Even though the COVID-19 pandemic has been disrupting business operations since 2020, few companies have applied conventional risk management procedures to mitigate the potential losses due to work-related COVID-19 infections.
This article investigates whether work-related COVID-19 infections shall be classified as a business risk for corporations. For all companies who want to find out if it is a business risk, we provide a hands-on example that can be used to develop a risk management plan.
CAN CORPORATIONS GO BACK TO NORMAL OPERATION MODE?
Recently, several governments put aside their pandemic control measures stating that “‘The COVID-19 pandemic is no longer a great threat to the health of most of us….” (1). Certainly, many of us have been waiting to hear such a statement for a long time. However, if the governments let their guard down, should companies do the same? While compelling in some, the goal of quickly “getting back to normal” is too simplistic. It underestimates the exposure of many companies to the risk of product and service delivery disruptions due to COVID-19 outbreaks in work teams.
VACCINATION IS NOT EFFECTIVE TO PROTECT FROM OMICRON
The most recent Omicron variants BA.4 and BA.5 can not only infect persons who have recovered from a COVID-19 infection but also infects fully vaccinated persons. “For every person infected with the Wuhan strain, these viruses may infect roughly 12 (2)”. Even though “Pfizer and BioNTech could finish work by the fall (2022) on a new version of its Covid-19 vaccine that can better protect against the omicron variant (3)”. As long as large parts of the population are infected, no one can exclude the elevated probability of new variants occurring. “We should remember that a closely related virus to SARS-CoV-2—MERS-CoV—kills roughly 50% of those it infects. (2)”.
MANAGE THE RISK OF IN-COMPANY COVID OUTBREAKS
We just established that there is a likelihood that COVID-19 infection among the workforce is a risk, an “effect of uncertainty on objectives (4),” which may cause service and product delivery disruptions.
Now we can apply the standard process to manage risks (5):
Plan Risk Management - defining how to conduct risk management activities.
Observation: General government regulations and policies are in many cases not sufficient to protect companies from material and immaterial loss due to work-related outbreaks.
Recommended Action: Plan, implement and continuously improve a company-specific Risk Management Plan which will allow the company to take quickly appropriate measures when needed and develop its’ own best practices around it.
Identify Risks - Identify individual risks as well as sources.
COVID-19 outbreak within work teams is a risk that needs to be managed. Any team member could be the source of infection; however, the asymptomatic carrier could be one of the main sources of work-related infections.
The World Health Organization identified the following factors elevating the spread of covid-19 in the workplace (6):
Outbreaks in the following work environments have been reported:
- Office environment
- Meat-processing facilities
- Other factories
- Migrant work camps
- Fitness centers
- Other service-related occupations
Apart from healthcare workers, with the highest risk of COVID-19 infections, outbreaks in the following occupations have been reported:
- Retail workers
- Cleaning and domestic workers
- Food production workers
- Restaurant and hospitality workers
- Drivers and transportation workers
- Education workers
- Public safety workers
- Construction workers
- Agricultural workers
- Individuals in social service occupations including social workers and counselors
- Commuting and work-related travel
- Shared accommodations
- Social gathering of co-workers
Perform Qualitative Risk Analysis - prioritizing individual risks by assessing probability and impact.
Observation: The likelihood is high that another COVID-19 wave is going to take place in Q3 and Q4 in 2022. The impact of COVID-19 infections will be higher among work teams that cannot work from home.
Recommended Action: Define the company-specific risk levels for the likelihood of occurrence and the impact by using three risk levels. E.g., High (H), Medium (M), or Low (L). Here is an example of a framework to assess risk levels
- Likelihood of the occurrence
- Low (L): Occurs less than once a year
- Medium (M): Once or twice per year
- High (H): Three times or more per year
- Impact on specific business units:
- Low (L):
- Financial loss below a specific USD value is considered low in the context of the company’s business
- Health: One person experiences inconvenience
- Reputation: Incidental (local) media attention
- Legal: A possible claim
- Low (L):
- Medium (M):
- Financial greater than USD value range considered relevant in the context of the company’s business
- Health: Multiple persons experience inconvenience, one person suffers an injury
- Reputation: Incidental nationwide media attention or frequent local media attention
- Legal: A lawsuit, multiple claims
- High (H):
- Financial loss is significant, in the context of the company’s business
- Health: Multiple persons suffer injuries, fatal consequences
- Reputation: Frequent nationwide media attention
- Legal: Multiple lawsuits
Once you have defined the impact framework, you need to assess the likelihood of the event occurring, resulting in the matrix below
You must define risk monitoring and risk reduction strategies for anything falling in one of the orange cells. The content of yellow cells may be either “nice to have” or “demanding actions” based on the consequences and what falls in the green cells is definitely not a priority.
Perform Quantitative Risk Analysis - numerical analysis of the effects.
The goal of quantitative risk analysis is useful to express the annual expected financial loss caused by the risks to a company exposed. Here is an example for illustration:
Exposure Factor (EF): COVID-19 Outbreak supermarket team
Single Loss Expectancy (SLE): Reduce staff 50%, less sales, cost of sanitation
Estimated damage: USD 550,000 per incident
Annual Rate of Occurrence (ARO): Twice a year
Based on the above we can now calculate the Annual Loss Expectancy (ALE) with the formula: ALE = SLE x ARO
ALE = USD 550,000 x twice per year = USD 1,100,000
Plan Risk Treatment - developing options, selecting strategies and actions.
Based on the previous points, the risk manager determines how to treat the risks identified. The World Health Organization (WHO) and the Occupational Safety and Health Administration (OSHA) have provided a list of risk treatment options. Options(7) which can be assigned to the four, commonly applied risk treatment strategies.
