Donna has over 30 years of consulting and financial services experience which spans both client and practice leadership roles. Currently, Donna serves as the Global Business Leader for Risk Advisory and a member of the Deloitte Global Executive. Prior to these roles, Donna was the Deputy Global Business Leader for Risk Advisory with responsibility for Markets and Offerings. Donna was also a member of the Deloitte Touche Tohmatsu, Deloitte & Touche LLP, and Deloitte USA LLP boards of directors. Donna’s has spent her career in financial services, routinely serving some of our practice’s largest clients with respect to projects regarding compliance, operations, internal controls, risk management, and business advisory services. Donna served as global lead client service partner for The Vanguard Group and lead business partner for Invesco and TD Bank.
As economies worldwide move from the “respond” to the “recover” phase of the pandemic crisis, businesses have entered into a new period of innovation. COVID-19 has laid bare the vulnerabilities of many organizations, and accelerated trends that could lead to significant improvements in productivity, performance and resilience, which will enable them to thrive in the “next normal.”
Never before have we seen such massive operational transformation in such a compressed period of time. But with each transformation comes a new set of risks to consider and mitigate. Some of the areas seeing the most activity around innovation and transformation include the following:
Digitization - The coronavirus pandemic has clearly shown that the more business functions organizations can perform online, the more resilient they are to disruptive events. Retail is the most obvious example of this – Amazon and other online powerhouses are thriving during the pandemic, while brick-and-mortar retailers are declining. Beyond that, companies that can execute internal business processes online during a period of widespread quarantines and lockdowns are functioning much better than those that can’t. This trend opens enormous opportunities for organizations of all types to rethink how they engage with customers, manage costs, foster productivity and build their IT infrastructure. For example, in the last eight weeks we have seen cloud migration activity accelerate significantly. The COVID pandemic has provided painful lessons on the insufficiency of legacy IT infrastructure at a time when everyone – employees, customers, partners, etc. - must interact digitally. While the dynamic flexibility and scalability of the cloud enables organizations to adapt to digital demands, digital transformation introduces new risks – process risks, cyber risks, compliance risks, etc. These risks must be fully considered and addressed during the process-design stage of transformation, to enable a successful rollout.
Cybersecurity - Cybersecurity is always a hot topic in the risk discussion. It’s been front and center during the coronavirus pandemic, with organizations moving their workforces offsite in a matter of days. Not all organizations had the infrastructure in place to do that, so many have had to make compromises to keep their businesses running. We’ve also seen an uptick in threat actor activity – they thrive in chaos and the pandemic gives them a wealth of opportunity to use social engineering to encourage bad clicks and unsafe online activities. The pandemic has brought a renewed focus on several areas of cybersecurity, including identity management, cloud security, secure collaboration and employee “cybersafe” education. Pandemic-driven digital transformation has accelerated the need for organizations to fully embrace these and other functions, to enable a secure digital ecosystem for the next normal.
The world is going to look different in the next normal due to the COVID-driven acceleration of existing trends
Supply chain - Companies have spent years optimizing their supply chains around cost-control and just-in-time delivery. They did not, however, necessarily optimize around pandemic-resistant resilience, which is why many companies are struggling to maintain or increase capacity. COVID-19 is causing these companies to completely rethink their supply chains as lockdowns across the world cause widespread disruptions. Historically, organizations typically factored regional disruptions into their supply chain resilience plans; they did not, however, factor in global disruptions like a pandemic, and are now learning hard-earned lessons on supply chain risk.
Privacy - Many organizations today find themselves managing personal protected information (PPI) and personal health information (PHI) that they never before would have considered to be part of their operations. And, this trend will accelerate as the world reopens. For example, as a condition of reopening retail establishments may need to take employee and customer temperatures, and manufacturers could need to see test results to determine if assembly line workers can perform their jobs. The UK is already sharing information with grocery stores on high-risk individuals, so the stores can prioritize delivery for them. In some places these new practices will be required for the economy to begin functioning anywhere near normal again. And, they bring with them new risk exposure, ranging from process re-engineering, to regulatory compliance and data security. The requirements for managing this risk will vary from country to country, based on local regulations and other privacy considerations.
The Returning Workforce - What should a work environment look like in the next normal? How can they be made safe and productive when employees return? Many organizations built open offices to encourage collaboration before the pandemic, but now they need to re-examine office design. Some have already started renovations to provide greater worker isolation, in an attempt to impede potential virus transmission. Other environments, such as manufacturing facilities, are working on strategies to enable social distancing and, where needed, to provide personal protective equipment to employees who need to work close to one another. Others still are considering staggering shifts and expanding work-from-home policies, to protect employees and reduce the cost of office space. There are also daunting questions around employee health monitoring – do you take employee temperatures every day? Do you provide tests? And if you do, how do you plan to secure the data in compliance with local regulations? In many ways, the return of the workforce will require even more planning, execution and risk mitigation than the original “work-from-home” disruption. And, we could be entering into a period where work environments will intermittently open and close based on the state of COVID-19 infections, causing organizations to develop “inherent agility” to cope with this unpredictable state of affairs.
The world is going to look different in the next normal due to the COVID-driven acceleration of existing trends – work from home, social responsibility, sustainability, and so on. The coronavirus pandemic has also made it clear that organizations should factor the Triple Bottom Line (people, planet and profit) into their thinking as well. If they use these guiding principles, they stand a better chance of successfully managing the transformations and thriving in the next normal.