The Role of Enterprise Risk Management in Business Continuity and Resiliency in the Post-COVID-19 Period
Awini Thomas Assibi
Westcliff University, Irvine, CA, USA.
 DOI: 10.4236/oalib.1108642   PDF    HTML   XML   224 Downloads   2,268 Views  

Abstract

COVID-19 is the first major global pandemic in over 100 years. This is because the likelihood of such a pandemic occurring was extremely low and many of these businesses were reluctant to invest in control measures for such a catastrophic event. This paper investigates the role of enterprise risk management in business continuity and resiliency in the post-COVID-19 period. The COVID-19 pandemic has served as a wake-up call for many organizations around the world, as it has led to the discontinuity of many businesses. Nonetheless, it has also served as a new platform that an organization could use to challenge their operations, especially the role that enterprise risk management plays in business continuity and resilience using the nine Ernst & Young Resiliency Framework. It is also important to have an agile cost base, optimize the supply chain to mitigate risk, increase worker flexibility, and enhance digitalization and automation which are protected by cybersecurity. Technology will play a critical role in ensuring that the organization is resilient if a similar pandemic occurs in the future. It is important to accelerate the adoption of technology while improving the resilience plan of the organization. In the event of a future occurrence, the management has to ensure that a recovery plan is in place with a tool, which will begin by restarting production, ensuring that the customers have access to products and services, reducing the costs, and streamlining structures.

Share and Cite:

Assibi, A.T. (2022) The Role of Enterprise Risk Management in Business Continuity and Resiliency in the Post-COVID-19 Period. Open Access Library Journal, 9, 1-19. doi: 10.4236/oalib.1108642.

1. Introduction

Living with the COVID-19 pandemic is a new normal for business operation. This has come as result to adapt to survive in the pandemic. COVID-19 has upset day-to-day existence around the world (Markowitz, et al., 2021) [1]. It is the main illness occasion since the 1918-20 H1N1 Spanish flu (influenza) pandemic to request a dire worldwide medical care reaction, spread by the speed and probability of expected transmission. A comprehension of how much interruption is brought about by the microorganism, and what amount is made by our response and its possible presence, are fundamental challenges to Enterprise Risk Management. Enterprise Risk Management (ERM) is a strategic approach to managing systematic risk in a company. Risk may occur from errors or external influences, including trades, acquisitions, and divestitures among companies; operations of business units and business outsourcing; operational and regulatory compliance; financial and accounting operations; information technology systems, communication systems and practices; legal, ethics and reputation issues.

Enterprise risk management (ERM) is a holistic framework for measuring and responding to risks facing an organization. It involves the processes, tools, and people that make up an organization. With its robust functionality, standardization of data and processes, and customized approach to risk management that can help mitigate financial risk, best practices in enterprise risk management will help reduce the risks faced.

ERM is a vital part of any enterprise today, regardless of size. Corporate boards and senior leaders demand it, investors want it, and customers increasingly insist upon it. Complying with government regulations related to corporate governance and public reporting is far easier by implementing ERM. Also, public scrutiny focuses on the need for leadership at every level in a corporation to embrace resilience as a proactive approach to managing risk across an enterprise. According to Purpura, “An important question is how enterprise risk management, business continuity planning (BCP), emergency management, and critical infrastructure protection are linked to resilience” (Purpura, 2019: p. 361) [2].

2. Resilience and Enterprise Risk Management (ERM)

Resilience is the ability to anticipate, withstand and recover from disruptive events. The revised ISO 31000:2009 standard for resilience includes a new set of tools and approaches for building and maintaining resilience in organizations. It covers key areas as continuity, crisis management, change management, and stakeholder collaboration. Business resilience risk management is an important collateral activity in the capital markets. As a significant element of successful management, resilience has to be visible and an inherent part of capital market activity.

Resilience risk management is a system of assessment, monitoring, and reporting of the continuing ability of a firm to maintain critical functions following unforeseen disruptive events. Practitioners use the resilience framework over and above traditional enterprise risk management techniques. Create and maintain a structured, consistent approach to your resilient enterprise risk management. Use this practical guide to the expectations, standards, principles, and frameworks relevant to resilient ERM, and learn how to differentiate actual risk from random variation with “resilience factors”. The degree to which flexibility can be built into the organization’s culture, including continuous communications to ensure awareness during a disruption, distributed decision-making power so multiple employees can take decisive action when needed, and being conditioned for disruptions to improve response when necessary (Purpura, 2019) [2].

This comprehensive resilience risk management services (RRMS) are constructed on the foundation of our resilient personnel, resilient facilities, and resilient communication concept. Centered on your needs, the services provided are designed to remove individual or organization vulnerability through a series of planned measures that anticipate, avoid, and respond strategically to disruption.

Resilience and enterprise risk management (ERM) strategies are emerging as keystones to business success in the face of a rapidly changing operating environment and increasing levels of complexity. One of these frameworks is the E&Y Framework shown in Figure 1. COVID-19 Enterprise Resilience Framework: The nine areas businesses can build a crisis management and business resilience. Firms across all industries, but particularly those in banking, insurance and financial services and manufacturing, are facing steeper competitive pressures, rapidly changing technology, resources scarcity, economic volatility, and more complex risks need this framework. At the same time, they must find more sustainable ways to develop their businesses in order to achieve simultaneously prosperity, growth, and value creation. Furthermore, firms must also deal with mandates from regulators demanding that they mitigate risks appropriately. To address these challenges firms must go beyond traditional approaches to risk management. Post-COVID 19, risk management will become critical because of the global fiscal and monetary measures to revive the ailing economy. Stakeholder’s push for a more sustainable culture of corporate governance will create momentum for implementing ERM (Nail and Prasad, 2020 & 2021) [3] [4]. This will Improved cost-effectiveness, earnings stability, increased profitability, improved decision making, better risk communication, competitive advantage, better resource allocation, enhanced firm value, and performance are the key benefits of ERM adoption.

