More than half of 261 compliance and audit professionals surveyed about preparedness for the coronavirus pandemic said their companies did not have a crisis response plan for this type of event or that their plan wasn’t current. An additional 41% of respondents said they had an up-to-date crisis response plan, while the remaining 8% were uncertain.
The survey was conducted by Compliance Week and Riskonnect. Respondents to the survey were primarily from large companies, with 30% working for organizations with more than 10,000 employees and another 30% working for firms with between 1,000 and 10,000 employees.
More than one third of survey respondents (35%) said that a pandemic or similar global-crisis risk event was not on their radar of potential threats. Another third (36%) said it was on their radar, but not to the magnitude of the actual event. Just one in ten said a global pandemic of this magnitude was on their radar of potential threats.
Nearly half (48%) of compliance professionals who replied to the survey said the pandemic revealed a need for improving governance, risk, and compliance (GRC) processes and technology within their organization. The rest were split between being uncertain (26%) and saying it did not reveal such a need (26%).
Another area where companies said the pandemic exposed weaknesses was in their data. More than half (52%) said their data resides in multiple sources and needs to be pulled together manually. An additional 11% said their data is siloed across the organization and is therefore difficult to pull together. Another 9% said they don’t know where all their firm’s data is stored.
Bob Bowman, senior director, risk management at The Wendy’s Company, notes that the fast-food chain had a solid plan in place to deal with the effects of the coronavirus pandemic on its business – but it didn’t anticipate how long the pandemic would continue to affect its core business.
“One of the more significant difficulties associated with the COVID-19 event is endurance,” he explains. “It’s challenging to have the incident response team actively convened for a period of months, as opposed to a limited duration, which is more common.”
One positive to emerge from the coronavirus pandemic was that compliance professionals’ ability to lead was tested – and they performed admirably, according to survey respondents. A full 72% said their ability to provide leadership with timely risk- and compliance-related data was “good” or “very good,” while another 20% said it was “fair.”
When asked about the most difficult crisis-response issue for their employer, answers from compliance and audit professionals were all over the map—but most had to do with keeping the business running. The top issue was the rapid rollout of workforce options, including remote work (24%), followed closely by keeping up with coronavirus-related regulatory changes and guidance (22%), and assessing and mitigating third party risks associated with their supply chain and vendors (18%).
Compliance and audit professionals also were asked if they were part of their organization’s crisis management team. More than half (57%) said no, and 40% said yes.