Thinking about the Unthinkable—Crisis Scenario Planning and the Board

As boards contemplate the year ahead, they face a challenging risk environment marked by the seemingly constant emergence of new crises which are increasing in scope and complexity, including technology, geopolitics, and climate change. Oversight of crisis management can be difficult for some boards, particularly when they have limited resources.

Crisis scenario planning anticipates and prepares the board for potential crises that could impact the organization’s operations, reputation, or financial condition, among other things. When done thoughtfully, and in a realistic and relevant fashion, scenario planning can help the board more effectively guide and support the organization in navigating crises, ensuring agile decision-making and long-term resilience.

What Is Scenario Planning?

Scenario planning is identifying a crisis, or a series of individual incidents that could lead to a crisis, and developing scenarios as to how the crisis might progress and how the company would respond to it.

However, scenario planning is not necessarily as easy or straightforward as the above simple summary might suggest. Rather, it entails careful thought, planning, and execution around the following components:

• Identifying scenarios: To be effective, a crisis scenario should be relevant to the company. It should also be developed around a severe, but plausible, crisis that would require a response and is more likely to occur in the near term rather than something that is likely to be far off in the future. (See Potential Crisis Categories that Companies May Face in 2025.)

  The list of possible crises is long and includes not only externally caused crises but also internal crises, such as executive succession, financial insolvency, and various types of corporate and individual malfeasance. These and some other crises—for example, disruption from a competitor or a new technology—may be even more difficult to manage when they are unanticipated or develop gradually, going unnoticed until they escalate.

  The board should work closely with executive leadership to understand the prioritized list of risks and crises, their potential immediate and long-term impacts to the business, and the possible scrutiny from customers, investors, regulators, and the media, among others. Management can draw on the board’s range of perspectives and experiences to uncover potential disruptors that may have been overlooked.

• Developing scenario narratives: Coming up with a scenario is just the beginning of the process. How does the scenario progress? As the scenario proceeds, it will need to follow two parallel routes—the progression of the crisis itself and how the company responds to it. The narrative, as well as both routes, need to be realistic and relevant, and explore a range of potential outcomes—both good and bad.

• Running tabletop exercises: Discussion-based conversations that simulate a hypothetical crisis or disaster can illustrate the reality of the crisis and help participants and observers to better understand how different actions affect outcomes. They can be used to prepare for and test responses, so that during an actual crisis, the board and management have the ability to facilitate swift action. As with the additional following aspects, this component requires considerable thought; for example, what response strategies would be employed? What are the implications of the strategies? Are there mitigation strategies to be implemented? As the scenario unfolds, the group should address questions such as these: What immediate actions need to be taken? Who are the key stakeholders to communicate with, and how will that be managed? How will resources be allocated? What decisions will be made by the board versus executive leadership?

• Assessing results: Following the exercise or simulation, participants should evaluate the organization’s level of preparedness. This component of scenario planning is critical, as an inadequate assessment and evaluation of the scenario planning and its results can render the entire process unproductive. What was missing in the response strategies? Are the mitigation strategies clearly understood? Do key stakeholders have a thorough understanding of their responsibilities? Are there actions or investments that are required to be prepared? The debrief should focus on the effectiveness of decision-making, coordination and clarity between roles, communications with internal and external stakeholders, response time, and alignment to protocols.

• Integrating lessons learned into crisis response strategies and plans: To realize the full benefit of these exercises, lessons learned from the scenario planning exercise must be incorporated into crisis management strategies and plans. What steps might have been taken sooner or should have been taken later? What mistakes might have been avoided? This component of the crisis response process can help to make crisis management more sustainable and more adaptable when responding to changing circumstances and conditions, including ongoing changes in the teams charged with responding to a crisis and emerging risks.

Implementation

Successful scenario planning exercises typically have certain common elements, including the following:

• Start small and evolve over time: Launching a scenario planning exercise with a complex set of facts and circumstances may be problematic, as the individuals participating in their first such exercise should be able to clearly focus on the most important topics. Moreover, adding more complexity to the exercises over time can help to create “muscle memory” of how the organization has responded and recovered from other crisis scenarios.

• Create cross-functional teams: Utilizing groups of people who can work with each other on different aspects of a scenario planning exercise can help to create cohesiveness and a better understanding of each individual’s scope and responsibilities.

