INDEPENDENT NEWS

It's too late once disaster strikes

By: KPMG
Published: Fri 13 Oct 2006 03:22 PM
13 October 2006
It's too late once disaster strikes
Wild weather, downtown flooding, fog-bound airports and recent power outages in Auckland and Wellington have been a shake-up for business. "They dramatically demonstrated how critical it is to have a solid and tested business continuity plan in place," says KPMG information risk management partner, Graeme Sinclair.
"Business continuity management (BCM) is not a luxury management tool but essential to stay in business, retain customer confidence, protect reputation and safeguard people.
"The skill is knowing how much of an investment to make in BCM and to make sure it is tested, updated regularly and for management to actively support and promote it."
"Bad weather or a power cut is not always perceived as a disaster, in terms of business continuity management, when we have such an appetising array of highly volatile natural risks such as eruptions, earthquakes and fires; events that conjure up images of crippling damage to businesses.
"But recent events caused all sorts of grief to individuals and businesses of all sizes. The ability of a power cut to cause an immense amount of damage, even when only short in duration, should not be underestimated," says KPMG.
Graeme Sinclair says a power cut can cause an uncontrolled computer shutdown with corruption to critical business data and operations. "Most businesses would be unable to supply the most basic service - like operating the cash register, accessing customers and contact by email. There's even health and safety risks when the lights fail and lifts stop working."
"Anecdotally, we've heard of cars being stuck behind barriers, cash tills not working and failed electronic links to Australia. Typically these are unlikely to cause a business to fail, however profits will fall and reputations are at risk."
Given that reported major casualties from disasters seem to be few and far between, to what extent should an organisation plan and for what scenarios?
"The BCM tool to measure risk is based on a algorithm of likelihood and impact," says the Graeme Sinclair. "It depends upon how much the organisation will be affected by what scenarios. For example, if an organisation is not near the sea there would be little to be gained from preparing for a tsunami. However, if that firm’s single supplier or customer is directly susceptible, then suddenly the likelihood of being affected by a tsunami increases.
KPMG says the key proviso is for senior management to understand the risks when deciding whether or not to prepare for a scenario. This logic applies also to disruption from bad weather and power cuts, which can be just as troublesome as earthquakes, influenza epidemics or floods.
"Bad weather and power cuts tend to be more localised which means an inability to fulfil an order is unlikely to generate empathy from customers in Sydney, China or even another city in New Zealand.
"Organisations need to understand the likelihood and the impact of a range of adverse situations before investing in BCM. Regardless of how large the investment is, one thing is absolutely clear, a business continuity plan is of little value if it does not work on the day," says KPMG,
Testing, testing…
"If an expensive uninterruptible power supply is installed, which is designed to initiate a controlled shutdown or last for four hours, it would be money wasted if, when needed, it's found that it is not configured properly and no one bothered to check this."
Management can only gain comfort that recovery tools will work on the day if they are tested beforehand. The extent of testing undertaken will depend upon the criticality of a resource (e.g. system) or process to the business and, for certain processes or organisations, a full and detailed scenario-based test may be relevant. However, business continuity plan (BCP) testing does not necessarily mean testing every facet of a BCP or permutation of processes and resources.
In a disaster there is likely to be a range of new environmental factors that will affect business processes, such as working from home, by mobile or from paper records and spreadsheets, instead of online. Testing should focus first on the changes to the environment. For example, checking that the connectivity works between home and the recovery site or that certain data can be retrieved remotely. This might be considered a ‘proof of concept’ approach. The objective is to gain confidence that a business process can be achieved, rather than providing full assurance that a process will work for a wide range of scenarios, with multiple users under stress.
Planning for change is as important as continuity planning itself. Nothing stays the same, people come people go, systems get upgraded and new risks emerge. The work does not end once a test strategy has been agreed and executed.
Whenever there is a material change in critical software, hardware or infrastructure, a key staff member or supplier, relevant legislation or any other important variable, the business continuity plan must be revisited and, if necessary, updated and tested again to ensure that the plan remains valid. The changes must then be rolled out to the stakeholders. And so it goes on. Only then will management gain any real comfort that their businesses will be able to adapt to ‘disasters’, however small or large, in the future," says KPMG's Graeme Sinclair.
ENDS

Next in Business, Science, and Tech

Government Ends War On Farming
By: Federated Farmers
The changes to unworkable and expensive regulations mark the end of the war on farming, says Colin Hurst from Federated Farmers. Federated Farmers strongly believe that winter grazing, stock exclusion and on-farm biodiversity can be better managed through ...
NZ Researchers Drive Work On International AI Framework
By: University of Auckland
Two New Zealand researchers are leading the charge for an international policy guide and framework to evaluate AI and other new technologies.
Woolworths New Zealand Rolls Out Team Safety Cameras To All Stores As Critical Tool For De-escalating Conflict
By: Woolworths New Zealand
The cameras are only turned on in the event of a security incident and footage will not be released except when requested by Police as part of an investigation. Woolworths New Zealand team members are also required to notify customers before recording.
Environmentally Conscious Shoppers At Risk Of Being Greenwashed
By: Consumer NZ
According to Consumer, more than 75% of New Zealanders place some importance on a product’s green claims being verified before it’s sold. Despite this, there is no independent vetting or checking required before products making green claims hit ...
Facing The Future: The Use Of Biometric Tech
By: Hugh Grant
New Zealand is far from unique in deploying biometric tools to solve major social challenges. As the technology has matured and improved in recent years, facial recognition has been increasingly deployed to take advantage of the increased speed, safety, ...
Gaffer Tape And Glue Delivering New Zealand’s Mission Critical Services
By: John Mazenier
Every debt, eventually, has to be repaid. Right now, the day of reckoning is fast approaching for one of the most crippling, but least discussed, debts burdening government across New Zealand – technical debt. Technical debt is the cost of generations ...
View as: DESKTOP | MOBILE
Scoop Contact About Services Newsagent Login
Connect Submit News Social Media Scoop Network
Ethical Paywall Accredited Orgs. Licensing Terms of Use
© Scoop Media