Globalisation and new technological innovations are shaping the way businesses interact and conduct business with each other. However, regardless of the opportunities they both bring, these new developments are also presenting an enormous amount of risks to businesses of all sizes. Businesses have become so integrated to the extent that a disaster in one location can strike many different businesses. Natural disasters are also having an impact on various business operations.
Business risks range from strategic, operational, financial to hazard risks and as a result an effective control system should always be in place to mitigate these risks. In December 2009, five trains operated by Eurostar failed inside the Channel tunnel causing massive delays and disruptions to thousands of passengers. Many families lost the precious opportunity to spend Christmas with their loved ones, business people failed to attend important meetings etc. Then in January the following year, a huge earthquake caused devastation across Haiti resulting in loss of life, destruction of buildings and power lines.
Further, the Icelandic volcanic ash in Scotland disrupted air travel across Europe and the rest of the world. A report by the European Commission put the cost to European tourism sector at one billion euros. Think of other businesses that were affected due to disruptions in supply chains, breakdown of IT system and fire damage due to power failures etc, the costs exceed one billion euros.
The above cases are proof to us that every business needs to have a business continuity plan in place. One might ask, how do you prepare one?
- Identify the risks that are significant to the fulfillment of your business objectives. Be careful not just to select general risks, the risks you select should be specific to the market sector in which your business operates and also the circumstances at the given time.
- Identify the processes or functions within your business and how they interact with each other. Ask yourself, “What would happen if either one or more of the processes or functions is disrupted and how this will affect the rest of the business?” This will help you identify the critical areas of your business.
- Always ask yourself, should a disaster strike, “How much information and time can you afford to lose getting your systems up and running again?” In the event of power failure or property damage, do you have other premises to operate from?
- Having identified the risks to your businesses, the critical processes or functions and quantified the impact that a disruption of these business processes will have on your business, recommend countermeasures that can be employed to reduce risks. For example, this might involve constant checking of IT systems for virus or spyware threats. It could also involve monitoring of safety systems such as fire alarms and fire extinguishers in the case of fire risks or arranging appropriate insurance cover.
- The next step is you need to document all the risks and the impact to the business as a whole. This risk register should always be updated as the business environment and strategies change.
- Having done that, there is need to recommend strategies for business continuity purposes. For example, you might need to backup all the important information at the end of each day and keep a copy off the premises. In the event of your IT system crashing, you know that you have a copy of all the important information which you can restore on the new or repaired system.
- As mentioned earlier on, the business environment and your circumstances are always changing, you need to organise and facilitate regular and thorough testing of the business continuity plan and update it accordingly.
With so many risks affecting businesses today, failure by the manager to ask questions on the appropriateness of their business plans and their integration with operations can cause potential problems during a crisis.