Preparing for a Post Covid World

Raimund Laqua, PMP, P.Eng
ray.laqua@leancompliance.ca
WWW.LEANCOMPLIANCE.CA
PREPARING FOR
POST COVID-19
FROM CRISIS TO RECOVERY

PREPARING FOR POST COVID-19
The Big Idea
As the lifting of Covid-19 restrictions begin all around the world, companies
are starting to transition to a next normal for their business. This requires a
risk-based business recovery plan that:
• Reimagines what normal looks like
• Safely restarts operations
• Recovers business that was lost
• Reinforces defenses against future uncertainty
This is an opportunity for risk & compliance to be at the table to lead and
coordinate efforts to improve the probability of mission success.

☐Implemented, and underway
☐Completed, and ready to go
☐Developing, and going well.
☐Started, and struggling to get it done.
☐Not started.
1. What is the status of your business recovery plan?
Webinar Poll

Outline
Outcome:
Understand what a risk-based
business recovery plan consists of
that addresses the risks that
really matter to improve the
probability of mission success.
Outline:
1. Risk Context
2. Risk Assessment
3. Risk Attitude
4. Risk Scenarios
5. Risk Treatment
COVID-19 CRISIS COVID-19 RECOVERY

1. Risk Context
To establish the context means to define the external and internal
parameters that organizations must consider when they manage risk.
An organization’s external context includes its external stakeholders,
its local, national, and international environment, as well as any
external factors that influence its objectives.
An organization’s internal context includes its internal stakeholders,
its approach to governance, its contractual relationships, and its
capabilities, culture, and standards.
† https://www.praxiom.com/iso-31000.htm

1. Risk Context
☐ Impacts due to COVID-19: health, supply, demand, operations
☐ Employee rights to refuse work if workplace is unsafe
☐ Ethical and legal concerns with respect to contact tracing, and
proximity technologies
☐ Obligations at risk, deferred obligations that are coming due
☐ Business assumptions challenged
☐ Reduction in workforce: lay offs, retention, etc.
☐ Changing definition of what the next "normal" looks like
☐ Remote work
☐ Contract failures and disputes arising from COVID-19
☐ Increased litigation and lawsuits
☐ Worker health checks and monitoring
☐ Lineups at elevators, shift work, and distanced desks
☐ New safety guidelines and conditions to resume operations
☐ Staggered recovery of businesses
☐ Anticipated second COVID-19 wave, recession
COVID-19 CRISIS
Which factors really matter?

1. Risk Context
Mission
Quality
Health & Safety
Security
Environmental
Process Safety
Pipeline Safety
Food Safety
Patient Safety
Conformance
to Industry Standards
Conformance
to Legal Requirements
Accept Stakeholder
Responsibilities
Accept Public
Responsibilities
Institutional Risk
Missional Risk
Operational Risk
Reputational Risk
Cyber Risk
Financial Risk
Third Party Risk
Sustainability Risk
Public Safety Risk
Trustability Risk
Legal
Regulatory
Ethics
Code of Conduct
Contracts
Certifications
Public Safety
Social License
Regulatory License
• Voluntary
• Outcome-focused
• Risk-based
• Learn / Improve
• Proactive
• Mandatory
• Rules-focused
• Prescriptive
• Audit / Fix
• Reactive
ORGANIZATIONAL CORPORATERISK
What is the status of compliance obligations?

1. Risk Context
† Modified Value Chain Analysis (Michael Porter)
PRODUCTIVTY
Inbound
Logistics
Operations Outboun
d
Logistics
Marketing
&
Sales
Service
Inbound
Logistics
Outboun
d
Logistics
Marketing
&
Sales
ServiceOperations
ETHICS & REGULATORY
ENVIRONMENTAL
SAFETY & SECURITY
QUALITY
RISK&COMPLIANCE
RISK
VALUE
CHAIN
Sustainability
Reputation
Quality
Safety
Trust
OUTCOMESTRANSFORMATION
M
A
R
G
IN
INBOUND
LOGISTICS
OPERATIONS OUTBOUND
LOGISTICS
MARKETING
&
SALES
SERVICE
INFRASTRUCTURE
HUMAN RESOURCE
TECHNOLOGY
PROCUREMENT
TOTALVALUE
Profit
Growth
Margins
Efficiency
Productivity
Where does risk and compliance contribute to outcomes

1. Risk Context
• When will the money run out?
• When will the lay offs begin?
• When will we close for good?
Crisis Management
• What risks really matter?
• What risks can we buy down?
• What risks require margin?
Risk Management
• What is the next normal?
• How do we get there?
• What resources do we need?
• What threats or opportunities
should we consider?
• How do we measure our progress?
Change
Management
Which management approach should be used?

