A company that assesses and prioritises these risks in a methodical way is obviously going to be much better placed to bounce back from a disaster—and we all know just how frequently they seem to occur nowadays. The fact of the matter is that because supply chains and markets are now global, a natural disaster in Japan or Iceland can affect a business in Port Elizabeth, a bank failure in Spain or Hong Kong can delay a production line in Rosslyn, and a flu pandemic in Atlantis can affect a store in Joburg.
In this way, BCM can actually improve a company’s overall governance by bringing all its financial liabilities into view—some may have been hidden from board members owing to the complexity of the business environment. BCM, in other words, enhances sustainability.
Another big benefit of BCM is the fact that it increases the confidence employees have in the company, thus contributing to employee engagement. It’s a truism of corporate jargon that “our people are our competitive edge” but it’s true nonetheless. Anything that makes employees want to stay with the company and give it their best efforts is a plus. The same is true of clients and business partners, provided that the company’s proactive BCM stance is properly communicated to them.
This type of proactive approach, too, we at ContinuitySA believe, creates a company that is generally more forward-looking—not only when it comes to risk. Such a company is also more likely to be alive to new opportunities as well. When a company really becomes BCM-savvy, it really does set itself on the path to success.]]>
Such an approach is always a mistake because it means the company simply incurs extra expense and trouble for no real benefit. It’s a common attitude towards governance codes like King III, for example—and companies with that attitude are the ones that always complain that it’s just an added “cost of doing business”. In fact, good governance can mean good business, as international research (and experience) shows.
The same is true of BCM. Approached in the right spirit, it can deliver much more than the ability to survive a disaster—it can create a stronger, more resilient company all round.
Growing awareness that the process of assessing risk and putting contingency plans in place to mitigate it can generate wider benefits are evident in the way that old-style IT disaster recovery has mutated into something much more. In fact, the 2012 ISO22301 standard for BCM places it within the context of “societal security”, thus placing the discipline clearly within the broader drive towards corporate sustainability.
Sustainability has become such a buzzword in the past several years because it’s become so clear that companies’ success is due not only to their own efforts but those of a broader community of stakeholders, including employees, business partners and so on. The flipside is that a company’s failure affects not only its shareholders but its staff, their families, the staff and families of business partners and a much broader community of people and companies who depend on them.
In other words, “No man [or woman] is an island, complete of himself.” A company that realises this also starts to look at the risks it faces in a similar way. It no longer sees risks as internal only, but also external. Putting risk-mitigation strategies in place for this broad portfolio of risk has far-reaching consequences for its overall sustainability.]]>
The same logic is true for your company. If the parachute (so to speak) doesn’t open, then the destruction would affect not only your employees but also their dependents—at least four per employee when one takes into account their families, suppliers and their families, the people supported by the tax they all pay and the charities they support—in fact it’s probably more like 10 people per employee in reality.
Such an event is particularly devastating in South Africa, where unemployment is high—officially it’s 25 percent but we all know it’s much higher.
The truth is simple. Nobody—and particularly anybody with responsibilities—would jump out of a plane without a backup parachute. And yet many, if not most, businesses are blithely operating without business continuity plans, despite the fact that the only certainty is change and that Murphy was an optimist.
As Socrates said, “If a man truly understood the consequence of his actions, then he would do no wrong.” Now consider the consequences of a disaster if you don’t have a business continuity plan in place. Think of your staff and their families, your shareholders and other stakeholders and what would happen to them.
And then then make sure you have that second parachute ready, just in case.]]>
Based on its extensive experience helping clients integrate their contact centres into their business continuity management—and of running such sites—ContinuitySA believes there are five important considerations when assessing recovery options:
Does the recovery site operate on the infrastructure-as-a-service model? If a company is taking care of its own recovery, then it risks underspending on technology and spreading its resources too thin. If a third party is being used, make sure the infrastructure-as-a-service (IaaS) model is used. This shifts expenses onto the operational expenses budget; more importantly, it means the technology, facilities and bandwidth are able to be scaled as needed.
Is the technology at the right level? When assessing the merits of a site’s technology infrastructure, the following four areas need detailed scrutiny: PBX, switches, routers and phone/ data lines. A related question is whether the building is serviced by multiple telecommunications providers–being restricted to one supplier is not acceptable, from the cost and redundancy points of view.
Is the building itself adequate? Here one should consider not only the question of whether the space on offer is sufficient but also security. If the contact centre is a 24/7 operation, for example, does the security accommodate shifts? Does the building have enough generators and fuel reserves, as well as uninterruptable power supply units? And is it on good transport routes for staff?
Have the seats been purchased under the right model? Seats in a recovery centre offered by a third party can be purchased either on a syndicated or dedicated basis. Syndicated seats are shared with other clients, reducing the cost considerably but are offered on a first-come-first-served basis in the event of both companies experiencing a disaster at the same time, in the same geographic location. Even when this happens, says King, if the service provider has done its capacity planning well, it should still have enough seats for both clients.
