The site uses cookies to provide you with a better experience. By using this site you agree to our Privacy policy.

Governance and Risk: Navigating the COVID-19 Crisis

Governance and Risk: Navigating the COVID-19 Crisis

Kylie Maher

Effective governance and risk management is critical for organisations to help navigate the Coronavirus COVID-19 pandemic crisis.

Organisations worldwide are now facing a significant number of critical risks and recognise we are in a crisis scenario. Risk management at this time is a proven and effective tool to guide organisations in their planning, mitigation and response to the issues and challenges they will be facing now and in the next few months. Given circumstances can change daily dynamic governance is needed to respond and mitigate these emerging risks and issues.

Governance by your Board with input from the Executive is especially critical. They need to step in with oversight and close monitoring. Agile responses are needed aligned to your risk appetite to best inform this crisis decision making.

Important decisions need to be made now on immediate risks you are facing including:

  • delay of projects;
  • cash and cost management;
  • suspension of business activities; and
  • and above all safety of your staff and customers.

Maintaining compliance should also not be compromised by any fast actions being taken that could make your organisation vulnerable. Safety, privacy, cyber and financial control frameworks must still be operational within this changing environment. Many changes may put your physical and cyber security at risk, be alert and keep your controls robust.

Make sure you develop and deliver a communication plan to engage and assure your staff, customers and suppliers who you will need help from during and especially after this crisis during recovery.
Below we provided some key focus risk areas and mitigations to action now:


  • Facilitate an agile response from your Board and setup so they are available and can provide immediate review and approval of key decisions that will be needed throughout the next few months.
  • Provide your Directors with regular risk status reporting to assure and leverage their experience on your response and mitigations to these critical risks.
  • Enact and meet daily with your critical incident team to oversee, monitor and guide your organisation.
  • Implement short term Policy documents for key business operations processes during lockdown including financial, access, human resources and safety policy.
  • Provide for business continuity with an emergency delegations of approval schedule (financial and non-financial) in place to maintain controls in the absence of key staff.


  • Review and enact all wellbeing and safety risk plans for all your staff, customers and suppliers that cover both prevention and response mitigation actions.
  • Identify and plan for mitigation of key person dependency risks to business operations.
  • Implement and communicate how your staff can access help and support at this time for their wellbeing, safety and financial security.


  • Plan now for business slowdown with risk mitigations for cash management, debt coverage and cost minimisation.
  • Understand and assess your supply chain risks and plan mitigations for business continuity.
  • Monitor your collections and ensure they can continue, implement daily forecasting and financial scenario modelling to keep your decision making well informed on financial sustainability.
  • Delay projects, spend and non-essential services now that will place undue stress on staff, operations and finances.


  • Invest quickly in the tools, software and hardware for your staff to facilitate remote working.
  • Enact emergency options in your software licensing that will need extension to stay compliant.
  • Check your service providers can accommodate and support you as you place extra pressure on them in changing your operational service model.
  • Load test your systems and plan for phasing of access. Access controls need review and adjustment for remote working while not compromising your security.
  • Protect and don’t make yourself vulnerable by keeping your core controls operating effectively for financial delegations, bank reconciliations, segregation of duties, payroll review and approval as well as banking access.
  • Remind your staff on the importance of compliance and that immediate escalation of risks related to safety, cyber and privacy is required.
  • Start the plan for recover too so you can get your staff, suppliers and operations back to business quickly.


  • Develop and implement a stakeholder engagement plan that keeps your Board, staff, suppliers and customers well informed and assured on your risk mitigation.
  • Provide a process for ease of escalation by your staff of emerging risks and issues for early warning signs, leveraging their knowledge of your business and providing an opportunity for agile risk management.

Focus now on implementing dynamic governance and crisis risk management so you are ready to navigate through the many emerging risks coming your way. Position your organisation to be safe, agile and ready.