Magazine article Financial Management (UK)

What's the Worst That Could Happen? Two out of Five Enterprises That Suffer a Disaster Will Go out of Business in Five Years, According to Research by the Gartner Group. Michael Gallagher Explains How an Effective Continuity Management Plan Can Improve Your Firm's Chances of Survival. (How to Business Continuity)

Magazine article Financial Management (UK)

What's the Worst That Could Happen? Two out of Five Enterprises That Suffer a Disaster Will Go out of Business in Five Years, According to Research by the Gartner Group. Michael Gallagher Explains How an Effective Continuity Management Plan Can Improve Your Firm's Chances of Survival. (How to Business Continuity)

Article excerpt

Business continuity management (BCM) is defined by the Business Continuity Institute as "the act of anticipating incidents that will affect mission-critical functions and processes for the organisation and ensuring that it responds to any incident in a planned and rehearsed manner".

This definition focuses on three key factors:

* The organisation must examine the risks to which it is exposed and consider how best to manage them if an incident occurs. The terminology is important: the word "disaster" conjures up images of fires or floods. "Incident" includes these occurrences, but it can also relate to power cuts, telecoms failures, fraud, contamination, the failure of key suppliers and other events that do not sit comfortably under the generally accepted meaning of disaster. It could even cover the inappropriate comments of an indiscreet senior executive at a public function.

* BCM is not about plans for the everyday things that go wrong--it's concerned with significant incidents that have a considerable impact on core business activities. It's too easy to divert effort into developing procedures to cope with the failure of day-to-day processes. While these must exist, BCM needs to focus on the big picture.

* Proper planning, the meaningful involvement of appropriate people and thorough testing are all prerequisites of an appropriate response.

BCM is largely the outcome of a process that started in the early 1970s as computer disaster recovery planning, which documented the actions required to safeguard or re-establish IT operations. This was more concerned with restoring a firm's financial systems to working order, for example, than about whether there would be any offices left to house the finance staff who used them.

In the 1990s the emphasis shifted from IT to an approach considering all aspects of an organisation's business. BCM is no longer seen as a project with a defined end date; it is now a continuous process. And, since the terrorist attacks against the US on 11 September 2001, it has assumed a new importance. Firms realise that their survival could depend on it.

This heightened level of awareness means that a greater budget allocation may be available to BCM. More significantly, the message preached by business continuity practitioners for years that BCM principles should be an integral part of the business planning process is now more likely to be heard. This applies to capital projects, new processes and applications. BCM and risk-management considerations should be addressed in the "business requirements" phase of projects rather than as an add-on when completed. At that stage such additions become expensive.

To a large extent, it was Y2K that provided the greatest boost to BCM. Fear and uncertainty about the implications of the changeover caused many firms to consider business continuity for the first time. It increased awareness of interruption issues, resulted in a better understanding of critical processes and improved co-operation between the public and private sectors on emergency management issues.

The work done to ensure that IT systems coped with the date-change also significantly improved firms' control over their systems. User documentation was improved and, for the first time, some companies established a proper inventory of their data. Many of those people who had been responsible for the millennial changeover project were then given the task of building on the work they had done, and of broadening it out into full-scale corporate BCM programmes.

There are many reasons why every organisation should have a BCM plan. In some cases the initiative comes from pressure to respond to the recommendations and demands of auditors or insurers. Sometimes the driving force is the concern of non-executive directors, who are conscious of their responsibilities under the requirements for sound corporate governance. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.