Set a course: Covid-19 (coronavirus) and IT

published on 12 March 2020 | reading approx. time 3 minutes

What effects are to be expected from your own IT and what opportunities are there for companies?

It is becoming increasingly apparent that Covid-19 is a global problem: First of all, it affects people, but in the next step it will also have an impact on companies. Basically, it has to be said that actually every company can be - or even will be - affected. The question is how the coronavirus affects IT. Can IT help to better manage the crisis?

A key step in overcoming a crisis is for the company to prepare itself for the crisis. The crisis management team has to assess the effects on IT and with it on the company processes by gathering sufficient information about the development of Covid-19. The evaluation must be designed in such a way that it is continuously updated in the event of a crisis.

With regard to Covid-19, the risk analysis - and assessment - should focus primarily on the loss of employees in IT or at key points with IT know-how that support the important core processes in the company. The risk originating from IT must be embedded in the company-wide reporting (dashboard).

If the company is one of the companies covered by the IT Security Act (KRITIS), it can fall back on the existing risk analyses and update them if necessary.

In doing so, it is important to identify head monopolies in IT or whether IT operations and thus essential business processes can no longer be adequately ensured in the event of the loss of individual (possibly even unrepresented) employees.

Read more in the article "How companies can counter a crisis in their own IT operations".

It is elementary when central functions around IT, information security and data protection fail. A disaster rarely comes alone.

This usually also applies to significant change and migration as well as development projects. Often go-lives depend only on a few people in a company.

Read more about this in the article "Consequences for IT projects".

It is imperative that the risk of service provider failure be included in the risk analysis. In addition to IT service providers, this includes those who have taken over the computer center operation and also the service providers who, for example, are relevant for the maintenance of the IT systems used for IT operations. For this purpose it is necessary to include a reporting of the risk situation of the service provider to the company.

It should not be underestimated that in the event of an emergency, controls and security measures in business processes may no longer be effective. This offers the door and gate for fraudulent actions.

Read more about this in the article "Impact on the internal control system with regard to financial losses".

IT also offers the possibility of preventing the spread of the coronavirus within your own company. Prominent examples are certainly

Home office;
Tele-meetings from an isolated workstation;
Reduced event attendance through increased use of webinars;
Redirection of training services to eLearning platforms
And many more.

In distributed IT systems, there is also the possibility of "redirecting" complete business processes via other parts of the company if necessary. Examples would be as follows

Distribution of sales activities over other locations by redirecting telephone and mailing campaigns;
Integration of call centers to relieve the burden on your own sales structures;
taking over order acceptance and invoicing by other parts of the company, possibly even across national borders;
Transfer of sub-processes from the accounts receivable and dunning process to other locations
Etc.

The risks in IT, but also the possibilities of using IT to counter the risks in the company, are comprehensive; this includes preparation and implementation within the framework of a crisis team. If there are few resources available in the company for coordination or concept development, it is advisable to involve the Rödl & Partner crisis team.