A framework for contingency planning- during and beyond Covid-19
Contingency planning isn’t just about major crises and natural disasters. It can also prepare you for more commonplace problems, such as the loss of data, staff, customers, or business relationships. That’s why it’s important to make contingency planning a routine part of the way you work, beyond the current crisis.
In this article, we explore how to create and maintain robust contingency plans, so that you’ve always got a backup option when things go wrong. Even if you didn’t have a plan in place before this pandemic started, it’s not too late to put one in place for your current state of play and beyond Covid-19.
Conducting a risk assessment
Every organisation faces a unique set of risks that it needs to plan for. They key to identifying yours is to conduct a thorough risk assessment.
The first step is to identify your business-critical operations. These are the key processes and functions without which your organisation could not operate – for example, your supply chain, your internet connection, or your ability to comply with legal standards.
Next, identify the threats that could harm each critical operation. These could include the loss of key staff, technical failure, or a change in government policy, for example.
Chances are, you’ll end up with a long list of potential threats. It may be unrealistic to attempt contingency planning for all of them, so you need to prioritise. Risk Impact/Probability Charts are a good way to do this. These charts help you to analyse the impact of each risk and to estimate how likely it is to happen. This reveals which risks require the expense and effort of risk mitigation. Business processes that are essential to your organisation’s survival, such as maintaining cash flow and market share, are typically at the top of the list.
What does a contingency plan cover?
A good contingency plan can prevent your business from “going under” when unexpected events occur, so it’s vital to ensure that it’s fit for purpose.
Here are the key elements to include:
Refer to your risk assessment and impact/probability charts and choose the most damaging or most likely scenarios that you want to plan for. Then, map out what should happen in each case (see Examples 1 and 2, below).
Aim to include a broad range of scenarios – for instance, cyber-attacks, prolonged staff absences, IT malfunctions, loss of suppliers, serious power outages, or structural problems with your business premises.
Specify what, exactly, will cause you to put your contingency plan into action. If you have a plan for heavy snow, will it be triggered by a severe weather warning, or only by actual snowfall?
One event could also have multiple triggers, each of which initiates a different part of your plan (see Example 2, below).
Include a brief overview of the strategy that you will follow in response to the event. This provides a context for the actions that you ask your people to take.
Who to inform
Identify the people who need to know about what’s happened. This could include employees, suppliers, customers, and the wider public, as appropriate. Also, make sure that you are aware of your legal obligations, and that any incident is reported to the relevant authorities where necessary.
Define who’s responsible for each element of the plan, who will be in charge at each stage, and what you expect them to accomplish. The Responsibility Assignment Matrix and the RACI Model are useful tools here.
State what needs to be done within the first hour, day and week of the plan being implemented.
This could be as simple as, “Inform employees of the situation immediately.” But you may need far more detailed timelines for certain situations, such as data breaches, serious workplace injuries, or leaks of hazardous materials.
Also include details of when you would expect normal business to resume, and what will signal that your organisation is ready for this.
Contingency Plan Examples
Click on the links below to see two scenarios and contingency plans for an online retailer with an office of 20 employees and a warehouse full of stock.
Developing your contingency plan
When you develop your contingency plan, remember that your primary aim is to maintain or restore critical business operations, so look closely at how these might be affected by each scenario.
Be aware of knock-on effects. Will your organisation be able to function at full capacity when you implement your “Plan B,” or will it reduce your productivity? If so, for how long?
Involve your people
To answer questions like these, it’s useful to consult people from across your organisation.
Managers from different departments can advise you on the impact of disruptive events on services, staff, resources, and business functions. And “frontline” employees are often best placed to tell you about the minimum tools and support they require to maintain essential operations.
Take the time to share your plan across your organisation, so that people can offer feedback and ask questions. Use this process to make your plan even more robust.
And, if possible, conduct drills to assess the efficacy of your plan. This can highlight areas for improvement, and reveal skills gaps or training needs.
People are often poorly motivated to develop a strong “Plan B.” They may already be invested in “Plan A,” or they may perceive the risks to be low and see no need for a contingency plan. As such, getting people to contribute to your plan can be a challenge.
To offset this resistance, stress the importance of the task and the potential consequences of not having a plan in place. Lead by example, by completing any contingency plan-related tasks of your own. And, if it’s within your power to do so, set people deadlines for submitting their contribution, or make it a performance review objective.
Keep it simple
When you write your contingency plan, be sure to use simple, clear language. You don’t know when the plan will be used, or who will read and implement it when it’s needed. For the same reason, use job titles or roles instead of names when you define people’s responsibilities. This will help to keep your plan relevant, regardless of any changes in personnel.
And don’t forget that your people are business-critical, too. Sudden, unexpected events can be difficult or stressful for them – and for you. At such times, clear communication is essential to reassure everyone that the situation is under control, and to avoid potentially damaging rumours and gossip.
Maintaining your contingency plan
Your contingency plan must be reviewed and updated regularly if it is to remain useful and credible.
When you review it, take all relevant technological, operational and personnel changes into account and reassess the risks accordingly. Then, discard old versions of the plan.
When new employees join your organisation, provide them with the contingency plan as part of their induction so that they are familiar with it, and so that they know what to do if there is a problem.
And finally, keep your backup plan backed up! This may mean keeping a digital version in the cloud, storing physical copies in an easily accessible off-site location, or both.