Applying Management Systems for Business Continuity

Applying Management Systems for Business Continuity 01/18/2010

Despite cost-cutting measures in this economic downturn, thousands of organizations still successfully use and implement management systems to save them time and money, to improve their internal processes and procedures, to prove their competency to their customers and to manage risk. Corporate governance is the way in which corporations and other organizations are directed and controlled.

The subject has been around for a while, ever since the problems arising from the separation of ownership and control of organizations has been recognized. Organizations such as Enron and WorldCom acted as catalysts for corporate governance reforms. Industry in both the UK and the United States has since become more focused on managing corporate governance appropriately and safeguarding stakeholders’ interests. Compliance issues are at the very top of the corporate agenda.

Even with the introduction of new regulatory measures, it is clear that no firm is immune to the problems of poor risk management and corporate governance, and that initiatives introduced by the regulatory bodies should be viewed only as abase-line preventative measure.

It is thus recognized that there is a need for greater corporate responsibility and

Accountability than exists currently; the need for corporate governance and good risk management and includes a systems approach to adopting effective arrangements, in particular through the use of appropriate management systems and the application of  sound Business Continuity Planning.

Management systems

A management system is a way of running an organization that embraces its overall structure, its planning activities, responsibilities, practices, processes and resources for developing, implementing, achieving, reviewing and maintaining the policies of that organization. In short, it is everything about an organization. Thus when you are looking for a way of improving your risk management it makes sense to ensure that governance is at the heart of your chosen management system.

Central to all of this is the idea of ‘risk’. An organization’s top management

Should commit to establishing systems that will ensure that their strategic risks are identified and effectively managed. This system needs to operate at a strategic level and should encompass all of the organization’s activities and the impacts they mayor may not have on all stakeholders.

Business Continuity Planning (BCP) is a proactive planning process that ensures critical services or products are delivered during a disruption. It is the creation and validation of practiced logistics which will help an organization recover and restore partially or completely interrupted critical functions within a predetermined time after a disaster or extended disruption. The BCP process has evolved so that it not only addresses recovery, but prediction and mitigation of disasters.

The obvious conclusion is that the most innovative organizations wishing to get

Ahead of the marketplace should embrace additional measures that safeguard their business and create a ‘change-orientated’ culture.

Globally recognized  tied in with certified training from an established Business Continuity Planning Institute ,can offer a unique combination of risk management and cultural change that encourages dynamic thinking and business improvement.

The system of internal control should be embedded in the operations of the company and form part of its culture.

Business Continuity as the ‘new’ quality

It is perhaps appropriate to draw parallels between the development of a quality

culture in business throughout the 1980s and beyond with the current situation in risk, Business Continuity and corporate governance.

When the quality revolution happened it was slow at first and then gained momentum as companies pushed ‘quality’ back through their supply chains. It became necessary to have a quality certification in order to even tender for certain projects –such was the confidence in the systems.

The support structure for this embedded quality was impressive, accompanied by new job titles: quality managers, quality control analysts etc.

A formal structure of institutes and societies were founded for continuing professional development – The Institute of Quality Assurance and the American Society for Quality amongst them. Quality arrived and dug in.

So how is ‘Business Continuity’ similar to this?  In 20 years time risk management will be as embedded into our systems and processes as quality is today. The trick is to discover and describe how we get from where we are today to that position of truly embedded Business Continuity Planning and Management.

We should mirror the route taken by Quality. Quality developed from manufacturing as a part of the efficiency drive of the 1980s, when statistical process control charts helped operators to optimize control and improve on quality. Business Continuity has its background in disaster recovery. Both have strong links to probability, with the language of ‘expected outcomes’ and ‘Monte Carlo simulations’ being used at the academic end of both subjects.

Quality’s now applied to business ethics, corporate governance, reputational risk, IT risk, operational risk and insurance risk. Business Continuity can pull all these themes together into a future formal management system and help ensure that Corporate Governance is sustainable.

Businesses will want to work with partners that have ‘good’ business continuity plans, but how should it define ‘good’, especially when it cannot get access to those plans as they contain competitively sensitive information. An independent accreditation to a formal standard is the perfect solution. Everybody can agree that they are all working to the same levels.

Implementing management systems

They are also based on the ‘plan, do, check, act’ (‘PDCA’) model. The model is consistent throughout the new generation of management systems and allows for organizations to integrate more easily their management systems to achieve the holistic risk management model mentioned above. This is particularly relevant as many of the existing corporate governance solutions in the marketplace have a financial orientation.

In addition to easier integration with other management systems, the PDCA model encourages a culture of ‘continual improvement’ within an organization. This can help to improve efficiency and unleash the firm’s entrepreneurial spirit, whose potential was held back by the ‘tick box’ mentality created by the desire to comply with new legislative reforms. Business Continuity process follows similar pattern:

Best practice

So what is it that organizations should be aiming for? What would constitute best of breed in this tricky area? In my opinion there should be a strategic policy at top management level to focus on managing risk for corporate governance. This should lead to specific policies and arrangements to deal with specific risks. In particular, the policy should encourage a positive culture within the organization to make certain that strategic risks are identified, removed, minimized, controlled or transferred. These are all part of the Business Continuity Planning process and its focus on Business Impact Analysis.

Third-party certification of a recognized Business Continuity Training program can give internal confidence that appropriate measures have been implemented to prevent acts of poor corporate governance.

Certification also gives external stakeholders (that is, regulatory bodies and potential investors) evidence of a sound management structure.

Both the act of certification and the exit reports generated during the certification process can be used when producing an organization’s corporate governance report.

Competitive advantage

A combination of legislative compliance and third-party certification to a formalized Business Continuity Management system can also be a source of competitive advantage: additional risk management methodologies and solutions offer organizations a unique selling point within the marketplace.

Implementation of one or more globally recognized management system

demonstrates to all stakeholders that the management of risk is taken seriously,

and gives confidence for both trading and investment purposes. Implementing and achieving certification to a globally recognized Business Continuity Management system is an aspiration: it is a way for a company to benchmark itself against its peers and know that it is doing well.

Potential investors can also take confidence from the fact that firms with

Secure management systems and practiced Business Continuity Planning will be focused on controlled growth and continuous improvement. Typically, financial investments are made on the basis of growth, and third-party certification can help give confidence to would be investors, both individuals and corporate. This is particularly important in this more cautious21st century.

Trust ies a significant business driver, and selecting those who manage risk appropriately is often difficult. A combination of a good corporate governance and third-party Business Continuity certification can help sustain good governance and maintain trust.

Karyl Kowlessar

Triumph International

Comments

Leave a Reply

Author

Archives

Categories