The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Articles   /  Key Business Continuity Areas To Focus On, In 2021

Key Business Continuity Areas To Focus On, In 2021

The past year has been simultaneously a painful one and an invaluable learning experience. It showed businesses that even with the most extensive preparation, the impact of an event like a pandemic can still catch organisations on the back foot, and throw them into a tailspin. Even organisations that had some sort of disaster recovery plan to begin with, found themselves floundering because of the unprecedented scale of the virus, and the velocity with which it ravaged the world. However, with the lessons of 2020 under their belts, businesses can put this knowledge to good use, and prepare for the next disruptive event with new perspectives and a refocus of their business continuity plans.

Unique challenges to business continuity
Businesses may feel raring to go after months-long layovers but it is advisable to set some time aside and make a thorough assessment of the organisation. The Covid-19 virus will be around for some time; it is likely that variants of it will persist, contributing to disruption for a while. This is one threat that is very real. Organisations need to assess how much it may affect their assets, operations, suppliers and staff, in the short and long terms. Business continuity also hinges greatly on the resilience of an organisation’s processes, the systems and technology it has in place, and the people it can depend on to run it.

This resilience extends to its suppliers as well. Firms will need to be sure of their suppliers’ ability to keep up, and perhaps even look beyond their regular vendors for possible back-up. The pandemic has demonstrated that untoward events can happen with greater velocity, and further-reaching consequences, than previously thought possible. It would certainly be worth the organisation’s while to think about the unthinkable happening, and what it can do to recover from events worse than what has battered the world in the last year. Anticipate the worst, and strategise accordingly – but under current circumstances, how should this be done?

Some firms may have already set awareness training for employees that address this possibility; more concerted efforts should be made to identify key organisational roles imperative to business continuity, and the people who can fill them. Part of their training can be simulated exercises based on worst-case scenarios, to ascertain how they will operate in real situations, under pressure. Training shouldn’t be a one-time exercise either. Scenarios and environments change; business continuity plans have to change in tandem, be evaluated, amended and maintained so that they will operate robustly when required.

Applying established systems for future needs
Getting battered businesses up and running is not easy but there are many aspects of risk management that can be applied to recovery. Board and management need to know what shape the business is in, before determining what the next steps should be. A review of procedures, processes, policies and strategies should be done, to determine whether the business is in a fit state to continue. Those responsible for the company should then decide where improvements should be made, and how these should be carried out. For instance, WFH for non-essential staff may need to be extended; this implies the need for increased security when remotely accessing the firm’s systems.

WFH is not a new concept but it was not extensively practised until the virus hit. Previously viewed as not very practical, it became necessary as almost everything moved online. This looks set to carry on, as there are indicators that many employees have come to prefer it over returning to the regular office commute. There are also other reasons to carry on WFH; the virus is by no means beaten. It has already presented several variants, each seemingly more infectious than the last. The less face-to-face interaction, therefore, the better. But organisations may have to work out different ways of monitoring, measuring and assessing work done remotely.

There may be disruption to communications or bandwidth that may affect the progress of the work. These difficulties will need to be ironed out or the firm’s recovery may be slow. The organisation may want to consider automating more processes for increased efficiency. Working online has speeded up the pace of business, moving things faster, from accessing information to spreading fake news. In tandem, the need for data with integrity and verified information has never been so great. But securing the organisation’s systems, ensuring data integrity, enabling online access and keeping up with timely delivery, has given rise to even more complications.

System hacking, file/information corruption and increasingly sophisticated deep faking are heightening risks for firms at a time when they are extremely vulnerable. Many of them may utilise central information storage for expediency and cost-saving, but this exposes them to a whole different set of risks where security is concerned. The integrity of the information of data centre backups and mirror sites have to first be ascertained; these should not have been compromised in any way. Increased vigilance and security will improve sustainability, adaptability and the ability to pivot quickly when required.

Business continuity is based on people
Many businesses, especially SMEs, are still reeling. In some places, commerce literally stopped in its tracks. Overnight, cities emptied; supply chains collapsed; whole industries were obliterated. But humanity rallied. Big pharma went into overdrive to find a vaccine, and now, businesses are looking at the possibility of going back to normal, albeit a “New Normal.” The virus has changed not just the way we work but altered our perspectives of many other elements as well.

Despite documented evidence about how businesses have been battered by the pandemic and its aftermath, it should be acknowledged that the well-being of the workforce should come first. While measures are set in place to help commerce back on its feet, serious attention should be given to human resource requirements, and how these have been affected both physically and psychologically. Organisations should reassess their training needs. Do staff now working remotely have to be reskilled to be more effective? How should this be undertaken? How should communication with customers be carried out when face-to-face interaction is no longer an option?

Businesses will have to be vigilant and alert to changes in their environment; they will need to develop more agility and flexibility. Business models may have to be revamped and innovation applied to what they can offer, to retain customers and deliver more effectively. Again, this will force a relook of the abilities of their workforce, and may necessitate training. The pandemic showed organisations where their shortfalls and weaknesses lie, and where the focus of their business continuity plans should be. Addressing these will be the first step towards building resilience for the challenges to come.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

            User registration

            Reset Password