Category Archives: Crisis Management

Immediate Vault

How to Prepare Now for Your Next Crisis Post-COVID

Posted on by

As business leaders remain hyper-focused on navigating through the pandemic, few have sufficiently considered how to prepare for the next major crisis. There are many steps leaders can take, some of which include reassessing their risk management plans, constructing cohesive frameworks that proactively identify potential gaps, and identifying protocols and procedures to fill those gaps in preparation for future crises, no matter how big or small. 

Reflect and Optimize

Very often, companies have not taken the time to assess how they responded to previous crises because they are either too busy afterwards, or too happy to have survived with minimal consequences. But the pandemic has shown that this is a dangerous game to play. While we have seen that most organizations had some of the core elements of crisis management success—whether a crisis management plan and team, mass notification technology, risk and intel monitoring capabilities, or business continuity plans and teams—many had (and still have) not connected these parts into a successful framework. Moreover, they have not reflected on those plans to improve them and optimize their crisis and risk management approaches.

Businesses must evaluate their preparedness for and response to past crises and use lessons learned in those reviews to optimize their responses moving forward. Given COVID-19’s unexpectedly “long tail,” companies should review and reflect on their plans now, rather than wait months or years.

Create or Enhance Your Plan

While enhancing an old crisis plan or developing a new one will take work (and cost money) upfront, it is a process that will pay massive dividends in the long run. Once businesses have a concrete crisis management plan in place, have practiced the plan, and are prepared, the cost will realize itself both in terms of the monetary outlay and by mitigating potential risks that could prove highly detrimental to the business down the line. While different companies take varied approaches to crisis management planning, certain plan elements have proven their value during COVID-19 and likely will again during future crises. This is demonstrated in “the 3 S’s”: scenario analysis, stakeholder analysis, and standing media agenda.

  • Scenario analysis: Scenario analysis encourages companies to focus on the best, worst, and most-likely case scenarios when confronting a crisis and planning for various organizational responses. At the beginning of COVID-19, many companies saw the crisis as a “China problem,” and did not actively prepare for its potential global impact. Preparing in this way would have enabled them to have a broader, more proactive approach to crisis management, rather than getting caught in constant response mode, as many companies were. 
  • Stakeholder analysis: In times of crisis, businesses must quickly identify the key internal and external players that will be impacted and require critical attention. The companies that do so will be able to quickly identify their specific needs and/or interests and build their crisis responses around them. Not doing so often results in disorganized management of key stakeholders, exacerbating the impact of the crisis and/or causing additional work for the crisis team.  
  • Standing meeting agenda: Standing meeting agendas are crucial for helping to keep meetings on track, ensure discussions are impact-based and holistic, and guarantee key facets of the response are consistently revisited until resolved. Organizations that do not utilize standing meeting agendas often find their meetings to be frustrating, disorganized, and never-ending as conversations go around in circles.

Practice Responding to Crises

It would be easy to believe that you do not need to practice your crisis responses and exercise your plans after navigating a massive crisis like COVID-19, but that would be a mistake. Every crisis has its own unique characteristics, impacts, and challenges, and crisis exercising has proven to be one of the most effective means of preparing organizations and their leaders for navigating the next crisis or managing multiple, smaller crises at once. Just as with physical exercise, crisis exercising keeps organizations nimble and helps develop organizational muscle memory to ensure businesses and leaders are prepared for a real crisis.  

Do Not Forget Travel 

While most business leaders are thinking about bringing people back to the office, few have considered that many, ironically, are going to be looking for opportunities to leave it again—getting back on the road and visiting suppliers, customers, etc. So it would be short sighted for companies to only focus on policies and procedures around returning to the office, when they should start thinking about policies around returning to travel too. This will bring exponentially more challenging situations given the lack of consistency and (likely) inequity of vaccine distributions across the world, especially in developing nations where many employees may be traveling. Business leaders should be thinking about this now and planning for how to enable and support employee travel when it is safe to do so.

