Last time, we introduced reasons why retailers need to pay particular attention to their risk profiles, and began looking at some of the most common risks they face. Other risks they should consider include:
Reputational risk in the era of social media. Increasingly, people are connecting to the Internet via their mobile phones, which means that they can go online to express dissatisfaction about a retail experience almost in real time. Social media firestorms can quickly get out of hand, so a robust crisis communications plan needs to be in place to deal rapidly with adverse comments on social media sites. It’s a good idea for the spokesperson to be relatively senior—the temptation to give the social media role to a young and possibly inexperienced person can backfire dramatically.
ICT failure. Retail is already hugely dependent on its information and communications technology (ICT) systems, from tills right through to the back office. In addition, retailers rely on ICT to collaborate with members of their supply chain and manage complex logistics. It’s therefore vital that a proper disaster recovery plan forms part of the business continuity plan—no ICT system, no business.
An additional (and growing) risk is the fact that most retailers have an online presence, which consumers use either for product comparison or actual purchase. ICT failure can literally turn out the lights of online stores.
Buildings, including warehouses. Natural disasters can compromise a retailer’s outlets or warehouses, and so imperil the business. But the risks are broader, and should include fire, particularly at warehouses, which can be somewhat neglected in comparison to the customer-facing outlets.
Employee injury. With large staff complements, retailers need to be extra certain that they are compliant with all the applicable occupational health and safety regulations. Again, warehousing operations operating to tight deadlines, and where heavy equipment like forklifts is used, are a particular vulnerability.
While this does not pretend to be an exhaustive list, it makes a good starting point for retailers. Contact ContinuitySA for help in identifying and prioritising your particular risks when preparing your business continuity plan.]]>
Retail has always been competitive, but lately competition has ratcheted up several notches. Some of the drivers of this are familiar—disposable incomes are under strain—but others are not. Among the latter category: the growth in competition from online stores, which increasingly undercut prices while offering greater convenience and personalisation.
In addition, customers habituated to the online world are notably less loyal.
All these factors mean that even the strongest retailer finds itself somewhat precarious. In this cutthroat environment, being unable to trade can damage a retailer, and often that lost ground can be hard (or even impossible) to regain.
Given this highly competitive environment, retailers need to understand their risk profiles, and make sure their business continuity plans are updated accordingly. Based on its experience as Africa’s largest and leading provider of business continuity management services, ContinuitySA has identified some of the top business continuity risks that retailers face:
Socio-political risks. All businesses face these, from political instability to strikes, but it’s worth noting that retailers are particularly vulnerable. They have large, highly unionised workforces, and their outlets are often the first targets if civil unrest breaks out.
Product recalls. Retailers constantly face the risk of contaminated or otherwise faulty products landing up on their shelves. Aside from the reputational risk involved—remember the contaminated baby food scandal a while back?—dealing with product returns or even a full-scale recall can be costly in both financial and manpower terms.
Supply chain disruption. Retailers sit at the end of a complex network of supply chains, some of which are very long. All of this exposes them to a wide variety of risk. Diversifying the supplier base is one strategy for risk mitigation, while some retailers maintain stockpiles of goods to provide a buffer in case of supply chain disruption.
Another important risk factor is that the retailer’s suppliers are themselves at the mercy of their supply chains. A business stoppage in a subsidiary supply chain can have a dramatic knock-on effect for a retailer.
It’s imperative to understand all the dependencies of your primary supply chain, and the effect that the inability of a supplier’s supplier to meet its commitments would have. Business continuity planning, especially in the retail sector, has to encompass the whole supply chain.
Next time, we conclude this focus on business continuity and the retailer with a look at the remaining risks.]]>
Early on in life, it’s perfectly normal to want to see for oneself whether a candle flame actually burns, and usually the experience is bought cheaply, at the expense of a brief pain. As one grows up, however, it’s advisable to learn to profit from others’ experience and one’s own analysis to plan ahead for events that could severely affect one; in this case, could put one out of business.
Business continuity planning could be thought of as the way in which a company profits from others’ experiences and its own analysis to assess all its risks and plan for even the unlikely eventualities. In other words, understanding that there might be a candle flame and how not to get burned!
