COVID-19 – Coronavirus: Crisis Management, Business Continuity, Fraud, and More!

Some of the biggest mistakes made when handling a crisis are not dealing with the problem head-on, thoughtless or insincere comments, lack of communication with stakeholders, unprepared spokespeople, getting defensive after receiving backlash, or, sitting back and letting the problem grow. Domino’s, Sony, Samsung, BP, United Airlines, Equifax, KFC are all excellent examples of companies that stumbled with crisis management. Companies should study these crises and learn from their mistakes!

gettyimages-1201634413-170667a

At the time of this writing and according to a report by Dun & Bradstreet, 94% of Fortune 1000 Companies are experiencing supply chain delays, workplace absences, lower productivity, travel cutbacks, and reduced trade and investment.

This should be a wake-up call for every Board and their senior leadership team!

Impact of the Coronavirus

The risk of a global pandemic is often listed as a top ten risk for any company and is frequently mentioned in most global risk surveys.  The Coronavirus has infected over 75,000 people and caused 2,007 deaths and has now reached a critical phase where public health systems need to act decisively to contain the growth in epicenters outside China.  Additionally, companies are now grappling with managing the impact on their ability to achieve their strategic goals, reduce employee concerns, and meet customer demands.

The main emphasis is and should be on containing and mitigating the disease itself. But the economic impacts are also significant, and many companies are feeling their way towards understanding, reacting to, and learning lessons from rapidly unfolding events. Unanticipated twists and turns will be revealed with each news cycle, and we will only have a complete picture in retrospect.

The impact of the Coronavirus has been widespread, and we’ve witnessed a decline in the market as companies are adjusting their forecasts, temporarily closing facilities, experiencing supply chain disruptions, and managing employee fears and concerns.

Manage the risks

Companies must stress test their level of preparedness to ensure continuity of business operations and work to mitigate any potential impact, prepare for possible further disruption, and from this and other possible crises.

We recommend the following measures be taken to manage the risks imposed by the Coronavirus.

Maintain continuous communications with stakeholders

Events are unfolding with incredible speed, and the situation and outlook is changing daily. The epicenter of the virus has spread beyond Wuhan.  It’s imperative to gather intelligence about the spread of the virus as well as maintain continuous communications with key stakeholders, including employees, customers, and suppliers. While there are apparent reasons why business operations are disrupted in times like this, our stakeholders don’t enjoy disruptions and expect their needs to be met regardless.

Picture9
An effective crisis management plan helps companies achieve their strategic goals

Test your crisis management and business continuity plans

A crisis is a low-probability, high impact event that threatens the viability of the company and is characterized by ambiguity of cause, effect, and means of resolution, as well as a belief that decisions must be made swiftly. 

Any emotionally charged situation that, once it becomes public, invites adverse stakeholder reaction and thereby has the potential to threaten the financial well-being, reputation, or survival of the company or some portion thereof.

How prepared are you for disruptions to your supply chain or possible closure or inability to staff a facility.  Helpful steps de the following:

  • Identify your core services required to maintain your supply chain
  • Analyze staffing requirements and ensure employees can work remotely
  • Check your cash flow, liquidity, and insurance
  • Establish communication protocols in the event a crisis occurs
  • Conduct a crisis simulation to raise awareness and test the effectiveness of your plan

These steps will also provide the Company with the opportunity to prepare for the next crisis in addition to this one.

Assess your supply chain

There are predictions that the peak of the impact of the Coronavirus on global supply chains will occur in the weeks to come and possibly force thousands of companies to reduce production or temporarily shut assembly and manufacturing plants in the U.S. and Europe. The most vulnerable companies are those which rely heavily or solely on factories in China for parts and materials. The activity of Chinese manufacturing plants has fallen in the past month and is expected to remain depressed for months.

Companies are advised to assess their supply chains, consider stockpiling critical parts and materials, and implement contingency plans, including the identification of other suppliers.  Additionally, companies are advised to monitor their supply chain and communicate in advance any possible disruptions to operations or to supply chains.  Operational resiliency is critical in times like this.

