Contingency Planning

Developing a Good "Plan B"

Contingency Planning - Developing a Good

© GettyImages
fcafotodigital

Take precautions to keep your business safe.

Fires, floods, tornadoes – these are the type of events that we often associate with contingency planning.

But what if your main supplier suddenly goes bankrupt, your entire sales force comes down with food poisoning, or your website is held to ransom by hackers?

Contingency planning isn't just about major crises and natural disasters. It can also prepare you for more commonplace problems, such as the loss of data, staff, customers, or business relationships. That's why it's important to make contingency planning a routine part of the way you work.

In this article, we explore how to create and maintain robust contingency plans, so that you've always got a backup option when things go wrong.

Conducting a Risk Assessment

Every organization faces a unique set of risks that it needs to plan for. They key to identifying yours is to conduct a thorough risk assessment.

The first step is to identify your business-critical operations. These are the key processes and functions without which your organization could not operate – for example, your supply chain, your internet connection, or your ability to comply with legal standards.

Next, identify the threats that could harm each critical operation. These could include the loss of key staff, technical failure, or a change in government policy, for example. (Our article, Risk Analysis and Risk Management, covers this process in more detail.)

Chances are, you'll end up with a long list of potential threats. It may be unrealistic to attempt contingency planning for all of them, so you need to prioritize.

Risk Impact/Probability Charts are a good way to do this. These charts help you to analyze the impact of each risk, and to estimate how likely it is to happen. This reveals which risks require the expense and effort of risk mitigation. Business processes that are essential to your organization's survival, such as maintaining cash flow and market share, are typically at the top of the list.

Tip:

Contingency planning is one response to risk. But in some cases it may be safer or more cost-effective to tackle it in other ways: to avoid the risk, by investing in new equipment, for example; or to share the risk, by purchasing an insurance policy. Or you may choose not to formally plan for some lower-priority risks at all, but to manage them if they do happen.

What Does a Contingency Plan Cover?

A good contingency plan can prevent your business from "going under" when unexpected events occur, so it's vital to ensure that it's fit for purpose.

Here are the key elements to include:

Scenarios

Refer to your risk assessment and impact/probability charts and choose the most damaging or most likely scenarios that you want to plan for. Then, map out what should happen in each case (see Examples 1 and 2, below).

Aim to include a broad range of scenarios – for instance, cyber attacks, prolonged staff absences, IT malfunctions, loss of suppliers, serious power outages, or structural problems with your business premises.

Triggers

Specify what, exactly, will cause you to put your contingency plan into action. If you have a plan for heavy snow, will it be triggered by a severe weather warning, or only by actual snowfall?

One event could also have multiple triggers, each of which initiates a different part of your plan (see Example 2, below).

Response

Include a brief overview of the strategy that you will follow in response to the event. This provides a context for the actions that you ask your people to take.

Who to Inform

Identify the people who need to know about what's happened. This could include employees, suppliers, customers, and the wider public, as appropriate. Our article, Communicating in a Crisis, explores how to plan and deliver effective communication in difficult situations.

Also, make sure that you are aware of your legal obligations, and that incidents are reported to the relevant authorities where necessary.

Key Responsibilities

Define who's responsible for each element of the plan, who will be in charge at each stage, and what you expect them to accomplish. The Responsibility Assignment Matrix and the RACI Model are useful tools here.

Timeline

State what needs to be done within the first hour, day and week of the plan being implemented.

This could be as simple as, "Inform employees of the situation immediately." But you may need far more detailed timelines for certain situations, such as data breaches, serious workplace injuries, or leaks of hazardous materials.

Also include details of when you would expect normal business to resume, and what will signal that your organization is ready for this.

Contingency Plan Examples

Click on the links below to see two scenarios and contingency plans for an online retailer with an office of 20 employees and a warehouse full of stock.

Example 1 – A Minor Business Disruption

Example 2 – A Significant Business Disruption

Note:

These examples show just one possible way to present your contingency plan. You may prefer to use another format, such as a flow chart or slideshow. Choose a style that suits your needs and which captures all of the necessary information.

