A plan for the unplannable. It sounds like an oxymoron, but that’s the concept behind a business contingency plan: Preparing for potential risks to your company to ensure as much business continuity as possible, even when the unexpected happens.
Every business faces upheaval, disruption, and unanticipated setbacks, some more surprising or serious than others. No matter the scope of these potential events, you can take steps to protect your company. Here’s what to know about a business contingency plan and how to develop a successful playbook—even if you hope never to use it.
What is a business contingency plan?
A business contingency plan (or business continuity plan) is a strategy for how your company will respond quickly to disruptive events and keep operating. A comprehensive plan lays out the steps management, employees, and other stakeholders would take in multiple scenarios to help minimize the impact on day-to-day operations and quickly recover. Minor unexpected events might include a technical failure that leads to a website outage for several hours or an illness sweeping through your customer service team and leaving it shorthanded.
Contingency plan vs. risk management
Contingency planning is related to risk management, though they differ in several important ways. A business contingency plan provides for a tactical response to a specific disruption, and it’s focused on ensuring business continuity while helping the company recover as quickly as possible. By contrast, risk management is a broader and ongoing process: brainstorming all the possible risks to your company, assessing the likelihood of each one, and implementing strategies to reduce or manage the risks.
Contingency plan examples
Planning for natural disasters is an example of a contingency plan. Say some of your employees are based in the Midwest, and a tornado touches down where three of your workers are based. The same might hold true if a hurricane strikes the Florida coast, where your business has a large office. A designated staffer contacts those affected and confirms they’re safe, but they can’t return to their duties until roads are passable, the power outage ends and Internet service is restored. Management then reassigns any critical operations like order fulfillment to other staffers, who have been trained and prepared for these tasks to ensure business continuity.
5 steps for creating a contingency plan
- Assemble the planning team and brainstorm key risks
- Perform a business impact analysis (BIA)
- Develop response and recovery strategies
- Test the plans and train staffers
- Regularly review new risks and update plans as needed
Here’s a step-by-step guide for developing a contingency plan:
1. Assemble the planning team and brainstorm key risks
The contingency planning process should include not only management but key personnel: leaders from IT, procurement, human resources, sales, or any other relevant teams. Company-wide representation is an important aspect of any brainstorming session for identifying possible threats because these workers understand details of the organization’s operations and the biggest risks. An open dialogue about business risks is a good way to start to create contingency plans both comprehensive and successful.
2. Perform a business impact analysis (BIA)
Analyzing your business’s normal operations can help you identify the most significant potential threats across the entire organization. Which business functions and systems are most critical? What’s the potential financial, operational, or reputational impact of each specific risk? What’s the worst-case scenario for each aspect of the company’s operations? How could that cascade to other parts of the business? Answering these hypotheticals will help you prioritize and begin shaping mitigation plans.
3. Develop response and recovery strategies
You can now develop a mitigation plan and recovery strategies for each of the scenarios you’ve identified so far. The process will vary depending on the crisis you’re facing, but it could include establishing emergency response procedures, data backup, alternate supplier options, remote work arrangements, natural disaster recovery, and supply-chain crisis management. This process can include designating who’s in charge of crisis communications after an unfavorable event.
4. Test the plans and train staffers
Conduct plan testing through simulation exercises to assess your contingency plan’s strengths and weaknesses and to determine if there is any need for changes, or even a backup plan or Plan B. If the plan is revised, inform key staff and train them in the new protocols. This could include natural disaster and fire drills, mandatory employee training on cybersecurity best practices and crisis response, or cross-training some staffers to perform other duties if needed.
5. Regularly review new risks and update plans as needed
Because risks evolve, revisit and revise your plan to be better prepared to avoid disasters. Periodically reviewing new risks is an essential step in plan maintenance and includes implementing lessons from internal or external incidents, adjusting for changes in staff and operations, and considering new technology or tools.
6 types of contingency plans
Contingency plans are unique to each business, but there are several major types of contingency plans, including:
1. Information systems
This is a primary plan for many companies because most organizations depend on computers, data storage, and the internet for daily operations. Risks include system outages, cyberattacks, and data breaches. The contingency plan may cover data backups and recovery, system redundancies, and hacking response procedures.
2. Disasters
These plans often address both smaller-scale disasters and major so-called act-of-God events. Lower-impact possible risks might include incidents like a burst pipe that renders the main office unusable for several days, while high-impact potential risks may be a major natural disaster like a hurricane that destroys an office or ruins warehouse inventory. Mitigation strategies may involve ensuring worker safety, restoring information technology (IT) systems, shifting staffers or critical business functions to other sites, and other steps to get business back to normal as quickly as possible.
3. Financial
This part of the contingency plan addresses financial events that may be internal to the company or macro external factors. Risks include inevitable periodic economic downturns, which can hurt customer spending power and demand for your products. Other risks may be internal and potentially more damaging, like employee theft of funds or inventory. Each results in financial loss for the company. Contingency plans might include maintaining a minimum cash reserve, tapping a bank line of credit to improve your cash position, or boosting sales with strategies like new revenue streams or adjusted pricing.
4. Crisis communications
This portion revolves around clear internal and external communication in times of crisis. Risks include a lack of internal alignment on messaging, confusion among employees about the company’s response or their part in it, and negative external attention or press coverage that harms your brand or reputation. This plan should include processes for clear communication channels to staffers and external stakeholders, training and briefing of designated spokespeople, and establishing a chain of command to manage messaging and keep important parties up to date on the crisis as it evolves.
5. Health/pandemic
The sudden spread of COVID-19 spurred most companies to develop plans for managing a pandemic or other health crisis. Measures could include employee safety protocols, rules for entering the workplace, communication with stakeholders, and shoring up remote-work support and technology.
6. Supply chain
Your company’s ability to produce products and services may depend on access to materials or suppliers. If so, risks include disruptions like raw materials shortages, supplier failures, and trade restrictions. Mitigation plans may involve securing backup suppliers, tracking logistics challenges in the market, and maintaining an emergency supply of inventory or materials.
Business contingency plans FAQ
Why does a business need a contingency plan?
Every business faces upheaval, disruption and unexpected setbacks. Preparing for these events with a contingency plan can help the entire team work together to stay calm, execute the plan, and ensure as much business continuity as possible.
What’s the difference between contingency planning and crisis management?
These concepts are related but not the same. Contingency planning is about a proactive strategy: developing a plan for coping with potential disruptions or crises in the future. Crisis management, by contrast, is reactive and in the moment: the actions taken in response to an event, which often includes implementing steps in the contingency plan, if one exists.
How do I avoid contingency planning pitfalls?
Businesses can take a few steps to avoid pitfalls in contingency planning: involve key stakeholders inside and outside the business to develop the plan; prioritize risks based on likelihood and impact on the business; test the plan and revise it as needed; conduct periodic, comprehensive risk assessments; and train employees and make the lines of communication clear in case of crisis.