I didn’t know what swan event was until I joined Enablon and heard one of our founders Phil Tesler describe how they will increase in frequency and the Enablon platform was being designed to help companies mitigate their risks and impacts. Phil often cited the top global risks published by the World Economic Forum as items we need to prepare for. Little did I know several years later I would be living through what some people might consider to be the largest black swan event in recent years.
Or is it a black swan? I was talking with a leading GRC industry analyst and he stated that this isn’t one. Why? Because black swan is a metaphor for a surprise event, and this wasn’t one. Infectious diseases have been on every company’s risk registers for a while. The Swine Flu and SARS were not that long ago. Movies have even been made about this risk (and ironically Contagion and Outbreak are some of the top trending movies right now). But what we all can agree on is that no organization was ready for the global impact COVID-19 is having.
So, as we are all working from home and are still adjusting to the impact, below are some thoughts as we all work through this pandemic together…
Corporate Risk Definitions and Programs Will Change
A few larger, more proactive organizations have a holistic view of risk and manage:
- Enterprise risk (IT, supply-chain, financial)
- Operational risk (control of work, safety, incidents)
- Environmental risk (sustainability, air & water emissions, waste, environmental events)
However, many businesses and analysts still have a siloed view of risk (or at least they have siloed operations around different risk types). It’s understandable because each risk domain has its own complexities and expertise – but, all risks are interconnected.
One of my favorite posts on this topic is from Michael Rasmussen’s GRC Pundit blog: Tale of Two Futures: Blade Runner or Star Trek? (I like it because he’s right, and I’m a Blade Runner and Star Trek fan!). His point is we need to look at all risks and focus on the right risks. He too mentions the World Economic Forum, and here is their new Global Risks Landscape 2020 report. Their top 5 most likely risks are safety and environmental, and the top 5 most impactful risks are environmental and societal (Cyberattacks are #8 and Infectious Diseases are #10).
Governance, compliance and control programs need to be integrated to address all types of risks. Today’s events will force companies to break risk silos and update risk and management policies (as well as their definition of business risks) – and we all will be stronger because of it.
Digital Operations = Agile Operations
The market and organizations were at various stages in their digitalization journey when the novel coronavirus hit. Some departments were fully digital and automated. Many others are still using Excel spreadsheets and paper-based systems. Most of our customers are using SaaS or cloud platforms, but several are still deployed on-premise. There are two main observations I had during this global pandemic in relation to digital maturity:
No one was fully prepared for the impact of COVID-19 and many are still not. Even proactive companies that had risk plans in place from learnings on previous infectious diseases (H1N1/Swine Flu, SARS, etc.) were not prepared. Who could be?
The companies that had SaaS solutions already deployed were the most agile in responding to this global pandemic when it did hit. It’s important to note that Enablon serves global, enterprise customers. Customers average 50,000 to 100,000 employees and operate hundreds of locations across multiple countries. It’s easier to be agile if you are a small to medium sized business (or a technology vendor), but not if you are running a business on a global scale. The good news is that large enterprises with digitalized operations and SaaS solutions have been far more agile and effective in this crisis than customers who have not completed their digitalization journey.
One customer built a COVID-19 Readiness tracker within a week, deployed it to hundreds of sites, and are now reporting global readiness to their executive team on a weekly basis. Another added a custom COVID-19 incident management workflow in a week, deployed it to all sites and were able to close locations proactively when they saw an increase in instances (they have more than 115,000 employees, not including contractors). Enablon’s own professional services team was able to build and deploy many COVID-19 response solutions in just 72 hours.
While we will be able to predict smaller events, black swan events will continue to surprise us all – but those that have digital and cloud operations will be more able to adapt when they do.
Good Can Come from Tragedy
It’s extremely difficult right now. There is a lot of uncertainty and personal tragedies caused by this global pandemic. The global shutdown has already had a negative impact on our global economy. While tragedy can bring about bad behavior (we can now add toilet paper hoarding to this list), it also brings out the best in people.
We’ve witnessed this in our company, our customer community, our partner community and in our market. The Enablon team has rolled out solutions, free of charge, to our customers and are still working on new features to help. Several of our customers have donated their time and have freely shared their content, configurations and best practices with other customers. Other vendors are mobilizing solutions to the market to help with this global pandemic. This is what the environmental, health and safety industry was built for.
In summary, we have a rough road ahead and 2020 is now the year no one expected or desired. However, if we keep our focus on helping each other, we will come out of this year more responsible, productive and safe than even before…