Risk management is a topic that never gets old. In business, managing risks properly allows companies to minimize the downtime and expenses associated with negative events that sometimes occur and ensure uninterrupted business operations.
What exactly is the contingency plan?
A contingency plan is an emergency plan or plan B.
It is used when something goes wrong and immediate action is required to minimize the damage. The plan is focused on events that may or may not happen, but if they do – some form of disruption will occur to the business processes.
Why does everyone need a contingency plan?
No one is immune to disasters, malicious behavior, or bad luck.
In project management or company management in general, and even in our personal lives, accidents and emergencies are almost inevitable. Whether we like it or not, something is bound to go wrong at some point.
Here are some of the examples of risks that a business contingency plan can target:
- Hackers steal and/or delete your business data.
- Key staff members leave the company abruptly taking the knowledge with them.
- Natural disasters destroy your office space/production site.
The cost of mistakes is very high these days. Clients are ready to walk away at any time, and competition is ruthless. Every disaster that the business goes through can be its last one.
Digital solution to support your contingency plan
There are many ways you can build and enhance your contingency plan that we will discuss later in this article.
One of the great ways to combat many business risks or mitigate them at least is through digitizing your workflow. For example with online group task tracker. Keep your project details, meeting notes, product backlog, and everything else online. Then you won’t be tied to a specific location, and everyone on the team will have access to everything 24/7.
In addition to storing all your data securely online and ensuring continuous business flow, Bordio offers:
- Online calendar planner with events and tasks all in one place.
- The waiting list task planners for all unscheduled tasks, dreams, and some-day ideas.
- Project planning tools for self-check to ensure you don’t burn out.
How to create a good contingency plan?
The beauty of the contingency planning process is that it can look any way you like. Still, there are steps that you can take in order to ensure that the plan that you’ve prepared is a good one.
#1 Create a list of key business processes
Before you can plan out your strategy for emergencies, it is important to outline everything that is essential (=critical) to the company’s operations.
Really take your time with this step and ask your team to help out. The less you miss in step one, the more prepared and secure you will end up with the contingency plan.
Use the following questions to help with brainstorming:
- What roles are critical for business?
- Do key employees hold unique knowledge that is not documented somewhere else?
- What processes are mission-critical and ensure normal operations?
- Who’s/what absence would cause disruption and delays?
- What departments/processes require the most resources to build and maintain?
- What resources does the company rely on to continue its operations?
There are many more questions you can ask yourself, but these five should already put you in the right direction.
#2 Think of all risks that can occur with these processes
Just like with step one, don’t rush through the risk identification stage and engage your colleagues if you work with a team.
The goal here is to identify key risks and write down as many of them as possible. Not to have an anxiety attack but to use this list as a base for further contingency planning.
Tip: Once you’re done with the list in your task organizing app, sit on it for a couple of days. Get back to the list with a fresh mind, go through it and see if you get any new ideas that you didn’t think of before.
If you get stuck, use the “What if” question to get creative again. It is a simple tactic for brainstorming that helps come up with the most unexpected, yet possible risks.
#3 Evaluate the risks you’ve identified
Once you know your risks, it’s time to do deep work with them and conduct business impact analysis (a.k.a. risk assessment).
With risks, your key focus should be on understanding their:
There is just the right tool for that – the Impact Probability Matrix, which helps visualize and identify how likely those risks are to occur and what their potential impact is on business.
There are many ways you can classify your risks with this matrix, but we recommend keeping it simple and sticking to the three main categories: high, medium, and low.
Why is this step necessary?
No matter how good your time management skills are, there are rarely enough hours in the day to accomplish everything on our online to-do list or schedule weekly planner. And it is vital that the most critical stuff gets done.
As you look at your list of risks with their severity and likelihood identified, you will be able to prioritize your tasks and work on the most pressing threats first. The 80/20 rule applies to risks too – 20% of risks are responsible for 80% of trouble. Sort those risks out first, and you will already be in a far better position.
#4 Calculating the cost of potential risks
As you work on classifying risks, consider calculating potential costs too. For example, if your online services go down, how much would each hour of downtime cost you? Having numbers in front of you will be extremely helpful when you’ll be thinking through a disaster recovery plan and avoidance scenarios. And if you need to request a budget for those measures, showing real financial damage will help you get approvals much easier. After all, experiencing an emergency is bad, but having no cash to deal with it is even worse.
#5 Working on mitigating the risks
Some risks can be mitigated and avoided completely, others to a certain degree. But to achieve any of that, you need to be proactive about mitigation.
Let’s take the online service as an example. Users log into the web interface to access certain functionality, such as personal finance tools. One of the risks that such a service might experience is hacker attacks and data leaks. Both are horrible risks that can be detrimental to the survival of the service.
