Page
Testing A Contingency Plan
Completion requirements
View
Testing A Contingency Plan In Accordance With The Entity’s Risk Management Procedures
It has often been said that a plan isn’t a plan until it has been tested. The adage that plans must be maintained to accommodate change is also well known. Despite this awareness, surprisingly large numbers of organisations commit significant resources to contingency plan development only to see the value of the investment dwindle as time passes. This wasteful attrition is usually due to an unwillingness to test and maintain the very plans that were created for organisational survival. This usually occurs when a company has been fortunate enough to not experience a crisis for a prolonged period. The ensuing complacency lures the organisation into the classic “it’s not broken” trap!
Contingency plans are extremely dynamic. Things change. Most emergency and contingency operations usually require a complete rewrite of all procedures every five years. These rewrites should be based on a refinement of requirements, exploit new technology and use fresh eyes to look at old solutions to new problems. This process is called plan maintenance.
Once you have carried out a risk analysis and management exercise, it is important to carry out regular reviews. These might involve formal reviews of the risk analysis or may involve testing systems and plans appropriately. Full testing of the contingency plan against such scenarios is essential- not least to make sure that it works. Most businesses take this very seriously, undertaking full and comprehensive testing of the plan when it is first developed. However, many struggled to test the plan in full again for several years due to the disruption of operations and the staff time involved.
Desktop Testing
Many businesses use a “desk-top” approach to full testing - whereby messages and situation reports are relayed to a select group of managers to test their reactions and to challenge the plan. This enables the whole or part of the contingency plan to be reviewed every six to twelve months. Full “live” testing is undertaken less frequently, for example when significant changes to the plan have been made.
The downside of such an approach is that most members of staff are not involved in the “desktop” process, which typically only involves the members of the Crisis Management Team. This is often compensated for by regular rehearsals of procedures involving all employees, such as fire drills. However, more often than not these exercises seek to practice a routine and do not challenge participants by obliging them to consider what they should do if things do not go to plan. In real life situations, however, exit routes may be blocked, communication systems can fail, and key managers may not be on duty at the time of the incident. It is therefore the ability of staff to react in these circumstances, split second decision making and the bravery of individuals that find themselves face to face with the impact of the disaster that often saves lives.
Increasing the involvement of employees in the full testing of the plan and during rehearsal exercises to test their responses is likely to ensure that they are better prepared should a serious incident take place.
Spicing up rehearsals of procedures with a few unforeseen complications will simulate real life incidents more closely, force people to think more carefully about what they are required to do and provide a more effective challenge to the process.
Testing By Review
A review can be a simple test to check the accuracy of contingency plan documentation. For instance, a reviewer could check if individuals listed are still in the organisation and still have the responsibilities that caused them to be included in the plan. This test can check home and work telephone numbers, organisational codes, and building and room numbers. The review can determine if employees know emergency procedures.
Testing by Analysis
An analysis may be performed on the entire plan or portions of it, such as emergency response procedures. It is beneficial if the analysis is performed by someone who did not help develop the contingency plan but has a good working knowledge of the critical function and supporting resources. The analyst(s) may mentally follow the strategies in the contingency plan, looking for flaws in the logic or process used by the plan's developers. The analyst may also interview functional managers, resource managers, and their staff to uncover missing or unworkable pieces of the plan.
Testing by Disaster Simulation
Organisations may also arrange disaster simulations. These tests provide valuable information about flaws in the contingency plan and provide practice for a real emergency. While they can be expensive, these tests can also provide critical information that can be used to ensure the continuity of important functions. In general, the more critical the functions and the resources addressed in the contingency plan, the more cost-beneficial it is to perform a disaster simulation.
Click here to view a explanation of the types of testing for the contingency plans.
Click here to view a video about contingency planning.