The future seen as a crisis. The COVID-19 pandemic — a real black swan?
Published on Jul 27, 2020

The metaphor of a black swan is used to describe a completely surprising, hard-to-predict event with a major effect on people’s lives. Does the COVID-19 pandemic fulfill the criteria of unpredictability, even though many (including Bill Gates) had been warning the world about the possibility of an outbreak? One thing is certain: 2020 will be life changing. What does it mean for GRC (governance, risk, compliance)?

History shows that pandemics, epidemics, and infectious diseases have killed more people worldwide than natural catastrophes and wars. Both George Bush (in 2005) and Barack Obama (in 2014) warned about the next pandemic in their speeches. In 2018, during one of his TED Talks, Bill Gates talked about a possible pandemic outbreak. What Gates wanted us to know was that the world was totally unprepared for that sort of event. It appears he was right.
Business-wise, one of the biggest challenges in times of any crisis is to pay attention to crucial aspects of your company, strengthen the compliance division, and ensure it is ready to function in a disrupted, digitized world.

I would like to share with you 4 such key aspects to take into consideration.

Risk profiling

2020 is a year of disruption and lockdown. We can see that organizations had not considered the possibility of a pandemic outbreak and had not been prepared for its consequences (something like COVID-19 seemed too abstract to happen). This is why the current pandemic should become an impulse to prepare for future times of unpredictability and to make plans for business continuity.
Verifying all mechanisms which enable the company to function in disruptive environments is the first step to take. Risk profiles provide the management with information necessary to picture all risks at the company. Risk profiles are usually a kind of executive summary of an entire risk analysis, with crucial areas highlighted. A bigger picture means better decisions.

The pandemic necessitated a fundamental update to companies’ risk management. And as we know, history repeats itself, so let us try to explain what an “epidemic” risk profile looks like.

Risk profiles are different for each company, but no matter what, one or more of the following scenarios could happen to anyone:

  • Scenario 1: Personnel shortages. Pay attention to: Unavailability of key personnel, unavailability of a significant proportion of personnel at all levels.
  • Scenario 2: Inaccessibility of the workplace.
  • Scenario 3: Interruptions and irregularities in services provided by third parties.
  • Scenario 4: Limited feasibility of other fallback plans.

It is the first lesson to learn: strengthen risk management divisions and build risk profiles, even (or especially) for what seems to be an unbelievable cliché from B-class sci-fi movies.

Business continuity in the time of plague in a nutshell — I highly recommend reading about it in this article.

Do you want to create risk profiles for your company? Read more about risk profiles and special measures in an era of unpredictability in my last article.

Vendor management

Cooperating with third parties is also a risk to manage. Rapid digital transformation involves the outsourcing of many processes to create a fully digital company environment. This means that vendor selection becomes more important than ever — “bad” experiences could cause reputational damage, regulatory violations, and interruptions to business operations. Are vendors manageable? Establishing a vendor management program in your company needs 8 steps. What are these? I am happy to share with you an article by Jan Anisimowicz on precisely this topic. Discover a practical approach and tips to help you build efficient and long-term risk management processes, and thus avoid bad subcontractor choices.

Cybersecurity as rule number one

During the ongoing pandemic we have seen an increase in the number of malware and phishing campaigns, many of them related to COVID-19. Those included even targeted attacks on known organizations, such as WHO and the Gates Foundation. And this is just the tip of the cybersecurity iceberg.

The workplace has changed fast so far, but the pandemic strengthens disruptive work environment processes. We used to talk a lot about cyber risk, but reality far exceeded our predictions. A report by Bitdefender, “The Indelible impact of COVID-19 on Cybersecurity” states that 86% of infosec professionals noticed that attacks in the most common attack vectors were on the rise during the COVID-19 pandemic. What is more interesting, at the same time half of them admitted that they had no contingency plan in place for the pandemic.

Infosec professionals report that, in their opinion, phishing or whaling attacks (26%), ransomware (22%), social media threats/chatbots (21%), cyberwarfare (20%), trojans (20%), and supply chain attacks (19%) have intensified during the pandemic — and that is to name but a few attack vectors.

All this means that organizations need to build risk profiles and maps that take into consideration a bunch of new threats. And they must make cybersecurity a strategic pillar of their organization.

Be compliant inside and outside

Many pundits agree that compliance teams will be central to the survival and protection of companies. Yet compliance is a tough nut to crack. The pandemic intensifies challenges. In addition to COVID-19 implications (both current ones and future consequences), organizations must get in line with anti-money laundering legislation, pay closer attention to sanctions compliance, find a way to demonstrate the company’s commitment to upholding environmental, social and governance standards (organizations will need to internally assess their compliance with environmental standards, labor laws, etc.), and more.

