to follow while creating a plan:
- Find and analyze Business Continuity Strategy requirements and document them. ((Des Whyte - Expertential has developed a technology to help document processes and enable people to record and track activity in the system. )
- Review issues related to business recovery, technology and non-tech recovery issues for each support service.
- Identify, analyze, and document alternative recovery strategies.
- Compare internal and external solutions assessments of risk associated with each optional recovery strategy.
- Assess suitability of alternative strategies against the results of a business impact analysis.
- Effectively analyze business needs criteria, and the objective of planning and evaluation method.
- Senior management must be aware of the Cost/Benefit Analysis of Recovery Strategies and recommendations from experts.
This crisis - we’ve been here before - and we will probably be here again.
For your business to survive and thrive in a crisis you will need a risk management and business continuity plan in place, so you can take advantage of the opportunities that present itself .