For example, it probably goes without saying that all Japanese businesses have put plans in place against a tsunami, and the same goes for those companies that rely on Japanese suppliers. However, many companies whose businesses were ruined by the tsunami in 2011 would have been able to recover much more quickly if they had the right business continuity measures in place.
One should really consider business continuity as a way of applying one’s mind to assess what risks one’s business faces, and then putting in place what is needed to recover the business. It’s all about building business resilience.
Another, more positive example is the fire that ravaged the head office of a leading South African emergency-response company in 2009—an unexpected but foreseeable event for which the company had planned. It was able to move to a recovery site and assure clients it could continue to service them, a display of far-sightedness and “grace under fire” that resonated strongly with its brand persona.
Even if a specific event was not foreseen, a company with a comprehensive business continuity plan is nevertheless in a good position to adapt existing plans. One could argue that the recent earthquake on 5 August 2014 at Orkney is an event that would previously have been rated a low probability, but which nonetheless occurred.
It’s highly likely that mines and other businesses in the area may have discounted the probability of such a large seismic event, but those with contingency plans in place for disasters of similar magnitude would have been more likely to recover quickly. What’s certain is that many more businesses in that area will now have included a repeat earthquake in their scenario planning. Let’s also hope that they have looked at their entire risk profiles with greater care as well. Businesses need to be prepared for disasters if they are to survive: learning by experience can be disastrous, literally.]]>
Minimising the risk to employees is a clear priority for any company, be it planning a response to a health crisis or a natural disaster. But from a business continuity point of view, companies also need to look at the bigger business impact once staff have been protected.
What should not be forgotten, however, is the impact on the company’s supply chain. Today’s supply chains are long and complex: companies are sourcing products and services from far afield, and they are looking for new markets. All of this means that their vulnerability to pandemic-related risks is greater.
In this instance, although a company and its people might not be likely to be directly affected by the outbreak, it could be that a supplier or a supplier to a supplier has a manufacturing plant in Liberia, or is reliant on raw materials from Sierra Leone. Companies need to understand the knock-on effects if a member of the supply chain is unable to meet its commitments.
The overall message from the Ebola outbreak is clear: Do not let unexpected disasters take you by surprise. Make sure you have a comprehensive plans in place so you are prepared!
Read our Press Release Here.
Monitor the Ebola pandemic (and any others) and get useful information from the National Institute for Communicable Diseases.]]>
The death toll continues to mount—at the time of writing it was 650 and rising—and health ministers from the Southern African Development Community have announced a strategic plan to prevent the spread of the virus into our region, and to treat any people who are infected.
Of course, it’s a humanitarian disaster first and foremost, but the implications for business are profound, both generally and in this specific case.
As an immediate action, companies should take a look at their business continuity, crisis management and associated plans (pandemic). Obviously, Ebola is top-of-mind so it is worthwhile adapting a general strategy to the current crisis—just in case. This would be particularly relevant for companies that have business links with the West African region, or whose people visit it, or whose people are particularly at risk. Freight or courier companies and health care professionals are two examples that spring to mind.
Tracey Linnell, General Manager: Advisory Services at ContinuitySA says that companies could do well to dust off their plans for an outbreak of the SARS virus/pandemic and use them as a starting point for an Ebola-related plan of action.
A key element of the strategy is communication with employees, and that should begin now. Education is key to preventing infection, and to getting treatment quickly in the case of infection. It’s also a way to prevent any sense of panic in companies whose employees are likely to be brought into direct contact with people from the West African region.
In out next blog, we’ll look at some of the broader implications of pandemics.
Read our Press Release Here.
Monitor the Ebola pandemic (and any others) and get useful information from the National Institute for Communicable Diseases.]]>
When an emergency strikes, companies often find themselves on the back foot. The first thing to understand is that when a crisis breaks is not the time to be deciding what to do and how to do it! The protocols and procedures for managing a crisis must be decided and understood before it strikes, and should form part of Business Continuity planning.
One of the most important parts of any crisis management plan is communications. In fact, I would argue that a good crisis communications plan is the primary tool for limiting the damage to the company’s reputation, and for mobilising support for the recovery effort.
