Practice Areas
Business Continuity
Failing to plan is planning to fail
An organisation's planning and risk management aims to assure business continuity that will overcome overcome business interruptions that result from the impact of crises on people, property, information, or the environment. Given the enormous impact of such crises, the development of early warning systems is essential. Such indicators allow the organisation to anticipate potential crises, enabling the senior management to act to preclude the development of a crisis.
In the event that the organisation fails to avert a crisis, effective planning can minimise legal liabilities, reduce the loss of public confidence or diminish a fall in market share. A well-defined Business Continuity plan may expedite the recovery of critical business operations.
In an organisation in which critical business functions can simply be performed from alternative sites for acceptable periods of time, the Crisis Team may simply develop and implement Business Continuity crisis strategy appropriate to the situation.
If critical functions cannot be performed from other locations, it may be necessary for the organisation to document its key processes in a Business Continuity plan by conducting a Business Impact Analysis (BIA). Key processes are those which must be replicated in some manner in case they are physically lost or cease to function. This loss of process or process functionality may occur as the result of the absence of key personnel, or the loss of crucial corporate experience or assets.
Managers who are responsible for documenting key processes must be wary of any organisational fixation with detail that may lead to obsolescent or cumbersome plans. In documenting these vital Business Continuity processes, managers should:
- determine the key business functions or processes, remembering that:
BC = IT + ET (everything else)
- list all reasonably anticipated crisis scenarios, single points of failure, and prioritise the essential functions or processes
- assess the quality of the organization's preventative measures
- assess the organisation's critical support systems and their resource requirements
- assess organizational Recovery Time Objectives (RTO) and the survival or interim resources required
Crisis Avoidance Approach
Our approach is to assess the contribution of the main activities in a business to shareholder value. By estimating how those contributions might be diminished if the activities were interrupted, the Recovery Time Objectives are determined and strategies devised that allow each activity to recover and continue in the sequence of descending urgency. Strategies are also devised that mitigate risks.
- Focus on end-to-end activities and processes of the business to ensure completeness
- Business management agreement to the priorities for recovering business activities and processes
- Clear rationale to the Business Continuity Plan that can be endorsed by the Board
- Clear and concise lists of:
- tasks to be executed in an emergency
- responsibilities of staff in undertaking those tasks
- preparations to make in readiness for an emergency
- Rapid development of the Plan
Key benefits of our approach
- We take a holistic approach to Crisis Leadership = Business Continuity + Crisis/Emergency Management. Business Continuity is an enabler for Crisis Leadership.
Business Continuity is planning for the inevitable.
Crisis Leadership is preparing for the unthinkable.
- We ensure safety and security are contributors to profit.
- We focus on interim operations and immediate resumption rather than long tern restoration and recovery.
- ET and not just IT; we include alternate sites and step up arrangements in addition to hot sites for data.
- We address second- and third-party dependencies.
- Thin readable plans and not thick documents.
- Planning and testing.
- Download our approach to Risk Management.
- Download a synopsis of our approach to Business Continuity Planning.
- Download the Truscott Risk Model.
Business Continuity and Risk Management competencies
| Knowledge | Skill | Attitudes |
|---|---|---|
| Understand hazards and outrage in the applicable sector or across sectors. | Apply qualitative and quantitative risk assessment processes. | Take advice. |
| Understand insurance options. | Apply appropriate regulatory standards (eg. AS/NZ4360). | Display an open mind. |
| Understand core processes, critical functions and single points of failure. | Integrate processes into organisational culture. | Be able to use society’s value judgements to determine. |
| Apply the Business Impact Analyses. | Accept that outages could happen. |