Imagine a world where you could run your business without worrying about anything unexpected coming along to knock you off course. No economic downturns, no new government regulations, no natural disasters, no accidents on site, no nightmare customers, no staffing issues, no defective products, no cashflow concerns. It would mean all your focus could be directed to taking advantage of opportunities, achieving objectives and growing profitability. As well as having a life!
In reality, eliminating all risk is impossible, but the next best thing is plan for it, so that if stuff does happen its impact on the business is minimised. This is a critical responsibility for business owners and directors. Comprehensively addressing risk sets the business up for future success.
Creating a business continuity plan (BCP), which is the outcome of a proper risk assessment process, also means you’re better able to bounce back more quickly from crisis events, minimising the financial cost. Just recently we had a customer unexpectedly pass away and their family now has to figure out what do to with the business. Having a BCP would have greatly assisted them as they strive to keep things ticking along while still grieving.
Also, if you ever want to sell your business (which you should), having a comprehensive business continuity plan makes it much more attractive to prospective buyers. It reassures them that there will be no surprises and gives them a template to follow if there is a crisis. This translates to more buyers interested and should mean they won’t need to discount the price as much to account for unknown factors.
How do you go about it?
There are three steps to managing threats to business success and creating your own business continuity plan.
Step 1: Risk Identification
First, you need to know all the risks that you face. Without a meaningful categorisation this can be difficult. Categories of risk may include:
- Natural Risk (eg. weather, climate)
- Technology Risk (eg. cyber attacks)
- Supply Chain Risk (eg. product availability)
- Product Liability Risk
- Financial Risk (eg. cashflow)
- Economic Risk
- Human Risk (ie. people)
- Governance and Legal Risk
- Reputational Risk
- Business Risk
Within each category are individual hazards. It usually takes an experienced risk professional to help company directors and business owners complete this process, but there are inexpensive software tools that can make it much easier.
Step 2: Risk Quantification
Once you’ve identified the risks, each one needs to have a price attached to it. That is, what is the cost to your business if that particular event was to happen? What would it cost if a large contract failed? Or there was a cyber attack, or a serious accident involving key staff? Identifying the likelihood and severity of each risk allows us to quantify and rank them.
Step 3: Risk Treatment
This is where we work out the most cost-effective way to deal with each risk. That is, what’s the cheapest solution we can implement to get the biggest reduction in risk? There are four options:
- Ignore it (do nothing)
- Avoid it (don’t do the thing that is creating the risk)
- Transfer it (eg. pay an insurer to take on the risk instead)
- Treat it (implement an approach that minimises the cost or likelihood of the event happening)
Various treatment options may include:
- Additional training for staff, such as driver safety, customer relationship management, contract management, technical skills
- Incentive programmes for staff, such as for safety, customer feedback, sales targets, defect complaints
- Investment in security systems, fencing, cameras, fire prevention measures, lock boxes for tools and equipment
- Written policies
- Systems and processes
- Professional advice
- Robust contractual terms & conditions
Many of these you will already have in place, so these can be noted in the register. But there will be gaps that need to be filled as well, that’s the benefit of this process.
The theory here is simple but the effect can be transformative for those that do it well. However, it will generally only happen with high level engagement by business stakeholders and leadership. The support of a professional risk manager and the right tools are essential to a successful transformation.
Our Approach
To help construction businesses create their own risk register and business continuity plan we follow four simple steps:
- Workshop: we run a workshop with business owners, directors and key staff, where we work through what they see as the biggest risks to success in the context of their own operation. That’s the starting point to build a meaningful risk register.
- Portal: the business subscribes to an inexpensive software tool that helps them to build and maintain the plan.
- Commitment: we agree milestones and keep on their case to ensure the customer completes the process.
- Review: each year the plan is reviewed and updated as needed.
In Summary
Having a business continuity plan helps to ensure that any business is set up for future success. While eliminating all risk might be impossible, planning for a crisis and minimising the cost of risk is one of the most important responsibilities for any company owner or board of directors. Yet many are not adequately doing so, or doing so in a haphazard way that can leave gaps.
Please get in touch if you’d like to know more.