We live in a Digital Age in which, almost without exception, everybody has access to the Internet via computers or, increasingly, mobile devices like smartphones and tablets. This always-on connected world is characterised by a surge in the number of social media platforms: Facebook, LinkedIn, Google Plus, Twitter, WordPress and Tumblrare some of the most common. These platforms host communities of users, and are characterised by content sharing and real-time communication.
They are thus ready-made communication channels through which the company can reach stakeholder groups in a crisis situation. This is crucial when rapid communication in real time is a priority. They also offer a company a useful listening post through which to gauge how fast a crisis is spreading, and what people are saying.
The first thing to do is investigate which social media platforms are most suitable for your company, and where its communities are already posting information. As a rule of thumb, Twitter, Facebook, Instagram and YouTube are most often used in crisis situations.
A final point: set up the company profile on all platforms, even if you don’t use them, so that they are ready to be used in the event of a crisis.
Next time, a look at the importance of planning.]]>
When it comes to embedding BCM into the corporate culture, it’s important to recognise that there is no “one size fits all” for this activity. It has to be tailored to the company, its people and the business in which it’s involved. At each phase in the BCM life cycle, there are opportunities to create and enhance a BCM culture. Many of these opportunities are created not by the experts but by ordinary employees. This type of initiative should be encouraged because it shows that BCM is taking root.
There’s also a view that BCM should be implemented in controlled, well-tested phases rather than a concerted, company-wide initiative. Such an approach allows for the process to be constantly adjusted by taking into account feedback from each phase. (The five steps for implementing BCM are outlined in an earlier blog.)
It’s critical to ensure that the BCM programme is allowed to mould itself to the company and its people. In this way, abstract best practice becomes “how we do things here”, and that’s a very powerful way of ensuring that the plan remains current. At the same time, though, it’s also very important that the people who are ultimately responsible for the effectiveness of the BCM plan—the directors—are fully behind the rollout, and visibly support it.]]>
Six months later, headline earnings were down almost 100 percent. A company whose prospects had looked so bright soon lost its allure, and was ultimately delisted after only one year of trading on the AltX.
This spectacular fall from grace could not be attributed to anything dramatic like a terrorist attack or earthquake, but simply to a lack of effective operational risk management. The company was sunk by a combination of factors, including power outages, port congestion and poor harvesting practices—all operational risks that were, presumably, well understood within the company. Indeed, BCM planning could have ensured that there were simple and effective solutions in place, such as:
King III, the new Companies Act and the Consumer Protection Act all, in their different ways, highlight the responsibility of companies and their directors to ensure that risks are managed adequately. Despite this, BCM is often overlooked as the most effective way to identify and manage operational risks effectively. While the board retains ultimate responsibility for risk management as a whole, the executive management team is responsible for implementing the operational risk management framework approved by the board and itsdirectors. This framework should be implemented throughout the whole organisation, and all levels of staff should understand their roles and responsibilities with respect to operational risk management.
The alternative, as we have just seen, can be frightening!
Next time, to conclude this series, some thoughts on how to embed BCM into the organisation.]]>
Let’s begin by remembering how widely the effects of a disaster can be felt. If an individual company experiences a disruption, it can be devastating for the people who work it or rely on its products or dividends. But imagine large-scale disasters, like the Japanese tsunami or the bush fires in Australia,that put many businesses out of commission. If the companies cannot get back up and running quickly, the effects are multiplied because the tax base is affected and economic recovery delayed.
BCM is critical because it looks beyond dealing with the emergency itself. It takes into account what will be required to get the business up and running as soon as possible and keep it and its dependants working and contributing to the economy for the long term. The failure of BCM affects the company concerned, a number of people who will experience personal disasters when operations cease, as well as government.
One could even argue that BCM is not only a risk management process, but also as a basic human right because it provides:
BCM (or the lack of it) thus has far-reaching effects. In order to make it work, stakeholders across the business and its value chain all have to be involved: managers, process owners, strategic planners, project and procurement teams, key suppliers and directors all have to be involved in managing risk. It goes much deeper than just preparing for a major event—a flood, a terrorist attack or the like—but of preparing the business and its employees for anything. An effective BCM plan based on international best practice will generate the following six clear benefits:
Next time, a look at what BCM failure looks like.]]>
ContinuitySA recommends following the following five steps:
Next time, let’s look a little more deeply into BCM.]]>