Join our mailing list

Sign up to our free mailing list to stay updated on the latest from the IRM.

Subscribe Now

Pandemic Special Interest Group

IRM survey: Risk Management Response to Covid-19 - December 2020 Update

Back in April we surveyed our community on the initial impact of the pandemic and were gratified by the huge response. This work has helped us understand the extent of pre-crisis planning, resilience factors in the initial stages and the interactions with other areas of risk.

The summary report from the April survey can be found here:

Several months on, we are repeating our survey to see how things have developed. Please share with us your views on what we have learned, the impact on you, your organisation and the wider risk profession, and what you now think about the future. Everyone's views, whatever your seniority or speciality, are valuable.

Our surveys have been put together by a group of IRM senior members and should take you around 15 minutes to complete. It will close on Friday 8 January 2021.

The new survey can be accessed here:


  • Support the risk community in their management of pandemic risk and building resilience in the face of pandemics.
  • Build on the previous IRM surveys related to the Covid-19 pandemic
  • Increase the general knowledge around pandemic risk management and communicate/encourage best practice.
  • Provide a forum for the exchange of ideas, experiences, and knowledge on pandemic risk management.
  • Develop thought leadership on pandemic risk management.
  • Develop relationships with key stakeholders to facilitate exchange of information on pandemics and pandemic risk management, across the risk community.
  • Encourage research, produce practical documents, host seminars and education features for interested parties.
  • Encourage the implementation/embedding of pandemic risk management as part of an organisation’s ERM processes and highlight where opportunities may arise from the pandemics.
  • Determine how we may best be able to support or offer support to those small and medium sized organisations that do not have a dedicated risk function or qualified risk managers with links to the IRM.


To join an IRM group, you need to log in or register.

Group Chair: Seamus O'Shea

Committee members:

Aileen Orr

Susan Howlett

Alistair Johnson

Not an IRM member?

Join today »

Why the group is needed and its relevance to risk community

The ongoing COVID-19 pandemic has had, and continues to have a much greater and wider impact on nations, businesses, organisations and populations than almost anyone had previously expected. The effects are almost certain to be felt for several years to come. Organisations will need to mitigate the continuing impacts of the Covid-19 pandemic whilst at the same time ensuring that they do not lose sight of other major risks and are better placed to respond to future pandemics.

Many commentators now consider that the frequency of pandemics has been increasing and will continue to do so without major global interventions that are beyond the scope of this SIG. The risk community will need to review the ongoing Covid-19 pandemic and consider what worked and what did not, and ensure that the lessons that can be learned from our recent and ongoing experience of COVID-19 are understood, and are used to better prepare for the future. The aim of this SIG is to guide and support the risk community managing pandemic risk both now and into the future, and at the same time ensure that other significant risks are not being ignored. The SIG will also endeavour to provide support for the wider risk community outside of the IRM membership, in particular for those organisations that do not have a dedicated risk management function.


Scope of the Pandemic SIG

This SIG on pandemic risk management will primarily focus on the individual corporate entity with a special emphasis on the guidance that can be offered to the Boards and senior management of those firms as they learn to manage Covid-19 in the short term and pandemic risk in general over the longer term.

Following the completion of the initial defined activities the scope of the SIG will be reviewed and developed further to ensure that it remains relevant to and supportive of the risk community in the field of managing pandemic risks.

The SIG intends to look at issues around the following:

  • Management Information requirements to support pandemic risk mitigation
  • Positive and negative risks arising from pandemic mitigation actions taken by the organisation and/or relevant authorities e.g. cyber security, civil unrest, fraud
  • Identifying and understanding where on the pandemic preparedness continuum the organisation exists.
  • Adoption of technology to reduce human to human contact
  • Organisational awareness of their risk universe
  • Consideration of risks beyond the business premises – e.g. working from home
  • Did/does better pandemic preparation and investment result in better performance during the Covid-19 pandemic
  • Potential for private/public response to pandemics
  • Potential for ignoring or underestimating other key high impact low likelihood risks by the focus on Covid-19


Aims and strategic goals

On initial set up a programme of SIG meetings will be established and a common workspace set up to facilitate the work of the Group.

At the time of establishing the SIG organisations will have been dealing with the Covid-19 pandemic for several months, no doubt with varying degrees of success. Organisations with dedicated risk management or business continuity management functions may have fared better than those without, or they may not.

The key focus will be on identifying practices, procedures and processes that seem to work and those that don’t with the aim of producing a lessons learned report as the priority deliverable. Available guides and guidelines will be reviewed and current best practice described and compared with the lessons learned feedback. This review and comparison will be used as a basis for the identification and subsequent development of guidance documents which will identify new best practices and how such practices may be fully integrated within an organisations ERMS (Enterprise Risk Management Systems).

One of the initial activities will be to determine the type and scale of support the risk community requires from the SIG.

Once new guidance is available the SIG will consider with the management of the IRM how best to disseminate this to the wider risk community.

On completion of the initial activities the findings will be used as a basis to determine a future works scope for the SIG to ensure that it remains valid and relevant to the risk community.

Key initial activities will be:

  1. Set up the systems etc. necessary for the functioning of the SIG
  2. Identify what pandemic risk management support the risk community wants/needs
  3. Identify currently defined best practices in available pandemic guidelines
  4. Survey current Covid-19 mitigation activities and responses across the risk community and identify and document lessons learned. [Priority deliverable: Covid-19 Lessons learned report (and updates if required)]
  5. Review currently defined best practices in the light of Covid-19 survey responses and determine what may now constitute best practice for pandemic risk management
  6. Develop updated pandemic risk management guidelines and support documentation/information [Key deliverable: Revised pandemic risk management documentation]
  7. Plan and develop programme for dissemination of revised documentation [Key deliverable: Risk community education/awareness programme]
  8. Review lessons learned etc. and develop further works scope (if appropriate or required) for the SIG and implement accordingly.