It is pretty incredible how much has changed over the last five months. The economic climate both nationally and internationally looks very different and there is more change to come.
Many businesses continue to adjust to the new climate and in doing so find themselves operating in markets in which they would not have expected at the start of 2020. These new markets bring with them new challenges and of course new risks; so, what do business owners and managers have to do to mitigate those new risks? Very little has fundamentally changed. You may be familiar with the risk management process of identification; plan; respond; and react. These steps have been applied in one form or another in most continuity plans. Rarely however, have they been so robustly tested and with some very mixed results when it mattered the most.
It is not the risk mitigation process that has changed but it does seem clear that the quality and the importance given to that process needs to be improved.
Risk management is often broken down into three categories:
- Preventable – day to day known operational matters;
- Strategic - based around a probability style matrix and traditionally dealt with by the more senior management team; and
- External – often matters outside of the businesses’ own direct sphere of influence.
While each of these categories are important, it is also necessary to ensure that they are considered collectively to ensure the plan is effective. All plans should be regularly reviewed and, importantly, robustly tested. Where plans have failed or been ineffective during the current pandemic, you will likely find that they were either out of date or not adequately joined up and they were probably untested.
Business owners tend to have an effective plan for operational matters, those that do not are likely to fail relatively quickly. At the strategic level, some key questions that should constantly be kept under review are:
- What has changed in your sector or in the economy generally?
- What has changed for your customers?
- What are your competitors doing?
- What is happening in your own organisation?
Understanding what is happening in these four areas on a regular basis will help identify those risks that can impact your business and in doing so, effective plans to mitigate those risks can be made. At this time where information is readily accessible, investing the time and resource to obtain the right and relevant information to facilitate the decision-making process is extremely valuable. You should not stop there however, having someone challenge those decisions and ask difficult questions will make for a healthier and more robust process.
Business owners often struggle with how to deal with the external matters. This may be due to the apparent difficulty in predicting such matters, the relatively low likelihood of those events happening or simply due to the fact that people see them as matters that they cannot control. We should not simply ignore these however, as recent history has demonstrated, while such events may be unlikely, when they do happen, they have a big impact. It is interesting to note that the UK’s National Risk register identifies twelve high consequence risks facing the UK. This includes risks such as: flooding; severe weather; attacks in crowded places; electronic attacks; and, of course, pandemic. As their name implies, these are risks that could result in major disruption in the business and the economy at a national (and global) level. Anyone that has been active in business over the last 20-30 years will now have experienced, to some degree, all twelve of those risks, so as unlikely as some are perceived to be, history tells us that they are real. This also means that we have a bank of knowledge and information from which to refer and build into our plans.
We are five months along from the start of lockdown, we have ridden the rather bumpy ride and find ourselves having to reassess our businesses and reconsider new and old risks. In doing so we can draw on our experience and that of others and use what we have learned to update our continuity plans. It is probably fair to say that crisis management is likely to be taken more seriously than it was previously as it is very real at the moment. Business managers now have a real-life insight into areas such as:
- What the maximum period of disruption in activity looks like;
- What is required to effectively initiate remote working;
- The availability of IT resources and the speed of implementation; and
- Return to work protocols.
Many of which were previously theoretical or simply educated guesses.
Having flexibility through a range of options is now the preferred place to be, whether that is through: the skills and experience of the people working in the business; the facilities available to them (premises or otherwise); IT resources and the reliability thereof; or the diversity of the supply chain. The ability to switch to a different option provides greater security and a proactive response to any uncertainty. This is only achievable however where the plan is regularly reviewed, updated, challenged and importantly, tested.
Do not underestimate the importance of revisiting and knowing what your customers are experiencing and what requirements they may have. The same also applies to your supply chain where having more options can be critical. We will all be aware of the changing status of various locations, mainly on the global scale, but there are also some at the domestic level too. The disruption that government-imposed restrictions may create for your businesses supply chain may be more damaging than you think if you do not have the advantage of alternative suppliers and resources.
No longer can a businesses’ continuity plan be a dusty file on the shelf. It is now a live and integral part of a business that drives its vision, values and of course ensures its continued existence.