Enterprise Risk Teams Tackle Coronavirus Troubles - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
08:00 AM
Connect Directly

Enterprise Risk Teams Tackle Coronavirus Troubles

Enterprise risk management teams are on the job evaluating supply chains, cybersecurity risks, remote work issues, and other challenges as business confronts the impacts and opportunities brought by COVID-19.

The coronavirus has changed everyone's lives and their roles in the business. Many people are now working from home. Businesses are looking at budgets and projects for the year and making changes as needed. But there is still so much uncertainty. Will the economy be able to open back up again in a month, or will it take much longer? Will everyone be able to return to work, or will it be a select few? There are so many questions. How do you know you are doing the right thing?

The role of audit and risk leaders in the enterprise would seem to be more important than ever during a crisis like a pandemic as organizations assess the best way forward to minimize the negative impacts and capitalize on any upsides.

Image: ilkercelik - stock.adobe.com
Image: ilkercelik - stock.adobe.com

But a new survey from Gartner of 900 of these professionals conducted on March 27 revealed that just 4% of them made updating the board a primary focus during this time.

"Many enterprise risk management teams are finding that the board and executive teams are postponing risk committee meetings and are not getting exposed to risk-based insights on the impact and opportunities associated with the crisis," said Dan Herd, VP in the Gartner Audit and Risk practice. That's a mistake, according to Gartner. Herd noted that the teams must provide senior leaders with insights on the risks that COVID-19 has amplified and provide some action steps to address them.

The survey was conducted at the end of March, just a few weeks after stay-at-home orders began, and it showed that leaders put most of their focus on assessing the impact of coronavirus on organizational operations and controls and revising and executing the company audit plan.

Indeed, executing the audit plan remained the top focus of those surveyed at 21%. Other priorities were updating the audit plan (15%), assessing impact on the business (15%), assessing workforce needs and challenges (15%).

Yet, survey respondents agreed that coronavirus had significantly changed the risk landscape for most companies as many moved to mandatory or voluntary work-from-home initiatives. Other big changes to the risk profile include shifts in customer behavior, preparedness for cost optimization, and third-party or supply-chain risk.

Supply chain is a big and visible vulnerability during the crisis. One only needs to look at the paper goods shelves at the grocery store to see an early result of the challenges in this area. A separate report from consultancy PwC recommends that identifying critical suppliers is among the top tasks that organizations must take in order to mitigate negative results during the crisis. The firm recommends focusing on the most critical materials, equipment, and products, and it says that tier 1 suppliers should help you prioritize and expose any key vulnerabilities.

Another big recommendation from PwC that aligns with Gartner's recent risk survey is to commit to a strategy of transparent communication with all stakeholders including employees and every party along the supply chain. Without that, you risk reputational damage.

Gartner recommends that the risk management leaders work with senior leaders and other leaders in the organization to update risk assessments in the supply chain, cybersecurity, and remote operations.

Enterprise risk management teams "should use [their] unique position having an enterprise-wide purview to extract lessons learned from the teams involved in managing the crisis," said Held. "These lessons include understanding the efficacy of business continuity and crisis management plans, interdependencies, and emerging risk sensing and assessment practices."

Read all our coverage of the coronavirus pandemic here:

COVID-19: Latest News & Commentary for IT Leaders

Jessica Davis is a Senior Editor at InformationWeek. She covers enterprise IT leadership, careers, artificial intelligence, data and analytics, and enterprise software. She has spent a career covering the intersection of business and technology. Follow her on twitter: ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll