Business disruptions can impact organisations of any size in any location. Because of the relatively stable environment in Malaysia, companies have not felt pushed into preparing for crisis or contingencies. However, we are witnessing increasing incidents globally, from pandemic flus, accidents, fire, sabotage, natural disasters and cybersecurity attacks. In order to protect your company from profit losses, reputation damage and customer loss, a company must create a Business Continuity Plan (“BCP”) to maintain business functions or quickly resume operations in an event of a major disruption. The BCP shall include the organisations’ possible threats, the emergency management procedure and strategies to enact.
The diagram below shows five key steps to develop a business continuity plan.
Risk Assessment
Firstly, identify all the internal and external threats to your business that could cease regular business. A risk assessment and business impact analysis shall be conducted to determine the types and scenario of crisis that could cause disruptions to your business operations. Threats identified may include a global pandemic, natural or man-made disasters, intentional sabotage and cybersecurity attacks. Understanding the financial impact of downtime and how much time you need to recover due to a catastrophe should not be overlooked.
Evaluation of Threats
You may not be able to predict every type of incident that could threaten your business, but you can develop a plan that covers a range of incidents. Once your top threats are identified, evaluation should be conducted in relation to each, with various views from Division Heads to Technology experts amongst others being considered. For example, a disease outbreak can cause significant issues for companies, namely by requiring employees to work remotely. It is critical to establish a strategy that enables employees to continue to function in safety. Work from home, opens you up to cyber vulnerabilities and other technical challenges. You will want to verify that you have the tools, technology, capacity, and security measures in place to support a large remote workforce in the event of a need for quarantine.
Develop Strategy and Procedures
The safety, health and wellbeing of your employees is your first and foremost concern, but after the dust has settled, the goal of the BCP is to get you back in business as soon as possible. The BCP will typically be prepared in two folds being the Incident response plan and the Recovery plan. The Incident response plan contains the information you will need to respond immediately before and after an incident or crisis, this may include an immediate response checklist, emergency response team, evacuation plans, communication protocols and contact lists. Secondly, the Recovery plan outlines the cost-effective strategies you will need to take to resume or get your business running again after an incident or crisis.
It is the strategy and the step-by-step procedures that need to be taken for an effective response that safeguards the interests of the company, and stakeholders. While the final product varies for each company, the BCP should be sufficiently flexible and reflect the company’s size, complexity, and business activities.
Communicate and Integrate
Designated people such as a dedicated BCP team should be put in charge of the plan. At the same time, knowledge about roles, responsibilities and emergency responses need to be communicated to staff and integrated into your company’s policies and culture so that everyone knows what it contains, how to use it and where it can be accessed in cases of emergency.
Test, Train & Maintain
Running test exercises can minimise the impact of disruptions. Whether it is after a training exercise or a real event you have experienced, it is pertinent that you update your plans and procedures to make sure you address any weaknesses in the plan and to ensure that details remain current. The maintenance of the BCP is as important as implementation whereby plans are to be amended on a real time basis as Management pivots to address situations that arise.
Summary
All businesses, regardless of size and sector should have business continuity management embedded in their organisation, this is especially true for essential services and sectors that meet legal requirements. While in other industries it is deemed to be best practice, a BCP can help protect a company in the event of an outbreak by creating a sound framework for responding to crisis and preserve peace of mind for business owners and employees. At Baker Tilly, we believe successful recovery from a crisis event depends on your people – not on your organization’s size, infrastructure, equipment, or technologies. A structured Business Continuity Planning approach offers integrated solutions to develop a BCP program suitable to your organization’s need. Baker Tilly can help your organisation with developing a Business Continuity Policy, BCP Plan, Training, Awareness & Testing Plan and Maintenance & Review of the BCP.
This article was first published here.
Photo by Alvaro Reyes on Unsplash.