Published on May 03, 2019
With Brexit likely to affect effect key business activities, your customers, staff, supply chain and contracts, every business organisation will have been taking a close look at potential impacts. Your legal and compliance teams will have already been identifying the associated risks. But what about your business continuity plans, do you have a specific scenario-based plan or range of plans for Brexit? Should you spend the time and resources creating one?
The benefits of scenario-based planning are well known, and a well-developed plan will help to mitigate disasters and implement appropriate emergency responses to incidents from identified risks. But in the case of Brexit, what scenario are you planning for? A hard leave, soft leave, deal or no deal?
If what is predicted as a potential threat of disruption or risk to an organisation does not necessarily materialise, either in cause or magnitude, scenario-based plans can lose value.
For example, this could be if that specific event does not occur, if the scope of the plan is too narrow, and if the plan is not flexible enough. It is for these reasons that scenario-based plans must be reviewed, updated and maintained regularly, at a considerable cost of time and resources to the organisation.
It can be argued that scenario-based planning requires a specialist knowledge and understanding of each particular disruptive scenario to comprehensively produce a robust plan.
In the case of Brexit there are many uncertainties, so at this point there is a knowledge gap around what Brexit will entail, which in turn will likely lead to gaps in your plan or will require several plans for every single scenario.
So, what is the alternative?
A planning for resilience of critical activities approach identifies directly with the objectives of the senior management of the enterprise, for both normal operations and those needed for survival following a disruption. The aim should be to achieve the minimum objectives for the continuity of the enterprise, irrespective of the cause and the extent of disruption downtimes.
This means in practice if you are planning for the loss or disruption of activities you have identified as critical to your business such as your cash flow, staff, technology and suppliers, then your BC plan for the recovery from the incident is carried out regardless of the cause. Whether this be Brexit or any other incident.
However, it is noteworthy that for this type of planning to be successful, non-critical activities must also be considered as the supporting functions.
Whilst not identified as critical, they are required elements in the recovery from a BC incident and in the return to normal operations.
In any BC incident, lack of access, people or infrastructure will have to be planned for and there are a number of very successful methods for achieving this.
However, if you are looking to optimise your time and resources, then planning for resilience of critical activities can provide a more universal process to follow for returning the business to predefined levels of operation following any incident.
Yes, of course your business should be planning for Brexit, however a good battle tested BC Plan doesn't care if it is Brexit 2.0 or a tornado that has caused disruption to your staffing levels, it is looking past that to what the recovery responses are for those critical functions that have been affected.
What is your approach to BC planning for Brexit?
Founder & CEO at Continuity2
With over 30 years of experience as a Business Continuity and Resilience Practitioner, Richard knows the discipline like the back of his hand, and even helped standardise BS25999 and ISO 22301. Richard also specialises in the lean implementation of Business Continuity, IT Service Continuity and Security Management Systems for over 70 organisations worldwide.
Founder & CEO at Continuity2
With over 30 years of experience as a Business Continuity and Resilience Practitioner, Richard knows the discipline like the back of his hand, and even helped standardise BS25999 and ISO 22301. Richard also specialises in the lean implementation of Business Continuity, IT Service Continuity and Security Management Systems for over 70 organisations worldwide.