Interdependence in Most Industries
The financial services world was one of vertical integration. The large firms had all sides of the transactions in-house. Competition and the drive to be efficient have changed these practices dramatically. The securities market must perform in very short time frames via highly interwoven and interdependent functions. The securities world is advancing to a point where the time between a stock trade to cash settlement is shrinking from four days to one. This large “settlement to cash” initiative is called straight-through processing. Straight-through processing is representative of a larger inflection point where time expectations for complex transactions are presumed to be near real-time. Synchronized movements of money, information, and other resources are becoming more commonplace.
Complex and immediate transactions require a high degree of interdependence among cooperating firms. Increasingly, if a “transaction partner” firm is unable to perform its function it is probable that your organization will be unable to perform one of your critical business functions. This is the very definition of a disaster. This disaster, like a fire or flood, will require that your business continuity plans go into operation.
Motorola has extensive product lines. These products require a complex electronic network of suppliers to fill shop floor kanban boxes to achieve just-in-time manufacturing. Even more daunting is to operate a manufacturing concern at this speed and maintain the quality requirements that Motorola is famous for. Fifteen years ago most manufacturers carried much larger inventories of work in progress. Today manufacturer’s inventories are carried on the vendor’s books until they are used on the production line. Ideally, these goods are produced and shipped in the same day, achieving the near mythical one-day inventory turn. If this complex network of goods and processes is slightly disrupted it is likely that your firm will be unable to perform one of its critical functions. The week-long closure of the U.S. borders in the aftermath of 9/11 caused a great deal of trouble for U.S. automakers that were depending upon the daily shipment of automotive assemblies to arrive from their Canadian plants. The assembly lines did not stop immediately, but the drive for competitive efficiency made it clear that there was a very real need to validate their risk evaluations and business impact analyses in case of another border closure.
In financial services, manufacturing, and many other industries there are a number of channels to the global market. These channels to market have varying degrees of independence from your firm. These brokers and dealers could shift away from your firm quickly if it was unable to perform. There may be existing systems and processes in place that can further these efforts as well. Examine your existing supply chain and CRM systems as an untapped information source.
Consider tightening some of these relationships. Too often the opportunity to meet and build a relationship with your critical channels is limited to the annual sales boondoggle in Florida.
Examine your risk evaluation in light of the other organizations that are critical to your corporate success. Sole source suppliers of goods or information are an Achilles heel. How long can a business function when a critical external supplier cannot perform? Use enterprise business process documents, supplier, and sales operations documents to identify these external risk items. In your analysis be very careful to consider all aspects of time. The most effective way to measure the depth of a business partnership is in time. If they or your organization were unable to perform, how long would the partnership last?
Sometimes the answer requires a key scenario to drive the answer into the open. What would the business impact be if they were unable to perform? Time, switching costs, and process modifications will drive quantitative expenses.
New Controls & Continuity Strategies
Your organization may already have reciprocal agreements in place with your business partners. These agreements are likely for computing equipment and office space. Consider the value of having supplier and broker agreements in place in the case of differing scenarios. Examine critical external organizations in view of your emergency response plan as well. From emergency supplies to sharing evacuation plans, coordination will increase life and safety. These external organizations might be located next to your building or a firm in your industry quite far away. Attempt to view them as a source of risk controls (risk-mitigation) as well as a potential source of risk. Frequently, emergency response plans like security cameras, only point inward.
In considering the value of these organizations it is important to establish executive relationships and conduct operational level joint exercises. The executive relationship will keep your options fluid when the unforeseen occurs.
The operational table-top exercises will introduce staff counterparts and create communication paths that will likely need to function quickly, if needed.
Information and forewarning is the largest single control among networked organizations. Being forewarned is being forearmed. Civil unrest in Mexico could cause a series of events to occur that will deal you a significant blow in North Dakota. Time is your greatest ally to launch your plan and establish the steps and procedures needed to mitigate the event. Our previous thinking was wait until the disaster occurs and recover quickly. The networked enterprise proactively verifies the status of its critical external organizations. Sometimes no news means that there was no one available to place a call.
Summary
A disaster is the inability for an organization to perform one of its key critical business functions. In the networked world we live in, a critical external organization can have a devastating impact if it fails to perform. It is wise for continuity planners to re-evaluate their risk evaluations in light of this understanding. These critical external organizations are also a potential source of controls. Mutual aid agreements and multi-organization exercises can help to identify and quantify networked organizational impacts. Information and forewarning is the largest single control among networked organizations. Take your planning a step further in the proactive identification of the status of these critical external organizations. Time is important in being able to declare or activate controls as soon as possible.
Jeff Covert is a vice president at the NC4 division of the Candle Corporation. He is responsible for professional services. Prior to joining Candle Corporation, he was a regional vice president at Oracle Corporation. Covert is also a professor at Loyola Marymount University’s Graduate School of Business where he teaches Information Technology Strategy. Covert received a B.S. from the University of Southern California and a MBA from Loyola Marymount University.
