One of the key factors integral to the continued and effective operation of an organisation is a carefully planned and developed Business Continuity Management Planning framework.
Throughout this last 12 months organisations have continued to operate due to the planning they had completed prior to the COVID-19 pandemic challenges, enabling them to pivot and adapt to support the continued delivery of products and services to customers.
Now, as we face further disruption, it is timely to focus on ensuring your business invests the time and effort to review your continuity plans and make any necessary adjustments to build your resilience. The process needs to combine individual and industry learnings and should address issues such as insurance, lease arrangements, supply chains and their resilience, workforce requirements and business systems.
This article focuses on Business Continuity Management, which is a key element of any Risk Management Framework – the purpose of which is to manage actual or predicted disruptions.
A Risk Management Framework is a critical function for successful operations and helps businesses:
- Identify their risks
- Determine risk appetite
- Develop and strengthen risk controls
- Monitor and measure level of risk
Risk Management is an overlay that organisations adopt to enable them to operate effectively and Business Continuity is a key element of any Risk Management Framework.
A Business Continuity Management System is a tangible demonstration by an organisation to its customers, employees, stakeholders, and suppliers of how resilient their business will be with the supply of products and services during a disruption.
The purpose of an organisation undertaking Business Continuity Planning is to deal with any potential business disruption, including natural and manmade disasters, which do not discern who they impact or when. It is significant to note the frequency of these events, from the evidence available, has substantially increased. Therefore, it makes perfect sense for organisations to spend time in examining the critical functions performed in their business and adopting controls to manage the impacts from any disruptive events.
Organisations are also encouraged to examine their business systems such as information technology, supply chains and third-party providers, to fully understand their vulnerabilities and the mitigation controls that can be adopted to strengthen these systems.
Further, many organisations have clear expectations from investors, stakeholders, regulators, shareholders and the community to prevent or manage these foreseeable events. So, by investing in Business Continuity Management to deal with disruptive events an organisation can minimise impacts to customers, operations, finances, legal & regulatory obligations, brand reputation and materiality.
A Business Continuity Management Framework is the mechanism that facilitates the development of a Business Continuity Plan. The key components of the framework aim to govern, assess, create, train, exercise, maintain and continuously improve the Business Continuity Plan.
Governance is about leadership, structure, accountability, roles and responsibilities, performance standards, communication and integration within and outside of an organisation in considering the importance and needs of suppliers and major customers.
Assessment concerns understanding the critical components of the business that are fundamental to its operation and the controls that can be adopted to manage disruptions.
Creation, or the formalising of arrangements, is another important step and should be conducted across all business units to capture all the interdependencies within an organisation. This approach addresses any siloed culture issues that will prove detrimental to an organisation during a crisis period. There are many examples of plans that have failed due to internal disconnection and siloed approaches. The best results are produced when plans are fully integrated and a ‘whole of organisation’ approach is nurtured and rewarded.
The training, exercising and maintenance aspects of the framework are somewhat self-explanatory but take note: Developing the plans is not the end of the story. Exercising and regularly reviewing to continuously improve plans, particularly after an event, is also critical (and highly recommended). It simply makes sense to include training, exercising and scenario planning in your corporate training calendar to continually drive success and to overcome any complacency.
A regular ‘review cycle’ allows an organisation to align its changing business strategy with its Business Continuity Plan. During this Covid-19 period organisations that were agile and had given consideration to business continuity were innovative in their operational responses to disruptions.
The Business Continuity Plan should be tailored to the needs of the business and the plan should be scalable and flexible, recognising there will be differences in the impacts and consequences associated with the various types of events an organisation may experience.
There is strong evidence that points to the benefits organisations derive from Business Continuity Management and Planning. The thinking, planning, documenting, exercising and reviewing enable an organisation to absorb and bounce forward more effectively from the shocks and stresses of any disruptions.
Nuffield Group has built a highly capable team to deliver sustainable Crisis and Emergency Management solutions to organisations. Find out more here.
Can we help you?
Call 1300 308 257 or +61 404 852 062
Or email us direct at nuffield@nuffieldgroup.com