Enterprise Risk Teams Tackle Coronavirus Troubles - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
08:00 AM
Connect Directly

Enterprise Risk Teams Tackle Coronavirus Troubles

Enterprise risk management teams are on the job evaluating supply chains, cybersecurity risks, remote work issues, and other challenges as business confronts the impacts and opportunities brought by COVID-19.

The coronavirus has changed everyone's lives and their roles in the business. Many people are now working from home. Businesses are looking at budgets and projects for the year and making changes as needed. But there is still so much uncertainty. Will the economy be able to open back up again in a month, or will it take much longer? Will everyone be able to return to work, or will it be a select few? There are so many questions. How do you know you are doing the right thing?

The role of audit and risk leaders in the enterprise would seem to be more important than ever during a crisis like a pandemic as organizations assess the best way forward to minimize the negative impacts and capitalize on any upsides.

Image: ilkercelik - stock.adobe.com
Image: ilkercelik - stock.adobe.com

But a new survey from Gartner of 900 of these professionals conducted on March 27 revealed that just 4% of them made updating the board a primary focus during this time.

"Many enterprise risk management teams are finding that the board and executive teams are postponing risk committee meetings and are not getting exposed to risk-based insights on the impact and opportunities associated with the crisis," said Dan Herd, VP in the Gartner Audit and Risk practice. That's a mistake, according to Gartner. Herd noted that the teams must provide senior leaders with insights on the risks that COVID-19 has amplified and provide some action steps to address them.

The survey was conducted at the end of March, just a few weeks after stay-at-home orders began, and it showed that leaders put most of their focus on assessing the impact of coronavirus on organizational operations and controls and revising and executing the company audit plan.

Indeed, executing the audit plan remained the top focus of those surveyed at 21%. Other priorities were updating the audit plan (15%), assessing impact on the business (15%), assessing workforce needs and challenges (15%).

Yet, survey respondents agreed that coronavirus had significantly changed the risk landscape for most companies as many moved to mandatory or voluntary work-from-home initiatives. Other big changes to the risk profile include shifts in customer behavior, preparedness for cost optimization, and third-party or supply-chain risk.

Supply chain is a big and visible vulnerability during the crisis. One only needs to look at the paper goods shelves at the grocery store to see an early result of the challenges in this area. A separate report from consultancy PwC recommends that identifying critical suppliers is among the top tasks that organizations must take in order to mitigate negative results during the crisis. The firm recommends focusing on the most critical materials, equipment, and products, and it says that tier 1 suppliers should help you prioritize and expose any key vulnerabilities.

Another big recommendation from PwC that aligns with Gartner's recent risk survey is to commit to a strategy of transparent communication with all stakeholders including employees and every party along the supply chain. Without that, you risk reputational damage.

Gartner recommends that the risk management leaders work with senior leaders and other leaders in the organization to update risk assessments in the supply chain, cybersecurity, and remote operations.

Enterprise risk management teams "should use [their] unique position having an enterprise-wide purview to extract lessons learned from the teams involved in managing the crisis," said Held. "These lessons include understanding the efficacy of business continuity and crisis management plans, interdependencies, and emerging risk sensing and assessment practices."

Read all our coverage of the coronavirus pandemic here:

COVID-19: Latest News & Commentary for IT Leaders

Jessica Davis is a Senior Editor at InformationWeek. She covers enterprise IT leadership, careers, artificial intelligence, data and analytics, and enterprise software. She has spent a career covering the intersection of business and technology. Follow her on twitter: ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll