Let’s face it- COVID -19 is creating havoc for many businesses. It is upending markets, impacting the travel and tourism industries, hitting the transportation industry and of course negatively impacting the world’s supply chain. It is a crisis. Which means, that companies must treat it as such. Instead of waiting for an official government proclamation that COVID -19 is now a pandemic, it is time to treat this as a serious crisis.

From a risk point of view, what should companies be doing? Well, it’s time to apply risk management processes. Such processes should seek to mitigate and minimize the impact of the COVID -19 crisis. Such processes can include:

- Mitigation of the spread of COVID-19. Does your company have processes in place to minimize the spread of the virus? How are you protecting your employees? Have you considered the HR issues you might face because of the rate of infection? These questions need to be considered.
- Business Continuity Plan. Have you considered a business continuity plan (BCP) to save the company or minimize the impact of the crisis? A BCP would cover the following steps:

1. Analysis- What aspects of the crisis could hurt the company and why?
2. Design- How do you design a response to the crisis? What measures should be created to address the threats?
3. Implementation- How do you implement the measures?
4. Testing- How do you test the Plan to make certain it addresses the threats?

In order to create and implement the BCP, consider the following risk management processes:

1. Assess the situation- assess the threats by setting goals and priorities
2. Identify all of the major risks
3. Do a risk analysis of the major risks identified by conducting a critical risk analysis
4. Implement a Plan that provides countermeasures to mitigate the major risks – i.e. an Action Plan
5. Review the Action plan to confirm whether it adequately addresses the risks and helps mitigate or minimize the risks facing the company.

It is uncertain how long COVID-19 will have an impact on the world's commerce. However, if you take the appropriate countermeasures now and mitigate your risks the less likely your company will later face threats that could seriously impact it.

Before a crisis breaks out, it’s always a good idea for the company’s risk manager or the risk management department (RMD) if one exists to review his or her role, or in case of the RMD, its role within an organization. In today’s environment, including COVID 19 virus issues, it is very important. A risk management department may have multiple reporting lines within an organization or may report to one department head. Are those reporting lines clear? If not, it is time to clarify them.

In order to understand the risk management department’s area of responsibility within an organization, I think it best to for the head of risk management to work with his supervisor in drafting corporate guidelines covering the risk management’s area or responsibility which can then be disseminated throughout the organization. No only should the RM or RMD’s are of responsibility be covered but each individual within the RMD should have his or her position and are of responsibility described in detail as well. It’s best to have everything outlined before the RMD has to contend with a crisis, especially a pandemic.

Areas of responsibility should include the purpose and policy of the RMD in the organization, the functions and execution points of the RMD (who does what, when, how, reporting lines, etc.) as well as a detailed outline of the procedures and processes of the RMD. Procedures and processes can include:

-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.

Besides managing risk, risk managers must also have a knack for good stakeholder management. In fact, in order to provide effective leadership in today’s corporate world, risk managers and those who have a risk management function, must understand the significance of good stakeholder management. Considering the high employee and investor turnover rates it is no wonder that risk managers must take the lead in providing risk management information to various stakeholders not only from a compliance perspective but from a profit/loss perspective as well.
Who are the various stakeholders that a risk manager must concern himself or herself with? Of course the more sophisticated a company, the more stakeholders there might be. Nonetheless, the main stakeholders of any company or organization usually include:

1. Employees
2. Upper Management including the Board
3. Customers
4. Suppliers
5. Regulators
6. Investors
7. Business partners; and
8. Credit Analysts

The first step in leadership for any risk manager when looking at stakeholders is to ask the hard questions such as: (I) Are you prepared to handle risk events relating to your stakeholders or not? (ii) In a crisis management event, such as a pandemic, are you ready to address your customers? (iii) In case of litigation, do you have the right information to communicate to your regulators? , and (iv) What are the risk management process to use in case you have major employment related issues?
Providing effective risk management leadership requires the risk manager to understand what his or her role within the organization is as well as who the major stakeholders really are and what risk management reporting processes actually exist or should exist.

Once a risk manager can answer the questions, the manager as well as the RMD itself is ready to provide effective risk management leadership.

In the past I have commented on crisis management and the tools needed to handle crisis in today’s business environment. It is clear however, that an international crisis, such as the COVID 19 virus, is harder to deal with than a domestic crisis. A pandemic, or potential pandemic as the CVOVID 19 virus is, by its very nature, an international crisis. Therefore, In essence, the COVID 19 virus presents international crisis problems, issues and concerns to many companies, organizations and even governments. Like other international crisis, the COVID 19 virus crisis is of course harder to handle than domestic crisis. Why? Because of international considerations, an international crisis is harder to manage than a domestic crisis. As it is more complex, companies caught up in an international crisis have to pay more attention to international, cultural, and communication issues than they would in a purely domestic scenario. Cross-border crisis management has become very important. Therefore, an international crisis requires a number of steps, including:

• Planning for an international crisis
• Appointing a crisis manager
• Establishment of a crisis management team
• Knowledge of foreign situation and its impact
• Communications
• Cross-border management of the crisis

The principle focus of any crisis management strategy, especially in an international contest, is communications. All crisis management plans call for effective crisis communications, which many times are not always executed. Inadequate or failed communications lead to bad publicity, unhappy stakeholders, and potential disaster. An effective crisis communication strategy is necessary for any international crisis. A number of companies and even governments have failed to defuse international crisis because of poor communications.
An effective crisis communication strategy is necessary when dealing with an international crisis .A number of processes are need to implement an effective crisis communication strategy to manage an international crisis, including:

• Creation of the crisis communication team.

