KnowledgeLeader Blog

How to Mitigate Risks Using Effective Business Continuity Planning

Posted by Protiviti KnowledgeLeader on Mon, Dec 03, 2012 @ 10:30 AM
""

Thorough business continuity plans help organizations minimize the risks of a disaster and restore vital business functions without significant detrimental effects. This blog post examines the fundamentals of business continuity management (BCM) planning and highlights critical lessons learned from various recent disasters, providing actionable steps you can take to create a customized plan.

An Unpredictable World

Disasters are unknowable, unpredictable and unrelenting. Their impact on businesses can be significant. Consider the consequences of two recent disasters – one natural and the other man-made:

  • On March 11, 2011, an 8.9 magnitude earthquake hit Japan, triggering a tsunami that killed more than 20,000 people and caused the failure of the Fukushima Daiichi nuclear power plant. Repercussions cascaded around the world as Japanese production lines were halted or slowed, disrupting the vital global supply chain, especially in the automotive industry. The disaster created overall economic losses of $125 billion and indirect economic losses such as reduced employment, production and logistics interruptions estimated at $375 billion.
  • On August 7, 2011, Amazon’s only European cloud services data center was brought down due to a lightning storm. However, the company’s disaster recovery solution did not incorporate a fail-safe plan to minimize disruptions and loss of service costs. The outage was further extended due in part to the lack of prior testing, which might have shown the error in the data recovery software. Meanwhile, Microsoft, which hosts services from the same data center, did not experience a service outage because it utilizes a fail-safe backup site.

These disasters pose a constant threat to businesses. Getting through any length of a business life cycle without incurring some type of calamity is unlikely. While television and the internet have made us more aware of natural and man-made disasters, they are literally happening more frequently.

Many scientists believe that global climate change is increasing the number and severity of natural disasters, such as hurricanes and tornadoes. Terrorist strikes and criminal hackers attacking power grids, the internet and communications systems, and transportation infrastructures have become an ongoing peril to global businesses. Today’s IT infrastructures have become so complex and interconnected that lock-tight guarantees against human error crippling a company can no longer be assumed.

Disasters can’t be prevented, but business continuity management planning can mitigate the risks and help organizations recover quickly to survive. Companies can set up a sufficiently detailed BCM plan that defines how their business will resume operations. A good BCM plan must account for the recovery of the information technology (IT) infrastructure and renewed access to applications that employees, customers and suppliers use. It should also address the continuance of executive decision making, safe havens for people to work, internal and external communications, and the resumption of operations in every business function.

Following the most devastating disasters, such as the terrorist attacks of September 11, 2001, Hurricane Katrina and the earthquake in Japan, many companies that did not have a BCM plan could not recover fast enough to survive as customers shifted to other businesses. Other disasters have been relatively localized, impacting businesses only in a small geographic area. History has shown that the local marketplace often forgives companies whose operations are temporarily shut down in such cases; but in today’s world of globalized competition, few businesses remain strictly local. If a business is the only one affected by a disaster while its competitors are not, the marketplace will move to companies open for business.

A business continuity plan is an effective asset whose value, like an insurance policy, may not be appreciated until disaster strikes. But with a solid plan in place, companies do not need to look back with 20/20 hindsight and wish they had one.

Learn more about business continuity management by exploring these related tools on KnowledgeLeader:

Business Continuity Planning Guide
Business Continuity Planning Audit Work Program: Sample 3
Disaster Recovery Audit Work Program

Topics: Risk Assessment, Governance, Risk & Compliance, Strategic Risk, Business Continuity Management, Self-Assessment, Performance Management/Measurement

Add a Comment:

Subscribe to Our Blog

About KnowledgeLeader

KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.

With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

For more information:

 Tour the Site

Recent Posts

Posts by Topic

see all