close
Share with your friends

UPDATE: Return to work updates now included – click through the themes below to see what steps your company should be considering.  

The fundamental importance of Operational Resilience is understood by organisations that have faced crisis situations, whether they were major IT outages, cyber-attacks, geo-political incidents or any number of physical events such as severe weather, fire or floods. COVID-19 continues to be the single greatest threat but as steps are taken to ease the lockdown, questions are being asked about what this means for organisations. First and foremost, employees need to have the confidence that the workplace they’re returning to is safe. However, organisations need to overcome a multitude of immediate and practical challenges to achieve this goal. 

We believe that a broader view of resilience is required. Reactivating business operations will require a sustained and material focus across all operational aspects of the business. Supply chains, technology, premises, privacy and data – they’ll all play a critical role in enabling a safe and resilient resumption of core business and physical operations. Organisations won’t be able to think of all those things separately.

Based on insights from our practitioners, and now also incorporating feedback and experiences from our clients, we have set out the challenges facing organisations, provide insight about best practice, and outline our view for how companies can start the return to work phase and begin to prepare for the future. We share our experiences and explore practical ways in which you can assess, strengthen and plan a phased response, to develop a sustainable and broad-based resilience that helps to navigate the challenges ahead. Themes that form part of operational resilience are listed below. 

Receive COVID-19 updates from KPMG via email

Crisis management Return to work Forward planning Who to contact?

Challenges

  • Creating capability and capacity to work through severe but plausible scenarios (such as a ransomware incident, telecom infrastructure or technology outage which disrupts key systems) and then anticipating the implications and considering contingency plans
  • Understanding the minimum viable business model, its structure and financial viability
  • Establishing a measure of crisis response capacity, and recognising how much has been used already, and how much is available
  • Identifying optimal resourcing approach, to allow flexing of staff from non-core to critical business functions
  • Deciding which parts of the business may need to be temporarily closed for it to survive and the workarounds for the business and customers
  • Communicating decisions and underlying reasons effectively to shareholders, financiers, regulators and staff
  • Minimising reputational damage and financial losses
  • Identifying social distancing requirements specifically focused on the industry sector that the organisation is based in. Understanding the limitations of social distancing to decide if some processes have to be cancelled in order to implement social distancing

Industry insights

  • Firms are focussing on the discipline needed to operate a “gold” and “silver” crisis management model – keeping the “gold” team focussed on strategic and longer-term issues; empowering “silver” to manage day-to-day, and trusting people to do what is required
  • Attention is on what the core of your business really is, which needs protecting and be ready to flex resources, both financial and human, to protect it
  • Importance on broadcasting consistent communication, which matters both internally and externally. People need a trusted and definitive source of advice in these times of uncertainty
  • Emphasis is on everyone working from a single version of the truth. It is easy to lose track of the actions being taken, and the decisions that are being made in a fast-changing crisis
  • Wariness on suppliers failing, as liquidity pressures mount and movement restrictions bite. You may find yourself dependent on suppliers you don’t expect
  • There is an anticipation that people may burn out; watch for it, designate deputies from the start, and try to persuade people not to be superheroes; it is not sustainable for the long term
  • We are seeing efforts to ensure feedback and continuous improvement mechanisms are in place. You may find yourself working through similar issues on a repeated basis, as the crisis unfolds or if a second cave of Covid-19 hits
  • Firms are seeking to understand specific industry limitations their organisation faces, e.g. are you a critical national infrastructure organisation and are you susceptible to nation state attacks

Suggested Actions

  • Review key risks, modelling impact on near term working capital and liquidity, and prioritise contingency planning
  • Create a governance structure to allow senior executives and the board to maintain a strategic and cross-functional approach to crisis management for an extended time
  • Consider how you would handle a second concurrent incident such as a cyber-attack during the pandemic period
  • Agree how crisis management teams will communicate across the organisation
  • Identify your minimum viable business model, determining core processes, vulnerable customer groups, product and supplier
  • Determine who are your key staff, who are their deputies and how they are supported
  • Create communication protocols to communicate with customers, suppliers, media, employees, and regulators
  • Determine the spokesperson and key decision maker for the organisation’s response during the crisis
  • Build channels for your employees and customers to raise concerns and use social media as a communication channel
  • Establish an interim control set across critical business functions starting with people, crisis and incident management protocols. Expand into data protection and cyber risks, and then focus on establishing the same for extenuating circumstances across finance, supply chain, IT and other operational areas
  • Agree which sources of external information provide insight during the crisis
  • Keep compliance with your legal obligations under continual review
  • Understand the external help you can get from different organisations (e.g. external retainers, NCA, NCSC, law firms, emergency services)

How is KPMG helping?

  • Coaching organisations in crisis management practices
  • Conducting crisis management exercises using crisis management tools, therefore enabling remote participation and to test different responses
  • Running immersive online simulations, enabling teams to experience the challenges at first hand in a safe, sand-box environment
  • Augmenting crisis management teams to provide extra capacity and specialist skills
  • Providing crisis management tools including methodologies, toolkits and checklists
  • Bringing communities together to share good practices and provide mutual support
  • Providing employment, business to business, consumer and privacy law advice

Challenges

  • Developing realistic scenarios related to potential return to work, given the ongoing government policy uncertainties, both within UK and for global enterprises across multiple jurisdictions
  • Transitioning from crisis management to business as usual, or a modified business as usual, over an extended return to work period, ensuring that the right governance mechanisms are in place with supporting management information and effective action tracking
  • Creating sufficient strategy capacity to consider longer term COVID-19 “new reality” scenarios and their potential impact on the business
  • Clarity in communication to customers, stakeholders and staff on the posture of the organisation and resumption of services during the return to work period

Industry insights

  • Firms are mobilising return to work project teams and cross functional working groups to define what the return to work approach and timeline will look like
  • A number of “return to work” scenarios are being planned and developed – these focus on who returns to work, when do people return to work and under what operating protocols
  • Firms are starting to define the target state for the new normal in terms of onsite vs remote working arrangements – most clients acknowledge that they expect to reduce the staff footprint in office premises
  • Efforts on identifying key stakeholders, individuals and defining the governance needed to co-ordinate and mobilise key activities as part of the return to work programme.  These include – estate and facilities, HR, Comms, Customer Servicing, Risk, Business Functions and Operations, Infrastructure and Technology

Suggested Actions

  • Create a forward planning group who can step back from the current COVID-19 issues and consider the longer-term pressures on the business and the potential scenarios which may have an impact
  • Move from crisis management to a longer-term governance model which can oversee organisations’ continuing response to COVID-19, ensuring the right management information is in place to support decision making and track progress over time
  • Develop a set of return to work scenarios based on different policy options which can help identify potential issues as well as opportunities and guide contingency planning. These can draw on policy choices being made in countries who are “ahead” of the UK in terms of their lockdown measures for COVID-19
  • Test the above scenarios so you develop an understanding of the issues, blockers and difficulties that may arise. Also look to understand the positives that may arise
  • Develop a plan for communicating to stakeholders on the organisation’s approach to return to work in each scenario and tailoring it as clarity on government policy options emerges
  • Develop a list of external organisations that can assist with return to work – such as cleaning companies, security companies
  • Understand the travel limitations employees may face when returning to work (e.g. trains and overcrowding, paid parking, public and private bus services)

How is KPMG helping?

  • Return-to-work scenario planning and exercising
  • Resource augmentation for logistical and planning exercises
  • Outsourcing and capacity management tools for multiple suppliers
  • Kick-off and support of return to work planning groups
  • Sharing insights and experience across firms and sectors through client programme (webinars/roundtables etc)

Challenges

  • Having a structured approach to developing and assessing longer term COVID-19 economic scenarios and their impact on the viability, profitability and strategy of your business
  • Being prepared for other major incidents which may occur during the extended COVID-19 recovery period, given the technology dependencies of new working models and the ongoing cyber threat
  • Being prepared for on-going supply chain disruption as liquidity and capital issues impact many sectors
  • Ensuring customer service levels do not drop throughout the disruption as people start their phased return to work
  • Ensuring all reasonable steps are taken to ensure staff feel safe and secure throughout the process of returning to work
  • Ensuring sufficient agility and flexibility is built into return to work plans – guidelines will change and people’s attitudes and willingness to return to work will change as they start to feel safer
  • Acknowledging that there may be a 2nd wave of COVID-19, which will mean any return to work plans may need to be flexible
  • Acknowledging that the return to work timelines may be different across the country, across industry sectors, and across age groups
  • Acknowledging that staff may not be able to return to work until schools open again and children are able to return to their classrooms
  • Acknowledging some staff may permanently need to work from home because they are high risk, or they live with high risk family members
  • Protecting organisation’s and customers’ data throughout any transitions

Industry insights

  • Planning not to return to normal and making strategic changes to the business
  • Assuming that a material proportion of staff will always work from home
  • Looking at the estate – repurposing, sub-letting, disposal
  • Dividing staff into red and blue teams and ensuring that they never mix
  • Securing necessary bandwidth and VPN concentrators for the foreseeable future
  • Planning on a remote IT support function, supplying hardware off premise
  • Thinking about all aspects of control and conduct risk for home workers

Suggested Actions

  • Create a set of COVID-19 economic models which capture how your sector may be impacted (and any key elements in your supply chains), and the potential implications for your corporate strategy
  • Develop contingency plans to deal with a range of potential disruption events during an extended COVID-19 recovery period, including major staff absences, technology failures (including national infrastructure) and cyber-attack
  • Consider how your organisation would respond to possible events such as a technology failure (including telecoms) or cyber-attack and whether the constraints imposed during the return-to-work phase will complicate any response actions
  • Develop and carry out crisis / incident response training at both Gold and Silver levels
  • Review your supplier risk assessments considering which sectors may be under particular stress and risk of insolvency or may face ongoing supply chain disruption due to COVID-19 movement restrictions
  • Develop return to work checklists incorporating all key areas – focussing on ‘readiness essentials’ based on government guidelines

How is KPMG helping?

  • Assisting with strategic planning including development of sector impact models, and identification of potential business stresses and associated contingency plans – including augmenting crisis management teams
  • Delivering resilience exercises to test various scenarios and the associated contingency plans
  • Carrying out structured reviews of supply chain risk and assisting with the development of supply chain risk assessments and alternate sourcing strategies
  • Providing client and sector insights to help challenge and support planning

Paul Taylor

Paul Taylor
Partner, Crisis Management & Resilience
+44 7468 718728
paul.taylor@kpmg.co.uk

Caroline Rivett

Caroline Rivett
Director, Operational Resilience, Corporates
+44 7990 577427
caroline.rivett@kpmg.co.uk

Ash Harris

Ash Harris
Director, Operational Resilience, FS
+44 7775 817534
ashley.harris@kpmg.co.uk

Crisis management Return to work Forward planning Who to contact?

Challenges

  • Compassion: First and foremost, organisations need to consider the impact of COVID-19 on individuals and families. The stress of working from home, cut off from fellow team members, can compromise physical and mental wellbeing
  • Capability and Capacity: It’s difficult to meet the operational needs of the business and deliver adequate bandwidth and remote-working capabilities when staff absences and availability are unpredictable and the demand is shifting, resulting in the need to rebalance teams. Organisations need an effective workforce management capability to optimise resourcing options including flexible working, contingent and managed service provision
  • Cost: Many of the changes being made to the way work is done now, will be long lasting, and therefore, need to be considered strategically as an investment (rather than a kneejerk reaction)
  • Connectivity: Individuals need to feel connected, engaged and motivated in order continue working effectively, and this requires digital tools and applications that people know how to use
  • Compliance: Commercial and pragmatic business responses to this crisis situation need to be balanced against the need to ensure all decision making in relation to people is compliant with tax and legal obligations and that directors are aware of their directors’ duties

Industry insights

  • Wherever appropriate, upskilling and redeploying teams to accommodate changed demand and shifts into new and critical products and services
  • Initially splitting the workforce and assigning duplicate roles so that teams operate on alternative days or at different sites, and moving now to closing physical sites and working from home or considering alternatives where working from home is not an option
  • Encouraging increasingly flexible working and helping individual employees depending on circumstances, e.g. extending access to private healthcare and reduced working hours for employees with children at home

Suggested Actions

  • Check in with each individual employee on their personal circumstances through team leaders and managers
  • Deliver leadership broadcast communications e.g. via WebEx
  • Proactively drive lines of communications with people via email, intranet, chat rooms, etc. to provide reassurance and manage expectations
  • Identify business-critical roles and ensure coverage planned
  • Address immediate network and technology issues affecting individuals’ ability to work
  • Provide access to HR specialists to answer personal questions
  • Review HR and people policies in response to changing regulation and government guidelines
  • Appoint a COVID-19 committee to support the board in responses and decision making
  • Avoid any short-term ‘knee-jerk’ decisions in relation to resourcing and costs without thinking through the impact on employee well-being and longer-term protection of jobs e.g. consider whether participation in the Coronavirus Job Retention Scheme would be appropriate for the business and the workforce

How is KPMG helping?

  • Understanding and interpreting the implications of rapidly evolving government legislation and communications for business and individuals
  • Helping leadership and internal communications teams to plan and deliver engaging and supportive communications messages and channels/ tools
  • Supporting organisations with peak resource augmentation/managed service provision
  • Advising on how to upskill employees rapidly to flex with demand
  • Supporting in the development of workforce management capabilities
  • Supporting with analysis and implementation of strategic and practical solutions to manage costs
  • Assisting employers consider eligibility for the Job Retention Scheme, to quantify the support available and to communicate the implications to the workforce
  • Helping businesses understand the immigration law and tax impact of lockdown on globally mobile employees
  • Supporting employers to work through the legal and employment tax implications of extensive homeworking, including putting in place homeworking policies
  • Helping organisations assess the employment law and payroll implications of engaging contingent labour
  • Assisting organisations to understand Government support for self-employed contingent workers in their labour supply chain

Challenges

  • Identifying who are a priority for returning to work on-site
  • Establishing how organisations group teams to be in the same physical space
  • Continued provision of additional health, hygiene and well-being measures, both on-site and virtually
  • Designing how mixed teams will work e.g. team meetings combining face to face with virtual, to ensure consistent interactions
  • Continued engagement through communications at all levels and across office based and virtual teams
  • Provision of effective virtual working tools, technology and networks to cope with combination of in-house and remote access, ensuring remote workers are not disadvantaged
  • Alignment of HR and employment policies to the new working practices
  • Redesign of office space to serve remote and face to face simultaneously
  • On-going monitoring and supporting mental and physical health

Industry insights

  • Organisations have generally mobilised their response to the critical event and have relevant segments of the workforce operational. There is a general recognition that it will now be some months before office workers can consider returning to a physical office, so the focus is now starting to turn to the longer term impacts: ways of working, engagement, stress, talent retention, health and safety issues of virtual working
  • Some industries have taken greater advantage of the Job Retention Scheme than others with the Financial Services industry generally not using this option
  • The operational impact of virtual working for some organisations has not been significant and in some cases, productivity has increased, although there are concerns that this may not be sustainable in the longer term as people burn out

Suggested Actions

  • Segment the workforce into 4:
    • Immediate: critical workers who have remained on-site
    • First Wave: those who work better in a specific physical environment with specific equipment, e.g. call centre
    • Knowledge Workers: those who can work effectively remotely for the long term
    • Special Individual circumstances: the ones with underlying health condition, poor home working conditions, etc.
  • Assess and understand the full implications of a return to physical space e.g. travelling to work, physical distancing, testing, PPE and sanitising supplies, etc.
  • Consider shift patterns, staggering work hours and core team days for working together
  • Consider continued virtual working requirements e.g. health and safety requirement for home working space and equipment
  • Review employment contracts and employer responsibilities to ensure compliance and renegotiate where required
  • Continue initial excellent employee engagement response and plan to take this into the medium term, e.g. daily stand ups
  • Establish protocols to respond to expected spikes in the COVID-19 outbreak

How is KPMG helping?

  • Assessing and planning return to physical working site
  • Building new workspaces for interim working solutions
  • Reviewing behaviours and ways of working and adjusting to the new environment
  • Designing how mixed teams can work e.g. team meetings combining face to face with virtual, to ensure consistent interactions
  • Advising on provision of additional health and well-being measures, both on-site and virtually
  • Assisting with communications at all levels and across office based and virtual teams
  • Design and implementation of remote working solutions
  • Supporting the alignment of HR and employment policies to the new working practices
  • Assisting businesses to understand the financial and employment law implications of bringing employees back from ‘furlough’ under the Job Retention Scheme
  • Helping businesses understand the immigration law and tax impacts of future medium-term movement restrictions and plan for post COVID-19 global mobility
  • Supporting employers confirm the legal and employment tax implications of longer-term homeworking policies
  • Helping plan for future easing of the lockdown including managing resources and considering costs reduction options where appropriate

Challenges

  • Understanding the shape of the workforce to meet client demand in the future
  • How to make “Change” investments now that will have longevity post COVID-19
  • Understanding how organisations address employee value proposition to retain and attract key talent
  • How to continue to develop capabilities where ‘on the job’ training and experience has significantly dropped

Industry insights

  • Organisations are recognising that there will be a new reality in the longer term-significant changes to customer demand for a different type of work, therefore requiring different workforce solutions
  • Remote working for segments of the working population is a long-term reality which drives opportunities around access to global talent pool, office space requirements, culture and behaviours

Suggested Actions

Medium term

  • Continue to check in with individuals and provide HR specialist support
  • Implement a communication plan providing a regular rhythm of communications with established Q&As and help sites for all employees
  • Implement team focused tools and techniques to improve communication and collaboration
  • Understand where demand has increased or fallen and adjust workload across the workforce wherever possible or consider alternative options for change
  • Monitor levels of sickness to pre-empt geographical trends and peaks
  • Engage with sources of resource augmentation – contingent workers, SMEs and managed services to understand what can be delivered and associated cost models
  • Consider the ongoing impact of employee experience or customer experience
  • Consider and manage operational and reputational risk, tax and legal implications of the people challenges raised by COVID-19 including home working and flexing resourcing
  • Monitor the effectiveness of the return to work programme to ensure that it remains effective and is supporting the workforce as a whole

Long term

  • Follow the global trend from role-based to skills-based organisational design
  • Build internal workforce management capability
  • Invest in homeworking technologies and connectivity
  • Revisit employee experience design based on new normal of employment and work

How is KPMG helping?

  • Holistic workforce (and implementation) design to support emerging new operating models, addressing organisation structure, resourcing, workforce planning, employee experience, culture, leadership and underlying people analytics
  • Supporting companies assess the impact of COVID-19 and new working patterns on employee value propositions (including reward and benefit structures)
  • Assisting companies to consider whether it is appropriate to amend long term incentive plans and providing tax and legal implementation advice
  • Helping organisations understand the legal and tax implications of longer-term flexible working and home working
  • Assisting businesses establish and quantify the employment tax implications of providing home working equipment, supplies and allowances

Mark Williamson

Mark Williamson
Partner, Head of People Consulting
+44 7767 345602
mark.williamson@kpmg.co.uk

Mel Newton

Mel Newton
Partner, People Consulting, FS
+44 7584 884554
mel.newton@kpmg.co.uk

Anna Marie Detert

Anna Marie Detert
Partner, People Consulting, Corporates
+44 7825 434075
annamarie.detert@kpmg.co.uk

Donna Sharp

Donna Sharp
Director, Solicitor, Legal Services, Employment
+44 7880 054983
donna.sharp@kpmg.co.uk

Isabel Ost

Isabel Ost
Director, Solicitor, Legal Services, Data Protection
+44 7818 588789
isabel.ost@kpmg.co.uk

Minaho Shiraishi

Minaho Shiraishi
Partner, Global Mobility Services and Immigration
+44 7920 268403
minaho.shiraishi@kpmg.co.uk

Matthew Hunnybun

Matthew Hunnybun
Partner, People Services
+44 7742 108408
matthew.hunnybun@kpmg.co.uk

Crisis management Return to work Forward planning Who to contact?

Challenges

  • Lost revenue and poor customer service due to failure of supply
  • Excess demand due to change in demand behaviour triggering difficult product and service allocation messages Increased expenditure on premium freight to expedite parts and materials where supply chains have failed
  • Limited understanding of who supplies the raw material or sub-assembly components
  • Limited time and resources to develop contingency supply options, including cost, timings and manufacturing facilities
  • Limited understanding of how much working capital stock may be tied up in logistics routes, impacting operations and liquidity, with limited understanding of inventory cover
  • New channels to market being implemented by competitors and suppliers
  • Smaller companies find they have limited leverage with larger suppliers and encounter unfavourable allocation decisions
  • Managing high risk contracts with suppliers/ service providers
  • Operations staff are stretched with the reduced workforce; back office and fulfilment teams may be deprioritised with subsequent backlogs

Industry insights

  • Not all companies have a single view of inventory; supply chain insight relies heavily on subject matter experts in short supply
  • Increased scenario modelling is in evidence, based on changed demand and product availability
  • Greater visibility of product in the supply chain (i.e. geographical visibility)
  • Product ranges have been rationalised to help maintain availability and manage inventory often involving difficult marketing decisions
  • Many companies have made a shift towards supplier partnerships to ensure supply of scarce or critical product
  • Continuous conversations with service providers and suppliers to ensure continuity of supply consume more time and resource
  • Many clients are dependent on suppliers they didn’t expect, often those providing niche services
  • Supplier risk assessments need to be updated; review is required; don’t assume they are the same as their pre COVID-19 assessments
  • Simplification of process and reducing complexity in supply chains

Suggested Actions

  • Establish a dedicated team to focus on supply chain assessment and risk management
  • Undertake end-to-end supply chain mapping and supplier risk profiling, be clear on the risk priority areas, not just what you have run out of today; be proactive in addressing anticipated shortages
  • Determine business exposure by identifying current and buffer inventory
  • Communicate with critical suppliers; understand and integrate their plans to fulfil and prioritise
  • Check for managed service providers who are encountering security and capacity issues, as well as the impact of global travel restrictions on managed service providers (including call centre operations)
  • Map criticality of sourced materials to high-value products and revenue streams, put governance in place to ensure optimal allocation. Prioritise how demand will be fulfilled
  • Understand contracts with critical suppliers – liability and force majeure (such as with supply shortage), contingency, operational continuity clauses, title and risk, duty cost and other taxation liabilities; include maintenance and spares supply
  • Mobilise additional people as quickly as possible using capacity planning techniques. Focus and prioritise all available people to front line operations
  • Ensure critical data to allow import/export declarations to flow is available internally and to any declaration service providers
  • Communicate and collaborate with sector providers and local businesses
  • Aggressively evaluate near-shore options to shorten supply chains
  • Reconfigure global and regional supply chain flows
  • Review taxation impacts on changes to supply chain such as customs duty and VAT

How is KPMG helping?

  • Evaluating supply chain risk assessments, including accelerated supply chain risk due diligence, using automated tools and tailored assessments to understand product and supplier risk
  • Using supply chain performance excellence methodology to improve data-driven decision making
  • Supporting supply chain reconfiguration
  • Contract and legal analysis, development, drafting and negotiation
  • Developing contingency supply options, including costs, timings, supply routes and manufacturing facilities
  • Scenario planning and modelling with working capital and inventory analysis
  • Mobilising managed service operations to augment client teams
  • Advising clients on taxation position and deferral payment opportunities from any changes in suppliers, inventory storage and locations considering customs duty and import VAT

Challenges

  • Facilities Management teams need to know the new standard for workplace cleanliness, offices, warehouses, etc.
  • Start-up failures, plant and equipment failures add to the return to work complexity; critical spares may not be on hand
  • If you are coordinating supply chains across regions, different markets exit from lockdown at different points in time; a one-size solution does not fit all
  • Social distancing may have adverse effects on productivity in critical areas
  • If demand has significantly changed, assembly lines may need reconfiguring with space allocations for different volumes/ratios of parts or product options; set-up analysis is required
  • With changed demand, suppliers may be unclear on fulfilment targets
  • Establish a protocol to respond to expected spikes in the outbreak
  • Potential bottlenecks in border process (due to port storage capacity being reached) need to be carefully managed
  • Simplification of end-to-end supply chain processes

Industry insights

  • There is a supply chain interdependence between regions, with different markets coming out of lockdown at different times. This has an impact on supply chain synchronisation, especially where there are synergies between markets and demand is aggregated for supply contracts
  • Greater visibility of geographical inventory and stock movements
  • Functions may have contradictory views on how demand has changed, creating new tensions in sales and operations planning
  • Critical spare parts can get overlooked in the rush to get supply chains up and running
  • If there is a need to integrate face to face and remote working, this can take some getting used to and needs to be managed effectively
  • Find out what plans key customers have and feed into your own back to work planning; use it to communicate confidence in your ability to supply
  • Communicate effectively with service providers and suppliers so that their back to work is supportive

Suggested Actions

  • Prepare buildings for occupancy e.g. arrange preoccupancy inspections and a deep cleaning programme, set new cleaning standards to reduce transmission risk, train and monitor your Facilities Management and cleaning teams on new approach to minimise risk, test all emergency and life safety systems
  • Ensure that maintenance start up procedures have been followed with clear process confirmation
  • Ensure that there is focus on protocols around sensitive products or stock e.g. products with a shelf life
  • Set new targets where social distancing will have an impact on productivity. Communicate expectations with the workforce, ensure that there has been sufficient health and safety analysis where social distancing could be compromised
  • Focus on cross training to cater for absences of key skills due to future self-isolation and secondary peaks
  • Make sure that suppliers have clear communication on demand expectations and that ordering systems have been aligned with the expected situation
  • Review working practices that have been adopted during lockdown for opportunities for future efficiency gains, along with the need to integrate face to face and remote working. Formalise how you get feedback from the workforce at all levels
  • Review and update your Business Continuity Plan

How is KPMG helping?

  • Starting assessment of supply chain resilience while still in lockdown so that it integrates with activity post lockdown
  • Providing highly automated and scalable analysis of supplier resilience utilising public and private databases to create tactical reports
  • Productivity enablement, getting productivity accelerated as fast as possible, new ways of working that take account of the implications of social distancing
  • Analysis of product flow with changed demand or channel switch
  • Getting sales and operations planning better coordinated including guiding behaviours and governance around effective decision making to protect working capital
  • Structuring governance of product variants to balance inventory control and demand planning

Challenges

  • Many companies are experiencing channel switch e.g. retail store to online; some demand behaviour will be permanent
  • Many trends which have been observed will be accelerated, more products will experience growth as services (“servitization”) which will require new business model development
  • Increasing focus on supply chain network planning
  • Forecast accuracy is likely to decline as historical demand data becomes less relevant

Industry insights

  • Companies are looking more to introduce signal repositories to take account of relevant external factors to improve forecast and demand planning
  • Strategies are being reviewed to take advantage of existing trends which have accelerated due to COVID-19
  • Existing ‘plays’ around disintermediation of levels in supply chains to reduce cost and enhance margin are likely to happen sooner
  • Identifying and allocating the best people to work on supply chain reorganisation is seen to be more urgent including more development of direct to consumer approaches

Suggested Actions

Medium term

  • Work with critical suppliers to contractually agree necessary buffer stock to reduce sudden price increases in the face of an event
  • Assess risk factors that may escalate costs and impact service and inventory capabilities
  • Establish integrated business plans to ensure synchronisation across all business functions
  • Build a foundation of trust and transparency that leads to more collaborative relationships with critical suppliers
  • Revise cash flow, working capital management and inventory forecasts alongside supply and demand predictions
  • Continue to capacity plan operations and flex additional resources
  • Review alternative suppliers, assessing their distribution, capacity and taxation
  • Consider implementing duty free chain within the supply chain by operating customs warehouses to store buffer – link such considerations to potential changes to supply chain volumes and risks associated with Brexit and UK/EU27 border
  • Implement dual supply chain strategies to balance far and near-shoring

Long term

  • Establish real-time supplier data to help manage performance and issue resolution
  • Restructure supply chains to be more robust, including substituting suppliers
  • Invest and plan for accelerating digital supply chain transformation
  • Move towards flexible contracts and bring manufacturing closer to the point-of-purchase
  • Create as much value as close to the customer as possible
  • Implement robust sales and operational planning
  • Advance your ability to model and predict consumer behaviour, especially in times of uncertainty and disruption
  • Assess long-term need for additional operational capacity
  • Identify activities to be transitioned from external operations back in house
  • Review customs clearance model – moving away from outsourced to data driven in-sourced model – capable of operating through “home working” protocols and increasing speed at the border
  • Consider whether Authorised Economic Operator (AEO) or other supply chain/customs “trusted trader” regimes help speed and secure supply chains and enhance velocity through the border

How is KPMG helping?

  • Sales and operational planning upgrades to improve demand planning for the new reality and get more real time visibility of data, especially single view of inventory
  • Introducing signal repositories to help improve demand planning
  • Restructuring supply chains to be more resilient, including reshoring of supply and aligning the tax implications of changes
  • Highly automated and scalable analysis of supplier resilience, utilising public and private databases to create ongoing supply base resilience monitoring
  • Designing and implementing supply chain performance excellence to utilise resilience driven KPIs for ongoing navigation
  • Supporting reshoring activities to enable structural changes to the supply base, making supply chains both shorter and more resilient
  • Network analysis and reorganisation to ‘right size’ distribution networks for changed levels of volume and mix
  • Analysis of economies of scale to support set up of near shoring and micro-supply chains with smaller production volumes
  • Advising on the legal/commercial risks of flexible contracting models and how to mitigate those risks contractually
  • Advising on in-house customs declaration processes and software or more flexible in-source/out-sourced blended solutions
  • Assessing applicability of AEO – providing gap analysis and programme management
  • Providing legal advice as to the renegotiation of contracts and advising clients on the purchase of assets and businesses in the supply chain where appropriate

Iain Prince

Iain Prince
Partner, Corporates
+44 7748 307934
iain.prince@kpmg.co.uk

Maureen O’Shea

Maureen O’Shea
Partner, Corporates, Supply Chain
+44 7385 025437
maureen.OShea@kpmg.co.uk

Lorraine Mackin

Lorraine Mackin
Partner, Infrastructure, Government, Healthcare
+44 7585 980 820
lorraine.mackin@kpmg.co.uk

Douglas Dick

Douglas Dick
Director, Financial Services
+44 7766 997932
douglas.dick@kpmg.co.uk

Usman Wahid

Usman Wahid
Partner, Solicitor, Legal Services, Commercial
+44 7903 388336
usman.wahid@kpmg.co.uk

Crisis management Return to work Forward planning Who to contact?

Challenges

  • Do collaboration tools and remote working solutions have enough capacity to cope with exponential demand driven by remote working?
  • Can delivery teams adapt to this new operating model and dynamic changes in delivery priorities?
  • Can businesses operate effectively and maintain continuity of operations, recover from large-scale technology failure, meet tactical business needs, and operate from alternative locations whilst still effectively governing their operations with reduced staff and remote working?
  • What is the impact to companies as rapid changes are made with short-term tactical solutions and as longer-term technology strategy initiatives are stalled?
  • Validation of key suppliers’ and partners’ continuity planning and evaluation of changes to service agreements and the resulting risk to your business
  • Can you use your data to rapidly drive insights and react quickly to the current rapid changes whilst ensuring that this data remains secure and protected?
  • Need to understand planned/scheduled maintenance activities and whether these should continue
  • As technology is rapidly introduced or evolved to support the change in working practice, are users being constantly informed and educated?
  • Review networking processes, especially those defined for security. Directing internet traffic direct rather than over corporate VPN can significantly improve the user experience. Multiple cloud services exist to replace policies and adhere to security controls

Industry insights

  • Clients who ensure frontline IT support staff are equipped to provide remote troubleshooting expertise, maintain core services and increase technology resiliency
  • Industry is seeing a successful trend of reprioritising IT resources, to support frontline IT services – to increase organisational resilience and maintain core IT services
  • Mobilising hardware and workplace supply chains and support vendors is seen to ensure remote workers have the tools and support they need for remote working and can manage peak volumes
  • More clients are refocusing discretionary activity such as projects, to focus resources and investment on supporting the wider business response
  • We’re observing that the organisations less impacted by the disruption are the ones who embraced Agile working methodologies, and built/started to build Digital Workplace capabilities and support services

Suggested Actions

  • Rapidly extend data centres into the public cloud using VPN-based connectivity and large scale roll out of remote working
  • Enable rapid resourcing for help desk and system managers with the capacity to meet revised business needs
  • Review IT governance, risk and control through a cyber security lens and ensure controls work effectively and weaknesses are identified
  • Decide IT priorities with the business for rapid adjustment and flexibility, and encourage closer working between digital channel architects and IT infrastructure teams
  • Utilise Agile methodologies within business functions such as marketing and product development to speed up response to changing circumstances
  • Ensure data classification and adequate measures are at least defined; create plans to implement measures that prevent data loss and data leakage
  • Look to cloud SaaS-based business suites and solution providers for additional tooling that can drive better workplace effectiveness and security posture
  • Check how suppliers plan to maintain priority service
  • Review backlog of planned changes and reprioritise for resilience, accessibility, and performance improvements and limit non-critical changes to the IT estate
  • Use the cloud to rapidly extend self-service capabilities particularly in password resets, multifactor authentication management, and application provisioning
  • Implement enterprise social collaboration platforms to drive employee engagement
  • Prioritise operational support and extend contact centre capacity, adding remote staff through cloud technology
  • Review data centre recovery processes, backups, ensure main and auxiliary power systems are serviced, tested and ready for use
  • Review cloud arrangements and other critical third parties together with legal contracts, capacity, scalability and financial viability

How is KPMG helping?

  • Advising on rapid deployment of increased capacity and improved working practices in remote working solutions
  • Accelerating the roll out of cloud native and hybrid cloud solutions
  • Advising and negotiating technology contracts on behalf of clients, often at an accelerated pace
  • Advising on the data protection implications of new arrangements
  • Reviewing IT programme delivery, impacts on timelines and potential mitigations
  • Using data to provide analytics/insights such as workplace analytics, financial provision modelling, business and retail customer vulnerability predictions, operational effectiveness such as customer contact centre or IT helpdesk resource forecasting
  • Analysing performance and capacity issues on the network including bottlenecks and upgrade and expansion requirements
  • Using workplace analytics to understand the change in user behaviour and productivity and highlight resilience and performance focus areas
  • Providing secure data rooms for clients to share information and work together
  • Providing Functional and Non-Functional Testing services to ensure systems are performant and secure during periods of high stress

Challenges

  • Have you adjusted Business Continuity Plans to reflect further lock down scenarios occurring over next 3, 6 and 9 months?
  • Are you able to support a sustained period of increased volume of remote working?
  • Have you validated key suppliers’ and partners’ continuity planning and evaluation of changes to service agreements and the resulting risk to your business?
  • Have you set out guidance on planned/scheduled maintenance activities and whether these should re-start following pauses?
  • Do your plans help the 'new normal’ business model, product volumes and sales/service channel projections as lock down eases?
  • Are your suppliers able to ramp up effort on discretionary change following furlough and pauses?
  • Have you prioritised moving beyond tactical workplace changes and implementing a more strategic and robust workplace services and support model that can adapt to future events?
  • Has your risk assessment evaluated whether critical applications can sustain current working model beyond the short term?
  • Have you sourced tools and built data models to support workplace planning efforts to provide confidence on safe return to work timings (arrival/departure) from offices, workspace location and office movement? Are you monitoring these using security data to check if revised policies are sufficient? Do you need to certify/demonstrate your continuity capability to maintain customer confidence and government/regulatory mandates that may be introduced?

