Hours: Monday - Friday 8:00 am - 5:00 pm


Business vulnerability: 4 lessons learned from the COVID-19 pandemic


Authored by RSM US LLP

As society begins to recover from COVID-19 pandemic, organizations are reflecting on tough lessons learned about business vulnerability. But most importantly, companies should consider how those lessons can be applied to their risk strategies so that they are more prepared for future disruptions.

The pandemic upended plans, strategies and business models. One lasting outcome is learning how critical it is to have a strong grasp of business vulnerabilities that, if left unchecked, could cause harm. By keeping a pulse on possible future disruptions, organizations can be better prepared to withstand challenges to their business.

Here are four key lessons from the pandemic that are prompting organizations to assess for vulnerabilities more thoroughly.

Business vulnerability lesson No. 1 

Cybersecurity strategies and governance must cover distributed work environments just like other environments.

Though some businesses are beginning to return to the office, many have realized that hybrid or even fully remote policies work well for their organizations. So even though the pandemic may be ending, concerns about remote work security are not.

When employees or contractors are logging in to work apps on various devices and from home, coffeehouses, or airports, it introduces new risks by stretching the workplace through access points that are potentially more vulnerable. According to the RSM 2021 MMBI Cybersecurity Report, more than two-thirds of survey respondents (67%) said that their businesses experienced attacks as an indirect result of the COVID-19 pandemic. The most common indirect attack was exploiting vulnerabilities from employees working remotely.

In addition, hybrid and remote work could make internal fraud easier. Internal audit practices should be adjusted within your business vulnerability assessments to align with these new threats.

Ask yourself: Is it time to review your hybrid and remote work environments to ensure strong security and governance?

Business vulnerability lesson No. 2

Global supply chains are more vulnerable than they used to be.

Prior to the pandemic, it was common to use single sourcing for economies of scale and cost control. However, single sourcing became a weakness due to supply shortages. Now, organizations are re-evaluating suppliers to reduce costs and improve resiliency, as well as considering dual sourcing.

Organizations also are reviewing where inventories are kept and how much safety stock they have. Should inventory be moved closer to the point of consumption? Prevailing practices such as just-in-time delivery have caused shortages and stock-outs, so businesses are adjusting this model as they evaluate how effective their overall supply chain strategy is.

Ask yourself: What are our business vulnerabilities related to supply chain partners and are there other third-party risks to consider?

Business vulnerability lesson No. 3

Agility and flexibility are no longer nice-to-haves, but must-haves.

In 2020, organizations had to shift quickly in many areas, from remote service delivery to enabling work-at-home to dealing with plummeting or escalating demand. Being agile and flexible proved to be an advantage. Agile organizations could quickly adjust their product or service portfolio and avoid productivity lag due to changing workplace circumstances.

As the Suez Canal blockage and the Texas freeze taught us in 2021, the unfortunate reality is that unexpected events will continue to occur. Strong, scalable governance practices are foundational to agility and flexibility because they can align to change without weakening.

Ask yourself: Are your business processes streamlined and well-controlled so that they can be adjusted for change without breaking or becoming non-compliant?

Business vulnerability lesson No. 4

Disaster-recovery plans for all types of risks need to be actionable—not just about compliance.

For many organizations, especially in financial services, pandemic-response plans were in place. However, many plans were too compliance-oriented and didn’t have the actionable steps needed to support preserving business health during a pandemic.

For example, some pandemic-response plans were wrong about workforce challenges. They focused more on operating with a large portion of the workforce not being able to work, rather than how to enable people to do their jobs remotely.

Ask yourself: Do your disaster-recovery plans include actionable steps that will help you preserve the health of your business?

Complete your business vulnerability assessments

If businesses have learned anything in 2020 and 2021, it’s that being prepared for unexpected disruptions is a crucial part of business planning. Assessing your business risks allows you to uncover areas of weakness that can be strengthened with firm action plans and operational improvements, so that when the next weather event, geopolitical crisis, or supply chain interruption happens, your business health doesn’t suffer.

While these assessments can seem overwhelming, businesses do not have to carry them out alone. By finding a partner with experience in these types of risk assessments, as well as various industry and business types, they can ensure their assessments will result in best-practice actions that will preserve business’s health should unexpected circumstances arise.

Learn more about our risk advisory services and how RSM can help you assess your risk to understand where your business vulnerabilities are.

Let's Talk!

Call us at (325) 677-6251 or fill out the form below and we'll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

This article was written by RSM US LLP and originally appeared on 2021-06-16.
2021 RSM US LLP. All rights reserved.

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/about us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

Condley and Company, LLP is a proud member of the RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise and technical resources.

For more information on how Condley and Company can assist you, please call (325) 677-6251.

Share This