Crisis Management — From Business Continuity Plans Towards Recovery Strategy

Appoint the Right Leaders

In a time of crisis, it is essential to appoint leaders with the necessary skills and capabilities to steer the organisation. Organisations must ensure that the Crisis Manager understands the business (including the supporting functions) and is able to identify risks and operational impacts that result from measures or targets taken to weather a crisis event. The Crisis Manager should be supported by a team of delegates from across the organisation (the Crisis Management Team). The Crisis Management Team (CMT) should be able to identify risks and the operational impacts of those risk within their department or area of expertise. Together this team should be able to define short-and long-term targets and measures to enable the organisation to weather the crisis with minimal negative operational and financial impacts.

In the instance of a crisis event, the CMT should be invoked without delay. It is their role to lead the business continuity and crisis management initiatives.

It is often the case that finance takes the lead in crisis management; members of the finance team are well placed to provide insight across the breadth of the business and have the analytical skills necessary for strategic decision making. In times of crisis it may be logical and necessary to pursue cost savings, however this should not come at the expense of the long-term needs of the business. In our experience we have seen that a solely cost saving agenda can have longer term impacts which may not support the company’s strategy. Examples of scenario’s which should be avoided include mandating employees use a proportion of their vacation days in a defined period or terminating all temporary employment contracts, where those workers held key positions in the business or essential projects. In both scenarios, cost saving measures can result in essential functions being understaffed. It is therefore essential to have a multi-disciplinary CMT who can assess the impact of proposed actions/initiatives.

Operational Impact

In an ideal scenario, your organisation will have performed Business Impact Analysis (BIA) and risk assessments twice annually. The purpose of these assessments is to identify critical business functions and their related risk exposures. The output of such assessments should include BCPs and risk management practices which protect and preserve critical business functions. However, in the event of a crisis event occurring the output of this analysis also provides a benchmark for assessing the crisis impact. Armed with an overview of your critical business functions, you should conduct a systematic assessment of how these operations have been impacted, what level of output is required and what resources/ infrastructure are needed to maintain required output levels. It is important to recognise that the critical functions of your organisation will likely include both core (profit driving) and support functions.

Having regard for the longer-term operational impact, it is necessary to determine whether the crisis event has highlighted shortcomings in your operations. You should determine whether there are elements of the business which are no longer viable, or which might be reorganized to better serve the organisation. This is an opportunity for inflection, to assess what the organisation has done well and what learnings could be taken from the crisis event.

IT Impact

Many businesses are highly dependent on IT to enable the breadth of their operations (from employee computer usage to complex IT infrastructure). For example, the Coronavirus crisis highlighted a number of short comings when it comes to IT enablement in times of crisis. Failure to perform adequate BIAs as a component of ‘business as usual’ operations may result in the need to quickly implement work arounds or significant IT infrastructure changes to accommodate remote/ alternative methods of working or changing customer demand. Naturally this can result in unforeseen operational (e.g. supply chain failure) or information security risks (e.g. use of unsecure technologies). When considering measures to mitigate the operational challenges imposed by a crisis event it remains essential to apply risk management procedures.

Financial Impact

In the event of a large-scale crisis which impacts the broader economy, such as we have seen with the Coronavirus, there will undoubtedly be an impact on the financial viability of your organisation. Financial impacts may be direct (through declining customer demand or customer delinquency) or indirect (e.g. through supply chain inefficiency or macroeconomic pressures). In the aftermath of such an event, it is necessary to develop an outlook on the financial impacts, this should include revisiting annual budgets, forecasts and expectations regarding customer delinquency. The finance department, working with the CMT should develop appropriate cost saving measures to preserve the financial position of your organisation (whilst preventing short sighted decision-making).

Effective cash management will be essential to the financial viability of organisations in times of crisis. This is especially relevant when organisations or their customers/suppliers are dependent on debt facilities (either via banks or via customers/suppliers). Remember that your business is dependent on the survival of your key customers and suppliers, so it may be beneficial to work out alternative financing arrangements in times of crisis.  For useful tips regarding cash management please read this “Cash Control during the Corona crisis” article.

With regard to the longer term, you should assess the impact of a crisis event on long term budgets and business plans. If there is a material financial impact it may be necessary to reconsider any growth or investment strategies which are not directly aligned to preserving the essential functions of the organisation.

Note: the roles identified in this table are examples and do not represent an exhaustive list.

Develop & Implement a Recovery Strategy

A Recovery Strategy should be driven by the analysis you have performed in the previous phase. This means that a Recovery Strategy should prioritise mobilisation of your essential business functions, having regard for operational capacity in the immediate period after the crisis event and target operational capacity (based on the revised financial forecasts). It is unlikely that business will return to normal in the short term, a Recover Strategy should provide a realistic roadmap for recovering your business operations and it should be supported by clear operational and financial targets. Performance against key targets should be periodically assessed to track the recovery process and validate appropriateness of the Recovery Strategy.