Take Risk Management and Monitoring Seriously

Risk management programs can no longer be developed with a “check-the-box” approach. As COVID-19 proves, high impact-low probability events are not only possible but probable, and so companies must take risk management and monitoring seriously. During this time, companies have started to build information and intelligence monitoring capabilities to help them digest the large volume and varied kinds of information they are receiving. This has included agreeing on scenarios and triggers that, when met, result in particular organizational action (e.g., reopening the office when case counts are at a certain level or enough people have received the vaccine). The last thing companies should do is stop monitoring when it seems as though the pandemic or any other crisis seems to be slowing or ending. In fact, organizations should not only maintain this monitoring but expand it to include other risk types identified during the crisis that could create another significant disruption down the line. This will allow the organization’s leaders to make data-based, proactive decisions rather than waiting until a crisis happens.

Crisis and business continuity planning has never been more important. The COVID-19 pandemic has dramatically shifted the way businesses operate and has created new problems that business leaders must solve. To effectively plan for the next crisis, leaders must prioritize these capabilities, creating a holistic framework that addresses various types of threats. Taking these steps now will better prepare organizations for the next major crisis, however unlikely and no matter the scope and scale.

After COVID, Cyberrisks Top Agenda for Risk Professionals in India, Marsh and RIMS Report

Posted on by

For risk professionals in India, the COVID-19 pandemic has underscored the critical need to build business resilience and develop mature yet flexible business continuity plans to address both short- and long-term threats. In the new Marsh and RIMS report Excellence in Risk Management India 2020, Spotlight on Resilience: Risk Management During COVID-19, 63% of risk professionals in India said a new pandemic or continued fallout from COVID-19 was a top risk facing their organization, followed by cyberattacks (56%), data fraud or theft (36%), failure of critical infrastructure (33%), fiscal crises (31%), and extreme weather events (25%).

This mix of top risks illustrates the critical task before risk professionals heading into 2021: ensuring capability and procedures to respond to fast-emerging disasters, while not losing sight of the critical work to boost baseline resilience against foreseeable risks across the enterprise.

“Organizations need to balance their focus between longstanding and emerging risks,” said Sanjay Kedia, country head and CEO of Marsh India. “While there has long been an awareness of weather-related risks, low-frequency risks generally receive less attention. The pandemic has underlined the need for risk managers to keep all perils on their radar.”

Indeed, Marsh and RIMS found risk assessment and modeling are critical gaps for India-based risk professionals to focus on to mature their risk management programs. “As businesses recover from COVID-19, many senior leaders are shifting attention to questions of resilience.

buy nizoral online greendalept.com/wp-content/uploads/2023/10/nizoral.html no prescription pharmacy

But, as our survey shows, the use of advanced risk management techniques in India remains limited—for example, more than one-fifth of respondents do not assess or model emerging risks,” the report noted.

This is particularly the case with emerging cyberrisks. Cyberattacks and data loss or theft ranked among the top three threats, and the pandemic escalated the already rising number of cyberthreats to companies in India with the shift to remote work, online business, and ransomware attacks. Indeed, the report noted that the pandemic led to a surge in cyberattacks against Indian companies, with New Delhi among the top 10 most often attacked cities with regard to ransomware in 2020, and more than a third of Indian respondents to a June survey by Microsoft reporting they had fallen prey to a pandemic-related phishing email. Yet only a third of respondents to the Marsh/RIMS report said they model potential cyber loss scenarios, and only 26% plan to do so in the next year. Key cyberrisk management measures and the rate of implementation among Indian companies include:

Whether it is phishing attacks on employees or internet outages interrupting operations in the supply chain, the report notes that the next major event for Indian companies could well be a cyberattack. Focusing on building cyber resilience was one of the report’s four key recommendations, noting “organizations should shift their focus from solely trying to prevent an attack to accepting the inevitability of a cyber event and taking action to mitigate its effect.”

