Contingency Planning arises from the fact that exposure to risk in business is unavoidable. In business, risk can be defined as a threat that might prevent the business or organization from hitting its objectives. The purpose of contingency planning is thus to create planned responses to events that might adversely impact an organization.
What happens if sales suddenly slump by 50%? What happens if a key team member leaves for a new position? What happens if your entire customer support team (who share the same room) fall ill at the same time?
All of the above questions are risks to the operations of an organization. If an organization doesn’t handle any of these situations well, then there might be an adverse impact on business operations, customer perception of the organization, and even the future profits of the business.
Although contingency plans typical specify how to deal with the materialization of negative risks, good contingency plans should also identify how to handle positive unexpected disruptions, for example, if media exposure suddenly lead to product orders increasing by 300% overnight then how would this surge in demand be handled by the business?
Developing contingency plans is part of a broader process around managing business risk, and comprises the following three components:
- Risk Management: Identify and manage those risks, both positive and negative, which threaten the organization.
- Contingency Planning: Develop plans for unforeseen events.
- Crisis Management Planning: develop plans for handling sudden crisis situations.
These three steps combined will form a business’s continuity plan. You can think of contingency planning as being proactively planning for disruption, whereas crisis management planning is a more reactive strategy.
It is worth noting that contingency planning should happen at all levels of an organization, and not just at the senior management level. This is because we don’t just need to make plans for major risks, such as natural disasters, but also for lesser disruptions, such as a key person being ill or a machine breaking down
As you can see contingency planning is important. Because of this, it is important for all organizations to create and maintain contingency plans as part of normal business operations.
How to Create a Contingency Plan
The following 3 steps can be used to create a contingency plan:
- Assess the Risks
- Create the Contingency Plan
- Maintain the Contingency Plan
We’ll now dig into each of these areas in some more detail.
1. Assess the Risks
Before we can develop our contingency plan we need to understand the potential risks being faced by the organization.
If you’d like to learn more about risk management then we have a detailed article which can help you find and manage risk, which you can find here.
A simple process we can use to assess risks is as follows:
a. Identify Critical Functions
To find the important risks we first need to understand the critical functions within the organization. You can help yourself identify these functions by asking “what if?” questions. For example, what if a certain supplier went bankrupt? What if we lost all customer data? What if the entire sales team was ill for a week?
b. Identify the Risks
For each of these critical parts of the business, find the risks being faced. To help you identify the risks you may want to consider the following risk areas:
- Natural Disasters: these are things such as flooding, earthquakes, and fire.
- Product Issues: for example, what would happen if your product needed to be recalled?
- Equipment Issues: for example, what would happen if a key piece of equipment or software failed?
- Supplier Issues: for example, what would happen if a supplier terminated their contract?
- Team Issues: for example, what would happen upon the death or illness of a core team member?
- PR Issues: for example, what would happen in a negative story ran in a major media outlet?
- Governmental Issues: for example, what would happen if the sales tax rate suddenly changed?
- Legal Issues: for example, what would happen if you were alleged to be in breach of copyright?
- Employee Issues: for example, what would happen if an employee stole from the organization?
c. Prioritize the Risks
One of the traps of contingency planning is that you over plan, meaning that you try to plan for every eventuality. This is obviously wasteful as it’s extremely unlikely most events will occur, so what we want to do is create contingency plans for those events which will either impact the organization in a major way or are quite likely to occur.
We can do this by ranking our risks in terms of probability of occurrence and impact on the organization.
As you can see in the diagram above, we have two high priority risks to address in our contingency planning (1 and 3), one risk which is of medium priority (2), and two risks of low priority (4 and 5).
The exact process to rank your risks in this way is shown in detail in our Risk Management article.
2. Create the Contingency Plan
At this stage we have a prioritized list of risks, that is, a list of things that might go wrong including how they might go wrong, and what impact that might have on the organization.
Now it’s time to create our contingency plans, detailing how we’re going to react if any of these things actually do go wrong. The most sensible way to start this work is to tackle the highest priority threats first. In our example above, this means that we would create a contingency plan for risks 1 and 3 before moving on to the lower priority risks.
There is no right or wrong way to create a contingency plan, but the plan should contain step-by-step instructions detailing what needs to happen and when to get the business back to normal operations.
Despite there being no right or wrong way to put together a contingency plan, you may find the following pointers useful:
- Determine the precondition: what event has to happen for the contingency plan to be activated?
- Specify exactly who is in charge at each stage of the contingency plan.
- Identify the needs of all stakeholders up front and involve them in creating the contingency plan.
- For each action, you include in your plan be sure to include who is responsible for that action, who they report to, how long the action will take, and what communication will happen.
- Document communications: different contingency plans will require different communications. For example, the company website crashing may require internal communications to coordinate the resolution of the problem as well as email communications with customers to keep them abreast of progress towards resolution. However, if your product was found to cause actual bodily harm to one of your customers then this would require not only internal communications but also very carefully managed public relations.
Once you’ve created your plan you’ll need to get it approved and included in any standard operating procedures (SOPs) so as everyone understands when the plan should be triggered and their part in it.
It can be useful to test your plans. That is, to simulate the triggering of a contingency plan to perform a dry run through the steps detailed in the plan. This will help ensure that the plan is fit for purpose.
3. Maintain the Contingency Plan
Just as with life, business doesn’t exist in a vacuum. The world around us is in constant change. Because of this, it’s important not to just set and forget your contingency plans. They will need to be updated regularly for a number of reasons, including:
- The way a system works has changed.
- A key team member has left/joined the organization.
- The organization structure has changed.
- New risks have emerged, or existing risks have gone away.
- New products are introduced to the market.
- New technology has replaced old.
There are two ways in which to approach keeping your contingency plans up to date.
The first is to create a schedule where you will update and reapprove your contingency plans. Effectively this is a regular cadence of meetings (perhaps the team will meet once per month) when you’ll discuss and update your contingency plans.
The second approach is to embed the process of updating contingency plans in all the other change processes of the organization. This means that if someone were to change a system then they’d need to update the contingency plan. It would mean that if someone wanted to bring a new product to market that they’d need up update the relevant contingency plans or create a new contingency plan.
Once a contingency plan is in place you may wish to keep it off-site, perhaps by ensuring all key team members carry a copy on their mobile device. This is to avoid the very undesirable situation where a disaster such as a fire, destroys not only a key building but also the contingency plan itself!
Contingency Planning Summary
Contingency planning is often low on the priority list for many organizations. Day to day operations consume everyone’s attention, and so it can be difficult to find the time for contingency planning.
However, just like introducing a new product line, contingency planning is an investment. When considering investing in contingency planning, don’t just think about the cost of your investment, remember to consider the potential costs to the organization should you choose not to invest in contingency planning.