How to Create a Robust Business Continuity Plan

Below is a rundown of various factors to watch out for and skillfully navigate the impact of the crisis that lingers for a considerable time, even after it is over.

Apart from maintaining business continuity in the short run, the after-effects of the current situation and the tough decisions to be taken to survive can have an impact on customer trust, investor and staff trust, and branding among others.

How to Create a Business Continuity Plan in 8 Easy Steps

If you have a comprehensive corporate risk management policy, and tool, its principles still hold good. If your tool facilitates you to identify, assess risks, and develop the preparedness and response actions to the identified risks, escalates them to the C-suite, and monitors all the levels, you can do the planning under the corporate risk management policy. However, understanding the process greatly helps build a robust plan.

Define your purpose and objectives for the business continuity plan clearly

Your goal can be very focused on increasing the company’s resilience in case of potential disruptions. After defining the purpose, enlist your key objectives of the plan in clear terms. Elements may include:

• To ensure continuity of critical business operations and IT operation essential for conducting business during the crisis.

• To minimize the disruption of critical operations to a near-zero level with a resilient business continuity strategy and framework while meeting regulatory requirements.

While executing each of the following steps of the business continuity planning process, make sure to document them. They can be verified and revised before releasing the final plan.

Build accountability for implementing the plan

While the ultimate responsibility may rest with the board, accountabilities for management and execution must be defined. A senior executive accountable must:

• Help employees to understand and become familiar with the plan so that they can effectively carry out their roles when the plan is ready.

• Ensure that the plan is maintained, reviewed, tested, and revised regularly.

• Approve and sign off every time the revisions or updates are made

Gather inputs, identify and score risks

• To start planning, invite the head of each function including representatives from operations, supply chain function, human resources, administration, IT, and communication, security and other departments of your business.

• Use a risk matrix as shown below to identify and record key risks. In the same matrix, record the potential consequences on staff, operations, assets and facilities. Obtain the risk levels by defining the impact of the characteristics and likelihood of occurrence.

Using the risk scoring table, determine the risk criticality levels. These scores will allow you to prioritize addressing of risks.

Assess their potential consequences on functions and operations

Once you have scored the risks, classify which risk actions you need to start, and which risk actions are already in effect. For those risk actions already effective, check and ensure if you need to bolster or improve them. Consider the following examples:

• During this time of COVID–19, banks may have to make adjustments in operating models and make swift innovations due to the misaligned revenues and cost. Also, there is a huge change in customer service preferences. Customers are increasingly looking to run their financial life through apps and online banking. And so, banks are expected to act swiftly to increase awareness and take other response actions.

• A retail store that focused on offline sales might choose to increase the focus on online sales.

Then ensure that the critical risks and risk responses are included in the risk register.

This step mainly will help in budgeting and finance allocation.

Put measures in place for the safety and security of employees, facilities, staff and operations

Examples include:

• Policies and SOPs for remote working.

• Policies and SOPs the safety and protection of employees of some essential roles that need to be conducted from an office or on location.

• Cancellation of business trips, meetings and events and the arrangements for virtual meetings.

• A taskforce to continuously assess the COVID-19 situation and a clear command and control matrix, covering all functions with a needed backup.

• Engagement with the third parties and partners who support to strengthen the continuity of your operations further and minimize the impact.

• SOPs for communicating emergencies.

• Facility specific security plans.

• Asset protection policies – e.g. inventories, information technology resources, etc.

Activate the plan

Use risk assessment and possible scenarios as triggers for activation or deactivation of the plan.

Monitor, update as needed

Monitor and regularly update the plan according to the evolving risks and needs.

Apart from the plan, as we enter more normal times, people will expect businesses to be more aware of social responsibilities, and particularly during the pandemic, how the company is aligned with environment, health and safety-related activities. All will play a big role in brand building and will need to be well thought-out and documented.

Here’s to your business continuity planning success!