Putting a resilience and ERM strategy into place means firms need to use a broader range of tools to identify what risks are most important for their future wellbeing and then take proactive steps toward optimizing resiliency. In fact, it is about breaking away from an independent framework that has no influence on the strategic direction of the firm and moving towards using the framework in all stages of strategy development within the firm.

Resilience and Enterprise Risk Management: Addressing Physical, Operational, Financial and Legal Risks. Resilience is the ability of an enterprise to plan for, respond to and recover from disasters and disruptions while minimizing the effects on its operations and viability. Building resilience can result in quantifiable benefits well beyond business continuity―including reduced costs due to process disruption, reduced liability risk, decreased service outages or improvement in systems performance.

It presents a new challenge for business and the global communities at large; it also presents a new challenge to the risk managers. Before the pandemic struck, many companies had invested in comprehensive crisis management planning that had not anticipated a catastrophic event that would be on a global scale or as devastating to the economy as COVID-19. This is because the likelihood of such a pandemic occurring was extremely low and many of these businesses were reluctant to invest in control measures for such a catastrophic event. Business risk management aims to protect and effectively guarantee the normal functioning of the three main areas of the organization: people, technology, and process, through ensuring prevention, detection, and response control implementation. Policymakers must utilize lessons from past pandemics to foster proper danger appraisals and control plans for the present endemic COVID-19, and for future pandemics (Markowitz, et al., 2021) [1].

In a post-COVID-19 Word Enterprise risk management (ERM) will be strategic approach to managing systematic risk in a corporation. It’s based on the idea that that there are two things that every corporation needs: an information technology infrastructure, and an understanding of what is going on in the world around us. Enterprise Risk Management and how it relates to Business Continuity. Business Continuity is a vital component of every company’s survival. A comprehensive understanding of these two factors enables a company to manage its risks effectively, and keep them from being catastrophic. To accomplish all this requires an understanding of two critical areas of risk management which will be critical in post-COVID World. These are:

1) Business continuity: Business continuity provides a framework for properly planning for how long the company can function without any disruptions.

2) Business resiliency: Business resiliency involves defining and improving processes to prevent significant disruptions from occurring in the first place.

The COVID-19 pandemic has placed a focus on organizational resilience (Pagach & Wieczorek-Kosmala, 2020) [5]. As devastating occasions develop more continuous yet less unsurprising, the requirement for resilience develops. This need is additionally featured against the background of progressively interconnected and complex risk. That’s what the reactions show: The Coronavirus pandemic sped up the push for corporate resilience, however in changing degrees across areas and resilience points of support. Over 60% of the members recognize resilience as a first concern or extremely significant in essential navigation. 57% of those that answered the review feel their associations are exceptional to oversee resilience in general. Financial, operational, digital, and technological resilience are viewed as the most important regions across organizations (FERMA, 2021) [6]. Prescience capacities (situations and stress testing) arise as a center region to fortify corporate resilience.

3. Nine Ernst & Young Resiliency Framework

The nine areas businesses can build a crisis management and business resilience using the nine Ernst & Young Resiliency Framework (Figure 1).

3.1. The People Health and Wellbeing

While working on this framework, the goal will be to put the people’s needs at the center. With this regard, the people need has two aspects that need to be considered independently. First, the organization has to ensure that it puts in place a communication plan that will effectively and articulately reach the employees more frequently and robustly (Pagach & Wieczorek-Kosmala, 2020) [5].

Figure 1. Source E&Y COVID-19 Enterprise Resilience Framework 2020.

This will ensure that all its employees receive all the information regarding professional and personal plans and prepare for a return to their normal place of work. It is also necessary to have a well-laid out plan for the resumption of normal duties at the organization, which will involve ensuring that all the employees are healthy before returning and going back to their working environment (Ivanov, 2021) [7]. Moreover, the risk management framework has to address the challenges that arise from remote working. The purpose is to ensure that in industries where physical personnel presence is critical to the organization’s continuous operations. To achieve this, it is important to ensure that proper health and safety protocols are put in place to monitor the health progress of each employee. As a result, health and safety capabilities have to be up to the right standards (Modgil, et al., 2021) [8]. These should include, workforce testing, certification, tracing, and tracking, which enables access and manage the workforce health, capacity planning, and changes work environment layout to ensure limited group interactions, not forgetting cleaning and sanitization protocols (Muparadzi & Rodze, 2021) [9]. Excellent staff health and wellbeing must exist in protected workforce environment.

3.2. Protecting Talent and Workforce

To effectively protect the workforce during a pandemic crisis, it is important to it is also important to put in place policies that will determine when and who among the employees will return physical workplace and who remains working remotely. The management should also determine which part of its operations should remain on hold based on demand. This implies the need to have operations at the company streamlined and automated especially those that may fray during a crisis. On the other hand, it is also important to listen to employees’ concerns about returning to the work environment. To prepare the employees for a return to physical working, management needs to have readiness training for all its employees. Also, the channel of communication should be in place for employees to support each other as they readjust to working life (Pagach & Wieczorek-Kosmala, 2020) [5].