Can you test if your contact centre is ready for an incident or disaster? The contact centre recovery site has to be tested thoroughly and regularly, or it cannot be assumed to work. Companies find this virtually impossible with in-sourced sites because of the impact on current business operations.
Contact us for any of your work area recovery requirements.]]>
Last time, we introduced reasons why retailers need to pay particular attention to their risk profiles, and began looking at some of the most common risks they face. Other risks they should consider include:
Reputational risk in the era of social media. Increasingly, people are connecting to the Internet via their mobile phones, which means that they can go online to express dissatisfaction about a retail experience almost in real time. Social media firestorms can quickly get out of hand, so a robust crisis communications plan needs to be in place to deal rapidly with adverse comments on social media sites. It’s a good idea for the spokesperson to be relatively senior—the temptation to give the social media role to a young and possibly inexperienced person can backfire dramatically.
ICT failure. Retail is already hugely dependent on its information and communications technology (ICT) systems, from tills right through to the back office. In addition, retailers rely on ICT to collaborate with members of their supply chain and manage complex logistics. It’s therefore vital that a proper disaster recovery plan forms part of the business continuity plan—no ICT system, no business.
An additional (and growing) risk is the fact that most retailers have an online presence, which consumers use either for product comparison or actual purchase. ICT failure can literally turn out the lights of online stores.
Buildings, including warehouses. Natural disasters can compromise a retailer’s outlets or warehouses, and so imperil the business. But the risks are broader, and should include fire, particularly at warehouses, which can be somewhat neglected in comparison to the customer-facing outlets.
Employee injury. With large staff complements, retailers need to be extra certain that they are compliant with all the applicable occupational health and safety regulations. Again, warehousing operations operating to tight deadlines, and where heavy equipment like forklifts is used, are a particular vulnerability.
While this does not pretend to be an exhaustive list, it makes a good starting point for retailers. Contact ContinuitySA for help in identifying and prioritising your particular risks when preparing your business continuity plan.]]>
Retail has always been competitive, but lately competition has ratcheted up several notches. Some of the drivers of this are familiar—disposable incomes are under strain—but others are not. Among the latter category: the growth in competition from online stores, which increasingly undercut prices while offering greater convenience and personalisation.
In addition, customers habituated to the online world are notably less loyal.
All these factors mean that even the strongest retailer finds itself somewhat precarious. In this cutthroat environment, being unable to trade can damage a retailer, and often that lost ground can be hard (or even impossible) to regain.
Given this highly competitive environment, retailers need to understand their risk profiles, and make sure their business continuity plans are updated accordingly. Based on its experience as Africa’s largest and leading provider of business continuity management services, ContinuitySA has identified some of the top business continuity risks that retailers face:
Socio-political risks. All businesses face these, from political instability to strikes, but it’s worth noting that retailers are particularly vulnerable. They have large, highly unionised workforces, and their outlets are often the first targets if civil unrest breaks out.
Product recalls. Retailers constantly face the risk of contaminated or otherwise faulty products landing up on their shelves. Aside from the reputational risk involved—remember the contaminated baby food scandal a while back?—dealing with product returns or even a full-scale recall can be costly in both financial and manpower terms.
Supply chain disruption. Retailers sit at the end of a complex network of supply chains, some of which are very long. All of this exposes them to a wide variety of risk. Diversifying the supplier base is one strategy for risk mitigation, while some retailers maintain stockpiles of goods to provide a buffer in case of supply chain disruption.
Another important risk factor is that the retailer’s suppliers are themselves at the mercy of their supply chains. A business stoppage in a subsidiary supply chain can have a dramatic knock-on effect for a retailer.
It’s imperative to understand all the dependencies of your primary supply chain, and the effect that the inability of a supplier’s supplier to meet its commitments would have. Business continuity planning, especially in the retail sector, has to encompass the whole supply chain.
Next time, we conclude this focus on business continuity and the retailer with a look at the remaining risks.]]>
Early on in life, it’s perfectly normal to want to see for oneself whether a candle flame actually burns, and usually the experience is bought cheaply, at the expense of a brief pain. As one grows up, however, it’s advisable to learn to profit from others’ experience and one’s own analysis to plan ahead for events that could severely affect one; in this case, could put one out of business.
Business continuity planning could be thought of as the way in which a company profits from others’ experiences and its own analysis to assess all its risks and plan for even the unlikely eventualities. In other words, understanding that there might be a candle flame and how not to get burned!
For example, it probably goes without saying that all Japanese businesses have put plans in place against a tsunami, and the same goes for those companies that rely on Japanese suppliers. However, many companies whose businesses were ruined by the tsunami in 2011 would have been able to recover much more quickly if they had the right business continuity measures in place.
