The key role of a Board and senior management team (SMT) in an organization is to ensure improvement 0f shareholders wealth by communally guiding its affairs. Of paramount importance is meeting the interests of its stakeholders which include business continuity considerations among others. Anticipating business continuity strategies capable of restoring a business to its feet after a disruption remains a top priority.
Philippe Kruchten once said that “If it is not written down, it does not exist.” As such, the Board and SMT have to make sure that business continuity management is documented and made aware to internal and external stakeholders. Such plans provide the organization with coordinated ability to effectively respond to threats that would undermine provision of services to customers. Threats include natural adversities, data and network infrastructural breaches among others. Business continuity management includes disaster recovery, business recovery, crisis management, incident management, emergency management and contingency planning.
A Chief Executive officer on behalf of the Board of directors should ensure that the organization possess a robust set of internal capabilities to give assurance that hazards that would bring interruption are identified comprehensively, risks are evaluated periodically and control measures are in sync with such evaluations. Competences around operational threats involving people, information systems and natural calamities should be upgraded continually to position the organization on an upward trajectory in mastering the art and the science of BCM. Business impact analysis for each vulnerability should be undertaken as frequent as the operating environment changes.
It has become a new norm to have most of the services hosted externally by service providers like Amazon, Microsoft Azure and Google. The above presents a chance to make huge savings on Capital expenditure and flexible exit clauses but Just as there are two sides to a coin there is a second side to this practice. In the event a cloud service provider experiences a major interruption; it could lead to a single point of failure that brings down access to critical services. If resources allow, procure both a primary and a secondary cloud platform especially for critical services.
Segregation of duties (SOD) in Business Continuity
SOD is a building block of sustainable risk management and internal controls meant to create a maker and a checker for business transactions and activities. It is advisable that the team that designs a BCM framework is not the one that tests the effectiveness of the same; rather create an independent vehicle internally or externally to provide the assurance to the Board. Although some of us might be ignorant on matters of technology, it’s prudent to have a basic understanding on key questions to ask as proof that an organization’s level of preparedness is above board. Walk an extra mile to challenge BCM reports.
Other key areas of focus in BCM are potential disruptions presented by politics, inadequate succession planning and terrorism just to mention but a few.
Remember, “Without continuity, businesses would become like flies in summer”
|– The writer is a professional in Leadership and risk management strategies at A&J Global and Gemini Advantage group South Africa.