Comments
Organisations today face myriad risks — real and perceived: terrorism and war, data privacy and IT security breaches, natural and manmade disasters, market instability and currency crises, hazardous waste and industrial accidents, power and fuel shortages, and on and on.
With technology driving expansion, any disaster has a profound impact on organisations. While earlier the impact was limited to a specific territory, today it is felt widely as news spreads fast, and stock markets across the globe work in close tandem with one another. Some key characteristics of this change are:
Global economic recession has left organisations more vulnerable to shocks;
Global flashpoints now threaten organisations wherever they have operations;
Complex regulations demand that businesses deliver ever-higher service levels;
Physical disasters, both natural and technological, can now cost business crores of rupees;
Businesses can no longer afford spiralling costs of IT downtime due to demand for 24x7 service.
Most organisations have no accurate data to assess the direct and indirect losses accruing from a disaster. Direct losses are quantifiable (as rupee cost of damage to tangible assets). But indirect losses are not easily measured as they are often in the form of lost revenue or productivity, damage to brand value or decrease in customer loyalty, which are not easy to calculate in rupee terms. Table 1 shows the relationship between the frequency of disasters and losses.
The reported number of natural disasters worldwide has been rapidly increasing, from fewer than 100 in 1975 to more than 600 in 2011.
Organisations now realise that strengthening their ability to continue business in the face of disruption is crucial to survival. There is a clear relationship between a company’s preparedness for catastrophic incidents, and the retention of shareholders’ value in the wake of a significant disruption. Companies whose management can exhibit nimbleness, flexibility, sensitivity, honesty, transparency and communication ability in a crisis may actually see their share value climb. The continuity programme should factor in the possibility of crises affecting not just one’s own organisation; business survival can also be jeopardised by a crisis that affects an important supplier, customer, vendor, utility, or community.
Organisations that are most effective in managing continuity risks to both existing assets and future growth will, in the long run, outperform the rest. Companies that have not been able to manage significant crises may have been forced out of business or bought up by competitors.
This has to be the gravest business continuity risk — not continuing at all!
Organisations face the prospect of, among others, loss of key personnel, facilities, IT system downtime, disruption of supply chain. To minimise the impact of a physical disaster, whether natural or man-made, business leadership, human resources, facilities management, and information technology must work closely during the recovery process. This implies that:
The organisational continuity programme cannot be the responsibility of the IT department alone; and
critical business processes must be identified beforehand through a business impact analysis.
Deloitte’s Risk Intelligent Business Continuity Management programme is characterised by:
Proactive rather than reactive approach towards recovery;
Business -focused rather than technology-focused;
Process -based rather than asset-based;
Continuous instead of one-time project;
Board -level ownership.
The aim is to develop a predictive model that can recognise and successfully respond to a threat before it can turn into a crisis. The next step is to integrate continuity with Enterprise Risk Management. This places business disruption risks in the context of other organisational risks — enabling the organisation to manage and allocate investment efficiently.
With effective business continuity management, an organisation can offer customers a higher degree of surety about its level of service. In 2008, Vodafone UK achieved BS25999 certification (the British Standard Institute’s certificate for business continuity management). The company used it to offer a formal assurance to customers about its continuity capability, gaining significant competitive advantage over other operators (source: Forrester Research).
An effective response to a disaster has been shown to have a net positive impact on shareholder value.
Result: the company becomes a leading-edge, resilient organisation prepared for, and ready to counter any eventuality by incorporating a robust crisis detection and prioritisation, and resource mobilisation technique.
Sundeep Nehra is Senior Director and Rahaju Pal is Director, Deloitte Touche Tohmatsu India Pvt Ltd.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.