Home' acuity : Acuity Feb 15 Contents FOCUS RISK MANAGEMENT
is to run a Business Impact Analysis
(BIA), which identifies critical and
non-critical system vulnerabilities in
the organisation, estimates recovery
times and recovery requirements, and
compares costs of failure against the
costs of upgrading a particular system.
This needn’t be as complicated
or onerous as it sounds. And there
is usually the benefit of identifying
redundant or inefficient systems that
can improve everyday business.
Conducting a BIA or similar exercise
will give you and your teams a solid
understanding of your business and
its vulnerabilities. That’s one pillar.
The two other critical pillars involve
infrastructure and people.
Maintain a solid infrastructure
Infrastructure is the underlying
base necessary for an organisation
to function at all. It’s the essential
facilities, services, and installations.
This will vary from organisation to
organisation. It will also vary over time.
Obvious things, such as working toilets
are often overlooked. Assumptions, such
as sufficient capacity on the organisation’s
virtual private network to support all staff
working from home, are often unverified.
Well-prepared leaders ensure that their
organisations have infrastructures that
are fit for purpose, well maintained, and
It is absolutely critical that there is
sound infrastructure to deal with the
four basics of staff welfare, client care,
cash flow and communications.
How this is done isn’t important, as
long as it fits with your organisation’s
style, but it is important that there is
not reliance on one component in case
that component fails (eg expecting all
communication to be done via mobile
phone, only to find the cellphone towers
are inoperable because of the event that
caused the crisis in the first place).
Prepare their people
The final preparatory pillar is people.
Everyone in your organisation needs to
have a big picture of the organisation
painted for them, and to have their
roles made clear.
This does not mean beating
awareness into everyone with
enormous emergency manuals. What it
does mean is that people are aware of
the relevant findings of a BIA, they are
involved in developing contingencies,
and they have the training to be able
to help when a crisis hits. This could
mean finding efficiencies to cope with
an unexpected tidal wave of cheap
competition, or dealing with the
pressure of working out of temporary
accommodation after a flood.
Your organisation should try to
encourage future assistance by putting
staff concerns at rest in advance (for
example, indicating that payment of
wages/salaries will continue during an
Similarly, individuals should ideally
know their roles and be reassured that
they have authority to act.
What are the most important
preparations to enable quick
1984 Rogernomic Reforms, 2001 World
Trade Center Attacks, 2005 Hurricane
Katrina, 2008 global financial crisis, the 2011
Christchurch earthquake... the list goes on.
With hindsight, the likelihood and
consequences of each of these events
were obvious, but at the time they
were unexpected. Some leaders and
organisations coped well, many didn’t.
Organisations that survive such events
and subsequently thrive do not to rely
on the authorities. Their infrastructure
– particularly communications – stands
up and their people stand up. The most
important preparations to enable quick
recovery lie in these two areas.
Give your people the tools to be
able to do the job; and give them the
training, and simulations so that they
have the confidence and ability to cope.
The final safety net is good and
Being prepared for an event that could
potentially destroy your business isn’t
particularly easy or cheap. Neither
is it particularly hard or expensive.
Certainly, not being prepared is a lot more
expensive when such an event does occur.
Although you don’t want to rely on
people like George W Bush for solutions,
as a leader, it’s good to look to people
like Winston Churchill for inspiration,
the Prime Minister who said: “Never let
a good crisis go to waste.”
ADRIAN SPARROW ACA
is deputy chair of RiskNZ, the professional body in New
Zealand that brings together people and organisations that
manage risks. He is also group manager risk & assurance
for Datacom and a member of the Chartered Accountants
ANZ Wellington Leadership Team.
ESTABLISH THE CONTEXT
ISO 31000 RISK MANAGEMENT
acuity | FEBRUARY 2015
Links Archive Acuity Dec 14 Acuity March 15 Navigation Previous Page Next Page