The framework also advocates for organizations to let their employees show their concern about returning to the workplace, the organization has to be aware of the impact of transformative changes especially with regard to unsettled workers. There is also the aspect of remote working which is proved to be less productive especially when staff is not directly supervised. As a result, leaders need to find the right balance that will accommodate divergent expectations. Furthermore, the recovery phase may be a watershed moment for the company in terms of defining their brands with their employees and consumers, which will help them develop reputations in the near future and influence their future competitiveness (Bai, Quayson, & Sarkis, 2021) [10].

Reflecting, recommitting, reengaging, rethinking, and rebooting are five important measures recommended by the framework to help the organization bridge the crisis response to the new normal by creating a foundation that would enable it to thrive after the pandemic. With regards to reflecting, the framework recommends that the reflection of what has worked, the lesson learned from the experience, what could have been overlooked in the response while encouraging a different perspective on the matter. While recommitting entails, recommitting to the workforce wellbeing and purpose through a focus on physical, financial, and psychological concerns both at home and in the workplace (Huang & Farboudi Jahromi, 2021) [11]. Reengaging implies redeploying the workforce to maximize their contribution and potential for rapidly evolving organizational priorities. On the other hand, rethinking involves a rethinking of the work, workplaces, and workforce to help leverage the experience of the pandemic response and the opportunity to accelerate the future of work. Lastly, rebooting implies realigning the HR functions and people operations with the most pressing business and workforce priorities and pivoting towards exponential HR. This realignment must not only be seen at the national level but also at the global supply chain operation (Levantesi & Piscopo, 2021) [12].

3.3. Supply Chain and Global Trade

The COVID-19 pandemic has caused many businesses and their partners stretch their operational capacity to the extent that it has created chaos with the supply chain. With this in mind, the role of framework ought to consider measures that will address this issue to minimize the disruption and their impact on the business operations and clients. As a result, the framework aims to create an information foundation that will facilitate supply chain dependency mapping on several levels, with all of these activities being linked to specific products and services that may be provided by a third party. This strategy will enable accurate reporting on gaps between requirements of the organizations and external third party’s capabilities to meet those requirements. It is equally important for the framework to have an accurate representation of the inputs from suppliers and identify alternate sources to meet delivery obligations. The framework also has to ensure it incorporates realistic communications that include accurate data to the organization’s clients without including false promises of service delivery (Modgil, et al., 2021) [8].

In the event of another global pandemic, the supply chain is the most affected. As a result, the framework recommends a retooling of the supply chain to ensure greater resilience, end-to-end visibility, and reducing costs. For this to happen, organizations need to conduct regular supply chain resilience assessments. This will help determine strategy and capability build-out. The framework also encourages frequent stress testing that will help anticipate future disruptions. Using cloud technology, the framework advocates a transition from a linear to a networked ecosystem, where internal and external data is backed up in the cloud. This strategy will allow the supply chain activities to be seen by all stakeholders worked on simultaneously. The end-to-end visibility allows key stakeholders to match supply to demand through analyzing the data around inventory, hubs, and nodes, networks, identifying single points of failures that include supply (Golgeci, Yildiz, & Andersson, 2020) [13].

The supply chain is critical to the general operation of any organization. According to E&Y (2020), supply-chain decisions influence up to 75% of corporate costs. As a result, if the framework is in place, the organization could be able to reduce expenses that touch on sales, general and administrative cost by sourcing and contract views events, and improved margins and cost of goods sold through rationalization of the portfolio, and optimizing asset utilization and simplification products [14]. Besides, the framework has to put a strategy in place that will determine the type of goods that would be needed the most, or which sites to reopen, and when and how to initiate turning machines back on (Bondar, et al., 2021) [15].

There is also the aspect of considering reframing different delivery channels. For instance, the current trend in consumers indicates that many customers have moved towards e-commerce and home delivery, this trend is bound to continue in the unforeseeable future, which implies that retailers have to follow suit. As a result, it is imperative to invest more in better access to goods and services through apps and websites. To foster long-term social separation, the framework also suggests changing the physical form and layout of stores (Huang & Farboudi Jahromi, 2021) [11]. This e-commerce global strategy aligned with appropriate cybersecurity strategy will not only promote the business operational efficiency but also protect customers and build goodwill in the eyes of all stakeholders.

3.4. Protecting the Customer and Business Goodwill

Companies have been compelled to reconsider their tactics, which include purchasing patterns, habits, and values, as a result of COVID-19. As a result, there is a need to reframe their futures around other digital behaviors that would be critical in the creation of value (Millman, 2020) [16]. For instance, moving on, there is a need to engage customers, through taking a disciplined approach to consumer segmentation, lead generation, nurturing, and move faster to drive marketing and communications agility. With regards to growth drivers, the shift would be on new sales channels while extracting values from existing innovation as a means of driving product strategy. Moreover, the organization needs to protect its brand through fulfillment and innovative offerings, that is, there is a need to have a long-term brand value (Suresh, Sanders, & Braunscheidel, 2020) [17].

Another aspect to consider for this framework is reputation risk. Under this category, the organization must capture the challenges it could be experiencing in communication with personnel during the time of the pandemic. It is also important to consider external communication; that is, proactive communication to help assure clients and other stakeholders has to be put in place (Mukherjee, et al., 2020) [18]. The communication with the external stakeholder will include how the organization handles the mitigation efforts and how it assures clients it will deliver in line with the expectations. By demonstrating that the organization is open for business, it reassures employees and other stakeholders of its viability (Margherita & HeikkilÄ, 2021) [19]. All these will enhance and improve financial efficiency.

