Contingency Planning


A well developed contingency plan has enormous value for the organisation beyond the obvious – the ability to speedily, smoothly and cost effectively respond to significant changes in the environment. The development of a comprehensive contingency plan will:


  •  Focus the company on identifying what risks exist and the levels of that risk;
  •  Enable the company to review the overall objectives of the existing plan in the light of the risks identified, (especially their impact on company KPI’s);
  •  Assist in creating strategies to manage and mitigate risk (prevention being far cheaper than cure);
  •  Review the existing information system to clarify whether it can both identify failure early (early correction is far cheaper and easier than late), correctly  (taking the right action for the right reasons rather than the wrong actions for the wrong reasons), and has the ability to forecast significant changes in the risk environment (controlling change rather than reacting to it is always more cost effective);
  •  Establish a set of actions/ policies which are in line with the problem (this is the concept of graduated response – as problems grow worse, more severe actions need to be considered, but it is often early and small changes that prevent larger difficulties occurring in the future);
  •  Formalise contingency plan actions into standard operating procedures (SOP);
  •  Provide for the integration of contingency plan actions into company wide induction and maintenance training to ensure rapid and effective response, and link with outside agencies where necessary;
  •  Create a framework which can be continuously reviewed and updated, with post event analysis incorporated into best practice.

Software exists to assist the company in the creation and management of contingency planning, but an initial manual approach is advisable – otherwise the company either over or under plans its responses.


Two golden rules should be followed in assessing potential risk – What can go wrong, will go wrong, and – If it cannot go on, it will not. An initial assessment of possible risk components should be as broad as possible – the Ibis standard checklist has over 160 items listed, but within this list there are two important groups – those that have high probability of occurring and those that have high impact on company performance. These will vary over time and for specific industries. The worst group is obviously those that have both high impact and high probability – such as fuel prices in the airline industry.

Eight broad types of risk exist for each enterprise, though they obviously influence each other:

Strategic risk;
Macro environmental risk;
Operational risk;
Stakeholder risk;
Competitive risk;
Implementation option risk;
Project risk;
Disaster risk

Strategic risk is concerned with the mixture of strategies that the enterprise follows with some such as diversification being far more risky than market penetration, and it is also concerned with portfolio theory and the need to diversify products, customers, countries, suppliers, finance and personnel.

Macro environmental risk is concerned with the way in which the Political, Economic, Social, and Technology components will influence the enterprise.
Competitive risk is concerned with the way in which competitors both currently and in the future will affect enterprise policies.
Operational risk is associated with the ability of the enterprise to implement its policies, including such problems as quality, delivery, customer satisfaction, security, fraud, personnel and production/ service delivery failure.
Stakeholder risk is associated with problems due to one or more of the various stakeholders (employees, suppliers, government or others) changing their policies or failing in the delivery of particular planned actions.
Implementation option risk is associated with difficulties encountered during the action planning of policies such as mergers and acquisitions, franchising, partnering.
Project risk is focused on the probabilities that certain tasks within a project will face problems of time, budget or specification achievement.
Disaster risk concerns the planning for “major” events, such as hurricanes, riots, tidal waves, floods, air crashes and the like.

Impact on objectives

One of the more useful aspects of contingency planning, and one little discussed, is its relationship to the structure of the overall plan. The creation of the plan should lead managers to consider the impact of changes in risk on the probable level of organisation performance. As the level of environmental risk increases, so will the risk of not achieving the plan objectives. What level of risk is acceptable to stakeholders? Does a changing level of risk imply the need for changed objectives? For example, a high probability/ high impact risk would be a recession for a consumer goods company – should not this imply a changed set of objectives from perhaps aggressive to conservative?

Defining responsibility for contingency planning

The devolution of company authority and responsibility through the creation of strategic business units and knowledge centres provides the best solution to contingency planning. Knowledge centres will understand the underlying risks better than central management; they will be able to react more quickly and more effectively. Incorporating contingency planning as part of a bottom up business plan by integrating contingency planning into knowledge centre reporting will focus each team on creating and maintaining effective contingency plans.

