3 Tips to Maintain Risk Continuity During the COVID-19 Crisis

Guy Underwood, RMIA
April 2020

The world is experiencing a crisis unparalleled in modern times, with the possible exception of the two
World Wars. COVID19 is challenging countries, companies and us as individuals to change the way we
fundamentally operate to ensure we stay physically, and financially healthy.

Governments are delivering enormous aid packages designed to stimulate the economy and protect
jobs and incomes of workers where possible. Nowhere is this more evident than in the US where a
multi-trillion-dollar package was recently passed before Congress. Companies likewise are doing their
best to keep their staff employed and their businesses open, as well as ensuring their supply chains
remain open to allow them to produce and supply the goods and services required by the community.

With measures such as social-distancing and working from home being implemented to slow the
spread of the virus, organizations face the challenge of continuing to manage existing risks as well as
the new and emerging risks faced by them in the face of the COVID19 virus. In order to best ensure
existing risks are not overlooked in a time of crisis, it is important for organizations to ensure they are
consistent in their application of risk and compliance controls.

By way of example, consider the processes your organization has with respect to its Know Your
Supplier program. With global supply chains impacted by the virus, organizations are seeking
alternative suppliers to keep raw materials coming in to allow production to continue unabated. With
procurement and sourcing teams stretched due to staff being off sick or working remotely, there is a
risk that new suppliers are onboarded without the necessary level of due diligence being conducted
on them, as per the procurement or other relevant policies. As a result, companies may find
themselves interacting with third party suppliers who pose a risk to them and their clients due to their
connections with corrupt regimes or organized crime.

The same applies to a company’s employment screening program. Whilst a significant outcome of
COVID19 is large job losses around the world, some sectors and companies are actually implementing
sizable hiring programs. These include online commerce companies (such as AMAZON), logistic
providers and call centre operators. Even government departments are hiring staff to meet increased
needs in welfare and medical support. Failing to continue to follow accepted best practice in
employment screening can lead to adverse outcomes for those organizations that hire people who
are unqualified, unethical or unsuitable for the position to which they have been hired.

The following are a number of strategies risk and compliance professionals can follow to help their
employers navigate the ever-changing risk environment they now find themselves operating in:

  1. Engagement: Compliance and risk professionals should ensure they continue to engage with
    key stakeholders across the organization – particularly those areas experiencing increased
    stress due to lack of resources and/or increased demand for their services. Examples of this
    engagement include ensuring they are part of any working groups, tender assessment panels
    and key procurement decisions.
  2. Education: Organizations and their staff are being bombarded with large volumes of data
    relating to rates of infection, symptom signs and virus prevention strategies etc. It is therefore
    possible that these messages overwhelm staff who can then forget to undertake key control
    functions as part of their day-to-day duties, such as ensuring new vendors are vetted and
    potential employees and contractors are screened. To combat this, risk and compliance
    professionals should continue to educate management and staff on the need to follow
    established rules and procedures via short email messages, training sessions and/or hard copy
    posters.
  3. Enforcement: During times of uncertainty and confusion, mistakes can be made which lead to
    organizations being exposed to unacceptable levels of risk. It is therefore important that any
    errors are quickly identified and those responsible for failing to follow established rules and
    procedures are counselled and, if appropriate, subject to appropriate sanctions. This
    reinforces the importance to management and staff of the need to continue to act in line with
    relevant policies and procedures.

No one underestimates the challenges that organizations and their people will continue to face over
the coming weeks and months and the strategies outlined above will not alleviate these challenges
entirely. However, if followed, organizations face a better chance of ensuring the new risk
environment they now face is not exacerbated by risks surfacing as a result of the existing risk and
compliance control framework failing due to management and staff not being consistent in their
application of existing controls.

About the Author:

Guy sits on the Vital4 advisory board and is a fraud and risk management expert that has been
involved in the areas of compliance and risk management for over 20 years. He developed a fraud
risk management methodology based on the framework of IS0 31000:2009, Risk Management. In
2002, Guy founded RISQ Group, a professional services firm in the APAC region providing
background screening, growing the organization of over 150 people across 6 countries. Risq group
was acquired by Sterling Talent Solutions in 2016.