Business continuity in Australia
Business continuity management has developed from a discipline focusing on IT systems for large firms to an organisation-wide framework that allows government and businesses to prepare for a range of possible threats, whether they be internal system failure or external emergencies such as natural disasters, terrorism, infectious diseases or economic instability. Continuity Forum conducted a benchmarking survey in the Australia/New Zealand region between April and June 2007. The objectives of the research, sponsored by Hewlett-Packard Australia, were to explore the level of adoption of business continuity across government and business. The survey identifies baselines for: The methodology of the survey implies that nearly all respondents are part of organisations that invest significantly in business continuity and nearly 70 percent of respondents work within the government or financial sector. However, even in this highly focused environment, some important issues are still a work in progress. Key findings: The research addressed five key areas: Encouragingly, 70 percent of respondents indicate that senior management rates the importance of their business continuity plans at above average. Nearly all respondents have completed a business continuity plan in-house, with around 20 percent having outsourced part of it. Plans are generally produced according to a recognised standard. IT failure is still the major cause of disruption followed by utility services provider failure and natural disasters. Accordingly, natural catastrophes and breakdown of critical information infrastructure are among the top three perceived threats. The highest perceived threat is pandemics, with terrorism rating lower than it did a few years ago. Two thirds of the respondents do not benchmark their business continuity plans against their industry sector, which might be due to confidentiality of the information discussed in the plans and/or to lack of available benchmarks. Most organisations have a risk methodology and/or a business continuity management framework in place, but 30 percent have not updated their business impact analysis (BIA) in the last 12 months, and 40 percent do not have business continuity plans for all the critical activities, based on the current BIA. More effort needs to be put into ensuring that a satisfactory level of business continuity is maintained throughout the supply chain. Two thirds of respondents have a clear emergency response plan and crisis management plan. However this does mean that one third of respondents have not yet planned for an emergency. On the positive side, those who have plans have made provisions for the welfare of people and to make sure that staff are prepared to handle a crisis. Nearly 70 percent of respondents indicate that the main goal of their business continuity plans is demonstrated recovery through testing, highlighting the fact that the focus is on protecting the business effectively, rather than on meeting obligatory compliance requirements. Past surveys conducted in 2000 and 2003* indicate that plans were not sufficiently tested and hence most of them were unlikely to work. The 2007 results show that companies usually have some sort of testing procedure in place, however these are often IT-based or desktop only. There are additional benefits related to business continuity planning, in the form of a marketing edge on competitors and reductions in insurance rates. Increased efficiency is often a result of better understanding of the recovery of business processes. The results show that little of no use is being made of these opportunities at this stage. A few years ago business continuity was focussed on IT and the recovery of critical records, and the main resources for business continuity were allocated accordingly. Today the main focus has shifted towards a more holistic approach and provisions are being made for the welfare of people in case of a crisis. The percentage of executive managers who are aware of the importance of business continuity planning has increased in the past few years, however more can be done to generate buy-in with the remaining managers. An increased involvement of the business continuity professionals with their marketing and insurance divisions might help provide evidence for the boards of a number of additional benefits related to business continuity planning. Most institutions have a risk and/or business continuity framework in place, but many have not updated their BIA in the past year and are still working on their business continuity plan. This indicates that their business continuity framework is still somewhat immature. More in-depth testing would provide many organisations with a better level of comfort about the effectiveness of the plans. While there are reasons why plans are generally produced in-house, selectively outsourcing part of the plans such as testing to business continuity professionals might help ensure their robustness without the need of disclosing sensitive internal information.
•Date: 7th December 2007• Region: Australia •Type: Article •Topic: BC statistics |
