Quantitative Risk Management during a Pandemic

Posted by

Nobody has good things to say about a pandemic, and rightly so. The suffering it has caused, and is still causing, is enormous and the hardship that people, businesses and nations are going through cannot be understated. Every challenge though, brings opportunities that otherwise wouldn’t be met, and the COVID-19 pandemic is no different in this respect.

Organizations are getting used to having their workforce operate remotely. With general availability of vaccines still months away, more and more organizations are announcing extended work-from-home situations. Some organizations have announced a partial return to the workplace, with staff on shifts to ensure that adequate precautions are taken, while keeping the business running. Such work environments have required teams to take on full accountability of their deliverables, even more than in normal situations.

In such situations, how does one determine if the business is on track? What are the risks that the business faces in the current situation? How do I, as a manager, determine if all is well for my team? What are acceptable thresholds for key metrics such as number of customers being serviced in a day? All these, and more, are questions that cannot be answered without putting in a place a governance mechanism that precludes the need for physical presence. This is where Quantitative Management comes in handy.

Quantitative Management is not a new topic – it has been around for decades and traditionally broken up into Key Result Indicators (KRI), Key Performance Indicators (KPI) and Key Control Indicators (KCI). Most organizations have KRI, KPI & KCI already implemented. However, they fail to consider how these can be leveraged in the current situation. A simple three-step process, elaborated below, will explain how Quantitative Risk Management can be leveraged.

Step 1: Identify the Organization Unit

Traditionally, most organizations identify KRI, KPI & KCI aligned with financial goals of the business. However, in the new remote working environment, while the financial goals may remain the same, the organizational units that contribute to the financial goals need re-defining or identification.

For example:

  1. In a bank, while a branch may be an organization unit that has financial goals, the branch as a physical space with employees, is an organization representation that is not typically tracked through KRI, KPI & KCI.
  2. With several teams working in office locations on a skeletal basis or working remotely, locations outside the office space are not typically considered.
  3. With individual teams needing to show full accountability, it is insufficient to track/measure at LOB/BU levels. Instead, organizations may need to consider functions, locations or a combination, such as a multi-dimensional org structure, for tracking/ measuring.

Step 2: Identify Risk based KPIs

The usual risks to business/ financial goals do not consider the special circumstances that the pandemic has imposed. Organizations need to identify the current risks to operation and model performance indicators that will help manage the operations. Continuing with the examples in Step 1:

  1. High foot traffic in a branch could result in branch employees getting infected, which could lead to closure of the branch. The number of over-the-counter transactions could indicate traffic in a branch. A high number of transactions could indicate lack of sufficient precautions and could necessitate extra sanitization or cutbacks in working hours.
  2. How many members of the team are working on personal machines? How many of them have uninterrupted power supply? How is the network connectivity at home? Is a skeleton staff being required to fill in for a full team? All these are performance indicators that could lead to poor results

Step 3: Regularize Collection of Metrics

The final step is to institutionalize a formal program to collect and analyze data for the KPI identified in Step 2. This will allow regular evaluation of the risks that can impact the business, even in the smallest organizational unit. Organizations would be well served to automate the process of collection and analysis through a risk management system, allowing the quantitative analysis to be driven by every individual (front-line risk analysis).

To sum up, lack of physical presence in the workplace need not be a hindrance to managing the business if one relies on a quantitative risk analysis approach.

Dhruva has been in the IT industry for over 20 years with over 6 of them managing teams working on GRC Solutions.