Managing COVID-19 risk


The COVID-19 pandemic has fundamentally shifted not only global business and the economy, but our entire world as we know it. But who better to lead organizations through these unprecedented times than GRC professionals?

If you’re like us, the first thing that came to mind when this pandemic started to spread was “how can we help?” We’re not doctors. We’re not nurses. We can’t help on the “front-lines.” But as risk managers, compliance professionals, and auditors, we’re in a unique position to help our organizations respond effectively to the almost-daily risks emerging from this crisis.

At Galvanize, we’ve had to learn and adjust quickly to the challenges that have been thrust upon us over these past months. And while we’ve never experienced anything like this before, we decided to build on a number of powerful tools, combined with tried-and-tested tactics, to help us navigate this situation. This resulted in the creation of the COVID-19 Toolkit.

This toolkit, which has been designed for Galvanize customers, is a collection of free tools and access to risk management experts to help navigate risk, business continuity, and communications. It’s designed to create a single source of truth to drive decision-making during a critical time when there’s no playbook.

8 core business aspects

As part of this toolkit, we focused on eight core elements. We included a few examples of what, specifically, you can drill into to help guide risk-based decision-making.

1. Workforce health: Are we keeping our employees safe and happy?

  • Are we mandating that employees work-from-home (WFH)?
  • Do we have a self-reporting tool?
  • Do we need to provide facility access?
  • Are our remote workers properly equipped?
  • How are our employees feeling overall?

2. Workforce effectiveness: Are employees maintaining productivity?

  • Are we adjusting the way we work in this new WFH reality, with things like daily stand-ups or virtual water coolers?
  • Do we need to reassess our vacation policy?
  • Does our compensation strategy need reviewing?
  • Are employees working on the things that will move the needle?

3. Customer continuity: How is customer activity changing over time?

  • Are customers still using our software as frequently?
  • Is there an increase or decrease in support tickets?
  • Is new business continuing to flow in?
  • Are new projects being started with the same consistency as before?
  • Are customers continuing to renew their software at the same pace?

4. Third-party continuity: How are partners, vendors, and other third parties managing?

  • How are supply chains around the globe being impacted?
  • Are vendors still delivering at previous levels?
  • Are partners in different geographical areas facing unflagged risks or challenges?

A HighBond storyboard from the COVID-19 Toolkit that shows the increase in cases since the first 500 were identified.

"When it comes to responding to risk during a global crisis, you could take the approach of reacting to the events as or after they happened. Or, using your data and a strategic risk-based approach, you could create a longer line of sight to see the risk coming, and act to mitigate it."

5. Financial contingency: Are we forecasting and adjusting correctly?

  • Are revenues trending into negative territory?
  • Where can we cut back on discretionary spending?
  • How are our competitors faring?
  • Are there any opportunities for mergers and acquisitions during this time?

6. Communications: Are we updating employees, partners, customers, and vendors regularly?

  • Are we ensuring our internal and external communications are open, that we’re being authentic and maintaining credibility?
  • Is there a single source where all employees can go for updates?
  • Are there daily management and C-suite stand-ups to review new developments?
  • Do partners get regular updates from their contacts?
  • Are we reassuring customers of our continuity, sharing our Pandemic Preparedness Plan? Our CEO Laurie Schultz crafted and shared a message on that topic.

7. Security: Are the organization’s assets protected against these new risks?

  • Are we adjusting our controls to meet the developing cyber risks as more of the workforce goes remote?
  • While all workers are remote, is our physical site secure?
  • Are the organization’s assets secure in the homes of our employees? (Is there a secure place to store laptops so they don’t get stepped on.)

8. Reputational monitoring: How can we continue to ensure the organization’s reputation isn’t at risk?

  • Are we monitoring social media for customer sentiment and satisfaction levels, and responding before issues escalate?
  • Are we being agile and responding to customer/client concerns quickly?
  • Are we reacting appropriately? If there’s an existing crisis plan, are we following it, and if not, how are we developing/implementing one?

These are just a few examples of where you could be pointing your efforts as a governance professional and using your organizational data to uncover hidden and emerging risks.

HighBond storyboard showing case distribution and daily differences in cases in all major countries/geographies.

Be proactive, not reactive

We’ve never experienced a global pandemic on this scale before, and certainly no crisis event that has been this disruptive to global business and life. Whether your organization has an established crisis management plan to deal with a pandemic of this scale or not, all compliance and risk officers are currently dealing with similar challenges. When it comes to responding to risk during a global crisis, you could take the approach of reacting to the events after they happen. Or, using your data and a strategic risk-based approach, you could create a longer line of sight to see the risk coming, and act to mitigate it. We know that many of our customers have been struggling with the challenges presented by this pandemic. The COVID-19 Toolkit will help you assess the situation as it evolves on a daily basis, make better risk-based decisions, and recover faster. We recently held a webinar where we shared an overview of the toolkit, why we built it, and how we feel it can help GRC professionals lead with certainty in these uncertain times. Watch the webinar. And for another perspective, check out compliance and risk specialist Matt Kelly's blog on Radical Compliance, where he expanded on our webinar and further talks about pandemic risks and response controls.