Recently, we have seen how incidents such as public transport disruption or adverse weather, can at very short notice put unusual pressure on a company and severely impact its ability to function. Being able to cope with extraordinary circumstances is vital
for financial services companies that can suffer huge operational losses as a result of unforeseen events.
A Gartner report released at the end of April 2009 noted that the media attention paid to the recent outbreak of swine flu was already affecting enterprises, and said: “A true pandemic could cause absenteeism rates of 40% or higher for enterprises and their
business partners and suppliers, resulting in severe operational disruptions. For this reason, enterprises must recognize the urgent need to develop and implement pandemic response planning.”
It is difficult to quantify the risk of a company being struck by such a disaster or incident, however what is clear is that the change in the dynamics of the business world means that the effect of such incidents has increased dramatically.
The way in which companies conduct business has changed radically in recent years. Increasingly, businesses have to function in markets that are built on globally networked technology – interdependencies between companies, processes, locations and systems
are growing more numerous, complex and interconnected and the impact on any one element can have a domino effect on the others.
Coupled with this, the higher levels of customer expectation and increasingly stringent regulatory requirements means there is a growing need for companies to be proactive rather than reactive.
The result is that the timescales for recovery from business operational issues have significantly foreshortened and if a major incident strikes it is vital that full service is recovered in the shortest possible time. More than ever, businesses require
stability and predictability to flourish, and risks need to be better understood and managed more effectively.
There is no doubt effective business continuity management is not just about technology, it is a combination of people, processes and technology, and instilling the mindset of risk management right through the centre of these factors. Rather than being
treated as a discrete project within an organization, it needs to be implemented as part of the day–to-day operational and governance practices used to run and control a business. If this doesn’t happen then there is likely to be a lack of clearly defined
responsibilities to deal with the problem as well as a lack of trained workforce. Under these circumstances, any business continuity programme is likely to be ineffective.
Furthermore, too frequently, business continuity plans have focused on the recovery of technology rather than the impact on the wider business processes – which have tended to be overlooked. Business interruption can be caused by failures in any element
of a business process, so recovery planning must address people, process and technology.
Institutions will increasingly have to look to service providers that can offer a range of solutions to suit their changing needs and broader operational solutions that manage their IT and risk infrastructure systems and increase the flexibility across their
business. As well as this, solutions will have to meet the FSA’s recommendations on contingency planning and the providers best placed to take advantage of that will be the ones that can offer variety and flexibility through their solutions.