COVID-19 has changed the way we do Risk Management forever, with the velocity, agility and interconnectedness of risks – with resilience, financial and economic uncertainty, health and safety and cyber coming to the foreground in new and unanticipated ways. We are seeing leaders adapt their Governance, Risk and Compliance (GRC) programs quickly to address ever-widening repercussions of responding to the crisis, and more recently, anticipating the re-opening of business at the national, regional and local level as the situation on the ground permits.
COVID-19: The Immediate, Intermediate, and the New Normal
MetricStream’s market-leading GRC apps and platform are being leveraged in organizations across the world, in all industries to manage COVID-19 containment programs – supporting rapid and decisive intervention to flatten the curve, keep front line employees safe while continuing to serve customers, and align with vendors, suppliers and third parties.
Business leaders need to make faster decisions based on better data. They want to know – what is the trajectory? They are keenly interested in understanding shifts, and when to expect a change – when an office, critical supplier or region is rising to a peak or re-opening based on increasing containment. Business teams are responsible to see the trajectory and timelines for re-opening –integrating information from governments, WHO and other authorities to determine the timing of shifting much needed resources back to field – all while working from home in a new digital, cloud-based eco-system.
MetricStream’s view is that organizations will go through three phases of COVID-19 Response and Planning:
- The Immediate – Business Impact and Incident Response in the shortest term
- The Intermediate – A re-look at the Governance, Risk and Compliance priorities
- The New Normal – As the new normal settles in, organizations will make COVID-19 response part of their overall process and infrastructure, with a strong bias towards real-time risk assessments and analytics on data and operational resilience, to deal with a constantly evolving risk universe.
MetricStream solutions for management of COVID-19 follow the context of our PLAN-ACT-ADAPT framework, a helpful way to understand and consider how to specifically leverage MetricStream apps during the Immediate, Intermediate and New Normal phases of the crisis.
Business Value of Critical and Actionable information in the COVID-19 world
MetricStream apps in the PLAN stage
Risk Management teams need faster risk assessments and scorecards. They want to know – where are the hot spots? They are conducting assessments of employees, systems, 3rd and 4th parties, policies and projects. They need to see new COVID-19 risks in terms of geographies, customers, suppliers, business lines, high value processes, policies, technology assets – in order to correlate issues and build action plans based on proven and evolving playbooks. The MetricStream Enterprise Risk Management App helps provide that visibility and status updates to the board, leadership, partners and other stakeholders into COVID-19 connected risks, in the context of geographies, offices, customers, lines of business, products, suppliers…and more.
Third Party Management teams need a rapid assessment of supplier and vendor availability to come back online. They want to know – what’s the current and potential impact? They need to measure the scope of impact to predict workforce changes, delays or alternative supply chains by conducting rapid assessments of impact to employees, systems, 3rd and 4th parties. The MetricStream Third Party Management App helps organizations get visibility into 3rd party and supply chain risk by product or country, and plan for alternatives to impacted locations.
Business Resilience teams need faster resilience analysis. They want to know – what is the impact? For each critical business function, they need to see current and potential impact and preparedness. That means being able to quickly measure the scope of impact to predict workforce changes, delays or alternative supply chains. To do this they must see what Business Continuity Plans and in place, being executed and where gaps are that need to be closed. The MetricStream Business Continuity Management App helps organizations make decisions on impacted offices, regions, businesses, facilities and products, by conducting Business Impact Assessments and communicating with Emergency Mass Notification to suppliers, internal and external stakeholders.
MetricStream apps in the ACT stage
Human Resources and business teams need to communicate policies, procedures and response strategies tied to tiered, clear action plans – they need to quickly distribute revised policies, procedures and controls around COVID-19 impacted realities: Work from Home, virtual customer meetings and new Health and Safety procedures. They need to map to useful content and recommendations from WHO, CDC and other authoritative sources. The MetricStream Policy and Document Management App
helps organizations revise and publishpolicies (leave for health workers, new travel policies, procedures for high risk areas) by location, groups and functions – as well as distribute and gain fast attestation from employees and 3rd parties as they evolve during the crisis.
Compliance teams need to ensure compliance with changing regulations and new procedures – which may vary by country and region. This often means putting evolving playbooks in the hands of those who can take action – continuously improving them rather than re-inventing the wheel. This may also mean implementing and testing renewed or stronger controls. The MetricStream Compliance Management App helps organizations assess and manage stronger controls– across cyber, workplace health, technology….and at the same time see the organizations’ Compliance profile by regulation, best practice and geography.
Information technology, security and cyber teams need to understand threats from bad actors that take advantage of new vulnerabilities that may arise in the digital world. The MetricStream IT Risk Management App helps organization assess risks in the extended enterprise and digital eco-system that may be used now by new stakeholders across the organization. Critically, the app help teams build and correlate remediation action plans to manage and close gaps.
MetricStream apps in the ADAPT stage
All teams must gather and correlate incidents – such as employee health and safety, technology or cyber-related, home office obstacles, supplier and 3rd party changes. This helps organizations see when a region needs to shut down or re-open, when the supply chain breaks – to understand risk to affected business units, disruption from suppliers and incidents from the front-line. The MetricStream Case and Incident Management App helps organizations gain visibility into impacted locations, facilities, customers and products and ensure speedy investigations and resolution to legal and compliance cases.
Observations from the front line are becoming increasing critical to paint a more complete picture of how risks, opportunities and incidents are changing on the ground. The MetricStream Observations Management App helps organizations identify and address critical risks at the front line, and crowdsource front line incidents. Increasingly, artificial intelligence and natural language processing (NLP) are being used to identify patterns and issue clusters, provide recommendations on actions and proactively monitor issues reported on by employees and extended enterprise vendors and partners.
Lastly – the cloud has proven to be table-stakes for operating in the post-COVID-19 world where it is critical tomake access to the front line access easy – including distributed employees and those Working From Home. The MetricStream Cloud, designed for GRC, offers high availability and scalability, as well as advanced security and access control to MetricStream apps.
Effective COVID-19 management depends on providing high value and actionable information to core teams in order to coordinate their efforts as they manage the crisis. Risk management, business leaders, business resilience, IT, Security and human resources and front line teams may all leverage MetricStream’s cloud, platform and highly configurable apps, to provide high value across of COVID-19 operational needs.