So, did you have a global pandemic in your scenario planning? And if you did – how much extra tweaking did it need for the unexpected things that have come out of COVID-19? Perhaps the extra transport costs as airfreight options reduced, the knock-on impact not so much of the situation with your tier 1 suppliers, but with your tier 2s and 3s? How many of us had some scenario planning in place, but not quite for the ‘right’ scenario? Do we tend to be too focused on the big tickets: pandemic, terrorist threat, cyber-attack – and don’t give enough attention to the scenarios which can still be disruptive and potentially costly in terms of lost production time: water leak, telephone bomb threat, evacuation for hazardous material escape, local protest outside office etc? Are these the scenarios which are more likely, and still have a potentially high impact? How do we get the balance right?
A few years ago we developed a ‘Risk Manager’ game which helped organisations to consider a more integrated, enterprise-wide approach to risk and weigh up various risks and their impacts and understand the consequences for decision making to mitigate the risks across all areas of the business. It was all about prompting the right conversations about the right risks at the right level.
Did we have pandemic in the risk matrix? No, I’m pretty sure we didn’t. But we did have issues around sustainability, fatigue, currency fluctuations, potential single points of failure around a local substation supplying multiple sites and many more. And it’s not just trying to explore the right scenarios is it, it’s trying to then work out exactly how you need to resource the recovery plan you’ve set down and the implications of that. Our game also featured fines and bonuses – depending on how robust your chosen mitigations were against each risk. If you’d chosen to mitigate against some things – you gained, if you’d ignored others – you potentially faced negative consequences.
We’d love to hear about your scenario planning experiences. How confident are you that you’re planning for the right scenarios? Is there a consistent understanding of the risks facing the business (based on impacts to critical business processes)? And how different might these risks be at an enterprise level versus an entity level? So many questions. So many possible situations to explore. Give us a shout if you’d like to explore them together.