One of the key factors integral to the continued and effective operation of an organisation is a carefully planned and developed Business Continuity Management Planning framework.
Throughout this last 12 months organisations have continued to operate due to the planning they had completed prior to the COVID-19 pandemic challenges, enabling them to pivot and adapt to support the continued delivery of products and services to customers.
Now, as we face further disruption, it is timely to focus on ensuring your business invests the time and effort to review your continuity plans and make any necessary adjustments to build your resilience. The process needs to combine individual and industry learnings and should address issues such as insurance, lease arrangements, supply chains and their resilience, workforce requirements and business systems.
This article focuses on Business Continuity Management, which is a key element of any Risk Management Framework – the purpose of which is to manage actual or predicted disruptions.
A Risk Management Framework is a critical function for successful operations and helps businesses:
- Identify their risks
- Determine risk appetite
- Develop and strengthen risk controls
- Monitor and measure level of risk
Risk Management is an overlay that organisations adopt to enable them to operate effectively and Business Continuity is a key element of any Risk Management Framework.
A Business Continuity Management System is a tangible demonstration by an organisation to its customers, employees, stakeholders, and suppliers of how resilient their business will be with the supply of products and services during a disruption.
The purpose of an organisation undertaking Business Continuity Planning is to deal with any potential business disruption, including natural and manmade disasters, which do not discern who they impact or when. It is significant to note the frequency of these events, from the evidence available, has substantially increased. Therefore, it makes perfect sense for organisations to spend time in examining the critical functions performed in their business and adopting controls to manage the impacts from any disruptive events.
Organisations are also encouraged to examine their business systems such as information technology, supply chains and third-party providers, to fully understand their vulnerabilities and the mitigation controls that can be adopted to strengthen these systems.
Further, many organisations have clear expectations from investors, stakeholders, regulators, shareholders and the community to prevent or manage these foreseeable events. So, by investing in Business Continuity Management to deal with disruptive events an organisation can minimise impacts to customers, operations, finances, legal & regulatory obligations, brand reputation and materiality.
A Business Continuity Management Framework is the mechanism that facilitates the development of a Business Continuity Plan. The key components of the framework aim to govern, assess, create, train, exercise, maintain and continuously improve the Business Continuity Plan.
Governance is about leadership, structure, accountability, roles and responsibilities, performance standards, communication and integration within and outside of an organisation in considering the importance and needs of suppliers and major customers.
Assessment concerns understanding the critical components of the business that are fundamental to its operation and the controls that can be adopted to manage disruptions.
Creation, or the formalising of arrangements, is another important step and should be conducted across all business units to capture all the interdependencies within an organisation. This approach addresses any siloed culture issues that will prove detrimental to an organisation during a crisis period. There are many examples of plans that have failed due to internal disconnection and siloed approaches. The best results are produced when plans are fully integrated and a ‘whole of organisation’ approach is nurtured and rewarded.
The training, exercising and maintenance aspects of the framework are somewhat self-explanatory but take note: Developing the plans is not the end of the story. Exercising and regularly reviewing to continuously improve plans, particularly after an event, is also critical (and highly recommended). It simply makes sense to include training, exercising and scenario planning in your corporate training calendar to continually drive success and to overcome any complacency.
A regular ‘review cycle’ allows an organisation to align its changing business strategy with its Business Continuity Plan. During this Covid-19 period organisations that were agile and had given consideration to business continuity were innovative in their operational responses to disruptions.
The Business Continuity Plan should be tailored to the needs of the business and the plan should be scalable and flexible, recognising there will be differences in the impacts and consequences associated with the various types of events an organisation may experience.
There is strong evidence that points to the benefits organisations derive from Business Continuity Management and Planning. The thinking, planning, documenting, exercising and reviewing enable an organisation to absorb and bounce forward more effectively from the shocks and stresses of any disruptions.
Nuffield Group has built a highly capable team to deliver sustainable Crisis and Emergency Management solutions to organisations. Find out more here.
Can we help you?