3.5. Improve Financial Efficiency

During a pandemic, it is expected that there would be reduced spending on operational expenses, this will also mean reduced revenues. Therefore, this will mean that organizations have to cut back on expenses including personnel, however, this action should be taken into consideration of their welfare because forms a core in terms of the organization’s ability to create longer-term values as their productivity is important for the success of the company. As a result, any imposed cuts should be targeted strategically to maintain and build critical capabilities that are required to ensure continued success (Westby & Lamb, 2020) [20].

Besides, organizations need to take actions that will help reduce the short-term cash flow needs by finding appropriate actions to take to ensure long-term success. The framework also predicts that in the event of a pandemic, workforce productivity will form an important aspect that will influence the success of the organization (Millman, 2020) [16]. As a result, the framework urges those top executives need to consider all available opportunities to aggressively leverage current and other emerging technologies that will their organization more productive and scalable. For instance, the organization could consider advancing analytics, artificial intelligence, robotic process automation, outsourcing, and other technology-enabled capabilities as the organization redesigns its operational model (Huang & Farboudi Jahromi, 2021) [11].

Moreover, the organization should also consider cutting its spending on the third party through rationalizing their external spending and aggressively reduce the drivers of demand for such spending. On the other hand, the organization should also consider renegotiating some of its contract terms and in some cases reduce the price paid for external goods and services. There is also the aspect of remote working that could be viewed as one’s a diversification of the workplace environment to allow some of the employees to work from home permanently. This move could prove to be a cost-cutting measure on the part of the organization especially in situations where offices are located in a prime location (Narula, et al., 2020) [21]. There will not be good financial efficiency unless ERM is appropriate for all treats faced by the organisation.

3.6. Risk

Enterprise risk management aims to ensure business continuity during catastrophic times, which enables businesses to react faster to mitigate the impacts and other risks that involve such a global pandemic. Business resilience involves the ability of the organization to cushion against the impact and adapt to a changing environment while also being able to deliver services to its clients and to survive and prosper in the new environment. For any business, this implies being able to take a blow and recover from the disaster; it also implies putting mechanisms in place to cushion the business against such economic shocks. For this to happen, there has to be a framework in place that will effectively help the organization to be resilient. Besides, the framework has to adhere to a specific set of principles, such as behavior that is aligned to a shared vision and purpose (Pagach & Wieczorek-Kosmala, 2020) [5].

The framework also has to have a basic understanding of the organization’s context and has to have the ability to absorb, adapt and effectively respond to change. In addition, the framework has to encourage good governance and management. The framework also has to incorporate a diversity of skills, leadership, knowledge, and experience. It should also encourage effective risk management and effective coordination across management disciplines and contributions. Moreover, this resilience framework will include a combination of a plan, the ability to adapt on the move and under high-pressure situations, and the ability to be executed at speed when the pandemic strikes. The framework will also merge operational resilience plans in the event where lines between high severity disaster and operational risk events blur. This will also involve doing simulations for new scenarios and appropriate decisions that are aimed towards operational resilience (Millman, 2020) [16].

Moreover, the framework should also give priority to the organization’s risk assessment schedules, with the main priority being on the operational risk assessment that focuses on taxonomy of the integrated risks and control developed specifically for environmental and pandemic threats and vulnerabilities. Besides, when the framework is in place, it will help develop different disruption scenarios or simulations in coordination with resilience strategies that will be designed to anticipate and react to risks that emanate from a broad spectrum of external factors. The risks assessment framework has to first implement and integrate critical business operations, such as human, technological, financial, and operational implications within each scenario that have to be fully understood. The framework needs to be integrated with other risk management models and cloud technology to build resiliency (Mukherjee, et al., 2020) [18].

The resilience system will utilize forward-facing practices; this implies that it will utilize a mix of lagging and leading risk indicators. The aim here is to develop a more realistic and robust cause-effect model. This model will also establish customized and aggregated KRIs (key risk indicators). The KRIs will be calibrated to provide a “red flag” before a risk event occurs. The calibration will be directly related to the organization’s risk tolerance levels. For instance, a KRI could involve supplier defaults in the supply chain. It is the role of the framework to provide early warnings of major disruptions along the supply chain line. In this case, an effective forward-facing approach will require a horizontal scanning capability that will identify emerging risks. All this will be made possible with the use of AI (artificial intelligence) and ML (machine learning) technologies (Deshpande & Desai, 2021) [22].

On the other hand, dynamic prioritization involves being able to retune risk control priorities to consider any emerging risks making the whole process dynamic. This implies that for this to be successfully implemented, there is a need to have a thorough understanding of risk velocity, that is, how quickly the organization will feel the impact of a risk event occurring. Under this section, the framework will utilize some modern data-analytics tools that will monitor KRIs in real-time. Moreover, the framework needs to be adaptive in terms of how it supports the key decision-making process; this also entails incorporating crisis response and business recovery plans that are highly adaptive, especially in cases where there is a change in the operating model. For the framework to be effective, it will incorporate data from risk management, crisis recovery, and insurance management as this will ensure that data analysis is more accurate. Besides, it will also ensure that there is a proper balance between risk retention, risk mitigation, and risk transfer strategies (Muparadzi & Rodze, 2021) [9]. The policies of government which requires compliance is also another source of risk.

3.7. Government and Public Policy

In the event of such a pandemic, the government has the responsibility to its citizens to ensure their wellbeing as a result it would be a force to take a raft of measures to ensure this is attained including imposing cessation of movements across its borders. This could have a serious financial impact on many businesses and will in turn force the government to take appropriate actions to ensure the safety of its citizens where there are no vaccines. This will include finding the right balance between planning and communication about a return to normal social behavior through enforcing safety and social distancing measures (Golgeci, et al., 2020) [13].

