Practical advice for small and medium sized businesses from an SME owner.
By John Robinson, FBCI, MSc C.Eng.
The value placed on organizational resilience is growing. Big business, government, institutions, professionals and insurers each strongly promote it, encouraging uptake of business continuity management across all sectors and scales of activity. This makes sense since no organization wants to inherit the misfortunes of another.
Yet it remains a struggle to convince the myriad organizations that make up the global supply chain to embrace the concept. There are a number of reasons for this, but predominantly it’s down to risk and reward, and many simply see it as not worthwhile.
Are they right? How can small and medium-sized (SME) organizations ever justify investing against the unthinkable? Beyond basic insurance, the answer to the question is that most believe they can’t. Yet the possibility of extreme disruption is never far away, from cyber-crime to climate change, arson to ash cloud, power blackout to civil unrest. Most see investment in resilience at best as optional and at worst money wasted. They believe reaction will be enough, patching together skills, technology, resources, services and insurance in an optimistic knee-jerk response. This seems acceptable until something big happens, whereupon they’re faced with rebuilding a surprisingly delicate house of cards in a few hours or days as credibility and credit evaporates.
Unsurprisingly, insurers see business continuity as complementary, helping to reduce claims. If an office burns down, they recognise that management needs time to rebuild and protect the firm’s hard-won reputation, time that only comes from preparation and planning. They know that whilst cash plays its part it won’t stop word spreading, it won’t organize people and it won’t buy back defecting customers.
Continuity offers a return on investment
Commitment to resilience is often a reflection of senior management’s perception, and unless a major disruption has affected them or someone they know, it has to fight for attention. It’s understandable. As an entrepreneur, if I can’t see percentage points on the bottom line, you have little chance in securing my vote for funding. My appetite for risk-taking acts as an over-ride and I’d rather see the cash invested in productivity or growth, or taken as profit. Ask me to budget for an annual sizeable sum with no apparent return on investment and I’ll politely decline.
However, despite this, my business does have a budget and we do assign resource for business continuity. We don’t feel BCM is aimed solely at larger firms or that we’re wasting money because the risks are so low. We own a continuity plan that works and matures alongside the business. So how do we justify this?
We embrace continuity because we can’t afford not to
In recent months, my company has bid for severable sizeable tenders, from a global semiconductor manufacturer to national government, from public transport provider to international insurance company. At the earliest stages of each bid – without exception – we were asked to provide material evidence of our business continuity capability as a precursor to any form of presentation or detailed discussion. We don’t get the chance to compete for their business unless we demonstrate a rock-solid defence.
So we implement business continuity management because commercially, we can’t afford not to. Denial would automatically disqualify us from tenders like these and our commercial budget pays for it, generating a measurable return. Business continuity contributes to our competitive capability and we use it to help win business. We include a slide about it in every sales presentation and we regularly permit clients to inspect our continuity provisions. Defence has become part of our attack.
Demand for continuity in the supply chain is growing
Customer demand for continuity and resilience is an irresistible force. This became clear when a client asked us to supply an automated tool to self-assess their thousands of suppliers. They now use it to manage contractual compliance in both information security and business continuity, providing low cost oversight and intervention. It collects detailed evidence along the way and automatically initiates periodic reviews. Crucially, it requires each supplier to provide assurance that covers their own supply chain, creating a cascade of sound practice.
Maturity is an important dimension of this. The survey tool specifically asks for evidence over time, cross-checking the depth of capability in each area, seeking commitment, certainty and permanence as part of your business proposition. This means you need a track record – evidence that systematic investment takes place, that senior management is bought-in, and above all, that what you’ve built actually works and isn’t outdated. This means you need a business continuity management system or process that continually monitors and improves your capability.
There are options for controlling cost
Although there is no standard cost model for business continuity, you can gain a sense of what may be required. Factors include scale, complexity, management’s risk appetite and the strength of external demand by regulators, customers and shareholders. For a small office-based business with long delivery times and tolerant customers, the cost can be low, limited to a basic analysis, planning and the commonsense protection of assets, processes and information. For organizations with multiple sites, many lines of business, large volumes of sensitive data and a demanding client base, the undertaking can be significant.
Pointers on cost containment
- Set limits. Be clear on what you need to achieve and which risks are acceptable
- Control outlay. Research best value options for treating each unacceptable risk
- Benefit quickly. Obtain senior backing, automate and use specialists to guide delivery
- Minimise disruption. Use light touch tools and techniques that simplify data collection and upkeep
- Create reward. Leverage BCM to inspire confidence in customers, staff and stakeholders.
Some software tools can help you to contain this cost in each of the areas above, providing a ready-made start point with a roadmap, a planning framework and built-in guidance. They can accelerate data collection and reduce the time you spend creating a lasting capability. Tools like these are often delivered online so you can access information securely without relying on paper copies.
Attack is the best form of defence
For the vast majority of smaller organizations, business continuity offers a way of improving their competitive position by investing in sound practice defences. It means that when you bid for business, there’s every chance you will hold a powerful card that others don’t, giving you a greater chance of success. Combine this with the commonsense desire to protect your hard-won assets and business continuity makes sense for even the smallest of enterprises.
John R Robinson is a Fellow of the Business Continuity Institute and Managing Director of INONI Limited. INONI is an Internet software and consulting provider, specialising in the provision of low-cost continuity solutions to businesses and institutions, worldwide. For more information or a free software trial visit www.inoni.co.uk.
•Date: 5th Oct 2012 • UK/World •Type: Article • Topic: BC general