1. Risk Context
“Over the years, compliance officers have designed and implemented the
now recognized three pillars of an effective compliance system: prevent,
detect and respond, including monitoring and remediation.
This system is equally valid for all relevant risk functions in a corporation,
including health, safety and environment, business continuity and
emergency management, data privacy, quality, IT security, finance and
others.
Instead of being “just another workstream,” courageous, risk-aware and
crisis-resilient compliance officers can rightfully claim consideration for
the lead or at least the coordination of an integrated risk management
system in corporations."
– Dr. Klaus Moosmayer
COMPLIANCE OFFICER ROLE
Which role will lead the recovery?

☐Chief Executive Officer (CEO)
☐Chief Compliance / Risk Officer (CCO) or (CRO)
☐Crisis Team / Task force
☐Committee
☐No one
2. Who is leading your recovery efforts?
Webinar Poll

2. Risk Assessment
Risk assessment is a process that is made up of three separate processes: risk
identification, risk analysis, and risk evaluation.
Risk identification is a process that is used to find, recognize, and describe the
risks that could affect the achievement of objectives.
Risk analysis is a process that is used to understand the nature, sources, and
causes of the risks that you have identified and to estimate the level of risk. It
is also used to study impacts and consequences and to examine the controls
that exist.
Risk evaluation is a process that is used to compare risk analysis results with
risk criteria in order to determine whether or not a specified level of risk is
acceptable or tolerable.

2. Risk Assessment
COVID-19 PANDEMIC COVID-19 SHUTDOWN COVID-19 IMPACTS
How do we control transmission? How do we survive the crisis? How do we recover?
RISK
SOURCES

RISK MEASURES
RISK SCENARIO
2. Risk Assessment
• Collect data, develop tests, work on a vaccine
• Introduce safety measures: washing hands, social
distancing, self-isolation, reduce travel, PPE, etc.
• Prepare for significant increase in hospitalization
• “Flatten the curve”
• New variant of the corona virus
• Worldwide pandemic, Infection rate 2.5
• Impacts are asymmetric
• No vaccine
• Deaths 284,000 / Cases 4,200,957
• Significant uncertainty
LOSS OF LIFE
CAUSES
CONSEQUENCES
PREVENTIVE
CONTROLS
MITIGATIVE
CONTROLS
LOSS OF LIFE
MAJOR SYMPTOMS
MINOR SYMPTOMS
NO SYMPTOMS
ECONOMIC SLOWDOWN
WASHING HANDS, SELF ISOLATION,
SOCIAL DISTANCING,
ECONOMIC SHUTDOWN
QUARANTINE,
HOSPITALIZATION,
RESERVES
INFECTED PERSON
SURFACES
HYGIENE
THREAT
COVID-19 PANDEMIC
How do we control transmission?

RISK MEASURES
RISK SCENARIO
2. Risk Assessment
• Declared Emergency / Crisis
• Quarantine as many as possible (shutdown
borders, travel, economy, public spaces, etc.)
• #StayAtHome / Shelter-in-place
• Governments introduce emergency programs
• Businesses activate crisis management teams:
• when will the money run out?
• when will lay offs begin?
• when will we close for good?
• Transmission of COVID-19 multiplies
• Increase in number of cases and deaths
• No vaccine and “treatment” options are limited
• Identification of hot spots, super spreaders
• Panic increases
CAUSES
CONSEQUENCES
PREVENTIVE
CONTROLS
MITIGATIVE
CONTROLS
LOSS OF BUSINESS, LOSS OF LIVELIHOOD
LOSS OF BUSINESS
LOSS OF LIVELIHOOD
LOSS OF HOME
FAMILY BREAKDOWN
PERSONAL BANKRUPTCY
RESERVES, SAVINGS, GOVERNMENT SUPPORT,
FAMILY SUPPORT, COUNSELLING,
NEW BUSINESS, NEW LIVELIHOOD
SAFETY MEASURES
ECONOMIC SLOWDOWN
REDUCTION OF WORKFORCE
THREAT
NONE
COVID-19 SHUTDOWN
How do we survive the crisis?