- Risk Avoidance
- work from home directives
- Risk Mitigation
- routine screening
- regular worksite disinfection
- restricting worksite entrance to key workers
- physical distancing guidelines
- environmental monitoring
- personal protective equipment
- contact tracing (active tracing)
- Risk Transference
- contact tracing (passive tracing)
- Risk acceptance
Working from home seems to be the only option to avoid the risk. If that is not possible a company can apply one or several of the mitigation measures to limit work-related COVID-19 infections.
It might also be worthwhile to consider a combination of two risks treatment strategies, whereby a company could
- Instruct employees to conduct a COVID-19 home self-test, which is monitored by a smartphone app to warrant the trustworthiness of a rapid antigen self-test result (Risk Avoidance) and
- Only employees who are tested negative at home will come to work (Risk Mitigation)
Implement Risk Responses - implementing agreed-upon risk response plans.
Among other risk responses, “workplace-based testing for SARS-CoV-2, the virus that causes COVID-19, could identify workers with SARS-CoV-2 infection, and thus help prevent or reduce further transmission”(7). Such “screening tests are intended to identify infected people who are asymptomatic and do not have known, suspected, or reported exposure to SARS-CoV-2. Screening helps identify unknown cases so that it becomes possible to take measures to prevent further transmission” (7). Some studies show that up to “59% of all transmission came from asymptomatic transmission (8)”. Therefore, it is highly advisable to test the employees with symptoms and those without symptoms.
Some companies have a hard time deciding whether they should engage a professional laboratory or use home self-test kits for the health screening of their employees. The benefit of tests conducted by a professional laboratory is that the test persons cannot cheat, as the test is conducted under the supervision of medical staff. Due to tight budgets, companies tend to use rapid antigen self-testing kits to screen the health of their employees. Highly accurate and highly sensitive self-test kit brands are widely available.
Monitor Risks - monitoring the implementation
Continuous monitoring of the effectiveness of the risk management plan is important, and the risk manager should budget time and resources to review the risk management framework at regular intervals. Enterprise-grade software solutions may assist the risk manager by providing test result data by period and/or by department.
“Don’t be fearful of risks. Understand them and manage and minimize them to an acceptable level.”, Naved Abdali
We invite the reader to explore methods on how to identify, evaluate, and prioritize risks to improve the business continuity, overall resilience, and quick recovery in case the company must deal with work-related COVID-19 infections. In this article, we took references to standards such as the risk standard, ISO 3000, and other risk management knowledge sources.
ABOUT THE AUTHOR
Alfons Futterer is the president of the company HealthMatriX Technologies Pte. Ltd. HealthMatriX Technologies has developed a corporate pandemic management system to assist enterprises to manage securely COVID-19 related test and vaccination data of employees. To save cost and time, HealthMatriX is one of the first companies to deploy an artificial intelligence-backed smartphone app, so that employees can report back to the organization trustworthy results of self-test. HealthMatriX and all its products and services are compliant with HIPAA and DGPR as well as certified by ISO 27001 and ISO 27701. The reader is welcome to contact the author at firstname.lastname@example.org for further questions.
- Government of Norway. Press release. The infection control measures are being removed on Saturday 12 February. [Online] 2 12, 2022. [Cited: 5 1, 2022.] https://www.regjeringen.no/en/aktuelt/the-infection-control-measures-are-being-removed-on-saturday-12-february/id2900873/.
- New Members Of The Omicron Family Of Viruses: BA.2.12.1, BA.4, And BA.5. [Online] Forbes, 04 20, 2022. [Cited: 05 01, 2022.] https://www.forbes.com/sites/williamhaseltine/2022/04/20/new-members-of-the-omicron-family-of-viruses-ba2121-ba4-and-ba5/?sh=3d0b8ae57ff8.
- Pfizer May Have Omicron-Optimized Covid Vaccine Ready By Fall, CEO Says. Forbes. [Online] 04 13, 2022. [Cited: 05 03, 2022.] https://www.forbes.com/sites/masonbissada/2022/04/13/pfizer-may-have-omicron-optimized-covid-vaccine-ready-by-fall-ceo-says/?sh=242ae5c771bf.
- Standarization, International Organization for. ISO Guide 73:2009(en). Risk management — Vocabulary. [Online] 009. [Cited: May 1, 2022.] https://www.iso.org/obp/ui/#iso:std:iso:guide:73:ed-1:v1:en.
- Morcov, Stefan. Managing Positive and Negative Complexity: Design and Validation of an IT Project Complexity Management Framework. s.l. : KU Leuven University., 2021.
- Preventing and mitigating COVID-19 at work. [Online] 05 19, 2021. [Cited: 05 03, 2022.] https://apps.who.int/iris/rest/bitstreams/1347444/retrieve.
- Interim Guidance for SARS-CoV-2 Testing in Non-Healthcare Workplaces. [Online] [Cited: 05 03, 2022.] https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/testing-non-healthcare-workplaces.html.
- SARS-CoV-2 Transmission From People Without COVID-19 Symptoms. [Online] 01 07, 2021. [Cited: 05 03, 2022.] https://jamanetwork.com/journals/jamanetworkopen/fullarticle/2774707.
- Rigby, Emma Farge and Jennifer. WHO. WHO chief says we are 'increasingly blind' on COVID transmission. [Online] 04 27, 2022. [Cited: 05 01, 2022.] https://www.reuters.com/business/healthcare-pharmaceuticals/who-chief-says-we-are-increasingly-blind-covid-transmission-2022-04-27/#:~:text=%22As%20many%20countries%20reduce%20testing,U.N.%20agency's%20headquarters%20in%20Geneva.&text=%22This%20makes%20us.