Industry insights

  • Clients are repurposing systems and tools to support workforce return to work planning logistics
  • We have seen no material catastrophes of technology vendors failure to supply yet
  • We’re perceiving that an offshore organisations’ ability to implement widespread home working in less developed countries hasn’t manifested as a major problem
  • We remain concerned specifically for contact centre environments that are unable to operate from a home environment – further COVID-19 peaks could impact capacity, seriously and very quickly
  • The industry is witnessing a pattern of suppliers approaching clients looking for ‘retainer fees’ to secure key resource and knowledge in face of the prospect that project workers are likely to be retrenched
  • Many of our clients are starting to consider the opportunity for change as the business has now accepted disruption. Current restrictions are an ideal moment to eliminate legacy practices around process, networking, security and even application.
  • Clients who made tactical deployments to rapidly enable remote working are reviewing the technology estate and consolidating services to meet budgetary challenges
  • Organisations are already talking about a ‘new normal’ of large remote working volumes and the change this is driving to IT support arrangements
  • More of our clients are prioritising resilience as a key feature of solutions as spend starts again, not only for technology buyers but also from the business, as they understand the cost of not having resilience

Suggested Actions

Medium term

  • Broaden scope of Agile working practices in technology across the organisation into new business and operational functions
  • Stress test your risk management protocols in the knowledge that further pandemic spikes and lockdowns may occur in the future
  • Evaluate which customer experiences and products are most critical and map important application and infrastructure services to them in order to prioritise investment
  • Use AI-based contact centre technologies and chat bots to create capacity, improve customer experience and increase responsiveness to changing environment
  • Review and adjust spares inventory at data centre and other key sites to ensure parts are available
  • Continue to focus on third party dependency monitoring and assurance
  • Deploy workforce analytics tooling to closely understand the change in working patterns and productivity
  • Ensure your Enterprise Architecture capability puts digital at the heart of how IT will support change in the business
  • Define and adopt ‘digital-first’ strategies when building or refreshing existing processes and solutions
  • Review application architectures and deployments; are they optimised for broad network access with nearly 100% of users currently accessing services remotely?
  • Optimise and industrialise cloud deployments to ensure cost efficiency and business/regulatory risk and security controls are in place. Develop a resilient workforce identity and access management process, framework, and automation workflows
  • Deploy SaaS-based data loss prevention platforms to ensure adequate data classification and controls are observed
  • Monitor additional load on your system and adjust storage requirements, use the cloud to scale rapidly if required
  • Build monitoring solution for movement of employees entering/leaving/within office (physical security data)

How is KPMG helping?

  • Our Digital Enterprise Architecture point of view provides a unique insight into the transformative opportunities a business relevant architecture function can realise
  • Our digital workplace services and assurance reviews will quickly define an action plan to ensure core workplace services are optimised and set up to drive maximum productivity
  • Our experienced Enterprise Architects can help accelerate and adopt Agile methods of working across the organisation
  • Through the Cloud Adoption Framework, we help clients uncover new ways to drive value from the cloud whilst also reducing OPEX costs and ensuring alignment to corporate and regulatory policies
  • Our cloud contract matrix helps clients accelerate their understanding of key legal issues and related solutions

Challenges

  • How do we future-proof the tech and data operating model to support the changes needed to the post COVID-19 business model?
  • How do we balance the competing pressures of investing to support new business and product structures while improving our technology infrastructure resilience and reducing cost to serve the business?
  • How should we quickly realign architectural roadmaps to new business models and priorities to ensure in flight change activity remains relevant?
  • How should we reinvigorate paused programmes ensuring objectives are updated to the changing priorities while bringing key suppliers into sync?
  • How can we help the business increase the resiliency of services and flexibility of working locations and improve speed of response to future challenges?
  • Demand for transformation of working practices, digital adoption and cloud-based services is likely to increase – how do we keep pace and help facilitate this modernisation?

Industry insights

  • We are seeing considerations around anticipating updates to ISO certification to include pandemics and long-term business interruption; thus, formalising responses will be critical
  • Increasing focus on personal connectivity critical to productivity, as users reduce reliance on corporate resources
  • Many of our clients that embrace remote working will change where teams are resourced from, focusing on finding talent where it is most cost-effective with high performing cross-border teams becoming normal
  • Transparency will become an even more valued trait in suppliers with COVID-19 battle scars shared openly to support greater future resilience
  • Clients are assessing resilience in IT outsource suppliers and the risks of single sourcing

Suggested Actions

  • Apply lessons learned during the pandemic to adjust the organisation’s operating models as business returns to a new normal
  • Increase Agile culture across all business and operational functions
  • Use technology to automate the detection, elimination and prevention of invoice and revenue leakages
  • Use of data science and technology to enable further insights and empower data-driven decision making across the organisation
  • More substantial investment in Digital Enterprise Architecture capability to ensure the organisation continues to grow and reinvent itself, maximising business returns and shareholder value
  • Mitigate IT supply chain challenges through improvements to workforce and identity management in combination with desktop-as-a-service. Enable secure use of any type of personal devices to access organisation data and assets while maintaining a high standard of compliance
  • Review and reprioritise strategic technology investments and accelerate programmes that support ongoing resilience and emergent growth priorities
  • Review cost optimisation plans to focus technology solutions on emerging business priorities
  • Automate continuous compliance using infrastructure as code solutions as means of documenting existing IT and application infrastructure
  • Embed disaster recovery playbooks and scenario planning improvements
  • Review and re-prioritise strategic technology investments and accelerate change programmes which actively support resilience
  • Embed data-driven culture to adapt and provide insights into changing customer needs
  • Review sourcing strategy and service performance of third parties and adjust for emerging business priorities

How is KPMG helping?

  • Helping identify requirements for new IT controls
  • Supporting organisations with cloud transformation to improve agility and automation
  • Assessing, building, and coaching Digital Enterprise Architecture capabilities to become self-sustaining
  • Accelerating invoice and revenue assurance programmes using our Ignite platform
  • Using our tried and tested methodologies and strategies to help drive, adopt and accelerate successful digital transformation
  • Assessing and improving the security posture of your systems, platforms, and organisation with our experienced DevOps and Cyber Security teams
  • Providing delivery industry aligned cloud and risk control frameworks to standardise compliance
  • Driving IT and cloud cost reductions via proven methodologies
  • Working with our cloud alliance partners to support the rapid deployment of solutions and data analysis capabilities aimed at supporting our clients
  • Modelling and costing anticipated changes in technology requirements to allocate resources and investment on critical resilience, service improvement and digital channels
  • Providing third party risk management support for reviewing key IT service providers
  • Automating and improving the workflow for incident, change and service catalogue processes
  • Assessing architectural, security and IT process resilience
  • Providing Non-Functional Testing services to enable performant and secure systems

Heath Jackson

Heath Jackson
Partner, Head of IT Advisory, Corporates
+44 7860 962162
heath.jackson@kpmg.co.uk

Phil Crozier

Phil Crozier
Partner, IT Advisory, Financial Services
+44 7768 215886
phil.crozier@kpmg.co.uk

Crisis management Return to work Forward planning Who to contact?

Challenges

  • Safeguarding buildings during periods of low occupancy or sustained lockdown
  • Securing sites and valuable assets against opportunistic crime
  • How to clean and deep clean occupied properties in response to the COVID-19 pandemic
  • Supporting ongoing operations with a skeleton staff and providing a safe environment for on-site workers
  • Addressing health and safety requirements and protecting company assets
  • With all attention focused on COVID-19, other emergency responses and business continuity protocols risk being neglected
  • Maintaining uninterrupted power supply with robust back-up facilities

Industry insights

  • Reviewing the service catalogue and identifying services critical to resilience, across building types
  • Ensuring that landlords, internal teams and service providers are adequately equipped to monitor and safeguard building infrastructure and facilities
  • Assessing the ability of facilities management providers to provide services during challenging times
  • Ramping up security presence during the current lockdown period
  • Providing remote monitoring for building management systems at closed sites
  • Ensuring remote monitoring and management capabilities for data centres and technology facilities
  • Developing plans for “mothballing” and ensuring safety of unused facilities
  • Reviewing provisions in third party contracts around scaling back services and reducing costs

Suggested Actions

  • Implement robust regular deep cleaning plans in public areas of occupied sites
  • Ensure sufficient supplies and equipment to maintain health and safety for all staff and visitors to the building
  • Organise additional cover to maintain building security during periods of low occupancy or lockdown, and consider whether planned maintenance should be halted or delayed
  • Ensure remote management of building management systems
  • Test and assure remote monitoring and management capability for all technology centres
  • Check your insurance cover to minimise disruption in the event of loss or damage to an asset

How is KPMG helping?

