Skip to main content
Office of Sport

COVID-19 and SSO Risk management

In response to COVID-19, most State Sporting Organisations (SSOs) have already recognised the need to identify and manage the risks and activities that are critical to ensuring their survival and recovery. Many have already adjusted major organisational processes and adapted their ways of working. For some SSOs, these may be permanent changes becoming the ‘new ’norm.

SSOs should assess the long-term impacts of the COVID-19 crisis on their resilience and their approach to risk management. There may be a lasting impact on the risk culture of the organisation. This could lead to changes in the way SSOs approach risk, including the identification, assessment, monitoring and reporting of risks. Applying a risk lens as this situation progresses is important.

Each SSO must ask the right questions to support recovery.

The five key actions that you can take are:

1. Review your risk appetite

In response to COVID-19, risk appetite might have changed. Risks previously accepted might now be looked at from a different point of view. 

SSOs should review their risk appetite to ensure they remain within defined levels of acceptable risk thresholds. They should monitor whether breaches have occurred or are likely to occur in the future. A review of risk appetite in light of changes to the SSO business model and strategy due to COVID-19 is crucial to develop a strategic response, prepare for the period ahead and to emerge stronger after COVID-19.

2. Identify and assess your risks

COVID-19 has been a major event that should trigger a reassessment of your SSO’s organisational risk. Risks previously identified may not be front of mind when in crisis management mode. However, they are not diminished by the pandemic. In light of COVID-19, SSOs should challenge assumptions made previously. 

Review the existing risk profile and ensure the likelihood and impact of risks reflects the current position following the impact of the recent pandemic and the changing risk landscape. Identify the less obvious risks by looking beyond the immediate challenges and consider the potential knock-on effects.

3. Revisit your internal controls

In these uncertain times, your SSO will want to ensure that shortcuts are not being taken, no opportunity for override of controls exists and rigor in procedures is still present. 

The design and operating effectiveness of controls should be reviewed to ensure they are fit for purpose in effectively mitigating risks. Where required, controls should be modified, replaced and new controls implemented to respond to current circumstances. Ensuring that internal controls are still functioning effectively should be a continual focus in today's uncertain environment.

4. Perform scenario analysis

SSO’s can benefit from revisiting their scenarios and reassessing potential outcomes in line with current developments. To be able to assess the full extent of the crisis, this should be performed by a multidisciplinary team bringing together risk and insurance experts, business leaders and IT specialists. 

Scenario analysis should be based on the flexing of existing risks and controls, analysing the impact of the scenario on the sensitivity of changes to the existing infrastructure, such as linking operational risk to operational resilience. Outcomes should be considered and communicated to the dedicated recovery team.

5. Report and monitor your risks

SSOs should determine if reporting is frequent enough to support timely responses to changes in risks. 

Key risk indicators (KRI) and key control indicators (KCI) should be reviewed in light of the above assessments to ensure they are providing relevant and timely information. 

Robust action plans and tracking mechanisms should be put in place and linked to decision-making and integrated with the overall strategy. 

Technology tools and analytics should be leveraged to increase the speed and accuracy of data collection and analysis to enable meaningful monitoring and reporting activities. 

The table below is intended as a guide and not an exhaustive list for consideration and discussion within the context of your risk and governance systems and processes.

Note: SSOs have different structures, size, membership, resource capacity, workforce and organisational priorities.   

Organisational Area

Initial Pandemic Response

Post-COVID or Return to Sport recovery phase

New norm


Board demonstrates leadership

Review mission, strategy, plans

Undertake a SWOT analysis and question the return to the Business as Usual model

Sport product & service

Consider options for online delivery of sport services  

Review product and service delivery strategies, activities & programs

Review sport product and service mix and pricing and costs

Members & stakeholders

Establish clear lines of communication with members & stakeholders.

Update member and key stakeholder’s databases

Identify new member opportunities


Establish a crisis team to report to the Board

The team to consider innovative solutions including use of technology

Consider ongoing use of automation and technological, cybersecurity solutions


Invoke new working arrangements including working from home and consider Health restrictions

Identify key persons at risk

Review all Human Resource policies in line with Federal and State and Health requirements

Risk and Compliance

Execute the Business Continuity Plan.
Seek professional advice from accountant, insurance provider, legal adviser

Update the risk profile and register. Communicate outcomes to members and stakeholder

Review the Risk
Framework in accordance with Standards Australian and seek advice from insurer and legal advisors


Implement Remote Access Systems to allow for workforce, board, others to work from home. Minimise risks for those that remain in the physical workplace

Review Cybersecurity Posture (the strength of an organisations cybersecurity policies, controls, and how effectively they mitigate risk is referred to as its security posture)

Implement changes to cybersecurity and digital plans


Conduct organisational health scenario analysis
Seek advice from legal, accountant, banks

Update budgets and look at performance metrics

Build resilience into Revenue Streams


Identify and Access any
State and Federal Funding opportunities

Review all funding streams, debtors, creditors

Review all funding streams, debtors, creditors refer to cash flow next

Cash Flow

Contain expenses and update cash flow forecasts

Update budgets, financial statements consider cost management strategies

Review all budgets, financial statements, controls, investments


Review member and stakeholder communications plans

Review Communications Plans

Consider new marketing opportunities to increase market share for your sport


Next - Issues to consider when assessing organisation health 



As with any resource, this does not replace obtaining independent legal, financial and risk advice on each question

The information provided in is for information only. The authors and the NSW Office of Sport accept no responsibility for the accuracy of the information or your reliance upon it.

Top of page