Insights / Audit and Risk / Article

10 Pillars of Pandemic Preparation

November 18, 2020

Contributor: Rob van der Meulen

The COVID-19 coronavirus has left many organizations unsure whether their risk mitigation is sufficient. Gartner expert Jim Mello explains what good operational risk management looks like.

Just 12% of more than 1,500 people polled in a Gartner business continuity webinar on March 6 believe their businesses are highly prepared for the impact of coronavirus, while 26% believe that the virus will have little or no impact on their business.

Most respondents (56%) rate themselves somewhat prepared, and 11% said they were either relatively or very unprepared. Just 2% of respondents believe their business can continue as normal, highlighting the huge range of businesses that could be affected by the outbreak. 

Watch webinar: Business Continuity Management – Pandemic Planning Briefing

Twenty-four percent of respondents expect little disruption, while the majority expect business to continue at a reduced pace (57%), to be severely restricted (16%) or to be discontinued altogether (1%).

“Most organizations have done some pandemic planning but still have many unanswered questions about whether they have done everything they can to manage risks,” says Jim Mello, Senior Director, Advisory, Gartner. “At Gartner, we recommend 10 crisis checkpoints to start your COVID-19 pandemic planning.”

1. Establish a pandemic preparedness framework

Form a team that represents all critical business functions and reports directly to executive management. The first priority for this team is to assess the relative importance of business activities and organize them into tiers for response or recovery. For example, critical IT infrastructure such as network or VPN servers might occupy the top tier for remedial action, while deferrable activities such as training or budgeting may occupy lower tiers.

Read more: Coronavirus: How to Secure Your Supply Chain

2. Monitor the situation to determine a change in severity

Numerous sources of information can help you monitor the rate at which the infection is spreading and its severity. Many organizations rely on the comprehensive information found on The World Health Organization site.

3. Review finance and treasury implications

Make sure to revise revenue forecasts and communicate with investors and suppliers about any potential financial issues. It’s also critical to ensure that your organization has the working capital to ride out the storm. Consider increasing the frequency of working capital checks and seeking loans or government-sponsored financial relief to support cash flow. 

4. Extend your clean workplace/personal hygiene protocols

It’s critical to ensure that your organization complies with any new workplace regulations. Beyond that, establish handling protocols for staff returning from affected areas and extend your organization’s existing hygiene activities around cleaning and providing hygiene supplies.

5. Review HR policies and practices

Closely monitor your organization’s absenteeism rate for any sign of a problem. Identify critical staff and make sure your organization can continue to function in their absence. Be as prepared as you can be for absentee rates of up to 40%. Be sensitive to changes in employee engagement and workplace preferences, and consider offering extra sick leave or a remote work program. Other things to consider are possible repatriation of employees and visitor handling procedures.

Read more: 10 Questions for an HR Pandemic Plan

6. Establish a pandemic communications program

People can feel out of the loop quickly, especially during a pandemic. Assign a spokesperson for the company who is appropriate for the situation. Establish a pandemic communications program with preapproved messages and scripts for various stakeholders, including employees, customers, supply chain partners, insurance companies, regulators and community public health officials.

7. Review impact on business operations

Break down this potentially overwhelming task into activities or business areas. The team formed in step 1 should identify key areas to consider. Understanding the reality on the ground in countries of operations is critical, and this includes assessing third parties for their exposure. Key questions include: Is transport functioning? Have holidays been extended? Where can operations continue and where must they stop?

Read more: With Coronavirus in Mind, Is Your Organization Ready for Remote Work?

8. Review IT actions and considerations

IT as a business function tends to be relatively well-prepared in terms of business continuity, but nevertheless, assess the supply chain for critical equipment and keep extra inventory if needed. Look at remote data center management and cloud options for critical systems. Enable remote working programs and investigate alternative voice and chat options. Also reschedule nonessential IT work and prioritize key applications.

Read more: Coronavirus: CIO Areas of Focus During the COVID-19 Outbreak

9. Use a preparedness exercise to review pandemic plans and identify gaps in response

Validate roles and responsibilities, recovery requirements and procedures with a preparedness exercise, such as a work-from-home drill or a table simulation that operates on a compressed time scale. Identify any gaps in recovery capability and resource needs. Assess whether team members can cope with their responsibilities and also promote collaboration between them. Then get feedback from the crisis management team.

10. After-action review  

Identify three lessons learned or key observations as a result of pandemic panning. Also get each area to identify at least three areas for improvement in the exercise. List and prioritize your short and long-term follow-up actions, and schedule future exercises or results reports.

Experience Gartner Conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.