  • Project management and resource augmentation advice
  • Business continuity planning
  • Advice from Subject Matter Experts (SMEs)

Challenges

  • Monitoring government advice on health & safety protocols for returning to work
  • Re-designing your work premise to maintain social distancing in office areas/meeting rooms, minimising touch points (e.g. door handles) and reconsidering access logistics – lifts, stairwells etc.
  • Establishing protective measures at all levels, with policy clarifications, behavioural nudges/incentives and also consequences for behaviours that are not acceptable
  • Encouraging remote meetings, while allowing in-person meetings in line with social distancing protocols
  • Considering safety and feasibility of operating machinery under social distancing
  • Rethinking approach to customer interactions where physical proximity has previously been the norm (adapt environments to encourage social distancing, use of PPE, use of technology for virtual servicing)
  • Reassuring employees that it is safe to return to work
  • Minimising any travel that puts employee health at risk
  • Assessing the need to maintain adequate stock of PPE (firm supplied or personal) in line with employee requirements
  • Evaluating enhanced hygiene practices (e.g. regular deep cleaning, availability of hand sanitisers)
  • Ensuring that office catering facilities comply with all health & safety guidelines

Industry insights

  • Most office-based firms are seeing limited downsides to remote working and are under no great pressure to return to office-based working; this may change as we learn more of the impact of long-term remote working on employee well-being
  • For tech, financial services, and knowledge-based organisations – plans are to continue remote working; they also may opt for a network of smaller workspaces rather than large urban buildings
  • Remote working does not work for all employee segments: e.g. people in cramped accommodation, polls seem to indicate that around a fifth of Londoners do not want to work from home
  • Many employees need to be in specialised physical workspaces, i.e. manufacturing, research & development, distribution, in order to be productive
  • Consumer-facing firms, however, need to reopen at some level as soon as it’s reasonable to do so
  • Companies are assuming that social distancing measures will have to be in place even when workplaces reopen
  • Some organisations have focused on getting staff to adopt health and safety guidance through targeted campaigns and workplace design enablers (e.g. availability of hand sanitisers, training on good hygiene practices, social distancing reminders)
  • Big cities like London, where public transport is the primary form of travel to work, face challenges due to the risk of infection on public transport; to reduce the inherent risk, taxis are being provided to critical workers by some organisations
  • A vast majority does not support a perceived early relaxation of the current lockdown
  • In Germany, the recent relaxation of social distancing rules has led to a spike in infection rates
  • Some organisations are exploring the medium-term impact of COVID-19 testing on their return to work plan
  • Some technology organisations are implementing scheduling apps to limit the number of employees in small spaces (e.g. monitored access to the staff canteen/lifts)

Suggested Actions

  • Assess the rationale for reopening workplaces – is it necessary for firm viability? Communicate rationale to staff

For employees returning to physical workspaces, prepare them for how it will be different:

  • Build detailed, scenario-based plans by employee type, that allows for rotations of teams, to optimise numbers of people present at one time, based on facility capacity
  • Prepare ‘return to work’ instruction videos/modules to set expectations for employees about the guidelines and requirements
  • Offer an information portal/microsite to access FAQs, online support, peer-to-peer connection on workspace experiences and learnings

For employees working from home, it’s important to offer practical help beyond virtual connection

  • Better advise individuals with homeworking assessments to identify risks and mitigate them, from neck/back strain to emotional stamina
  • Provide access to workstation improvements, i.e. chairs, desks, screens, keyboards, for those to be at home for indefinite periods
  • Advice for those working and simultaneously looking after vulnerable persons at home
  • Adapt workplace arrangements to minimize health and safety risks to employees in line with government advice
  • Consider minimising travel risks and office access issues by implementing staggered shift timings
  • Investigate the option of alternating attendance (e.g. 50/50 week on week)
  • Allocate or allow advanced scheduling of desks to maintain social distancing rules
  • Schedule deep cleans between alternate shift changes
  • If possible/feasible, order and maintain adequate stocks of PPE for employee use
  • Ensure that office restaurants comply with latest health & safety guidance and re-design staff dining facilities to incorporate social distancing and hygiene measures
  • Conduct a detailed risk assessment, including all mitigations in place and publish a summary to employees
  • Seek regular employee feedback on actions taken and adapt your future strategies accordingly

How is KPMG helping?

  • Risk assessment and risk/benefit analysis for reopening workplaces – current issues, risk levels, possible mitigations
  • Investigation of team/process level requirements for office access
  • Modelling/analysis of critical times for team availability to develop a flexible work plan
  • Validation of minimal office-based “key worker” numbers to maintain service levels
  • Policies and guidelines for return to workplace, including exceptions/limitations for vulnerable categories
  • Assistance with re-designing operating model to best address health & safety/risk mitigation requirements

Challenges

  • Investigating the cost effectiveness of allowing employees to work remotely, and the implications for workplace and premises (in case employees are asked to work permanently from home)
  • Establishing more structured formal and informal connection for innovation, with new skills development like virtual emotional intelligence, design thinking and also scale-up of agile scrums and sprints for key initiatives
  • Providing better access to collaboration tools that can replace traditional meetings, travel and face-to-face training
  • Reducing the property footprint; UK building managers say that 10% of facilities are currently occupied
  • Ensuring that all reasonable steps are taken to ensure staff feel safe and secure throughout the process of returning to the workplace
  • Ensuring that sufficient agility and flexibility is built into return to work planning – guidelines will change and people’s attitudes and willingness to return to the workplace will change
  • Assisting remote workers in creating a safe long-term home working environment
  • Acknowledging that there may be a second wave of COVID-19, which might lead to closure of workplaces again
  • Recognising that the return to work timelines may be different across the country, industry sectors, and age groups
  • Accepting that employees may need to continue remote working until schools are reopened and children are able to return to their classrooms
  • Considering the “new normal” scenarios and their possible impact on premises strategies

Industry insights

  • Some organisations are conducting reviews of their portfolio to optimise space – several Heads of Real Estate and Facilities Managers have been awaiting this opportunity to address this cost base
  • Organisations are recognising that there will be a new reality in the longer term. Significant changes to customer demand will lead to different delivery models, which will impact premises strategies and requirements
  • Remote working has proved feasible office-based workers in the short term
  • Several organisations have offered additional support to employees working remotely (e.g. providing ergonomic chairs to reduce incidence of back pain)
  • Customers have had to find alternatives and workarounds for retail and entertainment outlets and some of these changes may prove to be long-lasting or permanent
  • Enforced localisation of access to services may have a regenerative effect on local shops and high streets, affecting major retailers
  • Manufacturers and producers will consider further use of automation and AI to strengthen resilience of production facilities

Suggested Actions

Medium term

  • Ensure that all reasonable steps are taken to ensure staff feel safe and secure throughout the process of returning to the workplace
  • Ensure sufficient agility and flexibility is built into return to work planning – guidelines will change and people’s attitudes and willingness to return to the workplace will change accordingly
  • Acknowledge that there may be a second wave of COVID-19, and ensuring that plans are in place for putting on hold or reversing proposed reopening of workplaces
  • Recognise that the return to work timelines may be different across the country, industry sectors, and age groups; ensure that plans for reopening workplaces reflect local conditions and workforce demographics
  • Evaluate potential assistance needed by employees to facilitate their return to work while schools remain closed

Long term

  • Investigate the cost effectiveness of allowing employees to work remotely, and the implications for workplace and premises (in case employees are asked to work permanently from home)
  • Review and revise premise strategies considering what “the new normal” will look like, with particular consideration to sustainability as it relates to future resilience, and including volume, purpose, use of automation and AI and location, as well as taking into account remote working capabilities
  • Create a “safe home-working" toolkit for long-term remote working staff (e.g. hardware provisions for staff with special needs)

How is KPMG helping?

  • Enabling workplace reconfiguration for social distancing and staff health and safety
  • Mapping user (workplace) experience to optimise workplace design for health, safety and wellbeing
  • Developing detailed but flexible plans for phasing return to workplace, while accounting for localised and industry variations
  • Advising on the development of automation and AI to increase resilience
  • Scenario planning for medium-to-long term workplace re-modelling, with workforce and premises strategy analysis
  • Offering continued and current advice and support based on our insight and analysis across all industries and sectors
  • Helping organisations understand the legal implications of longer-term flexible working and home working
  • Assisting businesses establish and quantify the employment tax implications of providing home working equipment, supplies, and allowances

Anna Marie Detert

Anna Marie Detert
Partner, People Consulting, Corporates
+44 7825 434075
annamarie.detert@kpmg.co.uk

John Matthews

John Matthews
Senior Manager, Operational Resilience
+44 207 6946569
john.matthews@kpmg.co.uk

Crisis management Return to work Forward planning Who to contact?

