“The time to repair the roof is when the sun is shining.”
J.F. Kennedy 35th President of the United States of America.
By Karumba Kinyua
When a national tragedy or a crisis strikes it hits hard, it knows neither time, social status, future plans nor history, it affects the most affluent and even the humblest and is not choosy on its victims or businesses. From terrorist attacks, natural calamities such as hurricanes, floods and earthquakes to fires, robberies to power outages that last “longer than usual “reveal a great deficiency of preparedness when it comes to effectively structured and developed business resilience or continuity plans.
Businesses and organizations in Kenya have not been exempted when it comes to disaster and crisis. From the post- election violence in 2008, which saw various companies incur grand losses, to past and recent terrorist attacks that are designed to cause destruction and major losses to corporations, most businesses will take steps towards mitigating against such events. The cyber resilience and power that businesses drill into their security expenses as well as power backups and though efficient when appropriately developed, do not breed 100 percent confidence in prediction of day to day eventualities in a corporation.
Business Continuity Institute defines Good Practice Guideline (GPG) as an adaptive capacity of an organization in a complex changing environment (Edward Okaro, 2016). Business Continuity Plans provide a framework for businesses to develop mitigation and resilience which increase the probability of effective and quick retort to ascertain the safety
and bouncing back of a business to its normality safeguarding it’s interests, the interests of its stakeholders, reputation, value chain creative activities
as well as brand.
Business continuity plans are encompassed by three pillars; resilience, management and ICT disaster recovery. The resilience of a company against crisis is enhanced once the scope of risks and their extents are widely and excessively explored and potential resolves that aid in the mitigation of the risks are developed. A company should also dig deep into its business plans to prowl for vulnerable stand outs and device elimination
A BCP is not only a delegated duty of a single department in a corporation,
it should be developed from critical examination of all departments in the corporations. The IT department in every corporation plays a key role in the establishment of these plans, with technological innovation taking over daily activities in all operating corporations in this time and day. Viruses, system failures, cyber bugs and hackers circle in technology threats that are
fully engulfed in a business. Historically, unpredictable company threats are not only characterized by complex threats but run from traditional hiccups such as theft, loss of premises, bankruptcy or even unprofessional personnel that result to grand losses and hence the need for appropriate management of a BCP.
The ability of a business to bounce back after tragedy hits greatly impacts
its financial and structural progress and returns. Investors and customers
tend to distance themselves from corporations that incur such tragedies.
The ability of a business to bounce back after tragedy hits greatly impacts its financial and structural progress and returns. Investors and customers tend to distance themselves from corporations that incur such tragedies. Statistics reveal that without efficient resilience plans 50% of corporation’s dissolve within 12 months of the occurrence of a crisis and a recent survey by EY Africa shows that only 23% of organizations are able to regain all critical functionality within the approved Recovery Time Objectives (RTOs) The actualization of this brings in a great need to prepare for disaster
before it strikes.
A good and effectively resilient BCP must include relevant policy development, compliance measures, program structuring as well as testing
and control measures and effective and timely reporting. It also doesn’t
necessarily require the intervention of an external consultant or dig deep into company finances, it can be developed internally with the right information and accountability. Corporate governance and the roles of senior management in any corporation are the key controllers of
an effective BCP in any corporation.
The development and sustainability of BCP includes core steps such as the establishment of a continuity planning committee, conducting business impact analysis, risk mitigation, establishing business continuity strategies, development of the BCP, implementation of the BCP, rigorous testing of the plan (HUB International Midwest Limited, n.d.) and reporting on
and auditing the BCP, respectively.
To put up a fight with the increasingly sophisticated and unpredictable threats, business organizations in Kenya and all over the world need to view business resilience as holistic inter-departmental effort to manage a business and provide ideal company suppleness and
Unquestionably, considerable financial resources will be required to establish and sustain a successful BCP framework. This is where the finance
professionals play a critical role, by ensuring adequate resources are availed as and when required. Further, they must on a continuous basis ensure the organization gets value for money. Starving this critical process of funding, as most are prone to do, is akin to killing the goose that lays the golden egg, by threatening the very survival of the entity.
Karumba Kinyua is the Managing Partner of PineHill Consulting, a Nairobi
based Investments, Strategy and Risk Consulting firm. Evelyne Kiruri is a
Research-Analyst. They can be reached at [email protected]
Works Cited Edward Okaro. (2016). EY’s Africa Resilience Survey 2016. Retrieved from EY.com: https://www.ey.com/ Publication/vwLUAssets/eys-africaresilience- survey-2016/%24FILE/eyresilience- survey-2016.pdf
HUB International Midwest Limited. (n.d.). Seven Key Elements of Business
Contiunity Planning. Retrieved from WSVMA: https://wsvma.site-ym.com/