Horizon scanning essential for business continuity
In a constantly changing world where the future is uncertain and difficult to predict, "horizon scanning" is essential.
So said James McAlister, VP of the Business Continuity Institute (BCI) and director of Crisis Prepared, in a keynote address during the ITWeb Business Continuity 2015 Conference in Johannesburg yesterday.
The BCI says there are some threats that are more common among most organisations, while others present themselves to varying degrees between different geographic locations or industry sectors.
Organisations are different, so the horizon scanning process is essential to assess these threats and ensure that the right business continuity plan is in place to deal with the impact of them, it adds.
Quoting the House of Commons Science and Technology Committee, McAlister said in the absence of a crystal ball, horizon scanning can help organisations detect signals, identify trends and think more inventively about what the future might hold, enabling them to capitalise on opportunities and better mitigate threats.
Any organisation that does not have horizon planning is planning to fail, said McAlister, adding horizon scanning identifies potential threats to an organisation and the impact to business operations that those threats might cause.
According to McAlister, most organisations assume any future change is a continuance of frequency and direction of present trends among a limited number of political, economic, technological and social and variables.
The future for the organisation is expected to reflect the past and present or, in essence, to be surprise-free, he added.
"The future will not look like the past or the present, so using information from those domains provides a baseline for strategic resilience development but will not necessarily enable organisations to prepare for the future, in a proactive rather than reactive way."
While most CEOs are considering a strategic transformation of their organisation, poorly planned change initiatives, mergers and acquisitions or a shortage of resources can reduce the probability that these plans will succeed, said McAlister.
Better threat sensing and detection and stronger employee responsiveness to risk management and security are examples of the ways in which executives can protect their companies, he added.
To do this, auditors need to understand the operations of various corporate functions. They must also consider how this will alter the business' risk and control environment, audit processes and assurance activities, and the meaning of audit's value to the business, said McAlister.
In a global whirl of uncertainty, astute political and data risk analysis are critical - as is business continuity planning, he added.