Coronavirus: Preparing your council for the crisis

0

Central government is implementing measures to confront the coronavirus outbreak. David Hill works through the questions local authorities will need to address as the virus spreads.

The coronavirus is dominating news reports. The virus has established itself as a major health risk on a global stage with countries taking a range of different measures to control the movement of citizens in order to control its spread and mitigate risks.

And though the reports make for grim reading, local authorities can take action too. Indeed, councils should be taking steps to quantify the potential impact of the virus and its associated illness on their ability to deliver services.

Keep in touch – register for Room151 treasury and finance meetings ONLINE

Local authorities must be transparent and take a lead in being open with their key stakeholders (partners, suppliers, customers and citizens) on what risks they face, particularly in the areas of staffing shortages that could have an impact on service delivery. 

Councils as well as the businesses they have in their areas (especially those councils that are more active in the commercial income generating sector), could also be impacted by the situation and they should be actively engaging with key stakeholders, including business resiliency partners, to ensure that plans are in place. This includes considering how the outbreak might affect supply chains, cash flow management (especially key suppliers) and service provision.

Management teams (and the Board) need to identify and understand the sources of disruption and the potential impacts. Leaders need to establish key indicators that provide continuous assurance about operational impacts and the effectiveness of mitigation plans.

Continuity

Many councils who are in the process of, or who have already implemented digital transformation programmes, now need to review how they can continue to deliver certain automated business-critical activities that utilise the internet or mobile technologies as part of the delivery mechanism.

It is time to ask yourselves: When was the last time you reviewed the criticality of various business processes to make sure the order of recovery is appropriate?

So, time to ensure those business continuity plans are in place and updated, staff across your organisation trained and made aware that each one of them has a role to play in service delivery.

It goes without saying, as part of your preparations don’t forget your internal audit team are there to assist, provide an independent and objective view, and provide assurance. The current coronavirus is one such area where they can assist.  

Checklists

Key disaster preparedness questions:

  • When was the last time your organisation’s resiliency plans were reviewed by key stakeholders? When was the last time your organisation’s plans were tested and by whom?
  • How do your current plans address natural disasters, pandemics, or other potential disruptors that could impact your facility? Your employees? Your cloud providers? Your suppliers? Your customers?
  • When was the last time your organisation reviewed its contracts with business resiliency partners?
  • How are vendors, emergency responders, regulators, insurance agencies, and other critical stakeholders notified of point of contact changes?
  • How capable is your organisation to perform manual versions of business-critical automated activities? Are the needed forms and procedure manuals available? Are you appropriately staffed to do so?
  • How often does your organisation verify the criticality of various business processes to make sure the order of recovery is appropriate? How does IT ensure the critical infrastructure components are enabled to allow for the business recovery requirements?
  • What business objectives would be hindered or restricted if there was limited or no internet or cellular access?
  • What training have your employees and business associates received on what to do in the event of a natural disaster or a pandemic?
  • Is your data centre and/or your cloud provider capable of running “lights out,” meaning no workers present for an extended period?
  • What business-critical processes or activities would not be transferrable to an alternate location? Which have regulatory implications based on timing or duration of event?

Social engineering

Key social engineering questions:

  • What are your organisation’s practices, policies, and training involving the threat of social engineering? How are these communicated to employees and enforced?
  • Is the threat of social engineering completely understood and communicated to all levels of employees at your organisation? Which systems and processes are particularly vulnerable to social engineering? Which key business processes have potential to be affected?
  • What testing does your IT department do relating to areas of specific vulnerability to social engineering?
  • Do you have plans to audit your organisation’s areas of specific vulnerability to social engineering?

David Hill is chief executive of SWAP Internal Audit Services.

Share

You may also like...

Leave a Reply

  • Room151’s LGPS Roundtables

  • Latest tweets

    Room151 24 hours ago

    Gove at LGA: councils to receive two-year financial settlement: Michael Gove has announced that councils will receive a two-year financial settlement from next year to provide authorities with “financial certainty” and allow them to plan ahead. The… dlvr.it/ST0kSV pic.twitter.com/wxL3UM4sGO

    Room151 24 hours ago

    LGPS valuations: the digital journey: Rob Bilton explains how technology is helping to deliver one of the most complex data exercises in the world of public sector pensions. The 2022 valuations for LGPS funds in[...] dlvr.it/ST0kMq pic.twitter.com/VxjSPC2Uvo

    Room151 5 days ago

    Conrad Hall: ‘more sophisticated’ regulation needed for local government: The chair of the CIPFA/LASAAC Code Board has questioned the sophistication of financial regulation in local government and the continuing focus of the Department for Levelling Up,… dlvr.it/SSnPBV pic.twitter.com/G5d7JCWF8c

    Room151 1 week ago

    Slough Council approves plans to restructure finance department: Slough Borough Council has approved plans to restructure its finance department to enhance capacity and capability and to address a “significant weakness” in the function. The local… dlvr.it/SSf8DG pic.twitter.com/l5lmyHmkBg

    Room151 1 week ago

    Job Alert: Various Finance Roles: lnkd.in/eRKRvhJb pic.twitter.com/KkBrjXxAYD

    Room151 1 week ago

    MRP on capital loans: a step in the right direction: David Green says the latest government proposals on Minimum Revenue Provision should be welcomed by local authorities. There are still some unintended consequences, but the suggested approach for… dlvr.it/SSZ7JK pic.twitter.com/M1W9qVgYWN

  • Register to become a Room151 user