Call 1300 308 257 or +61 404 852 062
Or email us direct at nuffield@nuffieldgroup.com
Go Hard, Go Early – An Independent Project Strategy
“Go hard, go early” is probably one of the most coined COVID catchphrases this year. You wouldn’t think ‘hard’ or ‘early’ could be interpreted differently but in the modern-day political spin cycle, it seems they can! So, for the purposes of applying this mantra to project management we’re going to need a pair of unequivocal definitions. Here’s mine:
“Go Hard”, in terms of project management means execute the project within a strict (hard) framework of ‘independent technical governance’. Such a framework provides the kind of rigid checks and balances required at critical milestones to ensure projects continue to run on time and in budget. It’s a framework that will protect an investors’ interests and an operator’s reputation.
“Go early” is just that. Nip any variances or issues in the bud before they become expensive to rectify. Small, regular corrections or adaptations before & during project executions can make a huge difference. A few million spent early can save tens of millions later.
Don’t take my word for it.
Data collected by the Independent Project Analysis group from thousands of major projects around the world shows:
So, if you apply the “go hard, go early” concept to a project the potential savings are immense.
But it’s not just about ‘policing’ a project. Early identification of potential weaknesses or potential improvements can provide a project team time to redesign procedures, models or processes to get a better outcomes. This positively impacts the success of a project and the projected revenue stream from it.
Of course, big projects have project teams, so it would be fair to assume they would be across this approach. The data says otherwise. Just look at the typical cost overruns above. So, that’s why you should “go hard” with an independent technical governance program. Because it’s not always what you know, it’s often what you don’t that trips you up!
Becht with Nuffield Group has the expertise and a proven ‘cradle to the grave’ governance program that identifies risk, provides solutions, and helps prevent expensive delays to capital projects.
Download Brochure Here or call us on 1300 308 257 for more information.
Fires & Floods. It’s Time to Spring into Action
It seems that everywhere I look lately there are real examples of significant and unexpected change to the relative normality of life. This is no more evident than in the Covid 19 pandemic that has swept across the world over the past twenty months and impacted so many in ways that were unforeseen only two years ago. And yet, some things, like fires & floods are seasonal and predictible, which is why it’s time to spring into action.
During the most recent lockdown experienced here in Victoria, we have been privileged to watch the Paralympics. Each athletes individual sporting performance and achievements are very impressive but for so many, their backstory reminds me of just how quickly circumstances can change.
It is often said that the only constant in life is change and where this change is positive, it is embraced but unwelcome change is not embraced and rarely considered. We don’t like to think about the unthinkable and we rarely plan in advance in detail to overcome it when it occurs.
As we move into Spring, we will experience welcome changes in the weather. Warmer temperatures and blue skies will be more conducive to the outdoor lifestyle, exercising and preparing our properties for Summer. We welcome this change. But with Spring and then Summer comes erratic wind, extensive periods of heavy rain and scorching heat. The Bureau of Meteorology is predicting above-average rainfall for Spring. These scenarios impact families and businesses by diverting attention away from day-to-day activities to unexpected activities such as cleaning up, repairing flood, storm or fire damage and implementing workarounds to maintain production and distribution.
Preparation for unexpected weather-driven events like fires & floods, is a risk to be managed utilising your risk management process.
Firstly, identify the risks. What are the possible weather-driven risks that could impact on you and how might that impact be realised? For example, are there tall trees that could fall during a strong wind event resulting in damage to buildings or an employee’s car in the carpark?
Secondly, analyse the risk. What is the likelihood of the identified risks occurring and what are the possible consequences? The risk can be assessed using your risk assessment matrix giving due consideration to such things as lost-time injuries, structural damage to buildings, power outages and denied access.
Thirdly, attend to the assessed risks in order to reduce the risk and avoid unexpected events. In the context of weather-driven events, this may include pruning trees, clearing drainage systems of silt and rubbish, securing loose objects, ensuring suitable access for emergency services and having the conversation with family members or employees at Health and Safety forums about looking after their safety and the safety of others in the event of an unexpected weather event.
The final step in the process is to review the risk to ensure that the actions taken have reduced the risk to a level that is acceptable, any maintenance required to provide ongoing management of the risk is included in maintenance plans and any residual risk which has the potential to interrupt business flow such as energy outages is addressed in your Business Continuity Plans.
