During the COVID-19 crisis, you can’t afford to lose sight of other ongoing risk factors, such as cyberthreats, fraud, emerging competition and natural disasters. A so-called “stress test” can help reveal blind spots that threaten to disrupt your business. A comprehensive stress test requires the following three steps.
1. Identify the risks your business faces
Here are the main types of risks to consider:
Operational risks (based on the inner workings of the company),
Financial risks (involving how the company manages its finances, including the threat of fraud and the effectiveness of internal control procedures),
Compliance risks (related to issues that might attract the attention of government regulators, such as environmental agencies and the IRS), and
Strategic risks (regarding the company’s market focus and its ability to respond to changes in customer preferences).
If you’ve conducted a risk analysis in prior years, beware: Current risk factors may be different due to changes in market conditions, business operations and technology. For example, if your business pivoted to more online orders or remote working arrangements during the pandemic, it may now be more exposed to cyberattacks than it previously was.
2. Establish a risk management strategy
Meet with managers from all functional lines of business — including sales and marketing, human resources, operations, procurement, IT, and finance and accounting — to discuss the risks that have been identified. The goal is to improve your team’s understanding of business threats and to brainstorm ways to manage those risks.
For example, if your company operates in an area prone to natural disasters, such as earthquakes or wildfires, you should have a disaster recovery plan in place. Review copies of the disaster recovery plan and ask when it was last updated.
In addition to asking for feedback about identified risks, encourage managers to share any additional risk factors and projections regarding the potential financial impact. Their frontline experience can be eye-opening, especially during these unprecedented times.
3. Review and update your strategy
Managing risk is a continuous process. After creating your initial risk mitigation strategy, your management team should meet periodically to review whether it’s working. If it isn’t, brainstorm ways to fortify it.
For example, if your company’s disaster recovery plan has been activated recently, ask your management team to assess its effectiveness. Then consider making changes based on that assessment.
While risk is part of operating a business, some organizations are more prepared to handle the unexpected than others. To ensure your company falls into the “more prepared” category, implement a stress test. We can help you assess current risks and develop a plan that’s right for you.