BUSINESS CONTINUITY: FOR THE RISKS YOU CAN SEE AND THE ONES YOU CAN’T

Contingency planning is very much in fashion whether it is the Bank of England making plans for the eurozone crisis, smartphone manufacturers preparing to respond to a competitor’s new product, or auto manufacturers dealing with a product recall. But is it the right response for every type of risk that has been identified as requiring treatment?

Contingency plans are generally seen as specific plans to expected events or scenarios. This is very much the territory of Donald Rumsfeld’s ‘known known’; known in the sense of the likelihood of the event or scenario occurring as well as its consequences. This is their strength and their weakness. It is their strength when the event unfolds as per the plan because the organisation can respond well and be seen to have responded well; but it’s a weakness when events do not occur as planned and results in the exasperated cry of “Who would have thought that could happen?”

One only needs to cast the mind back to the Icelandic volcano eruption causing the temporary closure of European airspace, the consequences of the Great East Japan Earthquake, and the global systemic financial crisis to find examples of this form of rationalisation of unexpected events.

The blame for these failures of prediction is often laid at the door of risk analysis, modelling and mapping techniques. But perhaps it is a case of expecting too much from them – at least from the 2x2 or 5x5 Cartesian maps. Risk analysis needs to acknowledge its limitations and encourage new conversations when maths and matrices reach their limits, when probabilities are unclear, or simply unknowable.

Apr-Jun 2013 Issue

Business Continuity Institute