It is not a matter of IF but a matter of WHEN the next unexpected weather event will occur. Vigilance to the extreme weather warnings issued by the Bureau of Meteorology will compliment thoughtful planning and make it possible to endure these events with minimal impact.
Nuffield has spent decades developing expertise in the risk management space and provides a range of services to help organisatons become resilient.
If you’re interested in finding out more about the risk management services our Integrated Emergency Management & Recovery team provide, then Contact us via the form on this website; email us direct at nuffield@nuffieldgroup.com or call 1300 308 257 or +61 404 852 062
Risk Management Is Just Part Of Everyday Life
Risk Management is often over complicated. It is, in fact, a simple process that is part of everyday life. Risk Management is defined as ‘the forecasting and evaluation of risks, together with the identification of procedures to avoid or minimize their impact’. What this article demonstrates is the simplicity and effectiveness of using a Risk […]
For Best Results, Break Through Silo Mentality
Silos. Good for grain storage, bad for business! Silo mentality in an organisation is a well-documented issue that, at best, reduces operational efficiency and at worst produces a damaging corporate culture; For best results, break through silos!
“Information silos are created when management does not believe there to be enough benefit from sharing information.” But at Nuffield Group we work to make stronger, safer, and more resilient organisations and business communities. And to do that we are open to collaboration and collective learning to drive innovation and growth. Business divisions that operate independently of each other, and who avoid sharing information and resources are the antithesis of that.
Initially, it might appear productive to have departments working efficiently and independently. However, when they fail to communicate and work together business operations begin to suffer.
The challenge of breaking down silos doesn’t just apply to individual organisations – it can be extended to broader industries and communities too. Every organisation has valuable knowledge, tools, and resources that can be of great use to others but the tendency is to silo them, not share. Our approach is, instead, to leverage each other’s cognitive diversity and pool together our unique experiences and resources to solve common problems.
GNTX is our online collaborative platform for industry leaders to share their best practice solutions to common challenges. By breaking down silo mentality and nursing a mindset shift in business practice, we can work together to create best practice solutions to common challenges. By being willing to share non-competitive information and learn from each other, we can reach across different industries and business communities, to create shared value for all.
In this environment, businesses no longer keep their best practice solutions to themselves but share them, breaking down the silos and opening doors to further collaboration.
This way, we all benefit from safer, more resilient industries and communities.
If you’re interested in finding out more about joining our Give ‘n’ Take platform (GNTX) and leveraging resources from other businesses and industries then Contact us via the form on this website; email us direct at nuffield@nuffieldgroup.com or Call 1300 308 257 or +61 404 852 062
Don’t let an incident develop into a crisis – be prepared
Unfortunately, most of us in our personal and professional lives have to deal with incidents and emergencies at some point or other. Some of these situations become crises and a crisis can then turn into a disaster and have dreadful outcomes. The impacts can be massive, not only for an individual but also for an organisation’s reputation and company profitability. So, don’t let an incident develop into a crisis!
There are countless case studies of how organisations failed to act allowing incidents and emergencies to evolve into disasters with very sad outcomes. We all have longstanding memories of events at a local, state, national or international level, particularly where things escalated out of control and became disasters because there was a lack of leadership or, even worse, a denial or inability to act.
Regrettably, there is somewhat of a paucity of material in academia on these four interrelated terms to inform and educate the need for preparation and conditioning to actively manage incidents and emergencies before they become crises or disasters. So, here are some ideas to help you prepare and get ready, particularly as an organisation, to take action because, I am sorry to say, incidents are just part of everyday life, whether at work or in our private lives. Some days we seem to encounter them with repetitiveness, whether that’s in our travel to work, at work or when socialising. An incident is an event that is unpleasant or unusual and an incident can all too easily evolve into an emergency, become a crises and end up as a disaster for a business or organisation.
That’s why planning for an emergency is key to the survival of a business. Planning needs to identify risk and instigate appropriate action to manage the risk. As we have seen, repeatedly, it is a difficult proposition to totally remove all risk from an operation. If it was possible communities would not need insurance, emergency management plans, installed passive and active fire protection and security systems, audit and compliance arrangements and business continuity plans.
So, given it is a reasonable assumption that your organisation will experience an incident or emergency, the trick is to prevent it from escalating to a disaster. It is essential that there is a plan with clear roles and responsibilities laid out to manage the emergency. Communication of the plan is also of critical importance along with training and exercising and scenario planning. An organisation’s senior leadership must be committed to having a plan and actively managing any emergency.
Incidents, emergencies, crises and disasters seem to be closely linked and tend to follow on from each other unless there are processes in place to control them. Incidents are the trigger, the emergency is the immediate aftermath, the crises is the result of an emergency overwhelming a business and triggering reactions normally outside of normal day-to-day working processes and a disaster is the culmination of all these elements when all of the controls put in place begin to fail.
It has become fundamental to all businesses, no matter the size, to have a plan in place to ensure they have, at the very least, a basic knowledge of procedures to aid them during an emergency; laying out the plans for generic incidents such as flood, fire, adverse weather, computer failures, breakdowns and other incidents that may befall a business.
Whilst the emergency plan may point out the procedures for dealing with the incident as it happens or in the immediate aftermath there also needs to be a crisis plan so that there is communication and collaboration across the organisation to attempt to control what is happening, make critical decisions and move into the next stage: business continuity management. That’s how you ensure a business can continue operating in the weeks, months or years following an incident.
If you need help assessing your risk, developing any of these plans, or training for potential incidents then Nuffield Group would be delighted to assist you to build your business resilience and be prepared for any potential shocks and stresses.
Contact us via the form on this website; email us direct at nuffield@nuffieldgroup.com or Call 1300 308 257 or +61 404 852 062
Governance & Workplace Safety – Are We There Yet?
Good governance and workplace safety should be inseparable concepts. And yet, this week alone we have been reminded not once, but twice, that when things go wrong the consequences can not only be fatal but financial and potentially criminal. And that reaches from the bottom to the very top of an organisation.
In Germany an explosion at a chemical waste incineration plant in Leverkusen has claimed at least one life (probably more) and caused serious injuries to others; In America, officials are seeking to impose fines on four companies following a liquid nitrogen leak last January that killed 6 workers at a Georgia poultry processing plant.
Events like these, often preventable, have serious repercussions for workers, managers and board directors, not to mention the potentially irreparable damage to business brands and community relations.
In Australia, the “obligations of directors when it comes to safety are well known”. The uniform safety legislation in most states and territories contains a useful framework for directors to follow when it comes to safety governance.” (1)
Included in this framework is the following:
There are other elements but I highlight these two because I wonder how any organisations truly monitor their operations with a real-time reporting mechanism that anyone from the work floor to the boardroom can see?
At Nuffield Group we utilise a tool called Nu-Safe to ensure we satisfy not only our legal Health, Safety, Sustainability & Environment obligations but also our own internal cultural commitments. With this tool we can monitor key elements, flag critical action dates and flag any under-performance before it becomes a problem, allowing us to “respond in a timely way” (as per the framework).
It’s a tool we believe has wider application and one we’re currently engaged with customers on extending across a number of different industries. We believe, by sharing this solution, we can further our vision of helping create safe and resilient businesses and communities.
Want to find out more?
Contact us via the form on this website; email us direct at nuffield@nuffieldgroup.com or Call 1300 308 257 or +61 404 852 062
References:
Working & Learning Is Changing – What Now?
There are a multitude of opportunities and challenges emerging for organisations from this COVID pandemic and many relate to the manner employees work and learn. There is no blueprint for what we are facing but business leaders around the world are certainly changing strategies to adapt.
Organisations have moved quickly to recognize the practicalities associated with keeping workers safe from COVID, including the reality that many roles in an organization can be effectively completed from home.
Many companies were thrust into the transition to remote working (and learning), completely unprepared and had to adapt quickly to the new reality – and adapt they did. One of the lasting repercussions of COVID-19 will be that, while there are some businesses that may always need face-to-face interaction, many roles in most white-collar industries will shift permanently away from the traditional “face-to-face is best” thinking. With so many businesses able to maintain service levels via remote digital options, the need to go back to office-based, face-to-face operations full-time, once the pandemic is over, is neither tenable, desirable nor necessarily the most effective.