Challenges

  • In a crisis, the threat of cyber-attacks, financial crime and fraud rises rapidly.
  • Cyber criminals are exploiting COVID-19 related vulnerabilities as part of espionage, information operations and commercial gain campaigns
  • The UK’s National Cyber Security Centre has identified a steady rise in cyber-attacks against remote working infrastructure, particularly infrastructure deployed rapidly to meet demand of Covid-19. This also includes registration of new domain names
  • Advanced Persistent Threats (APTs) and cyber criminals target human factors, focusing on curiosity and fear of victims, through malware and phishing attacks
  • COVID-19 themed cyber threats continue with indications of high frequency of ransomware on home systems; risk of COVID-19 scams and targeted cyber -attacks on hospitals and research institutes.
  • As more meetings and agreements are handled via phone and email, the volume of phishing attacks and email frauds has increased substantially
  • Managing escalating costs of IT security when budgets are constrained, and the business is under financial pressure.
  • Lockdown restrictions have limited organisation’s ability to physically inspect third and fourth-party security

Industry insights

  • Organised crime has responded rapidly to the crisis by orchestrating large -scale campaigns to defraud customers and businesses
  • Customers and staff have fallen victim to scams and coercion as they face personal financial hardships and health challenges
  • Companies have already started to test how robust their fraud risk management framework is, and are updating their fraud risk assessments to include COVID-19 related frauds, including those associated with remote working
  • Organisations are rolling out new remote working and cloud infrastructure. They have been forced to implement new ad -hoc security models and approaches to secure that infrastructure
  • Organisations are testing and practising response to a cyberattack remotely with senior leadership, operational teams and third parties
  • Businesses are exploring economical and swift ways to implement greater controls on email security and web browsing to deal with the growing threat of fraud
  • Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) are worried about the security and viability of managed service providers as they come under pressure
  • Urgent need for training and advice to employees on how to work securely from home
  • Organisations are looking at remote options to replace physical third-party assurance site visits
  • Companies are revisiting how they measure their business and considering increased analytics around performance, including analytics to assess red flag indicators of fraud

Suggested Actions

  • Reiterate and remind your staff and counterparties of company fraud protocols including on phishing emails and whistleblowing procedures
  • Implement a user awareness campaign to provide guidance to employees on how to work securely at home. This can be embedded into a wider communications campaign
  • Consider the incident response (IR) plans to deal with the volume of new phishing and ransomware attacks, including testing backup and recovery procedures
  • Focus on embedding pragmatic remote working security controls to deal with COVID-19 themed threats
  • Confirm that these critical controls are in place and develop framework to ensure that they are operating effectively
  • Act to secure cloud and ad-hoc collaboration environments, including driving use of two-factor authentication
  • Review the dependency on managed service providers and seek assurances on security controls
  • Ensure security operations teams work remotely, and undertake rapid due diligence on new suppliers where changes are made to the supply chain
  • Run exception reports to identify irregular behaviours. For clients with real time transaction requirements, consider whether risks can be mitigated through advanced data analytics to enhance detection of new fraud risks
  • When the business operates remotely, maintain basic controls around segregation of duties, sign-off on expenditure, etc.

How is KPMG helping?

  • Supporting businesses with crisis management support
  • Trusted advice on security control improvements and rationalisation
  • Cyber incident response support
  • Legal reviews of companies’ data breach procedures
  • Balance sheet integrity review
  • Rapid response due diligence on suppliers and counterparties
  • Undertaking fraud risk assessments
  • Mobilising managed service operations to augment client teams and provide interim staffing

Challenges

  • Continuing COVID-19 themed cyber threat
  • Human factors remain an issue, threat actors focusing on curiosity and fear of staff returning to work
  • In the current economy, it may be tempting to cut corners or compromise on standards/policies and procedures to prioritise trading and cash flow
  • Management may be distracted from risks such as fraud while focusing on day to day trading and surviving the economic downturn
  • Ad-hoc changes made to IT infrastructure for remote working leading to potential vulnerabilities
  • Growing concern over adequacy of security controls over remote working model including cyber and insider threat management
  • Hybrid working models of people working at home and in the office complicate behavioural monitoring, access controls and security operations
  • New joiner, mobility and leaver processes may need to be adapted to deal with the likely workforce churn as government furlough schemes end and companies downsize.
  • Balancing people’s health and safety with their health data privacy

Industry insights

  • Fraud controls to be adapted to reflect the changed working environment, including addressing insider threats associated with a significant home working component
  • Security waivers granted during COVID-19 crisis should be revisited, and where possible replaced by a long-term security solution
  • Office IT environments may have been “stripped out” during the move to home working, and will need to be re-instated and secured
  • Appropriate care needed for unpatched devices which when reconnected to corporate network might create a heightened malware risk until fully patched
  • Security operations teams will have to deal with additional alerts as workforces transition their working patterns
  • Organisations acknowledge that they expect a reduction in staff footprint in office premises

Suggested Actions

  • Reviewing controls deemed temporary as working locations change
  • Evaluate the effectiveness of expedited employee onboarding and offboarding processes in mitigating insider threats (especially while dealing with privileged access to finance systems)
  • Rationalise ad-hoc remote working solutions
  • Continue to monitor financials and run exception reports to identify irregular behaviours and perform regular reconciliations
  • Run standing data amendment reports, particularly focusing on bank account changes, payroll data changes, supplier/employee contact information
  • Review existing fraud risk management frameworks and identify gaps
  • Manage the implications of IT supplier failures on business
  • Maintain crisis and incident management activities
  • Enhance and develop your business continuity management protocols
  • Test the robustness of your cyber resilience, including responses to phishing, ransomware, etc
  • Optimise your security controls and reduce cost of ownership
  • Create and run online workshops in relation to fraud and cyber awareness
  • Define the target state for the new normal in terms of onsite vs remote working arrangements

How is KPMG helping?

  • Assisting with the review of security posture and vulnerabilities, including provision of advice on security improvements
  • Assessing cloud security and other newly introduced working solutions
  • Undertaking organisation wide fraud risk assessments, including the impact of COVID 19 related fraud risks
  • Reviewing fraud controls, advising on process improvements and tailoring of existing detection controls
  • Assessing the risk of key suppliers and advice on alternate sourcing strategies
  • Designing and delivering fraud prevention and cyber awareness sessions
  • Advising organisations on people’s privacy such as their health data
  • KPMG Dynamic Risk Assessment Tool to understand the velocity and interconnectivity of risks
  • Analysing critical controls to identify and assess the design, and operating effectiveness of critical controls
  • Validating future state design ‘new normal’ through immersive testing of governance, security controls, capability and resource demand

Challenges

  • Involvement of security in technology transformation initiatives such as increased automation and adaptation to artificial intelligence
  • Cost reduction and optimisation of security controls given the broader financial pressures
  • Security impact of changing business models, such as geographical move of supply chains closer to the UK, changes in third parties, and potential closure of business operations

Industry insights

  • There is a need to embed security into key development processes, including secure DevOps
  • There is scope for cost savings associated with the review of existing technical control license and cost of ownership
  • There are opportunities of security orchestration and automation to streamline security interactions with business and security operations functions
  • Risk management will become a critical activity in future with organisations regularly testing their resilience and looking at insurance solutions for additional protection over their assets
  • Companies who embed robust anti-fraud controls and communicate fraud awareness and training to their staff stand to be stronger in the future as we move into a financial downturn

Suggested Actions

  • Document and consider implementing the lessons learned permanently
  • Consider implementation of the good practices revealed by the organisation’s response to the pandemic
  • Permanently retain the new controls, processes and governance strategies which mitigate the risks of the new reality.
  • Migrate to a security operating model which allows for greater use of automation
  • Maintain a comprehensive remote working policy and user awareness campaign which aligns to future state security operating model
  • Bolster cloud and cyber resilience
  • Consider cyber security and ongoing data protection compliance as part of your post-pandemic acquisition and restructuring strategy
  • Augment cyber resiliency programme and fraud risk management framework
  • Review security protocols around remote access to ensure multi-level authentication is enabled for all users
  • Re-perform fraud, business and integrity risk assessments to identify gaps against best practices

How is KPMG helping?