• Determine the need for external expertise and leverage it: As indicated above, scenario planning can be complex and challenging, particularly for companies that have limited or no experience in the area. Third-party providers can assist companies in developing these exercises and may be able to conduct and evaluate them free of bias or preconceived notions as to “leading practices.”

• Link to broader risk management and strategy: Scenario planning exercises should be developed with the company’s risk management processes and strategy in mind. Companies that have robust enterprise risk management processes are likely better equipped to develop effective scenario planning exercises to address existing and emerging risks. Similarly, aligning scenario planning with strategy can result in more applicable and meaningful processes; for example, if a company has a longer-term strategy to expand in certain international regions, scenario planning that addresses the challenges involved in such an expansion may be more successful. The board and its committees—particularly the audit committee—can provide useful oversight in helping to align crisis scenario planning with the company’s strategic and risk management profiles.

• Repeat over time: Like the old joke about the way to get to Carnegie Hall (“practice, practice, practice”), scenario planning should not be treated as a “one and done” exercise. Just as starting small and building over time can help to develop skills, periodic reprises of scenario planning can help to develop more efficient and effective ways of dealing with crises. In that regard, it is noteworthy that muscle memory may help enhance a company’s ability to deal with a broader range of crises, even if it has never experienced some types of crises and has never engaged in any scenario planning to address such crises.

Implementing crisis scenario planning requires vigilant attention to the boundaries between the respective roles of the board and executive leadership. While the board can take an active role—including role-playing—in some scenario planning exercises, the best role of the board may be to engage in oversight, as it does with many other aspects of the enterprise. In this role, boards can set the tone and expectations for scenario planning, including identifying the objectives and desired outcomes (e.g., “What does success look like?”); promote participation and transparency (e.g., communication); challenge assumptions; assess the adequacy of resources; and monitor ongoing scenario planning activity.

This oversight role provides particular opportunities for the board chair (and/or lead director) and the chairs of the various board committees. For example, it may be advisable for the chair of the committee charged with oversight of human capital to have a significant role in planning for a work stoppage or strike by union employees, or for the chair of the audit committee to address possible crises involving corporate malfeasance.

Benefits of Scenario Planning

The potential benefits of scenario planning include:

• Scenario planning can surface unidentified risks and vulnerabilities. Even companies with robust enterprise risk management processes can develop blind spots that limit the ability to identify new and emerging risks and vulnerabilities. Scenario planning can help mitigate this risk.

• For similar reasons, scenario planning can pressure test assumptions and actions to reveal gaps in preparedness that need to be addressed.

• Scenario planning can provide insights into the readiness of the board and management to address a crisis and whether their involvement in the crisis response is optimal. For example, it can help to demonstrate whether too much involvement by board members is hampering management’s effectiveness in dealing with a crisis.
• Finally, it can suggest areas where the board may need to focus.

Caveats

Scenario planning is not a guarantee of success in dealing with crises. The reasons why include the following:

• Crisis exercises can lead to unwarranted confidence that a company is ready to address all crises. This may be particularly problematic in cases where there is a failure to evolve and add complexity, leading to a false sense of security that they’ve ‘checked that box.’ 

• Scenario planning may encourage an organization to focus on specific events versus modeling the various disruption scenarios and the unique strategies and actions that would be taken in each situation.

• Scenario planning can miss the mark by failing to identify the most important and likely crises or by focusing on less important and/or less likely crises. Thus, it is important to consider the magnitude and probability of various crises and to focus on those that pose the highest-impact threats, possibly even where they may be less likely to occur.

Conclusion

Scenario planning has many potential benefits and provides opportunities for the board to provide oversight, experience, and insight, a potential value in helping the company to prepare for crises.

Questions Directors Can Ask

• Does our company’s current crisis response structure and plan adequately address the scenarios we've identified? Are there gaps or vulnerabilities that need to be addressed?

• Is the company focusing on the plausible, yet severe crisis situations?

• Is the crisis management plan broadly understood and utilized during crisis events?

• Have we considered engaging and leveraging outside advisors/experts to help us plan for crises?

• Are we able to respond as quickly and nimbly as we should? Is our organizational structure a hindrance in efficient response? Can technology be used to improve response?

• In our efforts to assist management in addressing crises, are we risking over-involvement or distracting management from the critical tasks at hand?

• Have we incorporated lessons learned from actual events and previous exercises into our crisis management plans and playbooks?

As used above, Deloitte refers to a US member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (DTTL). This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article should not be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this article. Copyright © 2024 Deloitte Development LLC.