I’m guessing that for most organisations it probably wasn’t (full marks if it was – and, particularly, if your mitigations and resulting actions are working well for you). But even if it wasn’t there specifically, it seems quite likely that there were other risks with similar characteristics.

On an assessors tour of Asian countries on behalf of UK export efforts, I encouraged many cities that were on earthquake lines to think beyond the normal ‘office not accessible’ walkthroughs to consider what role they might need to play in society if business-as-usual was no longer relevant.

A good example of this is Vortex IoT assisting the Welsh Government temporarily, with new systems, contact methods and the unusual production of 3D printing masks for short term PPE provision - putting aside their normal business challenges for a limited period.

If the specific risk was not anticipated, a common crisis-management process and task force can be activated with short, medium, and longer-term activities. In this case employment and cash flow issues have been tackled first – in part as these were the most immediate and obvious, but also as the government made potential solutions available that needed to be assessed and adopted.

Examples include the Covid-19 Job Retention Scheme, which encouraged review of any severe staffing consequences over a three-month period, encouraging decisions by end March or early April payroll dates. In parallel finance directors were requested to create various business scenarios that would ‘stress test’ cash flows, considering revenue losses and periods, also options for cash provision such as equity raises or government lending schemes (CCFF or CBILS in this case). Those asked to provide more finance will want to see that the scenarios show risks are reasonable and shared. Some firms have needed to make late decisions to stop dividend payments, payroll additions and other optional cash outflows.

Some risk actions have stopped there but it is becoming increasingly clear that some things have changed that will not revert after. Some distribution channels (including online) have needed to accelerate and grow fast, while others have been closed down with resources moved or hibernated. Supply chains have been stress-tested and many single-supplier or international dependencies have needed to be supplemented in the short term and will likely stay like that after.

Businesses might change shape dramatically. Some will fail while others emerge. Others will be battered and take considerable time to recover. Common factors such as home working, online, cashless and no-touch have responded quickly and are likely to remain as must-haves for business.

A practical assessment of whether your firm’s risk governance, from board to front-line is fit for purpose, might include whether key risks were foreseen, whether they were effectively mitigated, minimised or avoided – and whether other preparations (including crisis management) worked well. The Risk Coalition has just made available its online self-assessment service, GABI (Gap Analysis and Benchmarking Insights), which will enable companies to be aspirational and be the best they can.

Bryan Foss - Risk Coalition