In a world where everything is interconnected, the coronavirus outbreak is causing major business disruption. Organizations that depend heavily on a large third-party supplier network are feeling the effects of slower delivery times or even a supply-chain shut down. Complicating matters further, governments are beginning to impose strict quarantine measures and mandate business closures or restricted business hours. Then of course you have the people component of the outbreak — acclimating to a remote workforce and possibly experiencing increased absenteeism and return-to-work issues.
Can anything be learned from this devastating crisis? The coronavirus, along with other threats or disasters, is teaching us a painful lesson by exposing the weaknesses in our operations that were otherwise hidden from view. These weaknesses are causing every type of business risk – reputational, operational, and financial. If we learn from this by putting in place proper risk management policies and procedures to remove or at least mitigate the weaknesses, then going through this painful process will not be for nothing.
The ultimate lesson is that companies must anticipate threats to its operation, whether it is a pandemic or a cyber breach. The coronavirus crisis highlights how organizations must update and extend their crisis management and business continuity plans, with an emphasis on employees, customers, supply-chain contacts, stakeholders, and business assets. And they cannot forget to evaluate how insurance might respond to pandemic-related costs.
Lessons to Learn
The lesson we can learn from all this is that having an integrated risk management process in place can make all the difference in an organization’s ability to see and prepare for coming risks quickly and effectively. The key word here is integrated. Unless all risk-related activities are connected in one place, each one of these activities is done in isolation, making it nearly impossible to add it all up and act as fast as possible.
Here are 6 tips to help you respond to today’s coronavirus crisis – and prepare for the next time something happens:
- Identify what hazards and what degree of harm would be caused if an infected person were to be in contact with your property or employees.
- Establish how to control each risk. This may include plans for cleaning and for allowing employees to work from home.
- Create a communication plan for employees, customers, and partners.
- Review policies and procedures continuously to be in line with any risk changes caused by the coronavirus.
- Ensure Business Continuity Management (BCM) processes are factored into your ERM program.
- Continuously take inventory of all business risks, and ensure coverage is available to meet those exposures.
In business-as-usual times, procurement and third-party risk management departments conduct due diligence and ongoing monitoring of third parties across various risk domains. But with an event like the coronavirus, organizations must move quickly to assess their vendors to determine which are critical, which operate in affected regions, and what the impact is likely to be. Those vendors representing the highest risk of impact are targets for outreach. This can be carried out through a questionnaire asking vendors to share details on how they are affected and documentation on the steps they have taken to mitigate and manage their response.
Other suggestions are:
- Monitor suppliers continuously.
- Source from two or more suppliers rather than one.
- Map suppliers’ manufacturing, warehouse, and distribution facilities to ensure they’re not all located in the same region.
By using an integrated risk management approach to identify and prepare for specific events like the coronavirus outbreak– and setting up processes and procedures to monitor for them – the best companies will be better positioned to avoid major disruption.