2. Risk Assessment
COVID-19 IMPACTS
RISK MEASURES
RISK SCENARIO
• Pandemic continues
• Curve is flattening
• Reserves and contingencies running out
• Increase in layoffs and unemployment (20%)
• Closures and bankruptcies
• Significant market disruptions
• Increased vulnerabilities: cyber risk, operational risk, etc.
• Long tail of impacts
• Anticipated second wave, recession, ?
CAUSES
CONSEQUENCES
PREVENTIVE
CONTROLS
MITIGATIVE
CONTROLS
THREAT
CAUSES
CONSEQUENCES
ENABLE
CONTROLS
EXPLOIT
CONTROLS
OPPORTUNITY
How do we recover?
LOSS OF LIFE,
LOSS OF BUSINESS,
LOSS OF LIVELIHOOD
BETTER LIFE,
BETTER BUSINESS,
BETTER LIVELIHOOD

ORDER
• The place you are when
what you do works
• Predictable / Certain
• Occasional chaos
• Deterministic
• Routine
• Underwhelming
Order Chaos
2. Risk Assessment
CHAOS
• The place you are when
what you do doesn’t work
• Unpredictable / Uncertain
• Occasional order
• Random
• Abnormal
• Overwhelming
Uncertainty creates the opportunity for risk

☐Certain – Order, with occasional chaos.
☐Ambiguous – On the edge between order and chaos.
☐Uncertain – Chaos, with occasional order.
3. What is your level of uncertainty with respect to your mission objectives?
Webinar Poll

3. Risk Attitude
An organization’s risk attitude defines its general approach to risk. An
organization’s risk attitude (and its risk criteria) influence how risks are
assessed and addressed. An organization’s attitude towards risk affects
whether or not risks are taken, tolerated, retained, shared, reduced, or
avoided, and whether or not treatments are implemented or postponed.

3. Risk Attitude
Strategist
Let’s improve the
probability of success
RISK
STRATEGIST
Avoider
I don’t want
any risk
RISK
INTOLERANT
Gambler
Let’s play
the odds
RISK
SEEKING
Ostrich
I don’t want
to know
RISK
TOLERANT
Manager
Let’s size the risk
and decide
RISK
NEUTRAL
Our attitude towards risk affects our approach

• Protect (guard) against loss
• Minimize variation by preventing or recovery
from threats
• Focus on efficiency (cost, schedule,
performance)
• Pay attention to what might cause failure
and what could go wrong
• Ensure (make certain of) outcomes
• Maximize value by enabling and exploiting
opportunities
• Focus on effectiveness (outcomes, value
creation, benefits realization)
• Pay attention to what is critical to success
and what needs to go right
Avoid Failure Pursue Success
3. Risk Attitude
Objectives of a Risk Strategist

☐Ostrich, I don’t want to know.
☐Avoider, I don’t want any risk.
☐Manager, let’s do the math.
☐Gambler, let’s play the odds.
☐Strategist, let’s improve the probability of success.
4. What is your attitude towards risk?
Webinar Poll

4. Risk Scenarios
Scenario analysis is a process of analyzing future events by considering
alternative possible outcomes (sometimes called "alternative worlds"). Thus,
scenario analysis, which is one of the main forms of projection, does not try to
show one exact picture of the future. Instead, it presents several alternative
future developments.
It does not rely on historical data and does not expect past observations to
remain valid in the future. Instead, it tries to consider possible developments
and turning points, which may only be connected to the past. In short, several
scenarios are fleshed out in a scenario analysis to show possible future
outcomes
† https://en.wikipedia.org/wiki/Scenario_analysis

4. Risk Scenarios
COVID-19 PANDEMIC COVID-19 SHUTDOWN COVID-19 IMPACTS
How do we control transmission? How do we sruvive the crisis? How do we recover?
How do we restart safely? How do we recover our business? How do we reinforce our defenses?
RESTART RECOVER REINFORCE
What is the next normal?
REIMAGINE
RISK
SCENARIOS
RISK
SOURCES

4. Risk Scenarios
RISK SCENARIOS
• What are possible next normals?
• Which ones address the risks that really matter?
• Which ones need to happen first (are their dependencies?)
• Which ones do you build your business recovery plan around?

