One chance to fail
Business continuity management is essential in today's risk-averse business environment.
The Oxford English Dictionary cites the earliest use of the word 'risk' in English (spelled risque) as from 1621, and with the spelling as risk from 1655. It defines risk (or exposure thereto) as “the possibility of loss, injury, or other adverse or unwelcome circumstance; a chance or situation involving such a possibility”.
Modern day risk management has evolved and covers a variety of areas within different service sectors. These may include insurance risk, information technology risk, information security risk, economic risk and credit risk, to name a few.
Business continuity management (BCM) focuses on something that most businesses have in common - operational risk.
Traditional BCM plays a pivotal role in ensuring that business can operate during and/or after a disruptive event. If one looks at the recent floods in Australia, civil war in Libya, and the earthquakes in Japan that have almost reduced to rubble the third-largest economy in the world, one needs to ask how prepared businesses really are when disasters strike.
BCM focuses on the business's need for people, processes, infrastructure and technology, and is best defined as a holistic management process that identifies potential threats to an organisation and the impact to business operations that those threats (if realised) may cause. It provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of stakeholders, reputation, brand and revenue-generating activities.
The BCM life cycle best describes how BCM is implemented within an organisation. It consists of five steps to an effective BCM solution:
1. Understanding the business: Business impact and risk assessment tools are used to identify the critical deliverables and enablers in the business, evaluating recovery priorities and assessing the risks that could lead to business interruption and/or damage to an organisation's reputation.
2. Develop continuity strategies: Determining the selection of alternative strategies available to mitigate loss, assessing the relative merits of these against the business environment and their likely effectiveness in maintaining the organisation's critical business functions.
BCM focuses on something that most businesses have in common - operational risk.Derek Taylor is a business development manager at ContinuitySA.
3. Developing the response: Improving the risk profile through improvements to operational procedures and practices, implementing alternative business strategies, using risk financing measures (including insurance) and building continuity plans.
4. Establishing the continuity culture: Introduction of the continuity management process by education and awareness of all stakeholders, including employees, customers, suppliers and shareholders.
5. Exercising and plan maintenance: Ongoing plan testing, auditing and change management of the continuity plan and its processes.
It is becoming increasingly important for South African companies and their directors to recognise the critical importance of ensuring their business can withstand any form of disruption.
As a country on the African continent, SA is fortunate that it doesn't see the likes of earthquakes, tsunamis and hurricanes. Yet, the country is faced with its own unique challenges as a growing economy in the global market. There is denial of access through industrial action, service delivery protests and xenophobic attacks; all of these have the potential to bring business as we know it to a standstill.
While many companies have welcomed King III, the Companies Act and Consumer Protection Act, business continuity management as a risk management process is often overlooked or simply ignored, yet it remains an essential component within the company's strategic plan to ensure long-term sustainability.
Effective business continuity needs to take into consideration all aspects of a company's operational affairs as well as the legislative requirements expected of companies today, whether this means adopting an “apply or explain” approach, meeting JSE Listing requirements, complying with the new Companies Act, or simply ensuring good corporate governance.
It is no longer something that only cash-flush companies need to worry about. BCM is, or should be, a standard part of every company's governance and risk management process. Companies can ignore the potential threats for as long as they like, but they only get one chance to fail.
The next Industry Insight in the series will delve further into what business continuity management is, what it really protects and whose responsibility it is.
Derek Taylor has been involved in business continuity management at ContinuitySA since July 2008. He also completed his BCM training in that year, and is an associate of the Compliance Institute of South Africa (CISA). Taylor is a business development manager (BDM) at ContinuitySA as well as the strategic alliance manager to the Corporate Governance Framework (CGF) Research Institute. He is responsible for generating new business leads and managing client relationships throughout the various service sectors that ContinuitySA works within. Taylor is responsible for all aspects of corporate governance and compliance for ContinuitySA, and has a keen interest and extensive experience in the ever-changing governance, risk and compliance landscape. He is a keen public speaker and has presented at a number of conferences; his presentations include topics on business continuity management, corporate governance, risk management, compliance, IT governance, the new Companies Act and King III. He most recently spoke at the International Banking Conference on risk management, and chaired the Syncom Business Continuity Management and Disaster Recovery Conference, at the Gallagher Convention Centre.