Are You Ready To Deal With Transnational Risks? Flexible Plan Of Testing Organization

In recent years, the Business Continuity Management Plan(BCP) is being developed, which defines various processes for preventing and recovering from business disasters. The primary objective of the Business Continuity Plan(BCP) is to continue operations while disaster recovery occurs, so the key to the success of BCP depends on the organization’s resilience plan.

Definition of elasticity: Business Continuity Research Institute defines elasticity as the adaptability of an organization in a complex and changing environment. Recoverability is a more mature aspect of disaster recovery, that is, the ability to maintain organizational functions in the event of dramatic changes in internal and external environments. Therefore, when improving the maturity of disaster response and disaster recovery, enterprises should consider customizing recovery plans to continue business in adverse environments.

Recoverability statistics: In the annual African resilience survey, Ernst&Young Certified Public Accountants(Ernst&Young), although most African organizations have good business continuity, they also need mature recovery plans to reduce the possibility of risk exposure and recover in case of destructive events. According to the survey results, about 72%(level 2 to 5) of respondents said that the resilience plan is conducive to the operation of disaster recovery business. Of these, 5% can be certified, and 28% can restore all major functions within the approved recovery time objective. Only 28% of respondents were unable to restart operations or did not know the maturity of the plan.

More than 64% of participants said that their BCM elastic solutions comply with international best practices, such as ISO 22301, ISO 22316, BS65000, ISO 27031, the 2013 Business Continuity Association Best Practice Guide and/or COBIT. About 10% of 64% of the respondents said that the company complied with the BS65000 standard, namely the guidance document on organizational flexibility.

Ernst&Young further scored 5 points on the elastic maturity of the sample organizations according to international standards, of which 5 points are the most mature level.

Maturity Level: Activity Configuration

Level 5 Certification Program

Level 4 restores all major functions based on approved recovery time objectives.

Level 3 can restore some key functions based on the approved recovery time objectives.

Level 2 limited business processes can be restored to information and unrecorded processes

Level 1 that cannot recover or survive from interruption(no program)

The survey shows that 5% of the specimen tissues have reached the business elastic maturity of 5 stages, 28% of 4 stages, 24% of 3 stages, 15% of 2 stages and 10% of 1 stage. The remaining 18 per cent of respondents indicated that they could not know the level of resilience. This shows that 72% of respondents believe that resilience plans can help disaster recovery, but only 5% of respondents believe that risk management sources are beyond the scope of traditional risk methods.

We should have the adaptability of transnational corporations. The complexity of organizations operated by some transnational corporations is that the nature of disasters is foreign and far away from home. The best guarantee for any organization to deal with unknown major destructive events is to be consistent with international standards at the policy level and implementation level. Resilient multinationals can adopt a flexible plan to reduce vulnerabilities, which provides an opportunity to restore all core functions within the approved recovery time objectives.

As a risk expert, do you consider the following matters?

• Business continuity management and recovery are subsets of risk management. Both disciplines are central to mitigating specific risks. When these risks occur, have you tested the value of risk management?

• Your career will develop in multinational companies sooner or later. Sometimes your business contacts global customers or business partners. Have you considered the risks faced by the organization due to this relationship?

• Employees may face transnational risks due to overseas travel. Have you added an emergency repatriation plan to your recovery plan?

• Some business recovery sites are worldwide. If the disaster attacks the recovery site, do you consider the backup recovery capability?

• For multinational companies, will the infrastructure problems in other countries(similar to the hydropower problems in South Africa) affect the overall business continuity?

• For multinational companies, given the rise of network risk and the absence of political boundaries, has the company considered the impact of system failure(DRP) and the connection with network risk management control?

• Is the focus on general disaster situations based on foreign economic conditions? Or focus on specific situations with higher probability, such as power failure(local), political instability, etc?

Participate in the following organizational recovery plan tests:

Organization evaluation: Yes/No

Level 1 that cannot be recovered or recovered from disruption(no recovery plan)

Level 2 limited business processes can be restored to information and unrecorded processes

Level 3 can restore specific functionality based on approved recovery time objectives.

Level 4 restores all major functions based on approved recovery time objectives.

Level 5 Certified Plan Organization Recovery Plan(BS65000 compliant)

The most responsible decision of any organization is to be consistent with the international business flexibility standard and formally make it part of the risk management and business continuity plan. Because even so, we are still a part of the world.

Reference documents:

Ernst&Young, African Resilience Survey

www.thebci.org

Ms. Pho Modisane(IRMSA CRM Prac.)