One should really consider business continuity as a way of applying one’s mind to assess what risks one’s business faces, and then putting in place what is needed to recover the business. It’s all about building business resilience.
Another, more positive example is the fire that ravaged the head office of a leading South African emergency-response company in 2009—an unexpected but foreseeable event for which the company had planned. It was able to move to a recovery site and assure clients it could continue to service them, a display of far-sightedness and “grace under fire” that resonated strongly with its brand persona.
Even if a specific event was not foreseen, a company with a comprehensive business continuity plan is nevertheless in a good position to adapt existing plans. One could argue that the recent earthquake on 5 August 2014 at Orkney is an event that would previously have been rated a low probability, but which nonetheless occurred.
It’s highly likely that mines and other businesses in the area may have discounted the probability of such a large seismic event, but those with contingency plans in place for disasters of similar magnitude would have been more likely to recover quickly. What’s certain is that many more businesses in that area will now have included a repeat earthquake in their scenario planning. Let’s also hope that they have looked at their entire risk profiles with greater care as well. Businesses need to be prepared for disasters if they are to survive: learning by experience can be disastrous, literally.]]>
Minimising the risk to employees is a clear priority for any company, be it planning a response to a health crisis or a natural disaster. But from a business continuity point of view, companies also need to look at the bigger business impact once staff have been protected.
What should not be forgotten, however, is the impact on the company’s supply chain. Today’s supply chains are long and complex: companies are sourcing products and services from far afield, and they are looking for new markets. All of this means that their vulnerability to pandemic-related risks is greater.
In this instance, although a company and its people might not be likely to be directly affected by the outbreak, it could be that a supplier or a supplier to a supplier has a manufacturing plant in Liberia, or is reliant on raw materials from Sierra Leone. Companies need to understand the knock-on effects if a member of the supply chain is unable to meet its commitments.
The overall message from the Ebola outbreak is clear: Do not let unexpected disasters take you by surprise. Make sure you have a comprehensive plans in place so you are prepared!
Read our Press Release Here.
Monitor the Ebola pandemic (and any others) and get useful information from the National Institute for Communicable Diseases.]]>
The death toll continues to mount—at the time of writing it was 650 and rising—and health ministers from the Southern African Development Community have announced a strategic plan to prevent the spread of the virus into our region, and to treat any people who are infected.
Of course, it’s a humanitarian disaster first and foremost, but the implications for business are profound, both generally and in this specific case.
As an immediate action, companies should take a look at their business continuity, crisis management and associated plans (pandemic). Obviously, Ebola is top-of-mind so it is worthwhile adapting a general strategy to the current crisis—just in case. This would be particularly relevant for companies that have business links with the West African region, or whose people visit it, or whose people are particularly at risk. Freight or courier companies and health care professionals are two examples that spring to mind.
Tracey Linnell, General Manager: Advisory Services at ContinuitySA says that companies could do well to dust off their plans for an outbreak of the SARS virus/pandemic and use them as a starting point for an Ebola-related plan of action.
A key element of the strategy is communication with employees, and that should begin now. Education is key to preventing infection, and to getting treatment quickly in the case of infection. It’s also a way to prevent any sense of panic in companies whose employees are likely to be brought into direct contact with people from the West African region.
In out next blog, we’ll look at some of the broader implications of pandemics.
Read our Press Release Here.
Monitor the Ebola pandemic (and any others) and get useful information from the National Institute for Communicable Diseases.]]>
When an emergency strikes, companies often find themselves on the back foot. The first thing to understand is that when a crisis breaks is not the time to be deciding what to do and how to do it! The protocols and procedures for managing a crisis must be decided and understood before it strikes, and should form part of Business Continuity planning.
One of the most important parts of any crisis management plan is communications. In fact, I would argue that a good crisis communications plan is the primary tool for limiting the damage to the company’s reputation, and for mobilising support for the recovery effort.
We live in a Digital Age in which, almost without exception, everybody has access to the Internet via computers or, increasingly, mobile devices like smartphones and tablets. This always-on connected world is characterised by a surge in the number of social media platforms: Facebook, LinkedIn, Google Plus, Twitter, WordPress and Tumblrare some of the most common. These platforms host communities of users, and are characterised by content sharing and real-time communication.
They are thus ready-made communication channels through which the company can reach stakeholder groups in a crisis situation. This is crucial when rapid communication in real time is a priority. They also offer a company a useful listening post through which to gauge how fast a crisis is spreading, and what people are saying.
The first thing to do is investigate which social media platforms are most suitable for your company, and where its communities are already posting information. As a rule of thumb, Twitter, Facebook, Instagram and YouTube are most often used in crisis situations.
A final point: set up the company profile on all platforms, even if you don’t use them, so that they are ready to be used in the event of a crisis.
Next time, a look at the importance of planning.]]>