The businesses on their part will have to adjust accordingly, and they will have to accept the reality of reduced demand from the consumers during these uncertain times. The government through its policies will come up with a scheme to help struggling businesses survive the hard economic times. However, this could be deemed to be temporary as a result, businesses need to monitor the government’s progress on financial assistance programs and adjust accordingly and come up with an appropriate program on how they will gradually withdraw from such a program and such a move will impact their business activities and customers (Keenan, 2020) [23].

Whenever such a pandemic occurs it is likely to hamper the international supply chains on essential commodities such as food items, and medical supplies. It is therefore the government’s responsibility to ensure that to ensure resilience in particular areas through encouraging actions to ensure a localized supply chain. The framework foresees governments being active in the economy in a post-COVID-19 environment. The businesses leaders on their part should deepen their understanding of the public policy landscape, and the health data that influence the decision-making process at a government practice. By this, the framework will be able to anticipate and prepare for government actions that are likely to come on short notice and sometimes with less consultation (Castro & Zermeño, 2020) [24].

Once all the principles are in place, the business could then deploy a coordinated approach to address the following: providing a mandate that ensures the organization’s leadership is committed to encouraging organizational resilience. The approach also has to ensure that the organization provides the adequate resources needed to enhance its resilience. Moreover, an appropriate governance structure needs to be implemented as one way of ensuring the effective coordination of the organization’s resilience activities (Suresh, et al., 2020) [17]. Besides, it is important to ensure that all these mechanisms being put in place conform to the organization’s internal and external contexts or structures. There is also a need to have a system that supports the effective implementation of organizational resilience activities and ensure that arrangements for the evaluation of resilience are in place to support the organizational requirements. Lastly, an effective communication strategy needs to be put in place to improve the understanding and decision-making processes (Westby & Lamb, 2020) [20].

The other challenge that needs to be addressed is being able to establish governance of operations; this has to be among the top priorities for the framework and general organizational resilience. The governance aspect has to expand to include other external factors such as competitive factors, consumer factors, economic factors, and political factors. Besides, the organization has to ensure that it puts in place measures so that its leadership provides more frequently data-driven communication from their risk management and operational teams to ensure that they remain compliant with government policies on organizational resilience. To this effect, it is crucial to have a specific division whose role will be to anticipate such catastrophic events and relaying the same communication to the relevant stakeholders at the organization (Ivanov, 2021) [7]. Protected Health Information Act is example of how protection is provided by government.

PHI stands for Protected Health Information security is mandated in the United States under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA defines PHI in a more precise way. “The NIST Privacy Risk Model is based on allowed handling (organized and permitted) of actually recognized data (PII) and secured wellbeing data (PHI) that creates a security risk, which influences consistency, reasonability, and dissociability” (Greenhalgh, 2019) [25].

3.8. Technology and Information Security

Technology plays an important aspect in the organizations reframe. Through the technology, companies can adopt new ways of operations by encouraging remote working while at the same time discouraging physical interaction and reducing expenses. Besides, there is a need to have an aggressive analysis of collaboration, automation, and cloud adoption to realize performance benefits while not forgetting a critical aspect of this, which is cybersecurity enabling technology to be a critical organization resource and transformation enabler. “Technological advancement has resulted in a larger incidence of cyberattacks,” Kantaria (2019) claims. “E-commerce, mobile payments, cloud computing, Big Data, IoT, AI, and social media are all increasing the security risk for individuals and enterprises today.” [26] The expanding volume of data handled by businesses, as well as the requirement to process data quickly across organizational boundaries, exacerbates the problem. As a result, cybersecurity challenges are becoming increasingly important for organizations today. As a result, the framework encourages aggressive software patching, core technology foundation services, and network upgrade to be in line with the current business requirements and needs. While installing this technology, it is also important to consider the impact of such technology on societal norms and government regulations especially on data and intellectual property. It is also important to consider how the accelerated technology will impact the organization’s supply chain across all the sectors (Izumi, et al., 2020) [27].

The business resilience framework will also ensure real-time and constant updating or prediction, which enables the organization to take an early contingency plan before major risks escalate. For this to happen, the framework needs to be more dynamic and adaptive as opposed to the traditional risk management systems. The system will thus move away from an approach that plans and is backward-looking, process compliance-driven, and experience-based. The new system will have a “sense and response”, it will also have a forward-looking approach and will entrench risk management culture while at the same time embracing uncertainty and will be data-driven (Izumi, et al., 2020) [27]. To achieve a shift to the “sense and response” principle, the organization needs to move beyond the conventional risk register based ERMs. The shift will involve three critical steps: forward-facing, dynamic prioritization, and adaptive response. Forward-facing to imply that it will set and monitor customized leading key risk indicators that will include red flag thresholds. Dynamic prioritization implies using risk velocity to regularly retune priorities for emerging risk monitoring. Lastly, adaptive response implies active decision-making based on constantly refreshed key risk indicator data (Mathivathanan & Sivakumar, 2021) [28].

To ensure that there will be minimal disruptions of service during a pandemic the framework will utilize innovation such as cloud technology to build resiliency as many of the workers will be working remotely. However, this paper acknowledges for all the above to be successful, there is a need to have a clear channel of communication between various stakeholders; they need to be made aware of the importance of adopting such technologies and the benefits that they stand to gain from the offset. Without proper communication channels that provide feedback, it will be impossible for the organization to know if the technology paid off. On the other hand, employees need to be empowered with the rationale, knowledge, and tools that are necessary to enable them to carry out their duties (El Baz & Ruel, 2021) [29]. One of the ways to easily bounce back after disruption is through insurance.

