World Island Network Master Class 3

Disaster Mitigation and Threat Reduction
Risk evaluation and control is a key component of a successful Business Continuity Management (BCM) Programme.  It is often overlooked by organisations who view the Business Continuity Plan as the zenith of the Programme, and this represents a missed opportunity.  By identifying risks to the continuity of key business functions, and implementing measures to control or eradicate these risks, it is often possible to reduce significantly the organisation’s risk profile.  This has two effects.  First, it means that the organisation will be more resilient in a disaster, as key operational issues are magnified in a disaster situation.  Second, operational risks can often cause the disaster (either directly or indirectly) and therefore reducing risk can make a disaster less likely.

Risk control initiatives are often viewed as prohibitively expensive, and this is one reason why this aspect of the Programme is often omitted or implemented half-heartedly.  However, this does not need to be the case.  There are often ‘quick wins’ in risk reduction that can be achieved for minimal cost that can increase business resilience significantly.  It is, nonetheless, important to recognise that risks exist and ultimately it is the responsibility of an organisation’s senior management team to decide what should be done about them, and in so doing set the organisation’s risk appetite.  However, in a successful BCM Programme, the Programme Manager ensures that senior management is made aware of these risks and thus has the opportunity to take appropriate action.

Outline – Risk Assessment and Control
MSD International’s experience in the provision of Risk/Threat Assessment Workshops for senior operational managers means that we can assist in the identification of key risks to business’s continuity, and also suggest measures to reduce those risks.

By way of example, key operational risks were identified by a leading offshore merchant bank’s senior staff during a walk-through test of their Business Continuity Plan.  It emerged that their operational data was held on-site, with the data mirrored to a Disaster Recovery (DR) facility.  During the test, it was discovered that by reconfiguring systems to allow the operational data to be fed from the DR facility, with the in-house systems acting as back-up, the recovery times for core systems on invocation of the Business Continuity Plan could be brought down from six hours to near zero with minimal day-to-day operational impact.  The key decision-makers had attended the test and were able to agree this course of action immediately.  This represented a significant improvement in the client’s level of business continuity preparedness.

Benefits of Risk Assessment and Control

• Increased business resilience
• Increased prospect of business survival following
  a disaster
• Increased operational efficiency