Prepare for a changing economy and stakeholder expectations

We should expect that the Coronavirus crisis will change business and society in many ways. The impact of the virus may increase online shopping, online education, and individual behaviors. It is also likely to change how companies configure their supply chains and reinforce the trend away from dependence on sole sourcing, mega-factories, and leaving crisis management to chance.  Once the critical stage of the crisis has been navigated, we recommend conducting a formal review and a root cause analysis. This exercise will help identify what was learned and where there are gaps or weaknesses so that the Company can make ten appropriate adjustments to their plans, policies, and behaviors.

gettyimages-1152441608-170667a

Consider Reporting and Disclosures

The outbreak has coincided with deadlines for filing annual reports due in March 2020, and decisions about filing paperwork for initial public offerings.

The U.S. Securities and Exchange Commission (SEC), in their February 19, 2020 Public Statement, has urged listed companies to factor coronavirus risks in their financial reporting disclosures.

Typically, the risk disclosures in these filings would contain information on factors that could materially affect their financial operations.  The challenge is providing investors with accurate information about the future when information about the outbreak is changing by the day.

Something that might be overlooked is a squishy issue related to the impact of an illness, like Coronavirus on executives. Remember, there is no “health-of-the-CEO” disclosure requirement. Just because it’s material doesn’t trigger an automatic duty on the part of a company to disclose the information.

While companies have options on executives medical disclosures, they often have a strong incentive to provide timely information. Doing so prevents employees from leaking information and investors from raising questions about why a CEO is no longer appearing in public.

When the board of directors is considering disclosure, don’t forget about the executive’s right to privacy. If the CEO has not authorized the disclosure of personal information, the company may be in trouble if it’s releasing information.

While actual effects may be difficult to assess, the SEC said companies should work with their auditors and outside counsel to ensure that their financial reporting and auditing processes are “as robust as practicable in light of the circumstances in meeting the applicable requirements.”

Risk factors in annual reports on Form 10-K are contained in Part I, Item 1A of Form 10-K. Risk factors in quarterly reports on Form 10-Q are included in Part II, Item 1A of Form 10-Q and are only required to be set forth if there are any material changes from the risk factors as previously disclosed in a company’s most recent Form 10-K. Smaller reporting companies are no longer required to include risk factors in their Form 10-K or Form 10-Q but may choose to do so.

Between January 1, 2020, and February 27, 2020, over 540 annual and quarterly reports have already been filed that mention coronavirus or COVID-19 in their risk factor sections. Some themes are:

  • Closures or Cancellations of, or Reductions in, Operations or Production in Mainland China or Surrounding Areas, including Restrictions on Transportation and Going into Public
  • Effect on Suppliers or Logistics Provider
  • Indirect Demand Effect
  • General Risk and Uncertainty
  • Effect on Planned Entry or Expansion into, or Existing Investments or Projects in, China or Surrounding Areas

Below are some examples of companies that have begun to signal the potential impact of the global outbreak on their balance sheet.

  • Microsoft Corp. said that its personal-computing business is likely to miss its revenue targets for the company’s current quarter because suppliers are gearing up operations at a slower pace than the technology giant anticipated.
  • Marriott International Inc. said it expects the epidemic to weigh on its fee revenue in 2020.
  • Rio Tinto PLC warned the epidemic is threatening its supply chain as it reported a 41% decline in annual net profit, but said it would pay a record final dividend.

Also, Between January 1, 2020, and February 27, 2020, over 160 annual and quarterly reports have already been filed that mention coronavirus or COVID-19 in their management discussion and analysis (MD&A) sections. While the MD&A section generally deals with quantitative and qualitative comparisons across relevant historical periods, the discussion also includes significant information regarding the Company’s future outlook and expectations

Lastly, Between January 1, 2020, and February 27, 2020, over 420 filings on Form 8-K have already been furnished or filed with the SEC that mention coronavirus or COVID-19 in the body of the Form 8-K or the exhibits thereto.

For consideration in preparing these reports, the SEC has published two statements encouraging registrants to monitor the necessity for disclosures regarding the novel coronavirus outbreak (January 30, 2020, Public Statement) and indicated that registrants and their advisors may contact the SEC staff regarding any need for assistance related to impacts on disclosure as well as to seek relief or guidance on the effects of the novel coronavirus on financial reporting for affected parties (February 19, 2020, Public Statement).

Board and Fraud

Benjamin Franklin once pointed out, “By failing to prepare, you are preparing to fail.”

A crisis can and often does increase the pressure on senior management and, of course, salespeople to meet their sales targets! Deviant behavior is easily justified.

Companies and their boards need to recalibrate and, in most cases, increase their oversight today and after the crisis. Why? Because of the likely mindset to maintain and if that’s not possible, make up for lost opportunities!

It not only looks terrible, but it is also bad when Boards are forced to act by circumstances, as opposed to their getting out in front of problems on their own.

They should request frequent updates from senior management – trust but verify!

In a crisis, sins of omission can become equally or more problematic than the issue(s) that precipitated the crisis.

Remember, bad actors are always lurking, so vigilance is essential. It’s not uncommon during times of crisis the opportunity for fraud increases, so be mindful of the following:

  • Those using the crisis as an excuse for not performing key tasks
  • Compensation models that reward based on financial performance
  • Requests by users for system access to modules, folders, applications, etc. that had previously been unnecessary or denied
  • Management override/circumvention of controls
  • Gaps created when employees roles and responsibilities change
  • Bribes being paid to secure products, supplies, or services negatively impacting the company
  • Revenue recognition schemes
  • Expense manipulating schemes
  • Phishing schemes

Investigations & Compliance

A crisis could limit “live” human interaction, and thus conducting investigations and maintaining the compliance program could be problematic. Some areas I believe we need to focus on:

  • Ethics training schedules
  • Delays to time-sensitive internal investigations
  • Challenges related to acquisition due diligence
  • Third-party audits
  • Internal audits
  • Compliance reviews
  • Collaboration with legal, compliance, and internal audit
  • Exit interviews
  • Executive sessions with the Audit Committee

gettyimages-1144178813-170667a

Some ways We can help!

Contact us to inquire about how we can help you prepare and respond to crises, which includes the following key service offerings:

  1. Investigations, which can be done remotely
  2. Corporate Governance reviews
  3. Crisis plan development and review
  4. Crisis simulation
  5. Supply chain vulnerability assessment
  6. Enterprise-wide risk assessments and management
  7. Internal control reviews
  8. Fraud risk assessment and investigations
  9. Monitoring using technology
  10. Training and awareness
  11. Staffing to fill gaps

Coronavirus Business Continuity & Crisis Management Discussion Guide©

Operations

  1. Do you have a crisis management/ business continuity/pandemic preparedness plan? If so, have you reviewed for relevance to the current crisis?
  2. Have you identified the risks this pandemic can pose to your organization, the impact of those risks, and developed strategies to manage those risks?
  3. Have you identified the critical (both important and time-sensitive) activities of your business and prioritized what has to be done to maintain them?
  4. Have you established authorities, triggers, and procedures for activating your response plan, alerting business operations (e.g., shutting down operations in affected areas), and transferring business knowledge to key personnel?
  5. Have you outlined the actions that need to be executed to limit the loss of life and property before, during, and immediately after this crisis?
  6. Have you identified the acceptable time frames for resumption of usual business operations should they be impacted by this crisis?
  7. Is your business directly or indirectly dependent on government operations?
  8. Have you shared your plan with federal, state, and local public health agencies and emergency responders to help them understand your capabilities and plans?
  9. What are your operational and revenue stream risks due to the potential disruption of your business?
  10. Are any of your operations or revenue streams at risk from potential disruptions to key suppliers and vendors?
  11. Have you identified all critical third parties (e.g., contractors, service providers, vendors, suppliers), linked them to critical business processes, requested their business continuity plans, and assessed the residual risk to your organization?
  12. Do you have an arrangement with your critical suppliers and third parties where they will inform you if they cannot make a delivery or provide services?
  13. Have you considered the feasibility of sourcing goods, ingredients, component parts, or services from alternative suppliers?
  14. Have you stockpiled critical inventory/ (raw materials) at risk of being disrupted?
  15. Have you analyzed your supply chain to adjust forecasts as necessary?
  16. Have you established a qualified crisis communications group that can proactively assist in internal and external communications?
  17. Have you developed and planned for scenarios likely to result in a significant increase or decrease in demand for your products or services during this crisis?
  18. Have you conducted any exercises to test the effectiveness of your plan and the readiness of your people and organization during this type of crisis?

