The whole point of contingency planning is to think and map before crisis happens. This allows you to be agile and fast to action with minimal disruptions when it does. It takes normal risk management an extra step in order to have clear plans and options once crisis strikes.
The basic principles are very simple:
- Understand what is (actually) critical to deliver in terms of services or production.
- Understand what resources are critical to the delivery and have a plan to secure them.
- Map your assets and identify assets that can be leveraged in a crisis to ensure delivery.
- Map risk scenarios and establish action plans against them.
Having said this, every part can be made as complex as you’d like with for example planning-variations based on threshold values and so on. But no matter how detailed the plan, the old truth applies: Also the best laid plans rarely survive intact the first contact with reality.
There is a potential value in not spending too much time on overly detailed planning, but focusing on sufficient detail to ensure that everyone knows what to do when crisis strikes. What is good enough? Only you can decide that. Are you comfortable with your plan as it stands? Does everyone know what to do if/when crisis hits?
Here are the steps we see as key to good contingency planning:
- Map your obligations/objectives. What do we have to deliver also in crisis?
- Identify critical resources required to deliver. What do we need in order to deliver on our ‘musts’? Identify alternative ways to secure these resources or alternative ways to meet the obligations/objectives. Can we solve it in a different way even if less optimally?
- Identify critical assets. What assets do we have in terms of for example buildings, vehicles, capital, and so on, that will create space to act in a crisis? Map the readiness-status and scope of the assets. How is the capacity in the buildings? Is there fresh water and toilets? What key vehicles do we have and where? What is our capital reserve?
- Identify realistic risk scenarios and specific risk events within each scenario that would affect your operations. What type of events could affect our ability to meet obligations/objectives? Create action plans against specific risk events. If X occurs, what actions ABC do we need to take in order to minimise disruptions to operations?
Beyond this, you also need to consider and document for example scheme of delegation in crisis, communication trees, and so on.
Good luck and remember: Being reactive is always more difficult and more expensive than being proactive – even if it feels like more work to think first.