The COVID-19 outbreak has not only turned in an unprecedented health crisis but has also unleashed one of the worst economic crises of the times. In such times, business continuity and resilience have come to the fore. Companies have to figure out the risks they are exposed to today based on what they know and also prepare for what they don't know.
"The fundamental problem is that risk has always been unknown to us. One thing is to know what you need to know. It is another to know what you don't know," says Rohit Mahajan, President - Risk Advisory, Deloitte India. To prepare for uncertainties, companies will have to work on risk profiles, something, around the lines of airlines where every incident in the aircraft, big or small, is investigated. The rationale is to understand what went wrong so that it does not happen again and even if it does, there are mitigating factors in place.
Companies will start building business continuity frameworks around these lines. "The biggest challenge companies have today is not the turbulence or the uncertainty. But, they have to plan for future risk with yesterday's logic," he says.
The companies need to go back to the drawing board and figure out what's working and what's not. They will have to have a strategy ready for medium impact on economy or harsh impact on economy, or, one month of shutdown or three months. If there is a breakdown of global supply chain or change in laws promoting local sourcing. This will require an overhaul of policies and procedures around financial model, working remotely, cyber security, data safety, client confidentiality, talent models, supply chain processes, amongst others.
Companies will also look at newer ways of managing cost, and will focus on conserving cash. "A lot of companies will now invest time and effort to identify expenditures that can be done away with. It will not be about cost cutting, but waste cutting," says Mahajan.
While it is clear that firms that are technology savvy have responded much better to the COVID-19 crisis, they will have to focus much more on technology policies especially around cyber security and data security.