The coronavirus pandemic (“COVID”) has made the day hard for businesses and disrupted the global economy, which is projected to shrink by 3% in 2020 based on the world economic outlook of the International Monetary Fund. With this trajectory of the global economy and coupled with the second COVID wave currently sweeping across several countries, we can expect tomorrow to get worse. But all is not lost. Whenever there is a crisis, there will always be an opportunity. Let us consider the top 4 evolving risks and think about what we can do to take advantage of the uncertainties.
One of the greatest workplace challenges brought about by the COVID comes in the form of massive telecommuting as governments around the world are forced to implement strict movement restrictions to control the infections of COVID. Even after movement restrictions are relaxed, working-from-home has become the default approach recommended by governments to lower the impact should there be subsequent waves of outbreaks.
While companies are eager to get their employees to come back to the office, 239 scientists from all over the world have signed an open letter to the World Health Organisation calling for a new set of safety recommendations in the light of evidence that the virus can be airborne. Telecommuting demands a high level of trust. While some employees may relish the newfound freedom and independence in a work-from-home model, others struggle with balancing the needs of work against domestic challenges from working at home. Businesses either gain from increased work efficiencies from a more disciplined and collaborative workforce, or suffer from productivity loss of a disengaged labour force with remote burnout.
Consumers’ buying behaviour and spending pattern have also changed. Online ordering of goods and subscriptions to services has a newfound rhythm and is quickly becoming the new norm. Businesses without any means to accept and process orders online will lose their relevance. After exiting from lockdowns, even though the more traditional physical means of outreach to consumers can resume albeit with some restrictions (requiring safety/social distance), consumers have already developed certain expectations and gotten used to ordering goods and services online. In fact, with each generation becoming more digitally savvy, e-commerce and home delivery will feature strongly in people’s lives and business offerings.
This means that one will need to think about how to factor in these changes and revisit how we can engage employees and consumers. Building workforce resilience and driving an omnichannel e-commerce strategy for customers will be key. This approach will demand a change in thinking and the re-engineering of business processes to adapt to the new business landscape.
• Protect and support employees
Communicate and collaborate. Communicate early and often, even if you do not have all the answers as silence often feeds the rumour mill. Remain visible, authentic and committed. People are almost always at the heart of all problems as well as solutions to those problems. Reskill and upskill employees to support operational changes. Training needs to tap on technology and transform. There are various government grants available to help reduce costs. As Alvin Toffler said” The illiterate of the 21st century will not be those who cannot read and write. It will be those who cannot learn, unlearn and relearn.”
• Omnichannel e-commerce strategy for customers
This means investing in foundational digital enablers to learn about the customers and enhance their experience. This entails automated measurement through the use of data analytics, omnichannel platforms and back-end interfaces to engage the customers. Businesses which offer alternatives for easy and fast access to quality products and services are the ones which will be able to ride the wave of recovery in the new normal.
COVID has drastically slowed down international trade and exposed the frailties of businesses. Supply chains have been disrupted globally, since production activities which require physical presence of workers cannot be carried out during lockdowns. With zero or reduced output, exports have been affected and many countries needed to reassess their self-sufficiency and diversify sources of imports to reduce the impact of such disruptions. In the new normal, businesses need to reduce over-reliance on any individual source of supply and demand.
As businesses exit the lockdown periods and resume operations in the new normal, this may be the best time to update the enterprise risk frameworks pertaining to supply chain management, business process improvement and business continuity/disaster recovery plans.
• Supply Chain Management
This ranges from inventory recovery, which entails alternative sourcing of supplies, updating of inventory policies and purchase parameters, to securing of transportation for inventory. Businesses can consider building up an intelligence engine underpinned by key data points on inventory management and production. This will facilitate quicker updates of the risk profile in a continuous manner and ensure that management is able to get the right intelligence that they need to make timely decisions.
• Business Process Improvement
Processes may need to be redesigned to maximise operational effectiveness and efficiency, supported by an optimal level of automation and digitisation. Existing policies and standard operating procedures (“SOP”) may need to be re-engineered to effect a more optimal level of resource utilisation, if utilisation levels have changed due to the COVID disruption. Controls may need to be redesigned to cater to the new normal. Management should consolidate and refine these updates into a clearly-defined plan prior to implementation for a smooth execution and transition to the improved processes.
• Business Continuity Plan (“BCP”)/ Disaster Recovery Plan (“DRP”)
Businesses need to be predictive and proactive in updating BCP and DRP plans. Other than the employees and customers engagement and supply chain management discussed above, businesses will also need to better protect their IT assets and recover critical data as well as evaluate overall short-term liquidity. Without cashflow discipline, any form of cashflow forecasting is impotent.
With the rapid advancement of technology, the potential hazards from IT threats also grows. While digitalisation can bring about benefits such as having more streamlined processes, stronger collaboration among employees and greater outreach to consumers, it also opens up vulnerabilities to cyberattacks as points of interactions shift online.
Critical digitalised processes such as transaction processing are often targets for cyberattacks. As such, it is critical that businesses get the assurance that their technology infrastructure and designs are resilient, for example, through vulnerability assessments and penetration tests. At a minimum, reviews on cybersecurity controls or IT general controls should be done to enable management to have a baseline for assessing risks against the cost of preventive measures so that an optimal approach in line with management’s risk appetite can be formulated.
• Data Protection
Telecommuting brings about the possibility of employees connecting to networks without the same cyber security settings from that of the workplaces. Should the employees use workstations issued by the company to connect to vulnerable websites or web access points (e.g. unsecured Wifi hotspots), the probability of getting workstations infected with malware will increase exponentially. Effective IT awareness training is imperative to inculcate a robust culture of cyber awareness and resilience . In addition, periodic cybersecurity scans based on state-of-the-art tools can be an effective defence against cyber-threats that would have ordinarily bypassed traditional virus detection tools.
Despite the above, entities should not be deterred from digitalisation due to the significant benefits that effective digitalisation can provide. To support the push for digitalisation, many like Singapore have implemented some form of digitalisation assistance schemes for enterprises across the globe.
However, entities should note that a thorough understanding of existing processes, procedures and business objectives should be in place before embarking on digitalisation of any specific components so that efforts will not be wasted in pursuing technologies that are misaligned with an organisation’s strategies.
The widespread use of technology has opened up a pandora box of cybercrimes as a side effect as discussed earlier. The tsunamis of COVID disruptions during this period have also thrown businesses into a whirlwind of business emergencies where existing controls may be circumvented and fraud risk “red flags” overlooked as resources are transferred into operations or have been significantly cut, leaving the compliance/prevention function understaffed.
People may also face greater pressure to commit fraud as they struggle with poor financial performance in their businesses, adverse changes in remuneration or even the loss of jobs. When coupled with the perception that employers do not provide adequate support nor treat employees fairly, it become “rationalisation” to justify fraud. The intense financial reporting pressure may also cause one to “finally cross the line” and embark on “window-dressing” of results. Fraud typically occurs when pressure, opportunity and rationalisation are aligned.
Key measures which can be adopted include:
• Fraud Risk Re-Assessment
Re-define fraud risks and revise existing anti-fraud and compliance frameworks. Keep employees attuned to fraud risk by sending reminders on core values with a focus on integrity, communication and support. Updates to insurance coverage should also be done.
• Third Party Risks
More counterfeits will also flood the market due to supply chain disruptions and people’s fear of shortage. As businesses diversify their supply chains, new suppliers and business partners may be onboarded with proper due diligence checks. As such, a due diligence process to cover background checks and market reputation should not be side-stepped. Automation of vendor onboarding can also promote compliance and prevent any side-stepping of the due diligence process.
To conclude, enterprises cannot ignore the risks arising in the new landscape brought on by COVID. The silver lining, however, is that this is also an opportunity for transformation and adaptation. Businesses that stay alert, nimble and can adapt to new opportunities, while successfully navigating the accompanying risks and pitfalls, could very well surge ahead of competitors by riding on this time of opportunity and enjoy sunshine.
This article was written by Lao Mei Leng, Director, MS Risk Management Pte. Ltd. and Pua Shuan Yang, Assistant Manager, MS Risk Management Pte Ltd ~ MOORE Singapore