• Identify key spokespersons who will speak for the organization. Who are they? What are their roles?

• Training on cultural issues, if the crisis involves other cultures.

• Establishment of communication procedures and protocols. Who communicates to whom and why?

• Identify key messages to communicate to key stakeholders and groups.

• Has a budget been approved for the crisis?

• Have the facts surrounding the crisis been established?

• How will the company use social media?

• Identify third party consultants that can add value to the communication and PR process- whether it is a PR Communications firm or a third party company.

• Has a communications war room been set up to handle communications?

Though companies try and resolve the crisis at hand and spend significant sums of money to do so, if they fail to properly communicate to the media and the public, they in effect have lost and can expect outrage and consumer dissatisfaction to such an extent that the very existence of the company can be threatened. This is particularly so for cross boarder crisis as the failure to manage international communications can lead to cultural issues which play out in the press or on social media.

So remember, a company doing business internationally has to plan for eventual crisis which may pose a potential threat to the company. If it fails to handle communications properly, it faces not only a potential loss of business but a negative impact on its brand.

In the past I have commented on crisis management and the tools needed to handle such crisis in today’s business environment. Of course what companies are finding out is that international crisis are harder to handle than domestic ones. Why? In today’s world, many companies do business internationally. Because of international considerations, an international crisis is harder to manage than a domestic crisis. As it is more complex, companies caught up in an international crisis have to pay more attention to international, cultural, and communication issues than they would in a purely domestic scenario. Cross-border crisis management has become very important. Therefore, an international crisis requires a number of steps, including:

• Planning for an international crisis
• Appointing an international crisis manager
• Establishment of an international crisis management team
• Knowledge of foreign situation and its impact
• Communications
• Cross-border management of the crisis

The principle focus of any crisis management strategy, especially in an international context, is communications. All crisis management plans call for effective crisis communications, which many times are not always executed. Inadequate or failed communications lead to bad publicity, unhappy stakeholders, and potential disaster. An effective crisis communication strategy is necessary for any international crisis. A number of companies failed to defuse an international crisis because of poor communications. A number of processes are need to implement an effective crisis communication strategy to manage an international crisis, including:

1. Creation of the crisis communication team.

2. Identify key spokespersons who will speak for the organization. Who are they? What are their roles?

3. Training on cultural issues, if the crisis involves other cultures.

4. Establishment of communication procedures and protocols.

5. Identify key messages to communicate to key stakeholders and groups.

6. Has a budget been approved for the crisis?

Though companies try and resolve the crisis at hand and spend significant sums of money to do so, if they fail to properly communicate to stakeholders such as the media and the public, they in effect have lost control of the situation and can expect outrage and consumer dissatisfaction to such an extent that the very existence of the company may be threatened. So remember, a company doing business internationally has to plan for an eventual crisis which may pose a threat to the company. If it fails to handle communications properly, it faces not only a potential loss of business but a negative impact on its brand and reputation.


One of the main drivers of my success over the years has been the ability to “change”. If you look around you, change is everywhere. In fact, it is the only constant in life. Everything changes whether we like it or not. I’ve been fortunate enough over my 40 year career to change-whether by changing my law practice or by changing my location or even both. In several instances, I even changed countries of residence. All of the change I have gone through has contributed to what success I have achieved.

Change in careers happens if one is willing to grow and experience new avenues of life. I started out as a public defender in Florida and ended up as a general counsel of one of the largest consumer electronics companies in the world. I never expected I would end up as a GC, but I did grasp the willingness to change.

Change not only happens in everyday life but in the workplace as well. Risk managers must always be on the lookout for change. As business changes so do risks. As regulations change so do legal threats. As employees change or as a company’s appetite for risk changes, so does the internal management of risk. In essence, risk is not static- it is always evolving and always changing. So the management of risk must change as well.

The concept of risk itself has changed over the years. Twenty five years ago, risk management was not perceived as a vital function in many organizations. Sometimes companies lumped risk management in with Insurance, Service or QA. But as the perception of risk has evolved along with compliance and SOX related laws, rules and regulations, risk is now deemed a major part of a company’s management structure.

Those organizations that perceive the need for an up to date robust risk management function are most likely to weather the storm of litigation, fines, audits and investigations facing most companies today. Crisis management (part of risk management) is now front and center in many large organizations as well. Companies are realizing that the perception by the public is far more important than in many cases the facts. How do you manage a crisis? When does a serious event become a crisis? How has crisis management changed over the last few years and why? How has compliance changed? All concepts of risk are subject to change as are standard processes for identifying and eliminating risk. Metrics used 20 years ago are no longer valid in many cases. Look what happened in 2008.

To handle risk and all of the consequences that it entails in an effective manner requires the willingness to accept change and in many cases to seek change out. Companies must be willing to change their concept of risk. They must be willing to change processes that may have been set in stone years ago. They must be willing to change not only how they perceive risk but how they address risk.

Yes, change is everywhere.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram