May 2021: Risk Management

The COVID-19 pandemic has changed the landscape of how we work. This change has exposed vulnerabilities and created real potential threats to everyone.

Risk management is the process of identifying, assessing, and controlling threats, like COVID-19 pandemic-related changes. Potential threats can originate from financial uncertainty, supply chain disruptions, legal liabilities, strategic management errors, accidents, and natural disasters. The pandemic exposed unprecedented risks. This article covers how to protect your business against disruptions due to the compromised supply chain, pervasive uncertainty, new data security risks, and the accompanying liquidity/financial risks.

Evaluate your supply chain.

The coronavirus exposed vulnerabilities to our existing supply chain model. The pandemic’s substantial negative impact has created shortages and price increases for many industries. As a business leader, the first step in addressing this disruption is understanding your vendors, knowing which are critical, and identifying other sources for these product(s) or service(s).

One way to protect your business is to avoid the “single source supplier trap.” While contractual commitments with current vendors may make diversifying the pool of suppliers challenging, the key to navigating this process is reviewing the termination clause(s) and knowing the financial commitments. Inspect each contract to see if there are any impacts to changes in the relationship. Open up the dialogue with your current and prospective supplier(s), and ask them difficult questions. For example: Are they financially stable, have they had layoffs, and how are they adapting to the situation? These are hard conversations to have, but it is crucial to know the answers to operate smoothly. Regularly evaluate and monitor your vendors’ performance and have a documented contingency plan in place should there be a vendor failure.

 Position your organization to be flexible.

A business’s success depends on the ability to adapt and implement change quickly. Change management is a collective term for all approaches to prepare, support, and help organizations make organizational change. Incorporating change management into your risk management program fosters flexibility and will maximize success. A key element to this change is making flexibility the priority. Here are ways to implement this initiative to be better positioned to react to change.

  • Challenge the status quo and strive for increased flexibility.
  • Identify systems and processes that are not adaptable. Restructure them to be flexible to a changing landscape.
  • Incorporate data-based decision makings, use it to monitor results, and react accordingly.
  • Clearly communicate all changes internally. For any of the initiatives to be successful, your team must understand the direction, their individual role, and the goals and objectives. Without this, your team isn’t likely to do what you need of them.

Secure your data access points.

Protecting data is more challenging with the huge increase of people working from home. This change presents two new risks: 1) Unknown router security and data encryption in homes and 2) Unforeseen license agreement breaches.

In 2020, at least 44% of the workforce worked from home[1] increasing vulnerabilities to the security of your business’s data. As leaders, the initial step is to establish a straightforward security program for your virtual employees. The security program should capture VPN access, home WIFI encryption standards, and physical security of computers and paper files. Once the security program is established,  train your team.

Many software licenses for critical systems restrict use to “in-office usage.” You need to take the time to review which software can be used outside of the office. Proactively reviewing your critical system license agreements will mitigate potential fines and unexpected charges. Software companies face many of the same financial strains as your firm. As the crisis subsides, they will be looking for additional revenue sources, like fines related to a contractual breach.

Manage your financial risks.

Managing financial exposure to optimize earnings and mitigate financial damage is another critical element of your risk management program. Business leaders must have a strong understanding of the scope of risks they may face. Common financial risks are credit, market, and legal risks, as well as insufficient cash flow and maintaining good relations with your investors and bankers. Know your risks and evaluate each of them by estimating the probability of happening, along with the potential impact.

In addition to this, there should be processes created for periodic reporting (monthly, quarterly, annually) of risk exposures that can act as early warning signals for known risks and even help identify new ones. A financial risk assessment can make all the difference for your business. Preparing to take advantage of opportunities and eliminate potential landmines makes good business sense.


The uncertainty created by the pandemic has everyone questioning what is to come next. A comprehensive risk management program can help anticipate future issues to protect your business. David Nelms and Richard Kannan, Warren Whitney professionals, work closely with organizations to implement a comprehensive risk management program. If you have any questions or seek further clarification, please call us at 804.282.9566 or email Stephanie Ford at We do not charge for the initial call — We want to learn more about your needs.



[1] Statista, April 9th 2021, Remote work frequency before and after COVID-19 in the United States.