Business for Tomorrow Conference: How to actively manage business disruptions when you don’t have time
Brian Henry (The Caridon Group)
Management theory and practice over the past three decades has undergone many evolutionary phases, driven by socio-political and technological forces that could never have been foreseen by entire industries. For example, the facsimile machine and the Personal Computer only became reality in about 1980. Communication through email appeared in the early 1990s and the Web is barely 25-years old. Nowadays, if our instant global communication channels go offline for 20-minutes we feel helpless.
Management practice has also been profoundly affected by issues involving corporate social responsibility, sustainability such as the Equator Principles, and a rapidly changing marketplace driven by global forces and trends, not to mention an explosion of populations and instant migration of people and cultures.
Our approach to managing businesses at the end of the last century just wouldn’t work today, because the new risks and challenges we face would never be addressed. We have virtualised our world to the point where we never need to see or own the technology that drives our companies.
Similarly, those who would wish to attack our organisations for whatever reason can do so anonymously and unseen. Gone are the days when ‘business continuity’ meant being safe because you had an alternate site with computers and technology to house your workforce and IT systems ‘in case the building burns down’. Events that can cause enterprises to cease to function need not be physical at all, so ‘continuity of your business’ has taken on a much broader meaning.
The virtual threats to organisations are real and potentially devastating, which means that vigilance and preparedness is needed to ensure effective responses to an event. Shareholders expect businesses to activate business critical responses within minutes, sometimes even seconds of an incident. The problem, however, is that managers are overwhelmed with day-to-day operational tasks in keeping the business running smoothly and have little time to guard the gates.
What is needed is a heightened awareness of the world we now live in so that the organisation is consistently sensitised to the risks and threats that exist and strategies are set which take these risks into account. In Business Continuity terms, this means regularly revising the risk registers, risk assessments and business impact analyses, and adjusting business continuity strategies and plans to align with the ever changing status quo.
ISO 22301 has extended the domain of Business Continuity Management (BCM) to incorporate these ideas. It includes elements such as incident management, corporate communications, SHEQ, interested parties and sustainability, and most importantly, resilience. It is a framework that aligns these disciplines into a holistic management approach to drive continuous improvement, not only of the ability to recover from a disruption, but also in reducing the probability of a disruption.
Business Continuity, according to this standard, would become an active management process in the everyday operations of the enterprise, and as such should lend itself to automation in some way. Automation of the various disciplines such as emergency response and the management of risk adds some value but none of these on their own are designed to manage or analyse the ever changing interdependencies of people, processes and technology.
To do that means defining a framework within which a change in any critical component or circumstance would automatically raise a change or alert that other components are affected. It would also need to feed a well-defined dashboard to display the completeness, relevance and effectiveness of the BCM System in supporting the strategic goals.
Clearly this is not what you would expect to get out of an Enterprise Resource Planning (ERP) system, so some creative thinking needs to be applied if our BCM systems are to stay effective as the needs evolve. Perhaps this is the challenge that a new generation of management experts and systems developers are looking for?
Attend the Business for Tomorrow Conference to continue the conversation with the author, Brian Henry, as Chairman of the Business Continuity Institute (SADC Chapter) on the State of Business Continuity in South Africa. The conference is most relevant to CIOs, Compliance Professionals, and Managers in BCM, Risk, Operations, Quality, and IT.
- Date: 21 May 2015
- Place: Microsoft SA (Johannesburg)
- Cost: R350 p.p.