3.9. Insurance and Legal Disputes

COVID-19 struck at a time when many businesses had not acquired coverage for business disruption losses. Many insurance companies before the pandemic did not offer coverage for a pandemic in their base policies, while those that offered had limited coverage through an endorsement to other policies (Castro & Zermeño, 2020) [24]. As a result, moving forward to a post-COVID 19 economy, there is a need to have legislative reforms that will see insurance companies extend coverage for business interruption losses. With regards to legal disputes, organizations need to focus on a deeper understanding of their contractual relationships. In the event a dispute occurs, it should be managed carefully putting in mind the financial and reputational implications. Therefore, organizations need to take a proactive approach towards resolving issues, while considering key future commercial relationships (Ivanov, 2021) [7].

When a pandemic strikes in the magnitude of COVID-19, the focus should be first on understanding labor and employment law obligations in various countries around the world. As a result, the enterprise will focus on understanding all the legal obligations in the various contractual obligations the company may have entered with other external third parties. for instance, the company should consider the legal impact of executing “force majeure” termination and related clauses in some contracts will have on the company’s operations (Huang & Farboudi Jahromi, 2021) [11]. On the other hand, insurers need to be clear in communication about coverages. The framework will also ensure that it works with relevant stakeholders to protect the interests of the insured from a similar occurrence in the future. While doing so, it will ensure that those affected will have fair treatment (Bai, Quayson, & Sarkis, 2021) [10].

4. Conclusion

The COVID-19 pandemic has served as a wake-up call for many organizations around the world, as it has led to the discontinuity of many businesses. Nonetheless, it has also served as a new platform that an organization could use to challenge their operations, especially the role that enterprise risk management plays in business continuity and resilience. It is also important to have an agile cost base, optimize the supply chain to mitigate risk, increase worker flexibility, and enhance digitalization and automation which are protected by cybersecurity. Technology will play a critical role in ensuring that the organization is resilient if a similar pandemic occurs in the future. It is important to accelerate the adoption of technology such as cloud computing, IoT, Bigdata, data science, business intelligence, etc., while improving the resilience plan of the organization. In the event of a future occurrence, the management has to ensure that a recovery plan is put in place which will begin by restarting production, ensuring that the customers have access to products and services, reducing the costs, and streamlining structures.

5. Limitation and Recommendations for Further Research

5.1. The Role of Enterprise Risk Management in Business Continuity and Resiliency

The COVID-19 pandemic has served as a wake-up call for many organizations around the world, as it has led to the discontinuity of many businesses. A few of the most prominent business continuity and resiliency solutions for private and public sector entities include Avid, Ambari, Cloud Foundry, and others.

Preparing with a comprehensive understanding of what is happening around true more tailored and industry-specific research will give a better handle on any situation that may occur in an organization or even an individual team, thus ensuring our success against any contingency. Enterprise risk management (ERM)-business continuity-business resiliency-pandemic crisis-post-COVID-19 plays a significant role in mitigating the impact of such disasters by providing highly effective solutions (including automation) to make sure that operations are safe and sound during disaster situations.

5.2. Business Continuity and Resiliency Planning for COVID-19

Enterprise risk management is changing in several ways so is uncertainty in business operations. While some of the changes we’ve seen are positive, others may be far less so. In the last few months, an emerging field called “business continuity and resiliency planning” (BCR). BCR involves identifying, analyzing, and prioritizing risks and making decisions that might help to mitigate those risks. It can have a profound effect on all aspects of business operations: from operational efficiency to security, to the performance of products and services. As such, organizations around the world need to understand what makes BCR effective for which types of organizations through further research. The role that enterprise risk management plays in BCR and what factors enterprises need to consider for BCR to be effective. It will also be very important to research how BCR can help organizations improve their resiliency capabilities in response to a disaster or other crisis by integrating them with other disaster recovery tools.

5.3. The Role of Technology in Business Continuity and Resiliency

Business Continuity refers to an organization’s ability to recover from incidents such as natural disasters or terrorist attacks that may cause significant disruption to its operations, if not the destruction of infrastructure. Scenarios must be developed with evidence-based research on how business continuity helps organizations keep running even when there are serious problems with their infrastructure. Usually, they are unable to ensure their operational stability by themselves. This means that IT security needs to be integrated into business continuity. Some key technological approaches for achieving business continuity and resiliency using distributed systems, cloud computing, and digitalization at a large scale using large-scale multi-cloud architectures―concepts that are not always well understood by practitioners or decision-makers from organizations who do not have large complex IT infrastructures at their disposal. Enterprise risk management can make an impact on both business continuity and resiliency in the post-COVID world.

5.4. The Role of the Government in Business Continuity and Resiliency

The post-COVID-19 event, which is widely viewed as a global pandemic, has provided many organizations with the opportunity to evaluate and adopt new approaches to business continuity and business resilience. Unfortunately, not all organizations have had the opportunity to do so. Furthermore, many of these organizations were operating in environments where there were insufficient resiliency tools, or where they were already starting with the wrong expectations about resiliency.

The COVID-19 pandemic is a wake-up call for many organizations around the world, as it has led to the discontinuity of many businesses. After the unprecedented number of cases of H5N1 and another avian influenza in 2009, which caused a large number of deaths and caused many businesses to suffer extensive losses through business interruption, the World Health Organization (WHO) issued an advisory warning all countries to update their enterprise risk management (ERM) systems and exercise strict control over their ERM activities. This warning served as a wake-up call for many organizations around the world, as it led to the discontinuity of many businesses. Many companies have taken it upon themselves to update their ERM systems to incorporate this new guidance from WHO. One such example is the companies we have worked with during our time with MS and MSJL (such as Microsoft Research), who upgraded their ERM systems to include an updated guideline on business continuity (BC).

