Audit and Assurance

Expand all | Collapse all

Covid 19 - Risk Assessment

  • 1.  Covid 19 - Risk Assessment

    Posted 25 Mar, 2020 19:52

    What are the Risk Assessment methods one should use to assess the risk associated with Covid-19 Pandemic, assuming it has offices across the globe and mainly in consulting.  Any thoughts and input? Thanks!

    Praveen Dayal


  • 2.  RE: Covid 19 - Risk Assessment

    Posted 27 Mar, 2020 03:58
    @Praveen Dayal

    Few guidelines

    COVID – Initial Measures
    Implement fundamental emergency measures for the current situation
    Implement all the recommendations from WHO, CDC etc.
    Benchmark of introduced measures within your industry
    Employee travel restrictions or travel ban

    COVID – infrastructure risks
    Check the readiness of infrastructure and other services (SaaS etc.) for the higher load of employees working remotely
    Check if the corporate systems can be managed remotely without the physical presence of IT employees (Operations, Support etc.)
    Map single points of failure in the infrastructure in case of remote operations, design countermeasures
    Define the responsibilities of suppliers according to SLAs in case of emergency situations, draft any required amendments
    Set up sufficient IT support for remotely working employees
    Prioritize access to corporate systems (Management, Top Management priority etc.)

    COVID – cyber risks
    Check security and monitoring of applications for remote access
    Test applications for remote access (VPN etc.) + patches, hardening
    Perform Awareness campaign for specific cases of social engineering attacks in communication related to crisis

    COVID – employee risks
    Analyze key roles that require on-site access, plan a backup plan in case of their absence (e.g. substitutability)
    Design measures to help employees with management of stress and stressful situations
    Arrange a method of assigning and distributing employees at various levels of operational reduction
    Set up access for employee mobility (division of shifts, transport, etc.)

    COVID – business and operational risks
    Map single points of failure within the organization (processes, employees, technologies) and draft countermeasures
    Establish emergency measures and organizational instructions in order to ensure continuity of operations according to the level of risk
    Set up reaction plans (procedures, allocation of employees, tools and other resources)
    Prepare for issues in the supply chain
    Make arrangements for work that cannot be done remotely
    Prepare for the need to close down office or business premises
    Stabilize the organization for the event of a significant impact on its economy (Plan for optimization of costs, processes and portfolios)
    Prepare scenarios, plans and measures to restore business operations (disaster recovery plans)

    COVID – communication risks
    Set up a mechanism of communication with employees (positive), partners, suppliers, authorities, and the public

    Vikram Raghuveer
    Manager-IT and internal audits