Although some say COVID-19 is a black swan event, it really is not. Pandemics have occurred in the recent as well as the remote past. A clearly articulated description of pandemic risk can be found in the World Economic Forum’s, The Global Risks Report 2019. “The spread of infectious disease” was among the top 10 risks listed, based on impact. There are estimates of the cost of a pandemic in one of the special chapters in the report, though these may look small compared with what COVID-19 might actually cost.
In the The Global Risk Report for 2020, “infectious diseases” is again among the top 10 risks. That report describes the readiness of countries to deal with epidemic or pandemic and cites a Nuclear Threat Initiative study that concluded that “no country is fully prepared to handle an epidemic or pandemic.”
The World Economic Forum’s (WEF) annual meeting in Davos, Switzerland is attended by government, business, scientific and other leaders from a plethora of countries. The ideas and data developed by its staff and contributors are widely distributed and well communicated.
The WEF is not the only organization or individual to warn about pandemics. Bill Gates gave an excellent TED talk about pandemics in 2015 that has now gone viral on the internet. Heath organizations, think tanks focused on health and other types of organizations have put out the warning, as well.
In the face of these warnings, it is puzzling as to why has there been the lack of preparation witnessed in some sectors. On the other hand, many major corporations reacted speedily and effectively to the challenges presented by the pandemic, even if they had not had it among their list of top risks. The reason they were able to do so rests, in large measure, on these companies’ adoption and implementation of enterprise risk management (ERM).
ERM is a process that addresses both operational and strategic risk across all facets of an organization by identifying, prioritizing, mitigating and monitoring risk to ensure that the mission and strategy of the organization can be assured. Below are the numerous ways ERM has proven its worth in ameliorating the potential adverse effects of the pandemic, whether the risk was fully recognized or not.
See also: How Risk Managers Must Adapt to COVID
How ERM Has Mitigated Pandemic Risk Among Practicing Companies
A robust ERM implementation includes having both a business continuity and a disaster recovery plan. These plans enable companies to 1) assemble key decision makers immediately to approve responsive actions, 2) communicate to employees quickly and 3) move to “work at home” conditions without too many glitches. Many companies have indeed moved to a “digital only” environment with employees working at home. When this was not possible, companies rapidly put guidelines in place to create social distancing and other modes of worker protection.
ERM places a heavy emphasis on information technology security. Thus, as companies migrated to more work at home, employees already had cyber training. IT staff have implemented strong controls on aspects such as accessing systems and cloud security. Further, cyber insurance products have been purchased.
ERM also includes having a solid handle on supply chain risks, meaning that supply chains are well-documented and diversified and that supply alternatives lined up. A number of ERM practitioners moderate the parameters of their just-in-time production and ordering to allow for a certain amount of inventory to be available in the event of a catastrophe. However, even a company following ERM best practices can experience supply difficulties and losses when a pandemic is truly global and lingering, but less so than others.
In addition, ERM-managed companies tend to have very solid financial underpinnings in terms of capital levels, credit lines, investment portfolio diversification, etc. The "however" in this case is that many small businesses are unable to have as substantial a financial foundation as larger ones, and even large companies with solid financials cannot sustain a severe drop in revenues for consecutive months. Nevertheless, to the extent that practicing ERM resulted in stronger financials, companies were better-positioned to withstand the financial impact of the pandemic.
Further, ERM fosters keen focus on reputation risk. Companies with dynamic ERM practices understand the need to aggressively protect corporate reputation. As such, many of such companies widely communicated what they were doing to protect all stakeholders from the effects of the pandemic, modified their advertising to take a more sober and caring tone and introduced a new level of caution in all they did.
See also: COVID: How Carriers Can Recover
An Example for Others
Governments and healthcare institutions could have benefited from ERM or more robust ERM. The list of mitigations that could have been in place is legion. For example, stockpiles of personal protective equipment and respirators could have greater, the number of ICU beds could have been higher, protocol for where to treat patients who contract the virus could have been drafted in advance and treaties among co-operating countries that address warnings and the closing of borders in the event of an outbreak could have been drawn in advance.
It is hard to argue that companies with sound ERM practices were better-positioned to deal with the pandemic than those with less sound or no ERM. The benefit in dollars and cents may not be able to be determined accurately, but the benefit is real.