The situation we find ourselves in is quite ironic; first, many businesses found themselves digitising their relationships with customers and now they’re digitising relationships with employees. A new paradigm is required to manage this uncertainty.
So, what are the challenges of this shift?
Well, for one there’s the potential loss of individual identity, of the health and wellbeing traditionally derived from the social, altruistic, and professional interactions that were commonplace in an office environment. Organisational structures and cultures that were built around colleagues, teams, and departments operating together, now need completely re-thinking.
Companies are at the crossroads: those that capitalize on the COVID-enforced opportunities will find themselves in a good position to retain their talent and attract people when the situation stabilizes. By contrast, those that fail to change will be left behind, exposing their employees to increased risks of financial stress from having to face layoffs and closures.
People are learning how to do work disparately and with far less oversight: they are learning “on the job” what works and what does not work at home and holding virtual meetings that might have happened before but never to such an extent. This period of adjustment has required us all to be supportive of one another. Control has, to some extent, had to give way to trust.
It’s not just how we work that has shifted. It’s how we learn too.
How do we, as employees and lifelong learners, train and acquire new skills without the group-based, facilitated training sessions or classes that have been the norm for decades? How do we, as leaders, support this learning and manage the performance of our remote teams? How do we get real-time engagement and feedback?
We are now in an era of ‘Learning by Doing’ and ‘Learning by Teaching’. Instead of experienced Group-based workshops facilitated by an in-house trainer, the new model is about digital online facilitation and virtual group-based experiences.
In the past, eLearning was limited to a few individuals who had the appropriate clearance and authorisation. This has changed quickly so now anyone can create digital learning experiences and anyone can experience them.
This openness to the diversity of digital solutions will see less top-down, one-size-fits-all learning and more consultation with employees (end-users) about what online learning and working platforms should be adopted; adult learning will increasingly be done on smartphones, tablets, and laptops.
There is little doubt we are living in a new “low-touch” economy. It is time to adapt and shift our mindsets, develop skills and rethink how we make decisions to stay agile, connected and human.
Nuffield Group has built a virtual workshop capability to deliver teaching and training workshop solutions for organisations. Find out more here.
Call 1300 308 257 or +61 404 852 062 for more or email us direct at nuffield@nuffieldgroup.com
Achieving Excellence Through Learning
Improving the performance of an individual, a team, and an organisation is critical to the success and resilience of any business. One way to achieve this is for leaders to focus on a range of simple measures that can easily be enacted and self-managed to build greater knowledge, expertise, and cohesiveness in an organisation; in short, achieving excellence through learning.
But where to start?
One of the key actions to building a development plan for a division or a department is to talk to the people involved first. Get to understand their needs and ideas on how to deliver better outcomes. It is important the investment you make yields a return for the individual and for the enterprise. So, you need to seek their buy-in.
People need to be able to relate to the topics and understand the benefits of any learning initiatives. Providing information without context is wasting resources (the information goes in one ear and out the other!). Using real-world examples, however, is a great means of providing context. Demonstrating to people how information is applied can give them a great framework for how they will use it themselves.
And, as we all know, practice makes perfect. Giving people opportunities to practice can help them confidently handle the variety of situations they may face on the job.
Great organisations are committed to learn constantly from everything they do. They use their experience and that of others to improve their performance. They are consistent in their approach and use both successes and failures as learning opportunities. Continuous learning is systemically built into a successful organisation’s DNA and infrastructure*.
How do you continuously improve?
One key mechanism to continuously improve performance is to debrief your successes and failures; spend time identifying what went right and what went wrong and what you would do differently in the future. And, importantly, conduct the debrief in a blame-free and safe environment so everyone is confident in sharing their experiences enabling you to get to the truth of the real lessons you need to learn.
Good organisations meet regularly as a whole entity rather than in departmental silos. To be effective people need to understand the whole system otherwise they only improve their part of the system. While these small improvements can be important, they do not optimise the success of the entire system. A ‘whole of business’ approach will generate a competitive advantage for your organisation.
By providing people with the opportunity to work in cross-functional teams you will get greater collegiality, innovation, and cohesiveness in your organisation. You’ll also win hearts and minds as people learn to grow their skills and develop their careers.