Two best words to describe compliance soon will be “nimble” and “digital”. Several recent large scandals, such as the one at Australia’s Westpac bank (Regulators accused Australia’s Westpac Banking Corp (WBC.AX) of 23 million breaches of anti-money laundering laws, saying the banking giant ignored red flags and for years enabled payments from convicted child sex offenders and “high risk” countries), resulted from the failure to turn intelligence into action. This means regulators will actively look for strong compliance programs that not only offer early detection, but also have action procedures for teams seeing some “red flags”.

In addition, since the COVID-19 outbreak, we have been witnessing the importance of risk mitigation and agility — taken together, these two guaranteed a fast switch into fully effective functioning of crucial company areas. Now, after the increase in cyber-attacks, we should take into account that many organizations will also be required to meet a variety of cybersecurity and privacy regulations.

And this is not all. Work from home is inherently more risk-prone than in a corporate setting, owing to less strict control that can be exercised over, among other factors, who can physically access the hardware. Our “new” work culture has thus become more risky. A survey conducted by IBM found that 54% of employees would prefer to primarily work remotely. Of those surveyed, 75% said they would like to continue to work from home in at least a partial capacity, while 40% of respondents said they feel strongly that their employer should give employees the choice to opt-in to remote work.

It seems like the disrupted workplace will be with us for longer than we thought.

Crisis go, crisis come

The COVID-19 pandemic could be treated like a benchmark. By learning to take into consideration such challenges as the climate crisis or possible future lockdowns (the second wave of infections is spoken about loudly and nobody knows what it will look like), companies should change their approach to unpredictability and use the latest tools… to try to manage it!

Written by

Jacek Wróblewski

Go To Expert Spotlight Page

This Article Tags

All Tags

Our Customers Success Stories

How we boosted a COVID-19 vaccine production by digitally enhancing manufacturing operations

In response to an unprecedented global pandemic, our client – one of the pharma industry leaders- set out to develop, test, mass produce and organize the global distribution of a COVID-19 vaccine.

How to manage national resources to fight COVID-19 in the cloud?

Availability of ICUs is one of the key factors to keep the death toll as low as possible. ICU-M has been one of the reasons Germany has been managing the pandemic relatively well, keeping the number of deaths per 1M population at the low end compared with other EU states.

Bringing a global pharma company out of the dark via a Single Source of Truth (SSOT)

To get the full picture of the global market situation, companies use various sources of data. But to effectively control and steer business activity at all levels on global scale they need a centralized and trustworthy data source.

How to restore effective sales in animal pharma ensuring high quality and reliability of data

Our solutions cover all aspects of customer and sales transactions processing for life science industry companies carrying out their sales activity on many markets in cooperation with wholesalers, distributors and retailers.

Can proper data management help restart a shutdown pharma production plant?

Introducing rigorous quality assurance and management tools into data integration to enable the fastest possible resumption of a production plant’s functioning shut down due to issues with ERP system implementation.

How we helped Boehringer-Ingelheim stabilize their data ecosystem

Data governance, data management and data quality are the basis for the effective integration of IT systems, especially when the organization implements new solutions.

How we made the slow and inaccurate CEESA reporting in an animal pharma company much faster and much more accurate

Abundance of data can have enormous potential for business, but it can also be a source of problems. With large-scale operations – and this is where international animal pharma players operate – automation and advanced analytical methods become essential to building value from data insights.

Improving the workflow of Randstadt’s HR with an employee self-service solution

Low-code is the perfect tool for creating scalable solutions that ensure employee empowerment and self-service for simple activities and tasks. This can significantly relieve HR departments of the overload of administrative matters.

See how we used low-code to enable our pharma client to stay transparent and compliant with European legislation

End-to-end, flexible low-code based solution integrated with all the peripheral systems in company to meet rigorous transparency regulations for the pharma industry.

Replacing Excel sheets with AdaptiveGRC modules to improve internal audit

Emails and Excel sheets are passé. Digital audit needs improved flow of information, managing audit recommendations and enforcing their implementation clearly synchronized on a multi-level structure.

{
We can see that organizations had not considered the possibility of a pandemic outbreak and had not been prepared for its consequences (something like COVID-19 seemed too abstract to happen).
This is why the current pandemic should become an impulse to prepare for future times of unpredictability and to make plans for business continuity.

Latest Articles

Let`s Talk About a Solution

Questions?We’re here to answer them.

Our engineers, top specialists, and consultants will help you discover solutions tailored to your business. From simple support to complex digital transformation operations – we help you do more.





    We will only use the collected data for the following purposes:

    The Controller of your personal data is C&F S.A. with its headquarters in Warsaw, ul. Domaniewska 50, 02-672 Warszawa, Poland. We ask for your consent to the processing of your personal data collected using the form above. We may also collect other data as specified in our Privacy Policy.