As health risks due to COVID-19 dominate the headlines, many parts of the world are also experiencing an explosion of natural disasters, from hurricanes to heat waves and deadly wildfires in my home state of California. Instead of stay-in-place orders, these are forcing evacuations, and reminding us that there will always be risk.
As a provider of integrated risk management and business continuity solutions, this is the time for MetricStream to step up. Since the pandemic was first declared, more than 150 days ago, I’ve reached out to at least 100 customers to see how they are responding and have come away inspired.
Part of what I’ve learned is that most are on a multi-step journey:
1. The Immediate: The first 1-3 months were about doing whatever it took to get set up in a reasonably stable situation. For some, it was a mad scramble to get there.
2. The Intermediate: Most companies now find themselves in this second phase and looking at their governance, risk and compliance (GRC) priorities in this changing world.
3. The New Normal: This is about “How do I optimize?” Organizations are re-building real-time risk processes to respond effectively in a constantly evolving risk universe.
During the intermediate phase, businesses are wrestling with daily decisions of what to prioritize: Should we bring people back into the office or wait until there’s a vaccine? How do we ensure it’s a safe environment? Do we bring them in on different shifts? And how do we “contact trace” and make sure we don’t knock out entire departments? Risk factors for not bringing people back into facilities for a manufacturing company could loom large. For a social media company, or a technology company, there’s low risk.
We used to take for granted that going into the office wasn’t a health risk. Now that it is, it has spurred a tremendous shift to working from home (WFH) and companies are moving to cloud-based solutions more and more. This is truly a shift in how our customers are working; for example, they’re moving to conducting audits on a largely remote basis without ever showing up at locations to examine physical surroundings.
Many customers needed to quickly edit and re-publish their WFH policies and standards. Those who are using a Policy Management solution from MetricStream are better able to target their policies to meet the needs of specific business units, functions and roles, to provide access and who needs to attest. For example, many traders who work from home likely don’t have a needed “secured and recorded line”. MetricStream, too, continues to serve our customers with a workforce that’s working remotely. That means ensuring the cyber security of systems and executing on business continuity plans for an extended period of time in that environment.
The pandemic has also heightened the value of technology to help get work done. Our new M7 platform makes it easier to work from home. Customers who were lagging on M7 upgrades are now pushing these projects forward. They realize the new functionality and user interface are critical for staff who need to work with little training. M7’s embedded help and re-designed input screens have made it easier to get more employees engaged in recording risk events and potential solutions.
Greater visibility into the supply chain has also become more critical for many customers and their partners, who are looking for better tools to collaborate with vendors and suppliers. Customers have used MetricStream to better link suppliers to products and business units. This information helps each business unit understand how supply chains impacted by the pandemic directly impact the business unit’s goals. While most Vendor Management solutions stop at the link between vendor and product, MetricStream takes the relationship further by linking to business units and business objectives.
Going forward in the “new normal”, risk findings and metrics will be aligned much more closely to resilience and strategic objectives to better prepare for the next crisis. While there has been an elevation of health and safety as a priority area for companies worldwide, there is uncertainty around which regulations will apply and which to be concerned about. Generally speaking, this is a broader trend that is likely to continue.
We’re also seeing a fresh wave of innovation with AI, machine learning, robotic process automation (RPA) and analytics to keep pace with the high volume and velocity of data and to keep the cyber health of the extended enterprise secure. Forms and collection of data are great, but businesses need to integrate it with other data and include it in their monthly reports and dashboards. At one of our banking customers, GRC reduced policy research from an average of 50 hours to 50 mins.
COVID is accelerating change for our customers in a world that will only become much more digital in the aftermath of the crisis. As Microsoft CEO Satya Nadella put it in an earnings call in late July, “We’ve seen two years’ worth of digital transformation in two months. Customers every day adapt and stay open for business in a world of remote everything.”
Overall, our customers are taking a broader view of work and processes than they used to. And even as the pandemic fades in the rear-view mirror, 2020 can still be a year of clarity and a time of people coming together with a clear purpose to change society for the better.
The human experience is about overcoming adversity through resilience and that is certainly on display across the world. With the right approach, this crisis can become an opportunity to move forward and create even more value and positive societal impact. GRC practitioners will be on the front line of this new normal just as healthcare workers are on the front line in the fight against COVID and fire fighters are on the front line battling California’s wildfires. A big thank you to all our fire fighters who are willing to risk their lives to save others!
Please feel free to reach out to me at [email protected] with your own stories and comments.