Posted by Jeff Weber on Wednesday, June 3, 2015 - 10:53
The statistics are alarming: In 2012 alone, natural catastrophes and manmade disasters resulted in global economic losses of an estimated $186 billion dollars.
Extreme weather, cyberattacks and failures of critical systems are just some events that can wreak havoc on business operations. If one would strike, would your organization and its employees be able to forge ahead beyond the challenge?
It will depend largely on how well you have managed the risk. This is where a BCM plan can make all the difference.
Business continuity management (BCM), as Protiviti defines it in the Guide to Business Continuity Management, is “the development of strategies, plans and actions that provide protection or alternative modes of operation for those activities or business processes, which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially significant loss to the enterprise.”
The criticality of planning ahead
Establishing BCM before disaster strikes is essential. This example helps to underscore why: In 2005, Florida was hit with five hurricanes within the span of a few weeks, knocking out phone service and power in many communities.
Communications between a regional airport and its web provider were severed, cutting off a critical line of employee and public communications, including flight information. Traditional cellular circuits were overloaded, creating widespread service outages.
Fortunately, the airport had a backup communications plan in place that allowed a third party on a different power grid to update the airport’s website, using information provided via military-grade satellite cellphones, allowing the airport to minimize chaos, ensure proper staffing and provide aid to employees affected by the storms.
Understanding risk = understanding value
As obvious as the need for BCM may be, many companies fail to implement a formal plan because they never see or fully realize the potential threats to their business. But properly assessing risk should help magnify BCM’s value.
For instance, many regulatory bodies now require corporations to maintain business continuity plans, and those that don’t could be fined or prohibited from operating. Numerous financial risks also need to be considered, including contract provisions that hold companies accountable for delivering products or services even during adverse circumstances.
And certainly, reputation risk can’t be overlooked. Maintaining the public’s approval, especially in times of crisis, is invaluable for any organization’s continued success.
The core components of a BCM plan
According to Protiviti’s Guide to Business Continuity Management, a BCM plan should include these three elements:
- Crisis management and communications: These processes enable organizations to respond effectively to a disruptive event. It helps them to focus on stabilizing the situation and preparing the business for recovery through effective planning, leadership and communication protocols.
- Business resumption planning: This involves the recovery of critical business functions and processes that relate to or support the delivery of core products or services to a customer.
- IT disaster recovery: This process addresses the recovery of critical IT assets, including systems, applications, databases, storage and network assets.
Gathering support for BCM
Like any major business initiative, buy-in from key stakeholders from the outset helps to ensure success – and sustainability. Establishing an effective BCM plan requires:
- Sponsorship – assurance of organizational and financial support
- Ownership – direct responsibility for overall program execution
- Custodianship – responsibility for the coordination of BCM tasks executed throughout the organization
As far as selecting appropriate sponsors and owners, Protiviti recommends looking to executives with visibility across the entire business and experience in risk management. The chief financial officer, chief operating officer, chief risk officer and chief information officer would make strong candidates to lead the endeavor.
Support from C-suite executives also helps to ensure accountability — and ultimately, the effectiveness of BCM, when the moment of truth arrives.
Download Protiviti’s Guide to Business Continuity Management for more information on how to make BCM a central part of enterprise risk management.
Jeff Weber is a Managing Director in Protiviti’s IT Consulting practice.
Does your organization have a BCM plan? Share your best practices in the comments below.