Focus the company on identifying what risks exist and the levels of that risk;

Enable the company to review the overall objectives of the existing plan in the light of the risks identified, (especially their impact on company KPI's);

Assist in creating strategies to manage and mitigate risk (prevention being far cheaper than cure);

Review the existing information system to clarify whether it can both identify failure early (early correction is far cheaper and easier than late), correctly (taking the right action for the right reasons rather than the wrong actions for the wrong reasons), and has the ability to forecast significant changes in the risk environment (controlling change rather than reacting to it is always more cost effective);

Establish a set of actions/ policies which are in line with the problem (this is the concept of graduated response – as problems grow worse, more severe actions need to be considered, but it is often early and small changes that prevent larger difficulties occurring in the future);

Formalise contingency plan actions into standard operating procedures (SOP);

Provide for the integration of contingency plan actions into company wide induction and maintenance training to ensure rapid and effective response, and link with outside agencies where necessary;

Create a framework which can be continuously reviewed and updated, with post event analysis incorporated into best practice.

Software exists to assist the company in the creation and management of contingency planning, but an initial manual approach is advisable – otherwise the company either over or under plans its responses. 

Risk

Two golden rules should be followed in assessing potential risk – What can go wrong, will go wrong, and – If it cannot go on, it will not. An initial assessment of possible risk components should be as broad as possible – the Ibis standard checklist has over 160 items listed, but within this list there are two important groups – those that have high probability of occurring and those that have high impact on company performance. These will vary over time and for specific industries. The worst group is obviously those that have both high impact and high probability – such as fuel prices in the airline industry. 

Six broad types of risk exist for each enterprise, though they obviously influence each other:

Strategic risk;
Macro environmental risk;
Operational risk;
Competitive risk;
Project risk;
Disaster risk

Strategic risk is concerned with the mixture of strategies that the enterprise follows with some such as diversification being far more risky than market penetration, and it is also concerned with portfolio theory and the need to diversify products, customers, countries, suppliers, finance and personnel.

Macro environmental risk is concerned with the way in which the Political, Economic, Social, and Technology components will influence the enterprise.

Competitive risk is concerned with the way in which competitors both currently and in the future will affect enterprise policies.

Operational risk is associated with the ability of the enterprise to implement its policies, including such problems as quality, delivery, customer satisfaction, security, fraud, personnel and production/ service delivery failure.

Project risk is focused on the probabilities that certain tasks within a project will face problems of time, budget or specification achievement.

Disaster risk concerns the planning for “major” events, such as hurricanes, riots, tidal waves, floods,air crashes and the like.

Impact on objectives

One of the more useful aspects of contingency planning, and one little discussed, is its relationship to the structure of the overall plan. The creation of the plan should lead managers to consider the impact of changes in risk on the probable level of organisation performance. As the level of environmental risk increases, so will the risk of not achieving the plan objectives. What level of risk is acceptable to stakeholders? Does a changing level of risk imply the need for changed objectives? For example, a high probability/ high impact risk would be a recession for a consumer goods company – should not this imply a changed set of objectives from perhaps aggressive to conservative?

Managing risk through designing out, mitigating and sharing 

As the development of the contingency plan identifies the major risk components, management can consider each with the following questions:

Can we design it out entirely or partially? (for example, premises design/ location can significantly reduce the impact of fire, flood, access, employee productivity, health, strategic and operational choices such as multiple sourcing);
Can we mitigate it through the implementation of the correct disciplines? (for example, project failure can be mitigated through accurate design and effective monitoring or customer loss through programmes such as customer satisfaction audits);
Can we share the risk? (credit insurance for example).

Each of these actions will involve cost. Some of this will be essential – such as fire doors for example – but much of it will be discretionary. Decisions will have to made as to the level of investment that the organisation is prepared to make to control and manage the risk – often not easy when resources are limited. As contingencies, by their very nature do not occur when expected, the organisation needs to budget for them – and this obviously relates to the level of risk inherent in the environment. Where the risk is low, the set aside can be also low. Where it is high – for example in start up high technology ventures, the additional resources should be considerable. In the existing company a review of unexpected expenditures over a three year period will give a good starting point for setting contingency budgets, while benchmarking and industry experience will give similar indications for start up companies. 

Information systems

A second important impact on the overall business and development efficiency of the contingency plan is the review of the information system. It will emphasise the need for information gathering, correlation and review processes to meet specific company requirements. 

Some failure is obvious and easy to identify, but much can be quite complex. For example, loss of electricity supply is straightforward; employee fraud is often far more sophisticated. The review of the information system should initially concentrate on high probability/ high impact areas and ensure that changes in these criteria can be identified as early and as accurately as possible. Once this has been achieved it is important to ensure that the data provides access to the real problem. 

For example, a company sales may be in decline. Is the real reason that the product/ service is uncompetitive? That quality has declined? That sales force/ marketing effectiveness has declined? That the economy has changed? That there is a problem with a major customer? There is little point in spending money on sales promotion for example if the real reason is that a major customer has liquidity problems – that will be resources poorly spent.

Finally the information systems should be reviewed to clarify whether they can provide reasonable forecast data in key areas that need to be managed. Does the system provide accurate information on high probability/ high impact trends? Does it need to be strengthened? What research and/ or additional systems do we need to carry out? What are the associated costs? Primary research can be very expensive – is there adequate secondary research available? 

Action policies

The concept of the trigger point is important in establishing action plans and policies. At what stage should you take action? If sales decline by 2% - is it within the normal range of variance or does it demand correction? Each company will have different requirements and different market circumstances. The contingency plan needs to establish:

a) when the button is pressed;
b) what action should be taken at that particular point;
c) what action is next to be taken should the situation further deteriorate;
d) who is responsible;
e) how they will report ;
f) who they will report to;
g) how the organisation will measure that “success” has been achieved (however “success” can be measured);
h) What recovery measures then need to be taken.

These must be realistic: the organisation can carry out these actions – unless it has the resources to do so the plan will be useless.

Standard operating procedures

The important contingency plans need to be formalised and incorporated in documentation so that staff are aware of the plan demands and what actions should be followed. The simplest health check within the organisation is to ask managers a series of simple questions – what do you do if x, y or z happens? If they cannot answer, it is clear that there is a requirement for the creation of standard operating procedures available throughout the company to guide actions and decisions. Where a contingency plan is complex, it is unrealistic to expect individuals to remember the detail – but if they know that it is available both in written form and ideally on the company Intranet, they will be able to rapidly access and use it.
The other advantage of the standard operating procedure for the contingency plan is that it will provide an audit trail to ensure that specific tasks have been completed – important both for internal and any external review.

Contingency planning and training

Staff forget; when they join an organisation they need to become aware of its operating procedures. In both cases, the incorporation of the contingency plans into training makes sense, as part of an induction framework or as regular reminder or maintenance training.

Review and update

Circumstances change, and every organisation can learn from experience. Reviewing and updating contingency plans is essential – and where it has been used, a post plan review makes obvious sense so that improvements can be incorporated while lessons are fresh in the mind. Incorporating the contingency plan into the monthly review ensures that changes where necessary are made and that the key high probability/ high impact areas receive constant attention.

The planning platform and contingency planning

The contingency plan develops as an integrated component of the planning platform, which builds on knowledge centres, standard operating procedures on risk identification and management, effective business monitoring and project management techniques to evaluate performance and identify key risks, both in assumptions and in the control of projects.

E-mail Ibis for a no-obligation review of your current planning platform.