Business continuity issues began to receive a new focus of attention after the information technology, terrorist action and disease scenarios brought home the unpredictable and critical nature of the problem. Business continuity and disaster recovery planning became something that simply could not be avoided if you planned to stay in business for long.
Business Continuity Planning (BCP)
BCP starts with a careful listing of the different risks that can disrupt normal business operations. These risks can include: Disease, earthquake, fire, flood, cyber attack, sabotage, hurricane, utility outage and terrorism.
Impact analysis of each type of risk is the next step. The immediate results can range from building loss or damage, through equipment and data loss/damage, to skilled personnel loss or unavailability. The impact that each such loss or damage can have on business functions is analyzed.
The criticality of affected business functions to continued operations is then analyzed along with the extent of damage that the business will suffer. Parameters like Maximum Tolerable Data Loss and Maximum Tolerable Period of Disruption are reviewed and laid down. Business and technical requirements for restarting the operations are also identified.
The findings of the analysis will help development of plans to minimize the impact and continue the business even during the disruption. For example, the IT disaster recovery plan will typically include:
- Selecting a secondary location that will not be affected by the risk
- Listing the facility requirements at the selected location to carry on operations fully from there
- The applications and the data that will need to be stored at the secondary location to continue operations uninterrupted
- Identifying the persons who will be in charge if a move to the secondary location becomes necessary and also the role of each member of the team
- The detailed procedures to be followed for the move and the emergency contact details of all team members
More issues will need to be planned for in case the disruption affects other departments such as production, distribution or warehousing.
The plan will be fully documented, and will include the detailed procedure manuals for actions to be followed under each disaster scenario.
Business Continuity Management
Plans need to be tested to ensure that they work as intended, say by moving the IT operations to the secondary location and identifying any problems. Needless to mention, personnel will need to be trained by providing them the context, detailed guidance and instructions and testing them on the field. Such orientation and training will also attend to another key requirement, viz. organizational acceptance of the business continuity plan.
Continuity management also involves keeping the plan current. Everything can change, including the organizational structure and policies, physical facilities, disaster risks and even the basic objectives of the business. In such a context, the BCP needs to be reviewed regularly to ensure that it will work in the current environment and ensure recovery from all disasters.
International standards like ISO/PAS 22399:2007 can provide guidance and benchmarks for developing the BCP. In fact, compliance with standards is an essential requirement to maintain the value of a company in the eyes of investors and others. Governments can also make it obligatory.
Periodical independent security audits can confirm that the company’s business continuity plan is complete and workable.
Business continuity plans are thus much more than simple contingency plans and incidents management after they occur. Every type of risk must be visualized, the impact of each analyzed, detailed procedure manuals must be compiled and even a chain of command must be specified to recover from any type of disaster scenario.
What is Business Risk Analysis
According to website casinos-online.co.ke, business planning involves gather information from observation, reading, and testing a firm’s core functions to identify risks to operations and business transactions. Risk analysis can reveal a firm’s project completion problems, security problems, and market-use problems.
Assessing a Firm’s Core Business Functions
Security and control risks are identified through observation and testing. Risk areas include internal operations, customer service, legal, and financials. In today’s high tech business environments, special attention is placed on assessing automated and technology systems.
“You do risk analysis for only one reason: Would you manage the product differently if any of your risks happen?”
says Johanna Rothman, a technology product development consultant at Rothman Consulting Group, Inc.
Business intelligence used by risk analysts come from workers, managers, customers, and vendors. It is also derived from a firm’s operational, environmental, and market functions. A qualitative use of business intelligence may reveal actual firm threats and vulnerabilities that require business disaster recovery planning.
Quantitative business analysis can translate business intelligence into a numerical determination of the probability of a future firm risk occurrence. This may be as precise as predicting a 13.5% likelihood of a particular outcome under existing operating factors. Quantitative business analysis is frequently used in the financial business markets.
Business Risk Management: Recovery Planning After Risk Analysis
A good business analyst’s report will include business continuity planning. This is the section of the business assessment report where recommendations are made. It may suggest that the firm develop and implement certain written policies and procedures or secure a particular type of business insurance coverage in light of revealed operational risk. The business continuity plan will also include a cost-benefit analysis comparison of quantitative risk factors against the costs of the business either: 1) doing nothing, 2) retraining or retooling the firm, or 3) insuring against the risk.
Business policies and procedures can correct operational vulnerabilities and ensure that a firm is in operational compliance with the law. Creating a sound employment policy and procedure, that is regularly updated to comply with applicable regulations, can save a firm on needless litigation or reliance on payouts from employment practices liability insurance.
Additionally, business continuity planning may include obtaining additional insurance. Some types of insurances are mandatory for firms based on the applicable international, national, or state law; or whether the firm is operating in a highly regulated industry. The types of business insurances are extensive.
Business risk analysis can be devised internally or contracted out to a business consultant. Greater market exposure, both domestically and internationally, translates into a need to manage business security risks. This makes business risk assessments essential to any size firm.