RISK MANAGEMENT: Companies need proactive, continuous contingency planning

The past two decades have held dozens of events that have significantly impacted our quality of life – including natural disasters, pandemic concerns, terroristic activities, and business disruptions – and thus have affected the overall workforce and their organizations. Each of these events has sparked discussions around preparedness, contingency planning, mobility, redundancy, and the ability to rely upon our vendors and supply chains, and made us acutely aware of just how vulnerable our organizations and workforces are to these large-scale crises. 

Currently, rapidly increasing concerns related to the global spread of the new coronavirus, COVID-19, have sent the markets into a spin, and many companies have found themselves ill-prepared to deal with the potential impact that large-scale employee absenteeism would have on their organizations and the vendors they rely upon.  

The coronavirus will eventually be contained, and the world will once again return to yet another new state of normalcy. However, the impact created by the spread of the coronavirus, coupled with the inevitability of new crises around the globe, should leave behind a sense of discomfort related to how prepared we actually are to handle the next event and serve as a driver to increase organizational efforts related to contingency planning. 

The time to prepare for the risk of a reduced workforce is now… and always

Organizational leadership, board members, and audit committees should require risk management professionals and internal auditors to present organizational contingency plans throughout the year. They should be asking questions such as: 

- Do we have business continuity management (BCM) processes established within our organization or documented contingency plans? When was the last time they were refreshed?

- Have our plans been communicated? Have we confirmed awareness of the processes throughout the workforce?

- Have our processes and plans been tested?

- How many people’s (or whose) not being able to get to the primary workplace would create an issue? 

- What scenarios or situations does our contingency plan not address?

- Who are our key vendors? What are their plans? 

- What companies consider us a key vendor? How much revenue is tied to that relationship? 

- Would an investor view our contingency planning processes as a value add? Should our plans be disclosed in an environmental, social, and governance (ESG) report?

If your company has not yet taken the first step toward BCM or contingency planning, you’re not alone. Here are a few actions you can take to get started immediately. 

- Identify and document (in detail) the current processes and measures within your organization, along with the roles and responsibilities of various professionals that are crucial to ongoing operations.

- Identify and have discussions with key vendors on contingency planning. Some organizations require key vendors to present annually on how they are managing various risks. 

- Understand your company’s current capabilities related to a mobile workforce.

- Conduct facilitated scenario-planning sessions, focused on the risk of your employees or the employees of key vendors not being able to work on-site.

- Based on the information gained from the above actions, begin to create contingency plans for your organization.

Contingency planning can no longer be an afterthought or a process that we discuss once a year. The “new normal” requires proactive and continuous contingency planning that is imbedded into every organization’s risk management culture.