Now is the time to update your business continuity plans: It’s critical to think about risk layering
By Eric Michrowski
With the first phase of the response to COVID-19 behind us, we are beginning to adjust to a new normal. But it’s now critical to start thinking of risk layering. The concept of risk layering is the effect of one risk piled onto another. In business, it’s typically risk layering that causes the most critical business failures.
While it might seem alarmist to think that something else could happen at this stage, it’s always better to think through the most critical steps that would keep our businesses and employees safe. Most Business Continuity Plans that I have seen are predominantly focused on mitigating the effect of a primary risk and due to the complexity of managing risk layering, such plans are fraught with vulnerabilities. Additionally, most Continuity Plans were designed to manage short-term events (i.e. impact of a hurricane or fire) which lessen the likelihood that they could face risk layering.
An executive recently commented: “all we need now is an earthquake!” That’s the very type of risk layering that we need to mitigate for. Unfortunately, most natural disasters won’t wait for the current pandemic to stop and in some cases the natural disaster season is about to begin (i.e. flooding). To make matters worse, most methods used to mitigate other business risks leverage methods that are the opposite of social distancing so existing plans might not be actionable.
Have you thought about what would happen if, tomorrow, amidst the current pandemic, you were to encounter one of the following additional risks?
- A natural disaster (i.e. fire, flood, hurricane, earthquake…);
- A key person risk (i.e. a critical leader is exposed to COVID-19);
- An evacuation of a key person’s temporary work location (i.e. due to a fire or explosion at home);
- Civil unrest impacting the safety of your sites, or key people;
- A failure of critical IT infrastructure;
- An environmental disaster (i.e. chemical release prompting an evacuation);
- Infrastructure failure (i.e. power failure);
- Arson or theft at your unattended primary work site.
Don’t throw the towel. Reflect and plan now!
As much as we don’t want to think about it, the likelihood of such risks occurring remain in the realm of the possible, but the impact would now be greater.
- Some municipalities have reported an increase of up to 20% in house fires due to increased cooking at home;
- Tornadoes have already hit a few regions in the US;
- With rapidly increasing unemployment, new risks become possible in the mid-term;
- Many facilities are left unattended.
I’m not proposing that organizations embark in a large Business Continuity Planning exercise at this stage. However, I do think it is essential for leaders to pause and spend at least 30-minutes to an hour with their leadership team to think through the impacts of risk layering. To prioritize risks and develop short-term quick hits for the higher risk items. These actions should be tracked in frequent team huddles until the mitigation actions have been completed.
The goal should be to come up with simple and very easy to implement actions to mitigate the impact of risk layering. For example, a key executive might prepare an emergency evacuation bag with their laptop and key business files that might need to be protected. Or you might conduct a backup of critical software infrastructure earlier than planned.
At a later date, a more detailed review of Business Continuity Plans will be essential. But at this stage, only a cursory review of risk layering is essential.
To simplify the process, we have prepared a free Excel template that you can download to help facilitate a quick brainstorming session with your leadership team. We are available to help you brainstorm approaches and actions.