Nuffield Group’s IEMR team can assist your business in emergency management & recovery training. Call 1300 308 257 or +61 404 852 062 Or email us direct at nuffield@nuffieldgroup.com
*according to Deloitte’s Global Human Capital Trends 2016 report “Employees at all levels expect dynamic, self-directed, and continuous learning opportunities from their employers”
How To Frame A Business Continuity Plan
Nuffield Group has established an emergency and crisis management capability – an Integrated Emergency Management Response & Recovery (IEMR) team – tasked to address the ‘before, during, and after’ phases of an emergency scenario. Our team of highly credentialed experts uses a holistic approach to the services it provides across risk management, emergency management planning, training, exercising, and coaching.
We provide expertise and advisory services to support an organisation, individuals and teams tasked with executing emergency management plans. This includes not only compliance before but execution during any major emergency.
We have re-imagined traditional approaches to provide more contemporary thinking in the area of emergency and crisis management. There is ample evidence on the value of investing in thinking and planning management strategies for emergency scenarios; And if nothing else, COVID-19 has taught us the value of having a plan that is not only tested but which considers a range of hazards and scenarios in order to help prevent or manage business disruption.
When framing a Business Continuity Plan, the first building block is an accountability matrix that identifies who is responsible, who is accountable, who needs to be consulted and who needs to be informed. Many organisations refer to it as the RACI model (Responsible, Accountable, Consulted and Informed). Bottom line is – if people are unclear on their roles then successful management of an emergency or disruption will be difficult, resulting in a poor performance.
There are generally four tiers of ownership and oversight of a Business Continuity Plan:
These four groups can be supported by internal and external audit teams. It needs to be acknowledged that this is the ideal model and many businesses may have flatter structures. However, the principle of having particular people accountable for particular responsibilities is a foundational piece and the RACI model is a great tool for a cohesive and integrated approach supported by strong leadership.
Once clear accountabilities and responsibilities, and interdependencies vertically and horizontally across an organisation are established, an assessment of the critical products and services an organisation produces or delivers needs to be conducted. What are the tolerance thresholds an organisation can absorb if these goods and services are not being delivered?
A Business Impact Analysis should be conducted to identify the key facilities, equipment, materials, business systems and people (internal and external) involved in producing these goods and services. Conversations with suppliers and customers are critical to ensure a complete assessment and all impacts are fully understood. An investment in this process will enable an organisation to be creative and innovative in adopting solutions to address any identified (and emerging) problems. A focus on Business Impact Analysis outcomes will assist an organisation to develop its mitigation strategies and recovery objectives.
Following on from this organisations must document and adopt a Business Continuity Plan. The plan must be regularly updated, particularly following any disruption, so any lessons learned can be added to a review of the plan. Further, the importance of regularly testing and exercising the Business Continuity Plan cannot be overstated. Exercises must involve all business units to avoid a siloed outcome from occurring. The best results for business continuity are when an organisation works up, down, and across departments, and involves other key stakeholders. Internal and external auditors should be involved but the final document must be real and owned by the organisation. It is critical key leadership groups champion and invest in this aspect of the business.
Testing can occur on an annual basis but it would prove even more prudent to test and exercise when there are changes to business operations. This will build the skill, capability, and agility of an organisation to manage any future challenges.
A key driver of business success is Information Technology continuity services. It is important to ensure processes are in place to address the recovery of IT systems, infrastructure, and data. There is an ever-increasing amount of cybercrime and cyber-attacks on business systems – making it even more compelling to ensure these systems are resilient. Developing standards around service level continuity makes great sense, as does regular testing and reporting across the organisation.
Business Continuity is a function that has to be owned and valued by an organisation. It has to be part of the organisational way of life. It has to be owned by all and it needs to be inclusive; that is it cannot be owned by one person or one business unit. It must flow through the organisation’s attitude, DNA and temperament.
Clearly, Business Continuity Planning is the best form of insurance an organisation can invest in as the world we live in becomes more challenging, uncertain, complex, and ambiguous. It needs to be seen as part of everyday business and valued as something that will enable an organisation to flourish during testing times.
Nuffield Group’s IEMR team is ready to assist your business in developing well considered and sustainable business continuity plans.