The report’s other top recommendations for risk professionals in India were:

  • Regularly review existing business continuity plans – “Companies should carefully review and refine their business continuity plans. They should ensure their plans enable them to respond effectively to threats that bring short-term pain and long-term and widespread challenges, as is the case with COVID-19.”
  • Embrace the changing working environment – “Lockdowns intended to stem the spread of COVID-19 required many companies to quickly move to remote working, change their business models, and implement new safety measures upon return to the workplace. Other perils, like a natural disaster, could necessitate and precipitate such shifts, even if shorter in duration. Businesses should invest in structures that allow employees to work remotely effectively, efficiently, and safely and should educate employees on new ways of working under changing circumstances.”
  • Remap and remodel your supply chain – “The COVID-19 pandemic emphasizes the need to re-examine supply chains regularly, with special focus on understanding the resilience and reliance of vendors. Companies would benefit from understanding their vendors’ ecosystems; both to provide a clearer view of how they could be affected by different risks and to review contracts to better understand liabilities.
    buy inderal online greendalept.com/wp-content/uploads/2023/10/inderal.html no prescription pharmacy

Moving forward, there is considerable room for risk professionals to be more involved in scenario analysis and strategy

In December, RIMS introduced additional resources specifically for risk professionals in India looking to elevate their risk practice. The report was released around the recent RIMS Virtual Risk Forum India 2020, which brought together hundreds of risk and insurance professionals from across India and around the world. Soon thereafter, the risk management society also announced the official formation of a RIMS India Chapter.

“The exchange of knowledge and experience drives the risk management profession, allowing practitioners to more effectively enhance corporate decision-making, strengthen resiliency and leverage new and exciting opportunities for their organizations,” said Roop Kumar, chief of risk at SBI Life and inaugural president of the India chapter’s board of directors. “RIMS India Chapter will quickly become an exceptional resource for all business leaders. We look forward to delivering cutting-edge risk management insight to support our members as they advance their programs and their careers.”

Other members of the inaugural board of the India chapter include: Keerthana Mainkar, head ERM at Infosys; Amol Padhye, head of market risk at HDFC Bank; Amber Gupta, head legal and corporate secretary at Birla Sunlife Insurance; Anand Shirur, CEO of Digitangle Consulting PVT, Ltd; Steward Doss, associate professor at National Insurance Academy; Monika Mittal, professor at BIMTECH; Shibyanshu Sharma, vice president of risk management at SBI Life; and Yogesh Ghorpade, head of ERM and insurance lead at Thermax Industries.

“RIMS India’s Board of Directors truly represent a cross-section of the country’s risk management community,” said Gopal Krishnan K S, head of RIMS India Operations. “The Society looks forward to learning from their unique experiences and welcoming others to contribute so that, together, we can develop the highest standard of risk management education to address corporate India’s biggest concerns.

buy cozaar online greendalept.com/wp-content/uploads/2023/10/cozaar.html no prescription pharmacy

RIMS Virtual Advocacy Week: A Q&A with Florida Insurance Commissioner David Altmaier

Posted on by

Today, RIMS is taking its annual Legislative Summit online, kicking off the first RIMS Virtual Advocacy Week. Featuring a full slate of networking, a panel on pandemic insurance, updates on the 2020 U.S. elections, and hands-on advocacy with members of Congress, RIMS Virtual Advocacy Week is still open for last-minute registrations, if you want to join in on the action.

On Wednesday, September 16, the agenda includes a fireside chat with Florida Insurance Commissioner David Altmaier, who is also president-elect of the National Association of Insurance Commissioners (NAIC). Commissioner Altmaier has held the position for four years and has been with the Florida Office of Insurance Regulation office for nearly 12.

Altmaier recently appeared on RIMScast to discuss the issues he will address in Wednesday’s session, most notably the impact COVID-19 has had on the landscape of business interruption coverage. Check out the highlights below, and download the episode for Commissioner Altmaier’s full interview and a deeper dive into other topics such as ORSA reports, the Terrorism Risk Insurance Act (TRIA) and the National Flood Insurance Program (NFIP).