☐Minor, business assumptions are mostly valid.
• tactical / safety changes are needed.
☐Moderate, significant changes to business assumptions.
• business model,
• tactical / safety changes are needed.
☐Major, business assumptions no longer valid.
• entire business strategy needs to be re-evaluated.
5. What is the level of impact caused by COVID-19 on your business?
Webinar Poll

4. Risk Scenarios
Who is leading
the recovery
effort?
What is the level of
uncertainty?
What is the risk
attitude?
impact caused by
COVID-19?
What phases are
necessary to
resume operations?
What type of
change is required?
CEO Certain Ostrich Minor Restart Tactical / Safety
CCO / CRO Ambiguous Avoider Moderate Recover Business Model
Crisis Team /
Task Force
Uncertain Manager Major Reinforce Business Strategy
Committee Gambler
No One Strategist
Scenario Decision Matrix

5. Risk Scenarios
Who is leading
the recovery
effort?
uncertainty?
What is the risk
attitude?
impact caused by
COVID-19?
What phases are
necessary to
resume operations?
What type of
change is required?
Crisis Team /
Task Force
Committee Gambler
No One Strategist
Scenario #1 – TACTICAL / SAFETY CHANGE LOW RISK

4. Risk Scenarios
Who is leading
the recovery
effort?
uncertainty?
What is the risk
attitude?
impact caused by
COVID-19?
What phases are
necessary to
resume operations?
What type of
change is required?
Crisis Team /
Task Force
Committee Gambler
No One Strategist
Scenario #2 – BUSINESS MODEL CHANGE MEDIUM RISK

4. Risk Scenarios
Who is leading
the recovery
effort?
uncertainty?
What is the risk
attitude?
impact caused by
COVID-19?
What phases are
necessary to
resume operations?
What type of
change is required?
Crisis Team /
Task Force
Committee Gambler
No One Strategist
Scenario #3 – BUSINESS STRATEGY CHANGE HIGH RISK

☐Scenario #1 – Tactical / Safety
☐Scenario #2 – Business Model, includes #1
☐Scenario #3 – Business Strategy, includes #2 and #1
☐Not sure
6. Which scenario should your organization consider?
Webinar Poll

5. Risk Treatment
Risk treatment is a risk modification process. It involves selecting and
implementing one or more treatment options. Once a treatment has been
implemented, it becomes a control, or it modifies existing controls.
You have many treatment options. You can avoid the risk, you can
reduce the risk, you can remove the source of the risk, you can modify
the consequences, you can change the probabilities, you can share the
risk with others, you can simply retain the risk, or you can even increase
the risk in order to pursue an opportunity.

3. Do we have everything
we need to get the next
NORMAL?
1. What is the next
NORMAL?
5. What threats or
opportunities will we
encounter on the way
to the next NORMAL?
2. How do we get to
the next NORMAL?
4. How do we measure
our progress towards
the next NORMAL?
DESTINATION PLAN RESOURCES PROGRESS RISK
5. Risk Treatment
Each scenario must have compelling answers to these questions

5. Risk Treatment
• Define scenario: what are the business assumptions, what is the next
normal, how do we get there, what resources do we need, and how will
progress be measured.1. Define
• Introduce pre-mortem: open and honest discussion and imagine that your
company failed, and that it succeeded. In addition, estimate uncertainties.2. Introduce
• Debrief discussions: all team members describe why your company failed,
and why your company succeeded.3. Debrief
• Prioritize risk: separate into reducible (what you can buy down), and
irreducible (what you treat with margins).4. Prioritize
• Brainstorm handling strategies: identify steps to buy down risk or treat with
margins.5. Brainstorm
• Update Business Recovery Plan and Risk Register.
6. Document

SCENARIO RISK CANVAS
PREMORTEM1. DESTINATION
3. RESOURCES
2. PLAN 5. RISK
4. PROGRESS
UNCERTAINTIES
Do we have everything we need?
What does NORMAL look like?
Reducible / Buy down
How do we measure progress?
Why did we fail?
How do we get to NORMAL?
What didn’t we know?
Why did we succeed? What didn’t we control? Irreducible / Treat with Margin
What threats or opportunities
hinder or advance progress?
0. ASSUMPTIONS
SCENARIO:

SCENARIO RISK CANVAS
PREMORTEM1. DESTINATION
3. RESOURCES
2. PLAN 5. RISK
4. PROGRESS
UNCERTAINTIES
Sustainable critical safety roles
Additional office space
Enhanced cyber protection
Sustainable supply of PPE
Critical systems available remotely
Training for remote workers
Do we have everything we need?
COVID-19 Safety measures in place
Management reviews include safety
Operationalize remote work
Operationalize workplace distancing
Operational readiness @ 65% capacity
Pre-startup Safety Review include COVID
Sustainable supply chain
What does NORMAL look like?
T - Cyber risk
T - COVID-19 Infection
T- Weaker product demand
T- Supply chain vulnerabilities
O - Increase customer relationship
O - Improve workforce alignment
Reducible / Buy down
Operational readiness level
Corporate climate level
Supplier quality levels
Customer engagement levels
Product demand
How do we measure progress?
Didn’t prepare for second wave
Didn’t prepare for long term impacts
Didn’t’ prepare for another lockdown
Didn’t build up reserves
We didn’t’ address negativity
Didn’t train workforce for remote work
Didn’t strengthen IT systems
Why did we fail?Identify COVID-19 safety measures
Identify additional risk measures
Implement COVID-19 safety measures
Implement additional risk measures
Develop communication plan
Identify gating conditions for startup
Build up corporate morale
Improve remote access to systems
How do we get to NORMAL?
The long-term effects on our customers
Supply chain vulnerability
Weaker product demand
Critical safety functions not performing
What didn’t we know?
Continuous Risk Management
Maintained healthy workforce
Increased reserves
Increased cyber threat protection
Stayed connected with customers
Better remote work capabilities
Stayed connected with suppliers
Why did we succeed?
COVID-19 Transmission
Cyber risk
Corporate climate
Supply chain quality
Critical to Quality
Critical to Safety
Critical to Compliance
What didn’t we control?
COVID-19 Lockdown
Litigation
Irreducible / Treat with Margin
What threats or opportunities
hinder or advance progress?
0. ASSUMPTIONS
Demand will return to 80% by EOY
Existing business model valid and viable
Workforce morale is low
Impacts will continue until end of 2021
Integrity of value chain is a concern
Shareholder trust is high, but concerned
SCENARIO: #1 Tactical / Safety
O - Introduce digital services

5. Risk Treatment
NO. OBJECTIVE UNCERTAINTY
ESTIMATE
UNCERTAINTY
TYPE
RISK
(EFFECT OF UNCERTAINTY ON
OBJECTIVES)
PREVENTIVE MEASURES RECOVERY
MEASURES
1.1 Control transmission of COVID-19 at the
work site to acceptable levels as
reasonably practicable per provincial
guidelines.
Medium Reducible As a result of ineffective safety
measures,, infection may occur, leading
to health impacts.
Social Distancing
Face Masks
Remote Work
Shift work
Desk distancing
Disinfection Protocols
Employee Temperature monitoring
Quarantine
Hospitalization
1.2 Maintain safe operations of the plant. Low Reducible and
Irreducible
As a result of a reduction in workforce,
critical safety activities may not occur,
leading to an increase in safety incidents.
Pre-startup Safety Review Incident investigations
Emergency response
Insurance
1.3 Achieve operational readiness
compliant with all performance, safety,
security, quality, environmental,
regulatory obligations.
Medium Reducible As a result of a plant shutdown during
COVID-19, achieving stable operations
upon startup may not occur, leading to
more downtime.
Conduct operational readiness
assessment as per company policy
Execute contingency plan.
1.4 Improve cyber threat protection
capabilities
High Reducible As a result of increased cyber attacks, a
security breach may occur, leading to a
leak of private information.
Conduct Cyber Risk Resiliency
assessment
Strengthen threat protection
Incident Response
Incident Investigations
Insurance
Objective-based Risk Register: Scenario #1 - Tactical / Safety
Effective risk treatment requires effective compliance of risk measures

PREPARING FOR
POST COVID-19
FROM CRISIS TO RECOVERY
WHAT WILL YOU DO NEXT?

FREE COVID-19 MEMBERSHIP PACKAGE
ADDITIONAL RESOURCES
www.leancompliance.ca/members
Additional resources available:
COVID-19 Membership Package (FREE)
Sign up here:
www.leancompliance.ca/members

Preparing for a Post Covid World

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Preparing for a Post Covid World

Ähnlich wie Preparing for a Post Covid World (20)

Mehr von Nimonik

Mehr von Nimonik (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Preparing for a Post Covid World