So, to mitigate the data leak and hacking issues, for example, you can implement a 2-factor identification and a certain complexity requirement for user passwords. Also, don’t forget about the security of your online weekly schedule maker. Your team in the backend can simultaneously work on strengthening the existing code and implementing more vigorous bug tests to reduce the probability of the solution being hacked.
An alternative example is creating backups of all your critical data and storing it offsite. So, if something happens to your primary server with all data on it, you’ll be able to access and restore the company’s information quicker (or even instantly, depending on the strategy you implement), reducing potential downtime and losses.
Pro tip: Some risks are very hard to mitigate, and if their probability is very low, then you might consider the cost of ignoring the risk versus the cost of mitigating it. If you choose to leave the risk unattended, remember to factor in the reputational loss in addition to the financial.
For those risks that cannot be mitigated completely, still look for ways to reduce their probability or impact.
#6 Creating an action plan for potential risks
Now that we know all the risks that are out there and have worked on mitigating some of them, it’s time for the most exciting part – drawing up an action plan for top-priority risks.
At this point, we focus on reactive measures –
- What do we do when something bad happens?
- Who has to be notified about the incident/issue?
- Who is responsible for overseeing the contingency plan in action?
For example, if there is a data breach, we have to assign specialists to identify and remove the issue while communicating to our clients, partners, and employees openly about the situation and what we’re doing to resolve it. All management needs to be notified, and the Head of IT is responsible for normalizing the situation.
Or, if you experience rapid growth of customer requests and your support team can’t handle it, we reach out to on-call staff to assist with the avalanche of work. HR needs to be notified to onboard temporary staff and the head of the support team is ultimately responsible for sorting out the problem.
It is also recommended to create a timeline and agree on acceptable issue resolution timeframes and have a communication plan in place too so everyone in the company knows what to do in case of an emergency.
Tip: If you’re short on time, deal with high impact high probability risks first and schedule the rest of the work for later. To make sure you finish the contingency plan for each and every risk, schedule time blocks in Bordio over the next few weeks. Time blocks will ensure you don’t get overbooked and will have the capacity to finalize this important task.
#7 Get approvals for contingency plan from department managers
Ideally, you should be working with managers throughout the entire process of creating the contingency plan, so they should be well aware of what’s in it.
Still, make sure you get formal approvals from everyone before the plan is shared further. Everyone needs to understand and accept the plan. When the disaster happens, there will be no time for discussions or misunderstandings.
#8 Communicate the details of the contingency plan with the team
Make sure that your team is in the know.
Share that you have a contingency plan, why it’s there and how it’s beneficial to everyone. Let respective departments know about the potential risks you’ve identified for their workflow and how such risks will be addressed. Keep all information about the contingency plan and key steps somewhere everyone can see them, for example in a shared Bordio note.
#9 Contingency plan maintenance
Once your contingency plan is implemented and rolled out, you’ll need to update it regularly to ensure it remains relevant. Things change, and they change fast. New processes are introduced in companies all the time, making your current contingency plan obsolete.
Make sure you not only create contingency plans but review them at least once a quarter or every time your risk management strategy is updated. If you follow Scrum methodology, for example, you can run such contingency plan check-ups during Sprint Review meetings. Also, conduct a contingency plan review each time a major change is introduced in the company’s workflow.
That way, you will truly protect yourself against the unknown and keep the business secure.
Contingency plan risks to watch out for
There are key risks associated with contingency planning that can jeopardize the entire initiative. It’s good to be aware of them to be able to prevent them.
Risk 1: The initiative is not supported
Often stakeholders agree to something reluctantly but don’t support it fully. With business contingency plans, it’s a matter of business survival, so it’s critical to ensure honest buy-in from all key stakeholders.
Risk 2: Outdated contingency plans
We’ve talked about it already, but it’s a very common risk, so it’s worth repeating it. Contingency plans are not meant to be done and forgotten about. It is a lot of work to draw up such a plan, so there is a lot of temptation to just leave it once it’s finished. However, an outdated business contingency plan is worse than a non-existing one, because you can make the matter so much worse with an inadequate emergency response.
Risk 3: Refusal to think about plan B
It’s human nature to not want to think about negative things. That’s why so many people ignore insurance policies, never make a will, and skip data backups. Same with companies, employees and managers might not want to think about unexpected events or the possibility of something going wrong. It’s vital to build a trusted relationship with them and explain how such superstitions can damage the company’s future.
Final thoughts on the contingency planning process
The best scenario for a contingency plan is to never be used and it’ll just be there somewhere ready to go in the virtual planner app. Yet, if something bad does happen, the second best thing is to have a relevant, detailed, and well-thought-out plan that will save the day when the disaster strikes.