Developing Your Contingency Plan

When you develop your contingency plan, remember that your primary aim is to maintain or restore critical business operations, so look closely at how these might be affected by each scenario.

Be aware of knock-on effects. Will your organization be able to function at full capacity when you implement your "Plan B," or will it reduce your productivity? If so, for how long?

Finding This Article Useful?

You can learn another 59 leadership skills, like this, by joining the Mind Tools Club.

Join the Mind Tools Club Today!

Involve Your People

To answer questions like these, it's useful to consult people from across your organization.

Managers from different departments can advise you on the impact of disruptive events on services, staff, resources, and business functions. And "frontline" employees are often best placed to tell you about the minimum tools and support they require to maintain essential operations.

Take the time to share your plan across your organization, so that people can offer feedback and ask questions. Use this process to make your plan even more robust.

And, if possible, conduct drills to assess the efficacy of your plan. This can highlight areas for improvement, and reveal skills gaps or training needs.

Get Buy-In

People are often poorly motivated to develop a strong "Plan B." They may already be invested in "Plan A," or they may perceive the risks to be low and see no need for a contingency plan. As such, getting people to contribute to your plan can be a challenge.

To offset this resistance, stress the importance of the task and the potential consequences of not having a plan in place. Lead by example, by completing any contingency plan-related tasks of your own. And, if it's within your power to do so, set people deadlines for submitting their contribution, or make it a performance review objective.

Keep It Simple

When you write your contingency plan, be sure to use simple, plain language. You don't know when the plan will be used, or who will read and implement it when it's needed. For the same reason, use job titles or roles instead of names when you define people's responsibilities. This will help to keep your plan relevant, regardless of any changes in personnel.

And don't forget that your people are business-critical, too. Sudden, unexpected events can be difficult or stressful for them – and for you. At such times, clear communication is essential to reassure everyone that the situation is under control, and to avoid potentially damaging rumors and gossip. Read our article, How to Keep Calm in a Crisis, for more on this.

Maintaining Your Contingency Plan

Your contingency plan must be reviewed and updated regularly, if it is to remain useful and credible.

When you review it, take all relevant technological, operational and personnel changes into account and reassess the risks accordingly. Then, discard old versions of the plan.

When new employees join your organization, provide them with the contingency plan as part of their induction so that they are familiar with it, and so that they know what to do if there is a problem.

And finally, keep your backup plan backed up! This may mean keeping a digital version in the cloud, storing physical copies in an easily accessible off-site location, or both.

Note:

The specifics of disaster recovery are beyond the scope of this article. For more information on this topic, listen to our Expert Interview with Kathy McKee, /community/ExpertInterviews/KathyMcKee.phpLeading People Through Disasters.

Key Points

Contingency plans are an essential part of risk management. They help to ensure that you've always got a backup option when things go wrong, or when the unexpected happens.

To develop a contingency plan, first conduct a risk assessment: identify your business-critical operations, identify the threats to those operations, and analyze the potential impact of each threat.

Then, include the following points for each threat:

  • Scenarios.
  • Triggers.
  • Response overview.
  • People to inform.
  • Key responsibilities.
  • Timeline.

To create the most robust plan, consult widely within your organization, conduct trial runs, update the plan regularly, and store it securely.

This site teaches you the skills you need for a happy and successful career; and this is just one of many tools and resources that you'll find here at Mind Tools. Subscribe to our free newsletter, or join the Mind Tools Club and really supercharge your career!

Show Ratings Hide Ratings

Ratings

Rate this resource

Comments (18)
  • Over a month ago FMCGroupD1979 wrote
    This article has some extremely valid points. Contingency planning is essential because it helps create solutions to alternatives in anticipation of the results. Further, contingency planning helps mitigate future risks and provides a solution that can sustain the processes in place.
  • Over a month ago Michele wrote
    Hello Hana,

    In today's high tech world having a robust IT security strategy is a must. Thank you for sharing the infographic.

    Michele
    Mind Tools Team
  • Over a month ago Hana wrote
    This article makes a fair point. I'd like to point out this infographic I found helpful; 10 areas of security every business should be aware of; http://www.lucidica.com/blog/internet-security/the-one-page-business-security-audit-every-business-should-have/
View All Comments