COVID risk


COVID-19: Managing Risks and Ensuring Business Continuity

To ensure business continuity, having an emergency scenario is essential. In the current situation, it is vital to react as fast as possible in order to mitigate impacts and other risks and to prepare the organisation for the further development of the COVID-19 pandemic and its possible scenarios. Business continuity management covers infrastructure, cyber, employee, business, operational and communication risks, with the aim of managing an organisation that has to face new challenges and risks and wants to ensure continuity of operations and production.

In normal operation activities and in reaction to common events (e.g. breakdowns), business continuity management sets a strategic and operational framework to actively increase corporate resilience. The objective is clear: to prevent suspension of operations or services. How can your organisation ensure continuity of business?

Business Continuity Management

COVID – Initial Measures
  • Implement fundamental emergency measures for the current situation
  • Implement all the recommendations from WHO, CDC etc.
  • Benchmark of introduced measures within your industry
  • Employee travel restrictions or travel ban
COVID – infrastructure risks
  • Check the readiness of infrastructure and other services (SaaS etc.) for the higher load of employees working remotely
  • Check if the corporate systems can be managed remotely without the physical presence of IT employees (Operations, Support etc.)
  • Map single points of failure in the infrastructure in case of remote operations, design countermeasures
  • Define the responsibilities of suppliers according to SLAs in case of emergency situations, draft any required amendments
  • Set up sufficient IT support for remotely working employees
  • Prioritise access to corporate systems (Management, Top Management priority etc.)
  • Review the number of application licences that ensure remote access
COVID – cyber risks
  • Check security and monitoring of applications for remote access
  • Test applications for remote access (VPN etc.) + patches, hardening
  • Perform Awareness campaign for specific cases of social engineering attacks in communication related to crisis
COVID – employee risks
  • Analyse key roles that require on-site access, plan a backup plan in case of their absence (e.g. substitutability)
  • Design measures to help employees’ with management of stress and stressful situations
  • Arrange a method of assigning and distributing employees at various levels of operational reduction
  • Set up access for employee mobility (division of shifts, transport, etc.)
COVID – business and operational risks
  • Map single points of failure within the organisation (processes, employees, technologies) and draft countermeasures
  • Establish emergency measures and organisational instructions in order to ensure continuity of operations according to the level of risk
  • Set up reaction plans (procedures, allocation of employees, tools and other resources)
  • Prepare for issues in the supply chain
  • Make arrangements for work that cannot be done remotely
  • Prepare for the need to close down office or business premises
  • Stabilise the organisation for the event of a significant impact on its economy (Plan for optimization ofcosts, processes and portfolios)
  • Prepare scenarios, plans and measures to restore business operations (disaster recovery plans)
COVID – communication risks
  • Set up a mechanism of communication with employees (positive), partners, suppliers, authorities, and the public

Contact us

Jakub Höll

Jakub Höll


Jakub leads the Operational Risk Team at the Risk Advisory department, Deloitte Czech Republic. He focuses on project management, agile and digital transformations of companies, data privacy and gover... More