Managing risk through designing out, mitigating and sharing

As the development of the contingency plan identifies the major risk components, management can consider each with the following questions:

Can we design it out entirely or partially? (for example, premises design/ location can significantly reduce the impact of fire, flood, access, employee productivity, health, strategic and operational choices such as multiple sourcing);

Can we mitigate it through the implementation of the correct disciplines? (for example, project failure can be mitigated through accurate design and effective monitoring or customer loss through programmes such as customer satisfaction audits);

Can we share the risk? (credit insurance for example).

Each of these actions will involve cost. Some of this will be essential – such as fire doors for example – but much of it will be discretionary. Decisions will have to made as to the level of investment that the organisation is prepared to make to control and manage the risk – often not easy when resources are limited. As contingencies, by their very nature do not occur when expected, the organisation needs to budget for them – and this obviously relates to the level of risk inherent in the environment. Where the risk is low, the set aside can be also low. Where it is high – for example in start up high technology ventures, the additional resources should be considerable. In the existing company a review of unexpected expenditures over a three year period will give a good starting point for setting contingency budgets, while benchmarking and industry experience will give similar indications for start-up companies.

Managing risk through improved information systems

A second important impact on the overall business and development efficiency of the contingency plan is the review of the information system. It will emphasise the need for information gathering, correlation and review processes to meet specific company requirements.

Some failure is obvious and easy to identify, but much can be quite complex. For example, loss of electricity supply is straightforward; employee fraud is often far more sophisticated. The review of the information system should initially concentrate on high probability/ high impact areas and ensure that changes in these criteria can be identified as early and as accurately as possible. Once this has been achieved it is important to ensure that the data provides access to the real problem.

For example, company sales may be in decline. Is the real reason that the product/ service is uncompetitive? That quality has declined? That sales force/ marketing effectiveness has declined? That the economy has changed?  There is a problem with a major customer? There is little point in spending money on sales promotion for example if the real reason is that a major customer has liquidity problems – that will be resources poorly spent.

Finally the information systems should be reviewed to clarify whether they can provide reasonable forecast data in key areas that need to be managed. Does the system provide accurate information on high probability/ high impact trends? Does it need to be strengthened?  What research and/ or additional systems do we need to carry out? What are the associated costs? Primary research can be very expensive – is there adequate secondary research available?

Action policies

The concept of the trigger point is important in establishing action plans and policies. At what stage should you take action? If sales decline by 2% – is it within the normal range of variance or does it demand correction? Each company will have different requirements and different market circumstances. The contingency plan needs to establish:

What are the key areas of remaining risk that need to be managed
What the budgetary implications are for the required action(s)
What initial investment needs to be made in creating the framework for effective response
What maintenance investment needs to be considered to ensure that the plan is continually active and responsive
When the boundary conditions have been exceeded
What action should be taken at that time;
What action is next to be taken should the situation further deteriorate;
Who is responsible for taking the corrective action(s);
How they will report;
Who they will report to;
How the organisation will measure that “success” has been achieved (however “success” can be measured);
What recovery measures will be necessary,
How outcomes will be reviewed and lessons learnt.
These must be realistic: the organisation can carry out these actions – unless it has the resources to do so the plan will be useless.


Every enterprise will need to budget for key contingency plans. It is obvious that when disaster strikes no operational unit should be required to check with senior management that the required expenditure is authorized. Obviously, not all possible contingencies should be treated equally.

Research on 1000 companies over a five year period identified the most common failure points which required specific corrective action in order of importance:

Cash flow
Sales variation
Finance covenant failure
Key employee loss
Supplier failure
IT failure
Delivery failure
Bad debts
Equipment failure
Skills failure
Quality failure
Data loss
Foreign exchange
Industrial relations dispute
Health and safety
Weather related failure
Security failure
Tax management

The inclusion of contingency plan funding in the enterprise budget has a number of implications. First it supports the view that the enterprise should ensure financial headroom through including an element of free cash flow. This free cash flow emphasis will encourage intrapreneurialism especially with internal competition for funds for cost management projects. With bonus systems in place which integrate enterprise wide objectives (normally from the balanced scorecard) with knowledge centre based budget and project management targets, overall operational performance will be enhanced.