Business continuity after COVID19, to be or not to be?

By Edward Musinguzi

Before COVID19, many organizations did not have a clue on how to protect themselves against events that would disrupt their operations. Even those few that had a semblance of some means to help them cope during interruptions to their services did so by making and keeping copies of their information and data only.

Sadly, for an extended period, almost all countries will continue to be exposed and get severely affected by the current pandemic. That is why, without doubt, many institutions, if not closed or gone under now, wish they had anticipated and prepared better to respond to this pandemic. Incidentally, this moment is not the first that a tragedy has affected organizations so much.

What is different though, this time around is the scale at which this pandemic has devastated world economies. Most often in the past, it has been isolated instances that crippled a few businesses at a time, which were not prepared well to handle disruptions.

For instance, in early2000, a 10-minute fire destroyed a Philips microchip plant that supplied both Nokia and Ericson with microchips for their phones. The damage to this plant meant that it could not supply more chips. Fortunately for Nokia, it had anticipated that if any of its suppliers failed to provide them with components, they would need to switch to an alternative provider quickly.

So, Nokia entered into an agreement with many other plants that could manufacture similar chips. When the Phillips plant failed to supply them with microchips, Nokia activated its continuity plan by implementing the agreements it made with other plants. For Ericson, it depended entirely on the Phillips plant for its microchips. It had no alternative arrangements that it could fall back to in the event of failures at Phillips.

A few months later, Ericson reported that the fire at its component supplier had caused a microchip shortage. It further pointed out that that correspondingly caused a second-quarter operating loss of US Dollars 200 million in its mobile phone division.

Another case is, after the 9/11 Bombings in the US, almost all institutions that never had any continuity arrangements closed shop. Those that had such systems in place bounced back. Fortunately, it is still not too late to slow down the ongoing effects of Covid 19 to organizations, if only they quickly start to respond in the right manner.

To do so correctly, they ought to think widely about what it is that is most crucial for their organizations to run. Such is what one would refer to as critical assets, persons, supplies, and Organizational activities.

Further, what they need to know that only those items that must be present for them to offer their key services must be considered critical. After that, they will do a better job in determining the damage that they will suffer should any of those essential items be knocked out or become unavailable for whatever reason.

It is thus essential that organizations prepare plans on how to restore critical items –at least to a minimum level –after they have been disrupted. They should, in that regard, develop business continuity plans that do not necessarily focus on IT but are informed by what the organizations consider critical to their survival.

Once more, a business continuity plan prepared after getting to appreciate critical items will likely be more useful, should there be a need to activate it. At this point, it is also again worth emphasizing that the common practice of establishing IT disaster recovery plans is limiting.

A useful business continuity plan should consider broader aspects that contribute to the survival of organizations. Those aspects vary depending on the business or mandate of an organization.

Lastly, for business continuity arrangements to work well, Management as well, the Board of Directors must pay full and un compromised attention to the system. Otherwise, suppose those arrangements remain a back burner as it has been. In that case, the same panic experienced during COVID19 is inevitable in case another disruption comes. And given the events unfolding in this era, it is not a matter of if outages will happen, but when they will occur.

The writer is a Certified Internal Auditor (CIA) from the Institute of Internal Auditors (IIA) Global, a Risk Management and Business Continuity consultant with PKF Consulting Limited

Leave a Reply

Your email address will not be published. Required fields are marked *