  • Developing cyber security and fraud awareness campaigns with organisations considering business outcomes, risk appetite, people, technology and physical premises
  • Governance and Risk Transformation Advisory
  • Cloud based transformation and automation
  • Hosting workshops and round table discussions with our clients and the i4 community

Martin Tyley

Martin Tyley
Partner, Head of Cyber
+44 7748 111484
martin.tyley@kpmg.co.uk

Annette Barker

Annette Barker
Partner, Head of Fraud Risk
+44 7748 816128
annette.barker@kpmg.co.uk

Isabel Ost

Isabel Ost
Director, Solicitor, Legal Services, Data Protection
+44 7818 588789
isabel.ost@kpmg.co.uk

Crisis management Return to work Forward planning Who to contact?

Challenges

  • Governing the business in ‘crisis-mode’ and trying to deliver on BAU, while discharging the fiduciary duties is a tough balance for boards
  • Determining the appropriate governance, delegation and decision-making structures to maintain control
  • Navigating directors’ statutory duties appropriately
  • Identifying and managing organisational risks in a rapidly evolving scenario
  • Inability to fully understand and mitigate the risks emanating from implementing temporary or modified processes or systems
  • Compromised ability to determine and maintain adequate oversight and checks in a fast-changing environment
  • Heightened chance of fraud occurrence, regulatory non-compliance and irregularities in financial reporting
  • Implementing critical controls with limited resources in a remote working environment

Industry insights

  • Directors, despite initial pragmatism, are increasingly seeking feedback on the effectiveness of risk, compliance and control structures
  • Many organisations are suspending non-core or non-critical activities, functions or redirecting employees from oversight functions
  • Some organisations which have furloughed employees have also reduced focus on risk and compliance controls, or re-assigned responsibilities to untrained or unqualified people
  • Although regulators have shown pragmatism, they expect organisations to comply with their obligations
  • Smaller risk, compliance and internal audit functions have curtailed their activities. Large functions appear to be less impacted
  • Internal audit functions have increased use of various technology tools and techniques (including data analytics)
  • When identifying critical controls has been difficult, some oversight functions have started to focus on transactional testing of core/key financial and regulatory reports

Suggested Actions

  • Define and prioritise critical controls needed to reduce fraud, compliance, and performance and reporting risks
  • Confirm that these critical controls are in place, and implement them as needed
  • Establish an assurance framework to monitor critical controls and ensure that they are operating effectively
  • Identify resources responsible for monitoring critical fraud, regulatory compliance, and performance and reporting controls
  • Create back-up plans to account for the absence of key resources responsible for monitoring critical controls
  • If it is not possible to undertake the actions mentioned above, perform regular transactional testing of key fraud, regulatory and financial reporting areas
  • Inform your regulators about any significant challenges, stress situation or non-compliance instances
  • Ensure that all key decisions are appropriately documented in the company minutes

How is KPMG helping?

  • KPMG Dynamic Risk Assessment Tool to understand the velocity and interconnectivity of risks
  • Critical controls analysis and assurance to identify and assess the design and operating effectiveness of critical controls
  • Assurance framework reviews to adequacy of management’s monitoring of critical controls
  • Business resilience reviews of crisis management, incident management and pandemic planning arrangements
  • Legal advice on statutory and common law duties, and assistance with documentation of decision-making processes

Challenges

  • Re-establishing post-crisis governance models and capabilities while balancing the right responses for the short, medium and long-term
  • Complex planning needed to run controls across several environments – core, recovery site and remote working to accommodate a phased return to work plan
  • Assessing challenges brought about by any change in controls (in the event of a second wave of COVID-19)
  • Increased pressure on directors due to intense public scrutiny and focus on an organisation’s actions during the crisis
  • Identifying, evaluating and recording failures in controls and compliance to determine appropriate responses. Wrong decisions could have significant impact
  • Reconstructing processes, controls and systems to reflect the ‘new normal’ and lessons learnt during the crisis
  • Inability to understand and manage the transitionary risks that are evolving at pace, and in an extremely uncertain environment
  • Determining the right compliance oversight and assurance response in an uncertain and fast-evolving risk landscape

Industry insights

  • Some audit committee chairs are meeting the management to personally understand the current control environment and overall employee readiness to return to work
  • Large internal audit functions are re-focussing plans on critical risks and increasing their use of technology to deliver audits remotely and reduce the audit burden on their business
  • Some oversight functions are supplying risk, compliance and controls experts to support ‘return to work’ initiatives, while others are planning on reviewing the outcomes of similar processes
  • Large oversight functions have begun to implement ‘lessons learnt’ reviews of their operations during the crisis
  • Increased use of technology and new ways of working (including remote auditing) are being adapted by remote workers
  • Chief Information Officers (CIO) and Chief Information Security Officers (CISO) are starting to re-evaluate the security and viability of managed service providers under budgetary pressure

Suggested Actions

  • Adopt a dynamic risk assessment approach to understand the velocity of risks and their influence on each other
  • Review and adjust the frequency of governance meetings (board meetings, etc.)
  • Identify temporary/agile governance arrangements which proved to be effective in the crisis and can be transitioned to business as usual
  • Review evidencing and record keeping arrangements to ensure that they are resilient
  • Communicate with regulators on plans and update them on any challenges
  • Identify areas that require focus when returning to work (like cash forecasting, management and programme assurance)
  • Perform a controls health-check of these areas to assess whether they’re still operating as they should, or being significantly disrupted
  • Identify vulnerabilities and develop viable solutions for activities which were severely disrupted

How is KPMG helping?

  • KPMG’s Dynamic Risk Assessment Tool is helping to understand risk relationships and enhanced risk reporting
  • Risk and Controls Framework Transformation, leading to greater governance, controls optimisation, automation, and insights
  • Scenario planning and stress testing to evaluate transition plans and identify significant risks and remedies
  • Lessons learnt assistance
  • Assurance over critical controls, including segregation of duties/toxic combination and security controls
  • Change Management reviews, including emergency changes and Programme Management
  • Risk and Controls Culture Survey-based assessment of current employee engagement and resilience

Challenges

  • Establishing new governance models for businesses that will be operating differently due to uncertainty and rapid changes
  • New macroeconomic shifts and support programmes may result in new inherent risk and emergence of new conflicts of interests
  • Identifying and appointing the right mix of capabilities on the board to govern businesses which will be expected to operate differently
  • New processes, controls and compliance activities required to execute government/state support programmes whose governance is unclear or changing rapidly
  • Increased public scrutiny and focus on organisation’s actions during the crisis leading to increased pressure on directors to get it right
  • Manual processes and legacy systems capacity detracting from the adoption of long-term agile and remote working arrangements

Industry insights

  • Many large governance functions (risk, compliance and audit) have initiated risk review programmes to determine optimal risk management strategies for post-COVID scenarios
  • Risk, Compliance and Information Assurance specialists are identifying tactical changes (made during the crisis) and developing them into agile and sustainable BAU processes
  • Lessons learnt processes are already capturing and storing cases and scenarios for future consideration
  • One FTSE100 Internal audit function has engaged a ‘futurist’ to support the development of a new strategy

Suggested Actions

  • Undertake a review of your governance, risk, compliance and assurance strategies considering changed organisational strategies and emerging risks
  • Review existing library of regulatory requirements, risks and scenarios and updated threshold conditions to consider “improbable scenarios” (modelling risk of negative oil prices, negative interest rates, geopolitics etc.)
  • Undertake dynamic risk assessments to understand the impact of the network of these risks, and develop appropriate responses
  • Start a programme to optimise key controls focusing on quick wins, automation, improved effectiveness and cost reduction
  • Ultimately, aim to understand the new risk backdrop; assess whether internal controls are suited to it; make the right adjustments; and monitor the situation as it evolves

How is KPMG helping?

  • Governance and Risk Transformation Advisory
  • Controls Transformation Advisory
  • Powered GRC Solution
  • KPMG Dynamic Risk Assessment

Bavan Nathan

Bavan Nathan
Partner, Head of Internal Audit & Risk Compliance Services
+44 7429 865719
bavan.nathan@kpmg.co.uk

Craig Wright

Craig Wright
Partner, Internal Audit & Risk Compliance Services
+44 7789 363551
craig.wright@kpmg.co.uk

Stuart Wooldridge

Stuart Wooldridge
Partner, Internal Audit & Risk Compliance Services
+44 7768 775964
stuart.wooldridge@kpmg.co.uk

tejas mehta

Tejas Mehta
Director, Technology Risk Consulting
+44 7880 026944
tejas.mehta@kpmg.co.uk

Peter Rothwell

Peter Rothwell
Partner, Risk Consulting
+44 7826 531190
peter.rothwell@kpmg.co.uk

Lucas Ocelewicz

Lucas Ocelewicz
Director, Risk and Regulatory Consulting
+44 7767 417459
lucas.ocelewicz@kpmg.co.uk

This section contains the navigation menu HTML and the references to CSS and JavaScript for the page Note: This message is not visible outside of the edit screen

How will businesses minimise the operational impacts of COVID-19, adapt to maintain delivery of their products and services, survive the crisis and then accelerate their recovery?

Operational resilience

Operational resilience insights