Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Discover How Our Collaborative Partnerships Drive Innovation and Success
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
In these times of see-sawing between global bad news and hints of recovery from the coronavirus pandemic, crisis communications has evolved into a delicate mix of art and science. Companies have multiple stakeholders to keep in mind during any crisis. And while stakeholder concerns may overlap, each stakeholder has different things they must prioritize: investors (Is the business still viable or will it require transformation); employees (Do I still have a job?); customers (Will you still be able to service me?); the media (What’s going on with different businesses?) and the general public (I want to understand what businesses are facing.).
While businesses scramble to manage the coronavirus crisis this list of key principles can help communications professionals sharpen their company’s focus:
• What are the revised Compliance obligations that we should be aware of?
• What are the new risks that we are exposed to, given the business dynamics?
• Which are the policies that we should amend and how do we effectively communicate the change?
• How do we reinforce the message of good governance and ethical practices in these challenging times and refocus on the Culture of Compliance?
• What are the revised Compliance obligations that we should be aware of?
• Use this time to shine when going above and beyond to help employees.
As in:
• Home Depot emailed customers that it’s giving 80 hours of paid time off to full-time employees and 160 hours for those 65+.
• Lululemon received positive press in regard to directing 20 percent executive pay cuts and board retainer fees to an employee fund.
• Post crisis conduct key analysis. “What could have we done better?” “Who is good in a crisis?”
The focus on communication has never been more important than in today’s pandemic environment. Effective and timely communication to employees, customers, partners, and even third parties should be a key priority for organizations. Ideally, the communication should come from senior management or C-level executives to emphasize that attention is being paid to Compliance and how important it is for the organization to sustain Compliance. With the remote working setup, health and safety policies, information security policies etc., need to be revised regularly.
The updated policies and the risk of non-compliance needs to be clearly communicated to the relevant individuals, and attestations need to be tracked. Policy awareness campaigns can be managed with awareness drives. Messaging on the company’s continued commitment to a Culture of Ethics and Compliance, and zero tolerance for any misconduct needs to be reinforced and employees need to be encouraged to speak up. The focus should be on concentrating on the most important messages and keeping them short, engaging and empathetic.
As the risk landscape continues to evolve, it makes sense to view compliance through a different lens. Prioritize the Compliance Risk areas and focus on the ones that need more attention. Focus on the risks that have spiked in the recent past. It is critical to conduct regular, dynamic risk assessments in order to quickly comprehend the new circumstances and address the risks in a holistic manner. These risks must be contained with quick and timely action plans whether it is revising policies, implementing new controls, or escalating issues. Clear and defined review and escalation mechanisms are also very important.
There are many ways technology can come to the rescue to mitigate the risks of non-compliance during uncertainty. With technology, Compliance professionals, can stay on top of regulatory updates so that no important revisions are missed. They can easily update policies and procedures and get the revised policies quickly to where employees are. Policies can be easily linked to regulations, risks, processes and controls to quickly get a view into policies that are impacted. Details of Compliance Cases can be captured and analyzed to gather trends and the necessary controls can be implemented quickly. Technology can also help in managing comprehensive Compliance Assessments and facilitating quick and proactive response to any Compliance Issues identified. Another important benefit of technology is that organizations can ensure that all the Compliance Information is available in one common centralized repository.
As a result, everybody involved will have access to the right information at the right time and there is no redundancy. Moreover, Compliance Teams can quickly see the overall Compliance Posture by business unit, by process, or by geography. In conclusion, there is clearly no doubt that the current pandemic situation has disrupted businesses resulting in unparalleled economic uncertainty. Business leaders, including Governance, Risk and Compliance (GRC) professionals are finding it difficult to navigate the storm. The focus on GRC is now more so than ever before. The Compliance Function should take this in its stride, viewing the current situation as an opportunity and not a threat. The more proactively Compliance professionals can anticipate and mitigate risks by sharpening their focus on Compliance, supported by technology, the more their business will grow, and they will be more prepared to safely navigate and stay resilient through these uncertain times.
Mary Gorges, Head of Communications, MetricStream, leads the internal communications and helps in developing and delivering proactive communication plans and messaging strategies, aligned across different areas of MetricStream.
Subscribe for Latest Updates
Subscribe Now