We all need to be as prepared as possible to face the heightened and rapidly evolving risks surrounding COVID-19. Determining the first actions to take and questions to ask, as a business, can be particularly challenging.
Some actions you can take right now include:
- Do everything possible to ensure, first and foremost, everyone’s health and well-being: employees, clients, vendors, etc.
- Assess your liquidity, review budgets and forecasts, and determine the overall short- and long-term impact of stoppages, interruptions and behavioral changes.
- Update and test business continuity and crisis management plans. This includes reviewing overall information technology capabilities.
Conversations should be happening, so start by addressing critical questions among your own team:
- What does your liquidity picture look like?
How long can you operate with various levels of liquidity changes? Do you have access to cash that can be called upon? Do budgets, forecasts and projections need to be adjusted to reflect liquidity scenarios? How will stoppages or slowdowns effect your ability to meet financial obligations?
- Do you have an external and employee communication strategy?
You’ll want to analyze your communication strategy. Is there a process in place to reach your internal people? How about your clients and shareholders? Who is responsible for what steps? How do you react when the situation on the ground changes?
- Have you reviewed, communicated and tested your overall business continuity plans and/or crisis response plans?
Assess your organization’s existing crisis management and business continuity plans. There are ways to evaluate them — think tabletop exercises — to see if they operate as planned. Updates to plans are often made in times of distress; but are best made when not under significant pressure.
- Are you ready to act if the risk expands quickly? Are you also thinking beyond the immediate risks, and about the longer-term implications presented by COVID-19?
Assess the full range of immediate risks, as well as the overall “velocity” of risk. This will help you evaluate, in combination with the business continuity plan(s), that most of the critical risk factors were taken into consideration, and that a response (action) is available if needed.
- Will your IT environment withstand the requirements and capabilities if your workforce is entirely remote?
Assess the IT environment, and seek improvements based on your needs and risk tolerance. Assess whether cybersecurity and logical security risks are addressed. This will provide “peace of mind” that access to critical data and systems is appropriate as you move to more remote and cloud capabilities.
- Have you talked through the potential financial impact on both your supply chain and customers?
Perform an overall financial analysis, along with a risk assessment on exposures outside of your organization.
EisnerAmper has deployed a COVID-19 Preparedness Plan as part of its efforts to navigate any possible business disruptions and to support the well-being of its colleagues and clients. (Click here to review it.)
Jerry Ravi is a partner and practice leader at EisnerAmper, specializing in process, risk and technology solutions. His focus is enterprise risk management and internal audit and compliance.