What playbook did you use to prepare and react to COVID-19?

David Altmaier:  Our response initially looked a lot like what we would do for an inbound hurricane: We assembled what we call our “incident management team,” and started to look at the types of needs of consumers from an insurance standpoint. We put into place mechanisms that we thought would be helpful as the pandemic began to take hold in Florida and around the United States. And we saw insurance commissioners around the country doing the same thing, obviously, as the pandemic unfolded and we started to see other risks and concerns emerge.

COVID-19 has been at the forefront of all of our regulatory discussions going back to March of this year. and that will continue to be at the forefront of our discussions even after the pandemic has concluded.

Business interruption insurance is closely tied to it and has emerged as one of the more pressing insurance issues as a result of the pandemic. We have seen issues like telemedicine and catastrophe response in a virtual setting, for example, also come up as a result. [That has] impacted how we go to work every day and how we interact with our stakeholders, and I think those will be some worthy discussion topics as well.

How can the risk management community drive meaningful change in regulations, policies and legislation?

DA: As discussions take place about an event that we haven’t seen in a really long time, like a pandemic, there will be a lot of ideas that come up in terms of how to react to the current pandemic, as well as how to prepare for future pandemics. And I think that, as we have those conversations, there’s going to be a multitude of stakeholders whose viewpoints are important.

Risk managers are certainly going to be at the top of that list because they are going to understand the risks that the insurance industry faces. We see ideas of what level of responsibility the insurance industry [should have] in terms of covering things like business interruption insurance. Their expertise will be invaluable as we begin to work with state and federal leaders in crafting policies that can assist with the current pandemic, as well as future pandemics.

Own Risk and Solvency Assessment, or ORSA, is a framework heralded by the NAIC. Why should risk and insurance professionals look to ORSA reports for guidance?

DA: ORSA reflects how our insurance market, along with other majors of our economy, evolves over time and responds to new and emerging risks. It’s a constantly changing environment that regulators are trying to evolve along with, and our teams here in the insurance departments are trying to make sure that we stay ahead of the curve in terms of identifying those emerging risks.

The ORSA report is a glimpse into the thought process for our larger companies and groups into the boardroom and into the C-suites. [It features] theories on their own risk and how their unique position in the marketplace might expose them […] and require them to take steps to mitigate those risks. It’s a really critical piece of information for regulators to have as we build our own supervisory plans, going forward. Obviously, the pandemic that has occurred—like with any catastrophe—potentially highlights things that may have previously not been considered.

Let’s talk about force majeure. The pandemic has inspired new legislation to be drafted that affects the language of insurance policies in an effort to cover interruption. Where does the NAIC stand on that?

DA: NAIC sent feedback to Congress early on, in early to mid-March, with our thoughts that requiring carriers to cover losses that weren’t previously contemplated under the policy forms could do a lot more long-term harm than short-term good.

We have seen some state houses file state legislation that would be similar, in that it would require carriers to cover business interruption losses even if the policy forms didn’t contemplate that. We’ve sort of left it to individual insurance commissioners in those states to work with their legislatures on what’s best for their market.

Planning and Risk Assessment for Returning to Work From COVID-19 Closures

Posted on by

As businesses reopen and begin having their employees return to work, navigating the impacts of COVID-19 will undoubtedly be a challenge. Not only does keeping employees and customers safe take on new meaning, but sorting through rapidly changing guidelines can be overwhelming at best.

Adding to the complexity of returning to work after coronavirus-related closures, the Occupational Safety and Health Administration (OSHA), the Centers for Disease Control and Prevention (CDC) and various jurisdictional health departments are all providing guidance. To best keep employees safe and make sure businesses are heading down the right path of compliance in this new era, employers should focus on planning and structure reopening into four phases: 1. identify organizational responsibilities, 2. assess risk, 3. identify the controls needed to return safely, and 4. implement.

