The COVID-19 pandemic has been referred to by many in business continuity as a “grey swan” event. It’s been incredibly disruptive and its occurrence was predictable
But pandemics happen so infrequently, that many organizations hadn’t taken seriously the likelihood it could occur.
Because of the infrequent occurrence, many business professionals, including those of us in business continuity, can often overlook the inherent consequences of isolated incidents until we’re already in the midst of dealing with them.
Interestingly, there’s data that supports that organizations that prepare for these type of events—particularly those who keep abreast of potential disruptions through horizon scanning—tend to be better prepared and more effective at response.
In BCI’s 2020 Horizon Scan Report, for example, respondents with varying degrees of success for COVID-19 response had not just put horizon scanning activities in place, but developed cross-departmental and external resource supported programs that involved working with local agencies, industry peers, and relying on other reports.
In addition, the BCI’s Coronavirus – A Pandemic Response 2020 report indicates that business continuity professionals using horizon scanning were able to detect signs that a disruption could be impending while coronavirus emerged in China late last year. With those warning signs, business continuity teams began communicating with executive leadership early, giving them a head-start on dealing with implications and planning response.
Comparatively, organizations without horizon scanning began COVID-19 response strategies later, generally within the first quarter of 2020.
By seeking out potential disruptions before they’re impending, your organization can be better prepared to not just deal with another uptick in disruptions caused by this ongoing pandemic, but a variety of other potential scenarios that could impact your organization.
What is Horizon Scanning?
Horizon scanning consists of a variety of practices within varying organizations, but in general, it represents the ways organizations gather information about potential pending or possibly looming disruptions that could impact operations.
The goal is to gather as much accurate information as possible to make best use of as much time as you can to plan for incident response.
Think of horizon scanning as a crystal ball for business continuity planning. It’s not about trying to tell the future, but it is a valuable tool to help you detect signals of potential disruptions as early as possible.
Like a crystal ball, you can stare into it for a long time and never see a thing, but, with enough fortitude and engagement, you may get insight that can help you better plan for and respond to future disruptions.
Horizon Scanning and Risk Management
As a business continuity professional, you can add horizon scanning as a component of your overall risk management practices.
Horizon scanning practices can be great for helping with grey swans, but they’re for more than that. They can help you better prepare for even common disruptions that could affect your operational abilities.
In general, horizon scanning should consist of five core areas, but you can build horizon scanning tactics that are applicable to your organization:
- Scan (collect information from valuable and reliable sources, like local, state, federal and other government agencies, industry peers, and trusted news sources)
- Analyze information gathered. Don’t make assumptions. Let the information guide you.
- Synthesize how that information affects your organization
- Communicate impact to your organization’s leadership and key stakeholders
- Initiate response plans
Before setting up these processes, you’ll also want to make plans to determine the scope of your horizon scanning activities (for example, are you doing broad scans or more narrowly focused?). Also, who (a single person or multiple team members) will be responsible for these scanning activities?
You’ll also need to consider the processes you’ll use. Is there a way to automate or use technology to improve scanning accuracy, efficiency, and speed?
Then finally, think about the timeframe of your scanning. Is it ongoing? Periodic? Are you scanning to discover near-term impacts? Short-term? Both?
A Practical Example
Let’s say you do business impact analyses and risk assessments as part of your business continuity management program. Through these assessments, you determine that because you rely heavily on suppliers based in Taiwan, you need to be aware of potential issues within the country that could impact your vendors there.
Taiwan, on average, experiences three to four typhoons every year. These typhoons, depending on intensity, can cause a range of damage and destruction from flooding to landslides. While your suppliers are used to living and working with these type of environmental events, a previous year’s storm cut off your supply line for weeks, deeply affecting your operations. You don’t want to risk the same impact again, so you add weather-related events in Taiwan to your horizon scanning activities
What might that look like?
First, awareness is key, so you need to determine the scope of your scanning activities.
Typhoon season in Taiwan is generally from June to October, with activity increasing in July through September. With that knowledge, you plan to engage in horizon scanning activities starting in early May through November.
Here are some examples of scanning activities you might engage in:
- Keep an eye on weather reports, closely following organizations such as the World Meteorological Organization Tropical Cyclone Programme or the Joint Typhoon Warning Center.
- Set up news alerts from reputable news organizations.
- Keep in routine contact with your local sources of information on the ground in Taiwan.
Next, you’ll need to analyze that information, paying particular attention to changing environmental conditions and agency warnings about the possibility of a typhoon forming, as well as detailed tracking information.
Next, you’ll synthesize that information. Is the storm tracking toward your suppliers’ locations? Because you analyzed those weather predictions, you can be prepared to synthesize the possibility of flooding, power outages, or other potential impacts from the storm’s possible path.
Based on the information collected during your scan, paired with historical storm information, you may be able to plan for what those potential impacts may be, as well as make estimates about how long the disruptions could last.
After determining there’s a significant chance your suppliers will be disrupted by the storm, it’s time to communicate with your suppliers:
- What are their plans?
- What contingencies are in place?
- Is there time to send out extra shipments before the storm arrives?
- How long might operations be affected once the storm approaches?
You should also communicate with your team members, including executive leaders and key stakeholders. And don’t forget about your customers. If you believe there’s a chance your operations could be stalled, delayed, or shut down, it may be beneficial to communicate that to your customers, too, and then keep them updated as the situation develops.
Finally, it’s time to initiate your response plans:
- Are you getting in those additional shipments before the storm hits?
- Are you adjusting operations to work with other suppliers?
- What are your plans after the storm hits?
- How quickly can you return to “normal?”
Business Continuity Software for Risk Management
While you may use a variety of tools and processes for horizon scanning, you may find it beneficial to track, analyze, and review your information within a business continuity platform that supports risk analysis and risk management.
A software solution, like Assurance, can help you effectively manage your risk management plans, analyze business impact, determine potential risks to your operations—down to workflows and asset levels—and ensure you’re remaining in compliance with all your risk-focused goals and objectives.
Need more information about how you can include horizon scanning into your risk management program? Contact an Assurance professional today or check out our on-demand webinar, “Cascading Crises: What Does Business Continuity Look Like Over the Next 12-18 Months?”
Topics: Business Continuity
Written by Assurance Software
Assurance Software takes your company’s enterprise-wide business continuity and resiliency program to the next level. With Assurance as your go-to partner for continuity and resilience, you can confidently mitigate risk, manage recovery, and safeguard your employees, customers, operations and brands.