Can we help you?
Call 1300 308 257 or +61 404 852 062
Or email us direct at nuffield@nuffieldgroup.com
Resilience And Business Continuity Management
One of the key factors integral to the continued and effective operation of an organisation is a carefully planned and developed Business Continuity Management Planning framework.
Throughout this last 12 months organisations have continued to operate due to the planning they had completed prior to the COVID-19 pandemic challenges, enabling them to pivot and adapt to support the continued delivery of products and services to customers.
Now, as we face further disruption, it is timely to focus on ensuring your business invests the time and effort to review your continuity plans and make any necessary adjustments to build your resilience. The process needs to combine individual and industry learnings and should address issues such as insurance, lease arrangements, supply chains and their resilience, workforce requirements and business systems.
This article focuses on Business Continuity Management, which is a key element of any Risk Management Framework – the purpose of which is to manage actual or predicted disruptions.
A Risk Management Framework is a critical function for successful operations and helps businesses:
Risk Management is an overlay that organisations adopt to enable them to operate effectively and Business Continuity is a key element of any Risk Management Framework.
A Business Continuity Management System is a tangible demonstration by an organisation to its customers, employees, stakeholders, and suppliers of how resilient their business will be with the supply of products and services during a disruption.
The purpose of an organisation undertaking Business Continuity Planning is to deal with any potential business disruption, including natural and manmade disasters, which do not discern who they impact or when. It is significant to note the frequency of these events, from the evidence available, has substantially increased. Therefore, it makes perfect sense for organisations to spend time in examining the critical functions performed in their business and adopting controls to manage the impacts from any disruptive events.
Organisations are also encouraged to examine their business systems such as information technology, supply chains and third-party providers, to fully understand their vulnerabilities and the mitigation controls that can be adopted to strengthen these systems.
Further, many organisations have clear expectations from investors, stakeholders, regulators, shareholders and the community to prevent or manage these foreseeable events. So, by investing in Business Continuity Management to deal with disruptive events an organisation can minimise impacts to customers, operations, finances, legal & regulatory obligations, brand reputation and materiality.
A Business Continuity Management Framework is the mechanism that facilitates the development of a Business Continuity Plan. The key components of the framework aim to govern, assess, create, train, exercise, maintain and continuously improve the Business Continuity Plan.
Governance is about leadership, structure, accountability, roles and responsibilities, performance standards, communication and integration within and outside of an organisation in considering the importance and needs of suppliers and major customers.
Assessment concerns understanding the critical components of the business that are fundamental to its operation and the controls that can be adopted to manage disruptions.
Creation, or the formalising of arrangements, is another important step and should be conducted across all business units to capture all the interdependencies within an organisation. This approach addresses any siloed culture issues that will prove detrimental to an organisation during a crisis period. There are many examples of plans that have failed due to internal disconnection and siloed approaches. The best results are produced when plans are fully integrated and a ‘whole of organisation’ approach is nurtured and rewarded.
The training, exercising and maintenance aspects of the framework are somewhat self-explanatory but take note: Developing the plans is not the end of the story. Exercising and regularly reviewing to continuously improve plans, particularly after an event, is also critical (and highly recommended). It simply makes sense to include training, exercising and scenario planning in your corporate training calendar to continually drive success and to overcome any complacency.
A regular ‘review cycle’ allows an organisation to align its changing business strategy with its Business Continuity Plan. During this Covid-19 period organisations that were agile and had given consideration to business continuity were innovative in their operational responses to disruptions.
The Business Continuity Plan should be tailored to the needs of the business and the plan should be scalable and flexible, recognising there will be differences in the impacts and consequences associated with the various types of events an organisation may experience.
There is strong evidence that points to the benefits organisations derive from Business Continuity Management and Planning. The thinking, planning, documenting, exercising and reviewing enable an organisation to absorb and bounce forward more effectively from the shocks and stresses of any disruptions.
Nuffield Group has built a highly capable team to deliver sustainable Crisis and Emergency Management solutions to organisations. Find out more here.
Can we help you?
Call 1300 308 257 or +61 404 852 062
Or email us direct at nuffield@nuffieldgroup.com