By Gunjan Sinha, executive chairman of MetricStream.
Today’s interconnected world presents many opportunities for businesses but also unprecedented levels of risk. Enterprises of every size must prepare themselves to be able to react, respond and keep going in the event of something going wrong. While threats come in many guises, effective continuity and contingency planning can be the difference between business survival and failure at times of crisis.
When the lights go out
A whole range of things can go wrong and when they do, they threaten the normal running of a business. Risks include environmental factors such as floods, extreme weather and power failures. These may directly impact business premises and threaten production or affect links in the supply chain, which can ultimately have the same end result. Operational risks include industrial action and systems or process failures while cyber risks such as data breaches and cybersecurity failures can bring businesses to a standstill.
Enterprises must prepare to deal with whichever situation they may find themselves in. While the type of incident may vary, they all require action: employees, customers, suppliers and other stakeholders must be told what’s going on and kept informed, production may have to be rerouted; alternative processes activated, for example manual ways of working in the event of a computing failure.
It would be a mistake to think that business continuity management is only something that larger enterprises have to deal with. Small companies are just as much at risk. Potentially even more so, as their resources for dealing with a crisis are likely to be more limited.
The complete risk picture
As business systems and processes become more interconnected, it becomes even more apparent how important it is that all enterprises have sound continuity planning. A business relying on information from a supplier’s system will also feel an impact if that supplier has an outage. Companies are now more inclined to audit existing and potential suppliers and require of them that they meet certain criteria and standards. In this way, inadequate business continuity management can result in missing out on new contracts.
When an incident occurs, enterprises that haven’t planned are likely to suffer the most. If operations stall, a direct impact is felt in revenue and profit; for some the impact can be so huge they are unable to recover from it. Even if the initial storm can be weathered, there can be a longer-lasting impact through loss of reputation with customers and other stakeholders.
For these reasons, and more, business continuity management needs senior managers’ attention in the same way that sales, marketing and other activities do. It is too late to think about these things when a regulatory issue has been encountered or a data breach has occurred.
Protecting the business
The business continuity plan should be clear, comprehensive and far-reaching if it is to serve the purpose of helping protect the company and its assets. It should cover all risk areas and frame all possible scenarios. When pulling the plan together, all assumptions for each potential risk should be tested and a range of questions answered, such as:
- Where will the impact be felt?
- What is the impact likely to be?
- What contingency measures do we need?
- Who will manage each aspect of the situation?
- Who needs to be informed, how and by whom?
In much the same way that companies now rely on software in areas such as enterprise resource planning (ERP) and customer relationship management (CRM), so technology also provides tools for managing risk, helping enterprises consider the scope of continuity planning and key metrics around recovery times, and to establish an emergency notification system.
Once the plan is in place, it should be maintained and updated. What’s more, drills and exercises that test it should form part of ongoing risk management.
Robust business continuity planning has to be an essential part of risk management for enterprises of all sizes. Effective planning can help businesses minimise downtime and protect assets in the event of a crisis. This in turn helps businesses maintain performance levels and protect their all-important reputations with employees, customers and other stakeholders.
ABOUT THE AUTHOR
Gunjan Sinha is a quintessential entrepreneur and executive chairman of MetricStream– a leading global governance, risk, and compliance software company, headquartered in California, which he founded almost two decades ago. Previously, Gunjan founded WhoWhere an internet search engine, sold to Lycos in 1998. Later, he co-founded eGain – a Nasdaq listed public company. Gunjan has been an active investor, board member, and advisor to a number of Silicon Valley startups, non – profits, and venture fund companies for the last 16 years.