1. Identify Organizational Responsibilities

OSHA’s Infection Disease Preparedness and Response Plan (IDPRP) has presented a helpful approach for a range of organizations across the country. The plan helps emphasize and communicate basic infection prevention measures and establishes policies and practices to reduce the risk of disease transmission in the workplace. It also helps employers develop procedures for prompt identification and isolation of potentially infectious individuals, along with implementing safe work practices and workplace controls, such as engineering and administrative controls.

To start, identify the people within the organization who will lead the return-to-work effort. This team will provide daily updates on plan implementation, review company sick leave policies and procure and distribute Personal Protective Equipment (PPE).

During this phase, review your organization’s policies and procedures to ensure they are not creating obstacles for social distancing or staying at home when sick. Sick leave, quarantine policies and pay continuation should all be modified as necessary.

2. Assess Employee Risk Exposure to COVID-19

With a team in place, it’s time to dig deep into individual roles within the organization to understand the risks associated with various work sites and job tasks. The IDPRP helps organizations identify and quantify risks associated with infectious disease and helps to evaluate an employee’s exposure to COVID-19.

When evaluating the individual roles, identify the position, task and potential exposure based on criteria laid out in four exposure levels:

  • Low risk: Jobs that do not require contact with people known to be or suspected of being infected with COVID 19. Workers in this category have minimal occupational contact with the public and other coworkers. Office workers and telecommuters are examples of low-risk roles.
  • Medium risk: Jobs that require frequent or close contact with people who may be infected, but who are not known to have or suspected of having COVID-19. Higher-volume retail workers, restaurant servers and teachers are examples of medium-risk roles.
  • High risk: Jobs with a high potential for exposure to people known or suspected to be infected with COVID-19. Healthcare support personnel, janitorial personnel in healthcare and medical transport personnel are examples of high-risk roles.
  • Very high risk: Jobs with a very high potential for exposure to people or samples with known or suspected COVID-19 infection during specific medical, postmortem or laboratory procedures. Laboratory workers testing for COVID-19, pulmonary therapists and morticians performing autopsies are examples of very high-risk roles.
    buy clomid online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/clomid.html no prescription pharmacy

3. Identify the Controls Needed to Return Safely

After completing a risk assessment for each role, identify specific PPE and administrative and engineering controls to reduce employee exposures. Clerical work, for example, is considered low risk and controls include social distancing and awareness training. A task such as stocking shelves where an employee has moderate exposure to others is considered a medium risk and nitrile gloves, cotton masks and other PPE are recommended. For tasks with high or very high exposure such as healthcare delivery staff, controls include nitrile gloves, facemasks, N-95 or better respirator, protective gown, booties, and head cover.

4. Put the Plan in Action

There are many organizational actions that can be implemented to further prepare to support and enforce the mitigation controls in place. Engineering controls to consider include installing high-efficiency air filters in HVAC systems, increasing a facilities dilution ventilation rate or installing physical barriers to control exposure. Post signs detailing cleaning and disinfecting procedures and social distancing requirements.

buy tenormin online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/tenormin.html no prescription pharmacy

Activate temperature stations and enforce an elevator policy.

For a successful return to work, it is essential to communicate and train employees regarding protections in the workplace. A communication plan should be identified during the organizational return-to-work planning phase, along with employee, supervisor and manager training. The workforce must be well-versed in recognizing symptoms, and everyone should know how to report possible exposure and what mitigation controls specific roles should be using. Your workers compensation carrier should be able to walk you through this process and help get you back to work. Tools and resources are also available on the OSHA and CDC websites.

Organizations that had clear pandemic response plans in place ahead of COVID-19 have had better access to PPE, quicker response times to daily changes in recommended controls, and more consistent ability to address employee concerns. If an employer does not currently have a response plan in place, however, it is never too late to get started. Preparing to return to work is a perfect time to establish the framework to make sure a business is not only ready to work during COVID-19, but also ready for unforeseen disasters in the future.