RISK MANAGEMENT: Companies need proactive, continuous contingency planning

    Coronavirus highlights the need for proactive, continuous contingency planning

    The past two decades have held dozens of events that have significantly impacted our quality of life – including natural disasters, pandemic concerns, terroristic activities, and business disruptions – and thus have affected the overall workforce and their organizations. Each of these events has sparked discussions around preparedness, contingency planning, mobility, redundancy, and the ability to rely upon our vendors and supply chains, and made us acutely aware of just how vulnerable our organizations and workforces are to these large-scale crises. 

    Currently, rapidly increasing concerns related to the global spread of the new coronavirus, COVID-19, have sent the markets into a spin, and many companies have found themselves ill-prepared to deal with the potential impact that large-scale employee absenteeism would have on their organizations and the vendors they rely upon.  

    The coronavirus will eventually be contained, and the world will once again return to yet another new state of normalcy. However, the impact created by the spread of the coronavirus, coupled with the inevitability of new crises around the globe, should leave behind a sense of discomfort related to how prepared we actually are to handle the next event and serve as a driver to increase organizational efforts related to contingency planning. 

    The time to prepare for the risk of a reduced workforce is now… and always

    Organizational leadership, board members, and audit committees should require risk management professionals and internal auditors to present organizational contingency plans throughout the year. They should be asking questions such as: 

    - Do we have business continuity management (BCM) processes established within our organization or documented contingency plans? When was the last time they were refreshed?

    - Have our plans been communicated? Have we confirmed awareness of the processes throughout the workforce?

    - Have our processes and plans been tested?

    - How many people’s (or whose) not being able to get to the primary workplace would create an issue? 

    - What scenarios or situations does our contingency plan not address?

    - Who are our key vendors? What are their plans? 

    - What companies consider us a key vendor? How much revenue is tied to that relationship? 

    - Would an investor view our contingency planning processes as a value add? Should our plans be disclosed in an environmental, social, and governance (ESG) report?

    If your company has not yet taken the first step toward BCM or contingency planning, you’re not alone. Here are a few actions you can take to get started immediately. 

    - Identify and document (in detail) the current processes and measures within your organization, along with the roles and responsibilities of various professionals that are crucial to ongoing operations.

    - Identify and have discussions with key vendors on contingency planning. Some organizations require key vendors to present annually on how they are managing various risks. 

    - Understand your company’s current capabilities related to a mobile workforce.

    - Conduct facilitated scenario-planning sessions, focused on the risk of your employees or the employees of key vendors not being able to work on-site.

    - Based on the information gained from the above actions, begin to create contingency plans for your organization.

    Contingency planning can no longer be an afterthought or a process that we discuss once a year. The “new normal” requires proactive and continuous contingency planning that is imbedded into every organization’s risk management culture. 


    George Gallinger, CIA, CFE, Principal, Governance, Risk, and Compliance National Director


    Bhavesh Vadhani, Principal, Technology Risk, Cybersecurity, and Privacy 


    Subject matter expertise

    • Contact George George+Gallinger george.gallinger@cohnreznick.com
      George Gallinger

      CIA, CFE, Principal, Risk Advisory, Global Consulting Solutions

    • Bhavesh Vadhani
      Contact Bhavesh Bhavesh+Vadhani bhavesh.vadhani@cohnreznick.com
      Bhavesh Vadhani

      CISA, CRISC, CGEIT, PMP, CDPSE, Principal, Global Leader, Cybersecurity, Technology Risk, and Privacy

    • Close


      Let’s start a conversation about your company’s strategic goals and vision for the future.

      Please fill all required fields*

      Please verify your information and check to see if all require fields have been filled in.

      Please select job function
      Please select job level
      Please select country
      Please select state
      Please select industry
      Please select topic

    Coronavirus Resource Center

    This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. Neither CohnReznick LLP or its personnel provide legal advice to third parties. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its members, employees, and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.