|
 Jeffrey M. Dato, MBCP
Vice President, Risk Management and Corporate Real Estate
Pinnacle Airlines Corporation
Congratulations! By reading this, you are taking the first
step along the journey to better understanding of how an
effective business continuity program can affect (directly
or indirectly) who you (as a company) are, how and with
whom you do business, and which strategic direction to follow in
order to minimize downside exposure to operational and reputational
risk.
The recent SEC ruling requiring companies to document risk
management issues with their proxy statement underscores the scrutiny
offices and directors are under with regards to managing their
business in a prudent manner. That venue is an excellent opportunity
to showcase the lengths your organization is going to ensure operational
resiliency and how you value all stakeholders when considering
strategic decisions. Your resiliency vehicle, business continuity
management (BCM), is just one component of managing enterprise
risk, typically tied to an enterprise risk management (ERM) program.
As with ERM, linking BCM to your corporate mission statement –
who you say you are – can go a long way to ensure you are focused
on meeting the expectations of your stakeholders no matter what
unplanned mayhem may occur.
Historically, many executives have dismissed business continuity
as another form of insurance. Do not be misguided. Insurance
just replaces the financial losses incurred – not your business. As an
officer or director, you are in a position of trust and obligated by the
Uniform Commercial Code (“Prudent Man Rule”) and common law to
manage the business to the best of your ability – which includes the
consideration of risk (upside and downside) in all financial, operational
and strategic decisions. This concept extends to all stakeholders
– investors/shareholders, employees, business partners (customers
and suppliers), etc. – who will remind you of your obligations and
commitments at time of crisis.
Using the recent oil spill in the Gulf of Mexico as example,
imagine your organization facing similar public outrage. How about
the media frenzy surrounding the former energy giant in Houston
or, more recently, New York-based global insurance, brokerage and
banking conglomerates now only former shadows of themselves?
There are multiple other examples where ill-prepared companies
were not able to meet customer obligations due to key suppliers
experiencing unplanned operational failure. In the end, the customer
will not care if you chose to outsource a key component or process
– it is your product, it was promised to be delivered on time, and it
is impacting their reputation and financials. No excuses will be accepted
and your company’s (and, likely, individual) reputation will be
tarnished for the foreseeable future.
Unfortunately, in the aftermath, you will have a lot of time to ponder
whether it was worth the cost savings realized by not implementing
a proper business continuity program. No one wants their company
to be the case study cited in either business schools or articles
like this one. Studies have proven the value of being prepared. Take,
for example, an independent study conducted by Oxford University
where they analyzed the share price (post-impact) of organizations
who faced a crisis. Results showed that those who responded well
experienced a 5 percent increase in share price as compared with
a 15 percent decrease by those who did not. A 20 percent return on
investment variance is real money.
A well-designed and oft-exercised business continuity program
encompases a wide array of processes, including Incident response,
crisis management, business resumption, and IT disaster recovery.
These components work hand-in-hand with your other ERM and
risk management processes, including areas like insurance and
occupational health and safety. Used appropriately, these processes
can help to maintain your business, integrity and reputation while in
the eye of a storm. While business continuity may not be the magic
elixir to bulletproof your organization, the concept of managing risk
effectively does apply.
What does this all mean to you? Take it seriously. Today. Read
the articles included herein. Ask questions of your risk and business
continuity groups. Listen to their answers and respond accordingly.
Be prepared. The era of “It won’t happen to us” is forever gone.
Sometime, somewhere – “it” can happen and “it” will. Godspeed.
 |
