- Regulatory agencies, financial markets, and investors expect more savvy risk management practices from corporate leaders, as evidenced by widespread regulatory reforms in developed nations;
- Several large-scale, tragic events in recent years have heightened awareness of the extremely difficult challenges businesses face when disaster occurs;
- Relentless pressure to reform management, manufacturing, and administrative processes to achieve efficiency gains especially in case of a disruption.
- This centralization of critical processes is introducing new single-points-of-failure – a fact often overlooked by senior executives.
A fire gutted a key manufacturing facility providing printed circuit board (PCB) components to other company plants and to two long-standing and lucrative contracts. Emergency responders and fire trucks left the scene; fortunately no one was injured. Executive management gathering in the parking lot had to answer the following questions:
- Who would be in charge and empowered to make decisions?
- Where would the team relocate to begin plotting the way forward?
- Who would brief employees, the press, and the board?
- Would damaged equipment on-site be difficult to replace?
- Where and how quickly could production resume?
- Which customers would receive standing inventory?
- Were there liability risks and contractual obligations to the firms’ partners?
This example illustrates the myriad of difficult questions faced during unexpected disruptions, all of which must have answers.
No two organizations share the same business processes, risk exposure, culture, or management style. However, every organization can follow a similar methodology when developing a business continuity program tailored to their needs.
Some organizations invest heavily in one life-cycle phase (such as documenting plans) but not another (such as training). When allocating resources for the business continuity program, executives should understand the current position of the organization and set life-cycle goals that represent forward gains.
Before kicking off any new business continuity plan, executive managers should confirm that four essential skills are manifested on the project team.
Business Expertise – Managers from all key functional areas should be represented on the team;
- Planning Methodology – The project team should have a workable methodology established;
- Participation – Key participants should be available to the project team throughout the full life-cycle. Organizations with high turnover should consider accelerating the project life-cycle;
- Project Management – A project management structure should be in place to ensure all participants understand key project tasks and due dates.
Many executives have found that an effective business continuity program includes, but may not be limited to, the following:
- Emergency Response Plans – Initial activities that protect people, property, and equipment in the immediate aftermath of a serious incident;
- Crisis Management & IT Incident Management Plans – Management-oriented documents that facilitate effective incident response, impact management, stakeholder reassurance, and strategic positioning after recovery;
- Crisis Communications Plans – Documented processes for keeping both internal and external stakeholders apprised of unfolding events and organization response;
- IT Disaster Recovery Plans – The process by which IT professionals restore key IT functions at hot sites or alternate production facilities following disruption;
- Business Function Recovery Plans – Plans that anticipate recovery of critical business functions at alternate locations or via alternate processes.
Industry best-practice continues to drive the convergence of historically-disparate risk management functions, including security, quality, insurance, and IT security. Within this trend, business continuity planning has its place as “insurance” for uninsurable risks.
About The Author: Brian Kaye is national practice leader of business continuity for Control Risks North America. He is responsible for developing, implementing, and managing world-class business continuity solutions for Control Risks’ client base in North America, including Fortune 100 companies.
"Appeared in DRJ's Spring 2008 Issue"