COVID-19 and SSO Risk Management

COVID-19 and SSO Risk management

In response to COVID-19, most State Sporting Organisations (SSOs) have already recognised the need to identify and manage the risks and activities that are critical to ensuring their survival and recovery. Many have already adjusted major organisational processes and adapted their ways of working. For some SSOs, these may be permanent changes becoming the ‘new ’norm.

SSOs should assess the long-term impacts of the COVID-19 crisis on their resilience and their approach to risk management. There may be a lasting impact on the risk culture of the organisation. This could lead to changes in the way SSOs approach risk, including the identification, assessment, monitoring and reporting of risks. Applying a risk lens as this situation progresses is important.

Each SSO must ask the right questions to support recovery.

The five key actions that you can take are:

1. Review your risk appetite

In response to COVID-19, risk appetite might have changed. Risks previously accepted might now be looked at from a different point of view. 

SSOs should review their risk appetite to ensure they remain within defined levels of acceptable risk thresholds. They should monitor whether breaches have occurred or are likely to occur in the future. A review of risk appetite in light of changes to the SSO business model and strategy due to COVID-19 is crucial to develop a strategic response, prepare for the period ahead and to emerge stronger after COVID-19.

2. Identify and assess your risks

COVID-19 has been a major event that should trigger a reassessment of your SSO’s organisational risk. Risks previously identified may not be front of mind when in crisis management mode. However, they are not diminished by the pandemic. In light of COVID-19, SSOs should challenge assumptions made previously. 

Review the existing risk profile and ensure the likelihood and impact of risks reflects the current position following the impact of the recent pandemic and the changing risk landscape. Identify the less obvious risks by looking beyond the immediate challenges and consider the potential knock-on effects.

3. Revisit your internal controls

In these uncertain times, your SSO will want to ensure that shortcuts are not being taken, no opportunity for override of controls exists and rigor in procedures is still present. 

The design and operating effectiveness of controls should be reviewed to ensure they are fit for purpose in effectively mitigating risks. Where required, controls should be modified, replaced and new controls implemented to respond to current circumstances. Ensuring that internal controls are still functioning effectively should be a continual focus in today's uncertain environment.

4. Perform scenario analysis

SSO’s can benefit from revisiting their scenarios and reassessing potential outcomes in line with current developments. To be able to assess the full extent of the crisis, this should be performed by a multidisciplinary team bringing together risk and insurance experts, business leaders and IT specialists. 

Scenario analysis should be based on the flexing of existing risks and controls, analysing the impact of the scenario on the sensitivity of changes to the existing infrastructure, such as linking operational risk to operational resilience. Outcomes should be considered and communicated to the dedicated recovery team.

5. Report and monitor your risks

SSOs should determine if reporting is frequent enough to support timely responses to changes in risks. 

Key risk indicators (KRI) and key control indicators (KCI) should be reviewed in light of the above assessments to ensure they are providing relevant and timely information. 

Robust action plans and tracking mechanisms should be put in place and linked to decision-making and integrated with the overall strategy. 

Technology tools and analytics should be leveraged to increase the speed and accuracy of data collection and analysis to enable meaningful monitoring and reporting activities. 

The table below is intended as a guide and not an exhaustive list for consideration and discussion within the context of your risk and governance systems and processes.

Note: SSOs have different structures, size, membership, resource capacity, workforce and organisational priorities.   
 

Organisational Area	Initial Pandemic Response (Short-term)	Post-COVID or Return to Sport recovery phase (Medium-term)	New norm (Long-term)
Strategy	Board demonstrates leadership	Review mission, strategy, plans	Undertake a SWOT analysis and question the return to the Business as Usual model
Sport product & service	Consider options for online delivery of sport services	Review product and service delivery strategies, activities & programs	Review sport product and service mix and pricing and costs
Members & stakeholders	Establish clear lines of communication with members & stakeholders.	Update member and key stakeholder’s databases	Identify new member opportunities
Operations	Establish a crisis team to report to the Board	The team to consider innovative solutions including use of technology	Consider ongoing use of automation and technological, cybersecurity solutions
People	Invoke new working arrangements including working from home and consider Health restrictions	Identify key persons at risk	Review all Human Resource policies in line with Federal and State and Health requirements
Risk and Compliance	Execute the Business Continuity Plan. Seek professional advice from accountant, insurance provider, legal adviser	Update the risk profile and register. Communicate outcomes to members and stakeholder	Review the Risk Management Framework in accordance with Standards Australian and seek advice from insurer and legal advisors
Technology	Implement Remote Access Systems to allow for workforce, board, others to work from home. Minimise risks for those that remain in the physical workplace	Review Cybersecurity Posture (the strength of an organisations cybersecurity policies, controls, and how effectively they mitigate risk is referred to as its security posture)	Implement changes to cybersecurity and digital plans
Performance	Conduct organisational health scenario analysis Seek advice from legal, accountant, banks	Update budgets and look at performance metrics	Build resilience into Revenue Streams
Funding	Identify and Access any State and Federal Funding opportunities	Review all funding streams, debtors, creditors	Review all funding streams, debtors, creditors refer to cash flow next
Cash Flow	Contain expenses and update cash flow forecasts	Update budgets, financial statements consider cost management strategies	Review all budgets, financial statements, controls, investments
Marketing	Review member and stakeholder communications plans	Review Communications Plans	Consider new marketing opportunities to increase market share for your sport

 

Next - Issues to consider when assessing organisation health