There is a need for further research on the role of ERM in financial resilience, operational resilience, digital resilience, technological resilience, and resilience risk management in organizations. More importantly further studies on industry-specific and company-specific resilience and how it affects small-, Micro-, and medium-scale businesses and organizations. More importantly, ERM, BCR, and Disaster recovery are viewed as the most important across regions and across organizations that need to establish resilience, sustainability and business continuity as these areas need more research. FERMA said almost three-quarters of the risk managers surveyed see a clear need for both improving risk culture and more strongly integrating resilience in their organizations’ strategy (FERMA, 2021) [6].

Conflicts of Interest

The author declares no conflicts of interest.

References

[1] Markowitz, D.M., Shoots-Reinhard, B., Peters, E., Silverstein, M.C., Goodwin, R. and Bjälkebring, P. (2021) Dehumanization during the COVID-19 Pandemic. Frontiers in Psychology, 12, Article 285. https://doi.org/10.3389/fpsyg.2021.634543
[2] Purpura, P.P. (2019) Resilience, Risk Management, Business Continuity, and Emergency Management. In: Security and Loss Prevention, Butterworth-Heinemann, Oxford, 355-392. https://doi.org/10.1016/B978-0-12-811795-8.00012-6
[3] Naik, S. and Prasad, Ch.V.V.S.N.V. (2020) Benefits of Enterprise Risk Management: A Systematic Review of Literature. Global Conference on Business and Social Sciences Proceeding, 11-12 December 2020. https://doi.org/10.35609/gcbssproceeding.2020.11(125)
[4] Naik, S. and Prasad, Ch.V.V.S.N.V. (2021) Benefits of Enterprise Risk Management: A Systematic Review of Literature. Journal of Finance and Banking Review, 5, 28-35. https://doi.org/10.35609/jfbr.2021.5.4(3)
[5] Pagach, D. and Wieczorek-Kosmala, M. (2020) The Challenges and Opportunities for ERM Post COVID-19: Agendas for Future Research. Journal of Risk and Financial Management, 13, Article 323. https://www.mdpi.com/926070 https://doi.org/10.3390/jrfm13120323
[6] FERMA (2021) Survey Report 2021: The Role of Risk Management in Corporate Resilience. Federation of European Risk Management Associations Federation of European Risk Management Associations (FERMA) Avenue de Tervuren. https://www.ferma.eu/app/uploads/2021/09/FERMA-Resilience-Report-fina_CL_27.09.pdf
[7] Ivanov, D. (2021) Lean Resilience: AURA (Active Usage of Resilience Assets) Framework for Post-COVID-19 Supply Chain Management. The International Journal of Logistics Management. https://www.emerald.com/insight/content/doi/10.1108/IJLM-11-2020-0448/full/html https://doi.org/10.1108/IJLM-11-2020-0448
[8] Modgil, S., Gupta, S., Stekelorum, R. and Laguir, I. (2022) AI Technologies and Their Impact on Supply Chain Resilience during COVID-19. International Journal of Physical Distribution & Logistics Management, 52, 130-149. https://www.emerald.com/insight/content/doi/10.1108/IJPDLM-12-2020-0434/full/html
https://doi.org/10.1108/IJPDLM-12-2020-0434
[9] Muparadzi, T. and Rodze, L. (2021) Business Continuity Management in a Time of Crisis: Emerging Trends for Commercial Banks in Zimbabwe during and Post the COVID-19 Global Crisis. Open Journal of Business and Management, 9, 1169-1197. https://www.scirp.org/journal/paperinformation.aspx?paperid=109225 https://doi.org/10.4236/ojbm.2021.93063
[10] Bai, C., Quayson, M. and Sarkis, J. (2021) COVID-19 Pandemic Digitization Lessons for Sustainable Development of Micro- and Small-Enterprises. Sustainable Production and Consumption, 27, 1989-2001. https://www.sciencedirect.com/science/article/pii/S2352550921001482?casa_token=FFPA9B8ZamsAAAAA:Qj23aZA6dttHB2eJh0By_7G-YM-PAjm2y97C212tuxitxj10CSwkz86alsj5LAHneZ6WJ_fgdA
https://doi.org/10.1016/j.spc.2021.04.035
[11] Huang, A. and Farboudi Jahromi, M. (2021) Resilience Building in Service Firms during and Post COVID-19. The Service Industries Journal, 41, 138-167. https://www.tandfonline.com/doi/abs/10.1080/02642069.2020.1862092
https://doi.org/10.1080/02642069.2020.1862092
[12] Levantesi, S. and Piscopo, G. (2021) COVID-19 Crisis and Resilience: Challenges for the Insurance Sector. Advances in Management and Applied Economics, 11, 1-12. http://www.scienpress.com/Upload/AMAE/Vol%2011_3_1.pdf https://doi.org/10.47260/amae/1131
[13] Golgeci, I., Yildiz, H.E. and Andersson, U.R. (2020) The Rising Tensions between Efficiency and Resilience in Global Value Chains in the Post-COVID-19 World. Transnational Corporations Journal, 27, 127-141. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3692323
https://doi.org/10.18356/99b1410f-en
[14] E&Y (2020) COVID-19 Enterprise Resilience: COVID-19 Enterprise Resilience Framework. Ernst & Young. https://www.ey.com/en_gl/COVID-19
