Business operations work to overcome risks every day and are inherent in all marlets, although one that is often overlooked is key person dependency. In terms of risk management, what does key person dependency actually mean and how could this affect you?

Key person dependency is when one of your employees is solely responsible for something and there is no back-up plan. This could mean the server infrastructure, software compliance directive, business continuity plan and that there is no-one in the business to call upon to with the same insight or skill set. So, if that key person is unavailable… your organisation is put at risk.

We rely on three key management strategies to combat key person dependency:

Succession Planning

Simply, this means you empower someone else in the organisation to carry out the same tasks. This is useful for vacation cover and should your key person decided to leave suddenly.

This ensures you have a contingency plan in place should your key person becomes indisposed.

Outsource – Third party engagement

Succession planning is a practical way to overcome key person dependency, although for some this is financially unattainable due to the personnel overhead required to negate the risk.
Another solution is to identify a third party who is specifically trained in your key-person area.

A key risk management strategy is making sure you have engaged with your third party provider in advance of a dependency being created. The benefits in utilising the services of a third party are that you will have access to a broad knowledge pool, service level agreements can be agreed to ensure cover at all times and the liability for HR management falls on the supplier.


One of the alternate risk management tools can also be considered the simplest. It’s called having a system! So this means getting your key person to systemise every process as they go along.

Although with the current velocity in the IT sector this represents a challenge. Ideally your key person would create a ‘How to Guide’ to every process, although experience is also key to addressing the majority of IT infrastructure requirements as opposed to working from a simple check-list.


Risk management is a process that many organisations overlook, until it is too late. Our recommendation is to engage with a third party to ensure you are apple to overcome the very real risk that is presented by key person dependency.