“We need to focus on people. We need to make sure people know why that control is in place”.
Ahead of teissR3 | Resilience, Response and Recovery Online Summit 2020,Michelle Griffey, Chief Risk Officer at Communisis, discusses the “new normal” post-COVID-19 and the likely behavioural changes amongst employees with Jeremy Swinfen Green.
teissR3, taking place 15th – 24th September 2020, is the leading event focusing on how you improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Register your place by clicking here.
What is the new normal for risk and resilience professionals look like these days? How are things changing?
Hi, Jeremy. Yeah, they have changed quite a lot. I think it’s absolutely more than just home working, which people might focus on, although that change does need to be factored in. And I think changes have been coming down the line for a long time with tech and things like that, but it’s really, really crystallised that and moved us faster on that journey.
I think a lot of it is distance for risk professionals, because ultimately, as in our case, we are looking after a lot of things that some of them are online, some of them are office-based employees, but a lot of what we do is also physical. It’s using technology. It’s using big pieces of kit. And so you’ve got less ability for physical oversight. If people are at home, you haven’t got that element of oversight in terms of your controls and how are they working.
So we need to focus on people. We need to make sure that people know absolutely why that process is in place, why that control is in place, and what they need to do. And they need that understanding and realisation of how important it is. So it flips things really a little bit from that oversight, which goes around checking your compliance. How am I doing this? Yes, I’ll tick that box. Have I got this policy? To become much, much more outcome driven, and much, much more focused on assurance of the controls, while also being conscious of the motivational factors that are out there and the way our behaviours have changed, especially in terms of well-being, and in the times that we have experienced now.
And obviously, as we face off into what might be a second wave or what might not be a second wave, whether we may have a vaccine or we may not have a vaccine. All of these things will effect people on a personal level and potentially take their eye off the ball slightly in terms of the risks. So we risk professionals have got to be really, really conscious that people are at the bottom of that, and we have to make sure they’re doing the right things for the right reasons.
What sort of behavioural changes do you think you might be seeing?
I think you’ll start to see, I think there was, in some respects, an increase in productivity, but I think that will gradually wear away as the impacts are getting into people, and those people that have had to come on site throughout because they’re essential workers. But that has been quite a lot of pressure on them. Not to the extent of the NHS, or anything like that, but absolute pressure that there’s other people that you might feel as safe.
So I think the motivation will flip. I think we might start to see people thinking, well, it’s key I get this job done, as opposed to, I’ll get it done right, and these things. And we need to just keep that going, and particularly, if you’ve not got that oversight of your quality team, for example, who are in there, perhaps doing a dip test of oh, have you followed that process? So those controls, which you had in place that you were able to check because you had some form of assurance on the floor, you haven’t necessarily got, and so you might start to see those drop off.