Every organisation faces risks - and how decision-makers manage those risks gives stakeholders a measure of the potential for sustainable success.
Most risks within an organisation are bound by its goals, how it achieves them, and its ability to manage the environment. Those faced by a utility company are very different from those faced by banks.
A common theme is the need to ensure the organisation’s ongoing viability when facing significant disruption. Business Continuity is an invaluable part of any risk management and governance structure. It provides the capability through which an organisation and its people manage the problem and recover to a viable state.
Good Business Continuity plans enmesh with the organisational view of its future, and give a framework to manage the reaction to disaster. Identifying and reviewing the organisation’s critical processes ensures the entity can assess the resources needed to react to the disruption. The organisation can then consider the impact of risks to each of the critical processes, and decide whether to terminate the activity, transfer it to a third-party through insurance or outsourcing, or accept the risk as part of their overall appetite. Unless terminating the risk, it remains with the organisation, although the financial costs might be reduced.
A Business Continuity system calls for different decision-making bodies to manage the problem. An overall Incident Management Team reviews the strategic implications and immediate aftermath; a Disaster Recovery team manages the recovery process; and a Business Continuity team manages the return to normal. Each area of the organisation needs its own operational plans to focus on their critical activities, whilst the Business Continuity manager provides coordination and direction to ensure a synchronised procedure.
The Incident Management team includes senior stakeholders to provide ultimate authority, especially whenever a reputational issue arises. It might even be that the Disaster Recovery and Business Continuity teams are not involved at all.
Crucially, the plan needs testing. Research shows that no matter how good your plan, it is only when tested ‘for real’ that the inevitable defects arise - and 80% of those undertaking exercises find fundamental flaws.
Finally, plans need review and maintenance. Organisations change, procedures evolve, and the environment is constantly altering. Plans need to change too else they will have been an expensive exercise of no ultimate value.
Article Directory : http://www.articlecube.com
