Scenarios in Strategic Planning: Full Guide with Examples
Scenario planning helps organizations increase business resilience and prepare for future challenges. Learn how to formulate different types of scenarios and align them with overall strategy.
Scenario planning is a disciplined way to formulate strategic hypotheses in the context of existing driving forces and their uncertainties.
It helps to:
Better prepare organization for the new challenges, and
Increase general business resilience – the organization’s ability to better adapt to the ever-changing environment.
Scenarios in Strategic Planning - How to Align Scenarios with Overall Strategy
The Role of Scenarios in Strategic Planning and Risk Management
Any strategy is based on hypotheses and scenarios. What value does scenario planning add to strategic planning?
With scenario planning, we are trying to get a broader picture of the hypotheses by extrapolating the existing driving forces and creating plausible scenarios.
From the viewpoint of the strategic planning process, scenario planning can be used in the strategy formulation step1 (step 2) together with other frameworks that help generate strategic hypotheses.
The same broad picture of hypotheses helps to understand the risk landscape better. Diverse scenarios and simulations via wargaming2 help to create more detailed risk models and risk mitigation plans.
Could We Be Better Prepared for Covid-19 with Scenario Planning?
Have a look at the PESTEL analysis article published right before Covid-19 became a pandemic. Some of the mentioned trends were:
Political stability
Economic growth, inflation rates, exchange rates
Workspace and lifestyle changes
Climate changes, natural disasters
There was no “Covid-19” mentioned (although at that time, there were some serious warnings coming from Asian countries). Still, with those general trends in mind, any organization could start scenario planning by asking a number of “what if…?” questions:
What if the political regime changes in the country we are working with? What would be early signs of this? What could be our mitigation strategy?
What if the inflation rate rises? What financial indicators could predict this? How would it affect our financial sustainability?
What if our best talents prefer to work from home to achieve a better work/life balance? How would we communicate? How would we measure their performance?
What if a natural disaster happens tomorrow? What is our business continuity plan?
With scenario planning based on the findings of PESTEL analysis, it looks like we could have scenarios for around 30% of the challenges that we faced during the pandemic and afterwards.
The Steps of Scenario Planning
Here is a three-step approach to scenario planning by the BSC Designer team:
Step 1. Breakdown Driving Forces into Uncertainties
Step 2. Formulate scenarios and classify them into three groups
Step 3. Formulate response plans and quantify scenarios
Step 1. Breakdown Driving Forces into the Uncertainties
Identify the driving forces for your organization by using:
The global driving forces need to be broken down into more specific uncertainties relevant for your organization. Let’s use our PESTEL template to practice it with some driving forces.
Driving Force: Climate Change
In the latest IPCC’s Assessment Report3, several climate change scenarios were presented. In essence, the report discusses different warming scenarios depending on the decarbonisation efforts.
Two initiatives and one risk factor ('Heat waves') aligned with the driving force 'Climate change'.
Source: PESTEL Analysis Template.
The mentioned scenarios will have a direct impact on the energy industry. For other industries, a complex idea of climate change needs to be decomposed into specific consequences relevant to specific regions and business environments.
With these ideas in mind, instead of focusing on climate change in general, your team can focus on a few uncertainties that are most relevant for your region or industry.
Alignment with Sendai Framework
The Sendai Framework for Disaster Risk Reduction4 was adopted by 187 countries. Designed for national governments and local authorities, it also stresses the need to incentive businesses to invest in risk reduction and business continuity planning.
Re-Use Risk Model
The adoption of the Sendai Framework by city or regional authorities includes risk assessment (see Priority 1: “Understanding Disaster Risk”). Organizations can update their risk models to incorporate the risks addressed by the local implementation of the Sendai Framework.
Align Scenario Planning
The Sendai Framework encourages authorities to incentivise sectors of business to align their scenario planning with resilience building (see Priority 2: “Strengthening Disaster Risk Governance to Manage Disaster Risk”).
By aligning with “Build Back Better” recovery programs.
Driving Force: Remote Work
Remote work is here to stay5. In 2021, we saw that:
40+ countries introduced special visas for digital nomads
Many countries introduced new legislation to regulate remote work
Most countries, for example, Spain, focused their legislation on domestic remote work
A broad driving force 'Remote employment' is aligned with driving force 'Workspace and lifestyle changes'.
Source: PESTEL Analysis Template.
What are the future challenges of remote work? According to the KPMG report 6, one of the emerging trends is the cross-border remote working arrangements.
Allowing an employee to work from home is not the same as offering the same person to work from another country.
Is this uncertainty relevant for your organization? In our case (we are a team of remote specialists), the broad driving force “remote work” can be projected into a specific uncertainty of “cross-border remote work.”
Driving Force: Cybersecurity Threats
Cybersecurity is another emerging trend. How can we break down this broad driving force into something more specific?
The threat 'Ransomware attacks' is aligned with the 'Cybersecurity' driving force detected by PESTEL analysis.
Source: PESTEL Analysis Template.
Here are the typical cybersecurity threats we discussed in the previous article:
Cyberattacks
Ransomware
Insider threats
Data loss
Data corruption
Depending on the data flows in your organization and underlying IT infrastructure, you can pick a few relevant uncertainties. For example, a ransomware threat looks relevant for any organization.
Ransomware is still a very broad uncertainty. For example, its more specific projection could be the uncertainty associated with cloud deployments being the target7 of ransomware attacks.
Step 2. Formulate and Classify Scenarios
Once the general threats are projected into uncertainties, we need to better formulate the scenarios and agree on how to manage them.
Describe Scenarios as Stories
Shell was one of the pioneers in the large-scale application of scenario planning for business. There are many things we can learn from them, and probably the most important one is that possible scenarios formulated as stories work better. Those scenarios are easier to explain and immediately capture the attention of your team.
Besides formulating basic scenario as:
Ransomware attack on our cloud deployment
think about the story that stands behind this scenario:
“One day, you are trying to login into your online account, and it returns a strange error… Your customers start sending you reports about problems with the service. You are on the phone with IT specialists, but they say that it looks like they don’t have access to … ”
Scenarios in the form of stories are much easier to “sell” to the key stakeholders.
Three Types of Scenarios
Scenarios vary in their urgency and probability. We classify scenarios into three categories:
Scenarios related to business continuity.
High-priority scenarios that resonate with existing strategy and can be implemented right now as a new strategic hypothesis.
Scenarios for monitoring – important scenarios, but without clear alignment with current strategy.
One scenario might fit all three categories. For example, ransomware attack:
The scenario is obviously related to the business continuity
The best practices for prevention of ransomware attacks will be an excellent strategic hypothesis for existing cybersecurity strategy, so it fits the second category as well
Certain parts of ransomware scenarios should be monitored – the new policies of the law enforcement authorities as well as new scenarios of the attacks – the monitoring category
Step 3. Formulate the Response Plan and Quantify Scenarios
Different types of scenarios require different ways to formulate response plans and quantify them. Below, you will find our suggestions for:
Disaster recovery or business continuity planning focuses on scenarios that might affect critical functions of the organization. The potential threats, in this case, are rapidly developing natural disasters, cyberattacks, resource outages, etc.
Business continuity planning starts with business impact analysis. In simple words, we need to identify disruptions that could possibly affect our organization, identify the key operations affected by those threats, as well as critical recovery time.
The specific threats, in this case, depend on the nature of your business. A common starting point are:
Cybersecurity risks
Natural disasters
Terrorist attacks
Your team can quantify the threats according to their:
Probability
Impact
Early warning time
Duration
Overall risk priority
Business Continuity Strategies
Once the threat is described, we need to define several plans:
Plan
Function
Example
Continuity
Describes what we do to ensure the delivery of critical services
Access critical data using an isolated system
Response
Describes what we do in case we were not able to prevent a disruptive event
Reset access credentials to affected systems
Start recovery from off-site backups
Start analysis of attack
Recovery
Describes what we do to get back to business as usual
Restore database transactions lost after attack
Implement the finding of forensic analysis
We are now prepared for a case of a risk event occurring. Additionally, we can discuss how to prevent such events or minimize their impact.
Plan
Function
Example
Prevention or risk mitigation
Describes what we do to avoid the disruptive event
Maintain security software updates to date
Retaining off-site backup for all versions of the data
Educate the team about phishing
Depersonalize data when possible
Quantification of Business Continuity: Readiness Indicators
Compared to other types of scenarios, the business continuity scenarios typically occur immediately or with a short early warning period. While there are no specific early sign indicators, there are certainly some leading factors that predict the readiness of your organization for a scenario.
The risk of ransomware attacks is quantified by the 'IT infrastructure complexity' metric; additional details can be explained in the aligned 'Business continuity plan' and 'Recovery plan'.
Source: PESTEL Analysis Template.
For example, we discussed some of the leading indicators in the article about cybersecurity:
IT infrastructure complexity
Data scheme complexity
Automation
By quantifying these leading factors, we can define the readiness indicator for the business continuity scenario.
Quantification of Business Continuity: Lagging Indicators
Additionally, we can quantify recovery plans with some lagging indicators. For example, for a cybersecurity attack, we can track:
Time to recover from backups
Time to restore the transactions lost between the last backup and attack
Estimation of direct and indirect loss
These metrics will help your team to better prioritize their efforts.
Wargaming and Gap Analysis
Compared to other types of scenarios, business continuity scenarios involve fewer uncertainties. The nature of such scenarios is better studied. For example, we might not know where and when the next hurricane will hit, but we know what a hurricane is, what kind of damages are expected, and what we can do to minimize damages.
The business continuity plan can be tested via simulations of the scenarios or wargaming, where the rules of the “game,” as well as expected outcomes, are defined.
For example, what if your company becomes a victim of a ransomware attack? What data can be effectively restored from a backup? Run the simulation of attack to find the gaps and improve weak points.
After testing the scenarios, we will have additional data for the readiness indicator.
High-priority scenarios don’t have such a dramatic impact on critical business operations like business continuity scenarios, but they might significantly affect the execution of existing strategy.
