ViewPoint Espresso How are companies tackling enterprise risks? # 3, December 2020 – Infection Risk snapshot
1
DNV GL ©
SAFER, SMARTER, GREENER
Espresso surveys - Enterprise Risk Management Pulse Check, 2020 The Espresso Survey is turning its focus to Enterprise Risk Management. What are companies struggling with these days and has the picture changed due to the “new normal”? Throughout this series of surveys, we check the pulse of companies on the following topics: Environmental Management (June) Business Continuity (September) Infection Risk Management (November) Occupational Health and Safety (planned 2021) Information Security (planned 2021)
Energy Management (planned 2021) The topics selected are both new and returning ViewPoint survey topics. Where possible, we compare data to see what changes may have occurred over time. The objective is to provide insight on each topic as to what is top of mind for companies around the world when it comes to Enterprise Risk Management. 2
DNV GL ©
Setting the Scene
Topic in focus The third snapshot is of infection risk. The short survey was launched in November and results released in December 2020.
3
DNV GL ©
How do you know…? …if your COVID-19 response is mature? When faced with the pandemic, companies were challenged to field a quick and comprehensive response. In what has become a prolonged state, having robust and lasting infection risk management has become essential.
What did we ask?
What did we find?
▪ How have companies approached infection risk management?
▪ The COVID-19 response is largely led from the top with Managing Directors and CEOs taking charge.
Indications are that agile and collaborative companies seeking innovation are best positioned to respond and build long-term resilience.
▪ How successful are companies in managing infection risk?
▪ Who is leading the response? ▪ How is infection risk managed by companies today? ▪ What are the lessons learned during the pandemic, so far?
▪ Many companies had infection risk in their wider enterprise risk management frame. Those less prepared have been pushed to act. ▪ Companies indicate maturity to be high, but could there be some over-optimism? ▪ There is a felt need to build more structured systems and capabilities.
Question 1 – Leading COVID-19 response Who has been leading the response to the COVID-19 pandemic within your company?
▪ Companies’ COVID-19 response requires an extraordinary effort and senior management leadership, going beyond the usual HSEQ departmental response.
100% 90%
▪ A dedicated crisis management response is typically top-led due to potential safety, reputational or financial impact. When specific committees are established, they typically combine senior management involvement with specific technical know-how.
80% 70% 60%
81,4%
▪ Results show that 42% are led by the Managing Director or CEO. More than 80% have placed the responsibility with the MDs/CEOs, a specific pandemic committee or the HSEQ manager.
50% 41,8%
▪ Not surprisingly, companies’ COVID-19 infection risk response goes beyond the responsibility area of the typical risk manager.
40% 27,8%
30%
20% 11,8% 10%
5,8%
9,9% 2,8%
0% Your MD/CEO
4
DNV GL ©
A specific pandemic committee
HSEQ Manager
Facilities manager
Risk officer
Other
Question 2 – Infection risk management Does your company manage infection risk as part of the wider enterprise risk management frame?
▪ It is surprising to see that 1 in 4 already prior to the pandemic had infection risk as part of their wider enterprise risk management (ERM) frame. Moreover, a small percentage are not even considering this to be a risk worth addressing moving forward.
100% 90% 80%
▪ More than 80% report infection risk to be part of their ERM.
81,9%
70% 60%
▪ Over half of the companies were pushed by the pandemic to implement infection risk management.
55,9%
50% 40% 30%
26,0%
20% 8,0%
10%
6,7%
3,4%
0% Yes, from before Yes, included Not yet but it is the pandemic during/after the in our shortpandemic term plan
5
DNV GL ©
No
I don't know
Question 3 – Maturity in infection risk How would you rate the maturity of your company infection risk management approach?
▪ Companies self-assess their risk management approach as quite mature. They indicate a significant development since the start of the pandemic. ▪ Our experts’ experiences and insight from the field indicate there may be reasons to believe that a certain degree of over-optimism exists.
At the beginning of the pandemic
2,85
▪ A total of 30% rate themselves as optimising. There is no reason to doubt the risk expertise among the respondents; however, the pandemic requires an infection risk competence and management approach that is unrivalled in recent history.
Today
3,94
1
6
DNV GL ©
▪ The level of infection prevention measures required has previously only been applied in hospitals and the healthcare sector. Companies are now challenged to develop agile and long-term processes and system to body resilience and ensure continuity.
2
3
4
5
1. 2. 3. 4. 5.
Nothing implemented Starting Progressing Optimising Leading
Question 4 – Pandemic learnings What have you learnt from the first phase of the pandemic?
Business Agility: companies need to be truly agile to adjust business model
4,25
Modern Technology: technology is a key component to support business continuity
4,24
Workforce Productivity: employees working from home are productive
3,59
Mental wellbeing of employees: work-life balance is under strain
3,67
Crisis management: the pandemic has strengthened business continuity planning and execution
3,71
Network management: complexities of the supply chain have become clearer during the pandemic
3,64 1
DNV GL ©
▪ This corresponds with findings in DNV GL’s ViewPoint survey “Competitive advantage through supply chain resilience”. To mitigate the impact of the pandemic and ensure business continuity, companies reported agility, flexibility and application of new digital technologies as central strategies.
3,45
People distance: lack of interaction with colleagues and customers plays a part in day to day work (e.g. less knowledge…
7
▪ The main lessons learned from the pandemic so far relate to agility and modern technology.
2
3
4
5
1. 2. 3. 4. 5.
Disagree strongly Disagree Neutral Agree Fully agree
Question 5 – Risk management approach What does your company infection risk management approach include? (mark all those applicable)
0%
20%
40%
60%
A frame for identification, handling and prevention of infection risks
71,4%
Roles, responsibilities and authorities to appropriately plan and deliver
66,8%
An internal and external communication process to engage with the relevant stakeholders
65,9%
An infection risk policy defined at enterprise level
63,0%
A process/practice enabling continuous improvement of the company infection risk management/frame
46,3%
A set of metrics linked to infection risk to measure, analyse, monitor and predict trends in the infection risk context Other, please specify
8
80%
DNV GL ©
31,3%
2,2%
100%
▪ Mirroring the self-assessment, companies seem quite advanced in their risk management approach. More than 70% have included a frame for identification, handling and prevention of infection risk. ▪ However, when digging deeper, there seems to be a weakness in companies’ measurement, monitoring and benchmarking. Only 1 in 3 have metrics in place for their infection risk management approach. ▪ While having developed a frame, there seems to be a gap in how implementation and effectiveness is followed up. If there is not a structured assessment or reporting in place, how can companies be sure that their approach is solid? This could support the suspicion that some over-optimism exists.
Question 6 – Structured system or capability Do you think your organization will need to build a more structured system or capability to deal with infection risk for the long term (e.g., phase two of the pandemic and beyond)?
▪ Approximately half of the respondents feel the need to build a more structured system or capabilities to deal with infection risk long-term.
50%
▪ This could indicate that these companies have focussed on managing the immediate challenges created by the pandemic. With what is now a more permanent situation, we may be seeing the recognition that infection risk management must become a permanent part of any company’s enterprise risk management framework to build long-term resilience.
48,7%
45% 40%
36,4%
36,5%
35% 30%
▪ It is interesting to see that 37% find that they are already prepared for the future.
25% 20% 15%
10%
12,3% 7,2%
7,6%
5% 0% Yes, we need to Yes, we need to No, we already No, we do not build one build on top of have one in place need a our current system/capability system
9
DNV GL ©
I don't know
Question 7 – Stakeholder assurance To what extent do you think that your company’s current infection risk management approach is suited for assuring:
▪ Communication with customers and employees seem to have been in focus and is effective.
Employees
3,49
Customers
3,24
1
DNV GL ©
▪ The approach applied by companies so far seem to be evaluated as less effective in communicating assurance to investors. This may be because they are less affected by the immediate infection prevention measures, being more concerned with financial losses that may be a consequence of the crisis.
3,33
Investors/owners
10
▪ Employees seem to have been the immediate target, initial efforts focused on safeguarding their health.
2
3
4
1. 2. 3. 4.
Not at all Not much Some extent Great extent
Question 8 – Benefits from an infection risk management system Based on your experience and perception, what do you think will be the relevance of possible benefits achieved from implementing a structured infection risk management system in your company?
▪ At this point in time, the connection to additional benefits beyond safeguarding people’s safety is not extremely clear to companies.
Improvement in management of suppliers
2,60
Provide advantages with tax/banks/insurance
2,58
Allow better relations with authorities
2,57
1. Improvement in management of suppliers
Provide a competitive advantage
2,56
Creation of new market opportunities
2. Advantages with tax/banks/insurance
2,54
Business continuity performance improvement
2,53
Safeguard property
2,53
Improved financial results (e.g. through…
2,51
Top management commitment & engagement
2,51
Improve communication with stakeholders
2,50
Support achievement of strategic objectives
2,50
Improve identification/management of risks
2,50
Improve public image
2,47
Provide ability to meet legal requirements
2,46
Enhanced employee engagement
2,44
11
DNV GL ©
3. Allow better relations with authorities ▪ These are closely followed by Providing a competitive advantage and Creation of new market opportunities. It will be interesting to see how this may evolve, and whether robust and resilient infection risk management will constitute a differentiator in the future.
2,52
Customer satisfaction/meet customer needs
1
▪ The top-3 benefits listed are:
2
3
4
1. 2. 3. 4.
Not relevant A little relevant Somewhat relevant Highly relevant
Methodology and Sample
November
2020
This Espresso survey was conducted in November 2020.
1,272
It involved 1,272 professionals in companies across different industries in Europe, North America, Central & South America, and Asia.
▪ The sample consists of customers of DNV GL – Business Assurance and does not claim to be statistically representative of companies worldwide. ▪ The questionnaire was administered using the CAWI (Computer Assisted Web Interviewing) methodology.
12
DNV GL ©
Thank you!
Want to access the results from other ViewPoint surveys? Read more here Not yet a Viewpoint member and want to join? Click here Interested in benchmarking the performance of your company Management System? Learn more here
www.dnvgl.com
SAFER, SMARTER, GREENER
13
DNV GL ©
The trademarks DNV GL®, DNV®, the Horizon Graphic and Det Norske Veritas® are the properties of companies in the Det Norske Veritas group. All rights reserved.