Personnel

  1. Are your employees able to work remotely and continue with their tasks uninterrupted?
  2. Have you established policies for flexible work arrangements (e.g., telecommuting) and flexible work hours (e.g., staggered shifts)?
  3. Do you have the necessary IT infrastructure and security to meet the demands of a remote workforce, including increased monitoring activities related to potential cyber-attacks?
  4. Based on an increased threat level for a cyberattack, do you have a plan in place for educating and increasing cybersecurity awareness among your workforce?
  5. Have you identified key personnel required to maintain business operations by location and function, and are they at risk of becoming unavailable?
  6. Do key personnel understand their roles and responsibilities before, during, and immediately after this crisis?
  7. Do you have contact information for all personnel in case you need to contact them directly during this crisis?
  8. Are any of your office locations/ plants/facilities located in high-risk areas?
  9. Have you established appropriate monitoring of governmental health agencies for ongoing updates on impacted or high-risk areas and associated guidance?
  10. Will a remote workforce place you at risk of violating privacy laws, and are your employees trained to avoid this risk?
  11. Have you thought through, implemented, and communicated policies and procedures to reduce employee concerns such as healthcare plan coverage, prevention and treatment; attendance including paid time off; payroll continuation; travel, and group meetings?
  12. Do you understand the special needs of employees and customers and how you will address those needs during this crisis?

Financial and Legal

  1. Have you stress tested your cash flow liquidity, and business interruption insurance in the event of a prolonged business disruption due to this crisis?
  2. Are you aware of your options for cash flow for operations that recent emergency legislation may provide?
  3. Have you factored COVID-19 risks and impacts into your financial reporting disclosures?
  4. Have you adjusted financial forecasts according to the expected impact on sales or revenue streams?
  5. Have you adjusted budgets to account for increased costs related to any of your business continuity plans, if appropriate?
  6. Have you reviewed your debt covenants and communicated potential issues with your financial institution?
  7. Have you reviewed existing contracts with suppliers, service providers, event managers, etc. and anticipated any conflicts arising out of force majeure clauses?
  8. Have you assessed the risk of violating applicable laws and regulations?
  9. Have you thought through the tax implications associated with potential business continuity actions– ex-pat considerations, tax jurisdictions based on changes in your supply chain, etc.?
  10. Do you understand how the recent changes in tax guidance adopted in response to the crisis may affect your business and plans?
  11. Have you reiterated the importance of ethics and reassessed your fraud risks?
  12. Have you assessed the risk of violating applicable laws and regulations?
  13. Have you considered litigation implications related to existing contracts such as notice, anticipatory breach, force majeure, etc.?
  14. Have you proactively communicated with parties to existing contracts to address possible disruptions to contract performance?
  15. Have you spoken with your trusted advisors to ensure they can continue to service your needs?

The Guide is not intended to be complete.  Always consult with the appropriate professionals.

Some Closing Thoughts

Companies need to develop a strategy that enables the deployment of appropriate tactics to manage the risk of a crisis. The strategy needs to be owned by those charged with governance, and the tactics need to be simple and understood. Otherwise, the chances of success are significantly reduced.

Throughout the process, always remember to distinguish between what’s important vs. what’s urgent. Understand that managing a virtual team might be new for some, and stress levels yes might be high, so pick up the phone and talk to your teammates.

“Crisis management is like wrestling a Bull:  You rest when the Bull wants you to rest, and you’re done when the Bull gives up!” JTM

 

Young cowboy wrestling a steer in a rodeo.

We welcome your thoughts and comments. Stay safe, be well,  be smart, and in addition to what we presented herein, begin developing your Infectious Disease Outbreak Response Plan (“IDORP”).

Click here for more information on crisis management.

Best,

Jonathan Pic

Jonathan T. Marks, CPA, CFF, CITP, CGMA, CFE and NACD Board Fellow

Contributing Authors:  

Paul Zikmund, CFE, CBCP, CAMS, CRMA, CECM

Raina Rose Tagle, CPA, CISA, CIA

 

Attribution:

Akin Gump

Handbook of Research on Crisis Leadership in Organizations

HBR – https://hbr.org/2020/02/lead-your-business-through-the-coronavirus-crisis

HBR – https://hbr.org/2020/02/how-coronavirus-could-impact-the-global-supply-chain-by-mid-march

LA Times

Pearson & Clair, Reframing Crisis Management

WSJ

%d bloggers like this:
Skip to toolbar