Strategic Hypothesis
Our goal is to align a high-priority scenario with existing strategy. To do this, we convert scenarios into a strategic hypothesis.
For example, one of the actionable aspects of remote work driving force is the need to access the performance of the remotely working team because the existing ways to track the performance might not work well on scale.
Let’s use the CEO scorecard template available in BSC Designer to illustrate the alignment steps. In the Learning Perspective, there is a goal formulated as Build and maintain an engaged team.
The shift to result-based performance assessment is a good hypothesis to test for this goal.
The hypothesis 'Shift to result-based performance assessment' is formulated for the 'Build and maintain engaged team'.
Source: CEO Scorecard.
Quantification of the Hypothesis: Impact Indicators
Typically, the high-priority scenarios already have some kind of impact on business performance. In our example, we can quantify the existing impact of the remote work scenario with these indicators;
% of employees working remotely
% of tasks completed on “time, in full” (compared to in office tasks)
Mismatch between reported performance and actual performance
Plausible scenario, driving force and uncertainty in the description field of the hypothesis.
Source: CEO Scorecard.
Additionally, we can find some process-related indicators. For example:
% of remote team evaluated according to the new standard
Formulating Scenarios for Monitoring
The Cross-border remote work scenario that we discussed above sounds like something that we can see in the near future. We can map it in a separate scorecard with plausible scenarios.
Possible Response Plan
To define the possible way the scenario will be developed, we can speculate on the worst/best cases of developing an uncertainty and put it on scale. For example:
Worst case: new legislation makes cross-border remote working illegal
Best case: new legislation for cross-border remote work is accepted in many countries and provides detailed guidance
In this example, the legal landscape can be changed, so we formulate response plans for this scenario:
Legal consultation according to the current legislation
Update business systems to ensure cross-border clauses are added to the agreements
Ensure compliance from the viewpoint of cybersecurity and data privacy (for example, by using the dedicated compliance scorecard)
Educate the HR team
Quantification: Early Sign Indicators
In contrast to high-priority scenarios, most likely, we won’t find the impact indicators, as there is no impact yet. We can speculate about the possible impact, but it might be too early.
In this case, we can track the qualitative or quantitative early sign indicator. For example, we can look at the projects for new legislation that addresses specifically cross-border remote working.
An example of the early sign indicator ('The number of keyword-specific news on the topic') aligned with the 'Employment laws' trend.
Source: PESTEL Analysis Template.
Quantifying the existence and the progress of such projects directly might be time-consuming, so instead, we can find a proxy metric. Typically, the new legislation is widely announced and discussed in the press. We can quantify the number of publications with certain keywords. For example, if I search Google for “cross border remote work,” now I get just 63 results in the News section and 4460 results in classical search. There are some publications by reputable sources like PWC that confirm that the trend exists, but still, there is no sign of specific legislation coming soon.
We can use The number of keyword-specific news on the topic as an early sign indicator for the scenario. This indicator is not bias-free, but it gives us a good estimation.
Changing the Priority of Scenario
What should we do with a scenario when an early sign indicator shows that things have started changing?
Depending on the scale of changes, we have two options:
For evolutionary changes, add the scenario as a strategic hypothesis to the current strategy, like we did for high-priority scenarios before, or
For disruptive changes, create a dedicated strategy scorecard focused exclusively on the hypotheses of this scenario, like we did for Covid-19.
Another possibility is that with time, the scenarios lose their relevance. For example, with transition to sustainable energy and distributed energy production, some energy-related scenarios will no longer make sense. In this case, we stop monitoring and archive them.
What’s our Resilience Level Now?
We started with a promise that scenario planning increases business resilience. A logical question would be:
What is our current level of business resilience?
Quantifying resilience, in general, doesn’t make sense. If we do so, we will find out how resilient organization is to the past challenges.
Talking about resilience, we are interested in understanding the readiness of the organization for the future challenges. We can make a reasonable assumption:
Having a diverse picture of the existing driving forces and investing time in discussing scenarios based on those driving forces increases the organization’s resilience
What’s next?
Give scenario planning a try! Reformulating a known saying… the best time to start scenario analysis was a few years ago, then the second-best time is now.
What's next?
Follow our Strategy Implementation System to align stakeholders, strategic ambitions, and business frameworks into a comprehensive strategy.
Automate strategic planning with BSC Designer by organizing goals, initiatives, risks, and KPIs into scorecards.
Stay informed about updates from BSC Designer:
More About Strategic Planning
Strategic Planning Process:
Examples of the Balanced Scorecard:
Strategy Maps:
Comparative Table of Strategic Planning Frameworks
In the context of strategic planning there are two types of frameworks:
Strategy execution frameworks. Such as the Balanced Scorecard for the overall strategy and the more lightweight OKR framework for specific challenges.
Strategy formulation frameworks.SWOT, Three Horizons, Constraints Analysis, PESTEL, Gap Analysis, etc. that help organizations to generate new ideas.
This website uses cookies to improve your experience.AcceptRead More
Privacy Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.