[15] Bondar, I., Humenchuk, A., Horban, Y., Honchar, L. and Koshelieva, O. (2021) Conceptual and Innovative Approaches of Higher Education Institutions (Heis) to the Model of Training a Successful Specialist Formation during a COVID Pandemic. Journal of Management Information and Decision Sciences, 24, 1-8. https://search.proquest.com/openview/323725c6f52f674e97c95f313e0cf84c/1?pq-origsite=gscholar&cbl=38743
[16] Millman, C. (2020) Business Continuity Strategies in the Post COVID Era. http://www.open-access.bcu.ac.uk/id/eprint/11506
[17] Suresh, N.C., Sanders, G.L. and Braunscheidel, M.J. (2020) Business Continuity Management for Supply Chains Facing Catastrophic Events. IEEE Engineering Management Review, 48, 129-138. https://ieeexplore.ieee.org/abstract/document/9139326/
https://doi.org/10.1109/EMR.2020.3005506
[18] Mukherjee, M., Chatterjee, R., Khanna, B.K., Dhillon, P.P.S., Kumar, A., Bajwa, S., et al. (2020) Ecosystem-Centric Business Continuity Planning (Eco-Centric BCP): A Post COVID19 New Normal. Progress in Disaster Science, 7, Article ID: 100117. https://www.sciencedirect.com/science/article/pii/S2590061720300545
https://doi.org/10.1016/j.pdisas.2020.100117
[19] Margherita, A. and Heikkilä, M. (2021) Business Continuity in the COVID-19 Emergency: A Framework of Actions Undertaken by World-Leading Companies. Business Horizons, 64, 683-695. https://www.sciencedirect.com/science/article/pii/S0007681321000227
https://doi.org/10.1016/j.bushor.2021.02.020
[20] Westby, J.R. and Lamb, L. (2020) Rethinking Risk in a Post-Pandemic World. Risk Management, 67, 8-9. https://search.proquest.com/openview/b2fada14ac47e6669b14307b9e81742a/1?pq-origsite=gscholar&cbl=47271
[21] Narula, S., Kumar, A., Puppala, H., Dwivedy, M., Prakash, S., Singh, R. and Talwar, V. (2020) Restarting Manufacturing Industries Post COVID-19: A Mind Map-Based Empirical Investigation of the Associated Challenges in Business Continuity. International Journal of Strategic Decision Sciences (IJSDS), 11, 46-65. https://www.igi-global.com/article/restarting-manufacturing-industries-post-COVID-19/261801
https://doi.org/10.4018/IJSDS.2020040103
[22] Deshpande, V.M. and Desai, A. (2021) Smart Secure: A Novel Risk based Maturity Model for Enterprise Risk Management during Global Pandemic. 2021 6th International Conference for Convergence in Technology (I2CT), Maharashtra, 2-4 April 2021, 1-7. https://ieeexplore.ieee.org/abstract/document/9418094/ https://doi.org/10.1109/I2CT51068.2021.9418094
[23] Keenan, J.M. (2020) COVID, Resilience, and the Built Environment. Environment Systems & Decisions, 40, 216-221. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7220848/
https://doi.org/10.1007/s10669-020-09773-0
[24] Castro, M.P. and Zermeño, M.G.G. (2021) Being an Entrepreneur Post-COVID-19 —Resilience in Times of Crisis: A Systematic Literature Review. Journal of Entrepreneurship in Emerging Economies, 13, 721-746. https://www.emerald.com/insight/content/doi/10.1108/JEEE-07-2020-0246/full/html
https://doi.org/10.1108/JEEE-07-2020-0246
[25] Greenhalgh, K.S. (2019) NIST Privacy Framework: Protecting Privacy While Promoting Interoperability. Journal of AHIMA, 90, 90.
[26] Kantaria, P. (2019). What Is Cloud Computing and Why Does It Matter to Business. https://www.verdict.co.uk/what-is-cloud-computing-in-business/
[27] Izumi, T., Sukhwani, V., Surjan, A. and Shaw, R. (2021) Managing and Responding to Pandemics in Higher Educational Institutions: Initial Learning from COVID-19. International Journal of Disaster Resilience in the Built Environment, 12, 51-66. https://www.emerald.com/insight/content/doi/10.1108/IJDRBE-06-2020-0054/full/html
https://doi.org/10.1108/IJDRBE-06-2020-0054
[28] Mathivathanan, D. and Sivakumar, K. (2021) Action Plans for Logistics and Supply Chain Recovery Post-COVID-19. In: Sakthivel, A.R., Kandasamy, J. and Davim, J.P., Eds., Managing Supply Chain Risk and Disruptions: Post COVID-19, Springer, Cham, 91-98. https://link.springer.com/chapter/10.1007/978-3-030-72575-4_8 https://doi.org/10.1007/978-3-030-72575-4_8
[29] El Baz, J. and Ruel, S. (2021) Can Supply Chain Risk Management Practices Mitigate the Disruption Impacts on Supply Chains’ Resilience and Robustness? Evidence from an Empirical Survey in a COVID-19 Outbreak Era. International Journal of Production Economics, 233, Article ID: 107972. https://www.sciencedirect.com/science/article/pii/S0925527320303224?casa_token=P_WxjF_uXWYAAAAA:QA8FLDuM0gw4gkNrKkd5Sz5pLedkHuUQEo86jRns1NlWo6UFQgZt2FVWkjEH5-Z8-y6LSsPwZA
https://doi.org/10.1016/j.ijpe.2020.107972

Journals Menu
Follow SCIRP
Contact us
+1 323-425-8868
customer@scirp.org
WhatsApp +86 18163351462(WhatsApp)
Click here to send a message to me 1655362766
Paper Publishing WeChat

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.