Enterprise Risk Teams Tackle Coronavirus Troubles

The coronavirus has changed everyone's lives and their roles in the business. Many people are now working from home. Businesses are looking at budgets and projects for the year and making changes as needed. But there is still so much uncertainty. Will the economy be able to open back up again in a month, or will it take much longer? Will everyone be able to return to work, or will it be a select few? There are so many questions. How do you know you are doing the right thing?

The role of audit and risk leaders in the enterprise would seem to be more important than ever during a crisis like a pandemic as organizations assess the best way forward to minimize the negative impacts and capitalize on any upsides.

But a new survey from Gartner of 900 of these professionals conducted on March 27 revealed that just 4% of them made updating the board a primary focus during this time.

"Many enterprise risk management teams are finding that the board and executive teams are postponing risk committee meetings and are not getting exposed to risk-based insights on the impact and opportunities associated with the crisis," said Dan Herd, VP in the Gartner Audit and Risk practice. That's a mistake, according to Gartner. Herd noted that the teams must provide senior leaders with insights on the risks that COVID-19 has amplified and provide some action steps to address them.

The survey was conducted at the end of March, just a few weeks after stay-at-home orders began, and it showed that leaders put most of their focus on assessing the impact of coronavirus on organizational operations and controls and revising and executing the company audit plan.

Indeed, executing the audit plan remained the top focus of those surveyed at 21%. Other priorities were updating the audit plan (15%), assessing impact on the business (15%), assessing workforce needs and challenges (15%).

Yet, survey respondents agreed that coronavirus had significantly changed the risk landscape for most companies as many moved to mandatory or voluntary work-from-home initiatives. Other big changes to the risk profile include shifts in customer behavior, preparedness for cost optimization, and third-party or supply-chain risk.

Supply chain is a big and visible vulnerability during the crisis. One only needs to look at the paper goods shelves at the grocery store to see an early result of the challenges in this area. A separate report from consultancy PwC recommends that identifying critical suppliers is among the top tasks that organizations must take in order to mitigate negative results during the crisis. The firm recommends focusing on the most critical materials, equipment, and products, and it says that tier 1 suppliers should help you prioritize and expose any key vulnerabilities.

Another big recommendation from PwC that aligns with Gartner's recent risk survey is to commit to a strategy of transparent communication with all stakeholders including employees and every party along the supply chain. Without that, you risk reputational damage.

Gartner recommends that the risk management leaders work with senior leaders and other leaders in the organization to update risk assessments in the supply chain, cybersecurity, and remote operations.

Enterprise risk management teams "should use [their] unique position having an enterprise-wide purview to extract lessons learned from the teams involved in managing the crisis," said Held. "These lessons include understanding the efficacy of business continuity and crisis management plans, interdependencies, and emerging risk sensing and assessment practices."

Read all our coverage of the coronavirus pandemic here:

COVID-19: Latest News & Commentary for IT Leaders