“There is no way to prepare for a black swan event like COVID-19,” we hear from many executives. However, in our article, we are going to prove to you that the most affected companies had one issue in common – insufficient continuity management. Learn from the ten most common mistakes we have observed.
Over the past year, we found out that most companies’ readiness for unexpected situations didn’t go any further than recovery plans after equipment or external supply failures. However, recovery plans offer only limited options. They only respond to partial problems, not complex changes in the environment. Organisations lacked basic business impact analysis and prioritisation using risk analysis.
First, distinguish processes that can be temporarily limited and processes that must be maintained to keep the company running. Next, identify the weak points of essential processes, prepare a continuity plan, and finally, a recovery plan.
1. All companies need to prepare for unexpected situations
Many companies sent their employees to work from home during 2020 but did not have laptops or MS Teams available for them. These organisations did not manage risks associated with an interruption of business activities at all or completely inadequately.
In 2020, we saw that all industries, from the health sector and restaurants to state administration and the automotive industry, were undergoing moments of crisis. Operations may be disrupted by natural disasters, epidemics, cyber-attacks or just a mishandled advertising campaign. So, every company should assess risks and prepare responses to them.
2. Find out which processes you must keep, and which processes you can do without for a while
Many companies only had in place continuity and recovery plans for information systems and manufacturing technology. They completely disregarded a possible lack of employees working in production or the impossibility to use offices. Yet, even in “normal” times, workers may be struck down by an annual flu epidemic and offices may be put out of operation by fire or flood.
You cannot control all processes. Therefore, you must focus on protecting the most important ones. These include processes that add value to your customers or are essential for the operation of your organisation, such as production and call centres, or communication tools such as emails or MS Teams.
3. Do a thorough risk analysis. Think about probability and impacts
We asked one company whether they are prepared for both administrators being ill at the same time. They replied that they had never considered anything like this as it had never happened to them. There were two administrators in the company.
Companies have forgotten that a low probability does not mean a low risk. A low probability with a huge impact signifies a big risk.
First, identify the resources the processes depend on. Consider that not only materials and finances are important, but also human resources. Then, think of all situations that may arise. COVID-19 has taught us that we must consider the long-term absence of half our people.
4. Recovery plans are not enough. Prepare continuity plans
Companies needed to quickly increase the capacity of call centres during the COVID-19 pandemic. But many of them were not able to do so. Their processes were only set up for a number of served customers and orders. They did not have any plans, reserves, trained staff, laptops or communication plans.
Continuity not only addresses system failures, but also the need to increase performance in the short-term.
When you are aware of your vulnerabilities, you may start planning. Define what procedures you will use to secure alternate supplies. Train employees in other positions so they can fill in, e.g., in the call centre.
During COVID-19, even if organisations managed to restructure and increase the capacity of their call centres, customers did find out about it as there was no communication plan in place. Therefore, consider communication both outwards to customers and inwards so that employees themselves can inform customers about changes.
5. Update plans at least once a year
We’ve encountered companies where some technologies were controlled by a single person. Companies have streamlined their processes and reduced their headcount but failed to assess their risks. They rely on strategies that are ten years old and cannot be used because of changes in the organisations.
If the external situation is stable and your company is not changing internally, it is enough to revise your continuity plans once every two to three years. However, your initial risk analysis should be reviewed at least every year or after each major organisational change. If the risks have remained the same, you don’t have to change the plan. But changes in risks bring with it the need to rewrite the whole plan.
In the next part, we will talk about how plans should not be left to be forgotten in a drawer. We will discuss what continuous improvement means and show you continuity’s place in the organisational structure. We will also describe the errors made by car companies and one Czech hospital.