Business Continuity and Crisis Management - Literature review Example

Business Continuity Management Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Name Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Course Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Lecture Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 22nd February, 2012 Introduction All organizations face the risk of having their activities negatively affected by adverse events. These events may include faulty products, accidents and failure of critical services like electricity and water supply, in the modern world failure of communication systems leads to catastrophic effects on businesses. Other adverse events that are related to the human resources of an organization include industrial actions, mass illness, theft and damage of critical infrastructure, cybercrime involving compromise of information systems security and integrity (Smith 2005). Natural disasters including tsunamis, floods and storms are also a threat to the continuity of business operations. Business continuity management avails business continuity plans to handle the occurrence of the above mentioned crises were they to threaten the business operations at any time in the future. BSM can help organization deal with some of the contemporary challenges that face businesses including Globalization, shifting demographics, rapidly accelerating technological change, increased connectivity, multiplicity of actors and changing power structures. According to the British Standards Institution (2006), BCM is an organizational and process-wide management process for response and recovery from the before mentioned risks. Business continuity management (BCM) is a form of crisis management which refers to a set of processes that categorize and accesses probable risks to the operation of an organization (Jablonowski 2006). BCM is developed as a foresight of possible crisis occurring in the organization. These crises are possible impediments to a business’s operation and often threaten the survival of a business. BCM is a response to the possibility that adverse events will occur but they do not wish to occur (Keller et al 2005). Organizations commit resources to the building of organizational resilience which are also available for meeting critical objectives (Elliott, Harris and Baron 2005). BCM is sometimes referred to as Business Continuity Planning (BCP) which is concerned with preparing an organization against exposure to internal and external threat (Keller et al 2005). Through BCM an organization can prevent and recover from adverse effects while making sure its business operation continue. BCM covers such adverse effects as crime, loss or damage to critical infrastructure and supply chain interruptions (Jablonowski 2006). Through BCM organization are able to minimize losses due to adverse conditions and restoration of normal operations. Discussion There are a number of factors that drive organization to adopt BCM in their management practice. Throughout the evolution of BCM the drivers to its adoption have been changing. The Civil Contingencies Act is the major legal driver for adoption of BCM, it gives organizations a civil duty to protect citizen from emmergencies. Organizations in the UK are required to have in place plans that prevent, reduce, control or mitigate the effects of emergencies. Organizations are supposed to have accessed the risk of an emmergency occurring beforehand and should have in place a communication plan to alert and advise the public about a crisis. Organizations are also supposed to have a criterion for determining whether an emergency has occured (Herbane 2010). Business continuity management emerged from contingency planning and disaster recovery practices of organizations in the 1970s (Herbane 2010). The introduction of the IBM 360 and 370 models in 1965 and 1970 respectively was one of the most important factors in the development of BCM (Herbane 2010). This technological revolution led organization into developing ways to deal with vulnerability of electronic data processed by the novel systems (Herbane 2010). Recovery basically consisted of standby system and critical data backup. When the personal computer came up in the early 1990s, BCM became more increasingly driven by technology (Herbane 2010). More people were using computers and more of organizational activities relied on computer systems and it was thus more important to protect computer systems. Development of BSM between the 1980 and 1990 was driven more by the need for businesses to comply with legal requirements mostly related to auditing of company’s activities (Herbane 2010). In the compliance phase BSM was not focused on ensuring continuity of services for consumers or rather it was more concerned with the organizational need to protect it IT assets (Herbane 2010). In this phase senior management was resistant to disaster recovery planning and they had to be compelled by legislation to do so. When BCM was first referred to in 1989 its main focus was the outcome of continued business operations rather than a planning methodology for adverse events (Alesi 2008). However, terrorist attacks on businesses in the early 1990s changed this approach in disaster planning from it IT-focused and function-specific approach. These attacks included the ones on the London financial district and the London Stock Exchange between 1990 and 1993 (Perry and Mankin 2005). Occupations that had experience in risk identification and crisis management were argued to take a greater role in disaster recovery planning (American Bankers Association 2005). All the critical activities in an organizations value-chain were now part of disaster recovery planning; from product development to procurement every critical function was considered in crisis management planning. Communication and decision making touching on external stakeholders during a crisis also needed attention as shown by the Flood events of October/November of 2000 (Risk Management Solutions 2000). According to Mattila (2001), BCP should be aimed at the preservation of revenue bases, important customer services, shareholder, customer and employee confidence and finally the company’s public image. Similar sentiments were expressed by Elliott, Swartz, & Herbane (1999b) who viewed BCP as critical in protecting and enhancing value in organizations. However, most organization had adopted BCP in relation to the possible failure of the IT systems that was forecasted because of the Y2K bug. In this decade the increasing importance of BCM was reflected in the formation of the Business Continuity Institute (BSI) in the 1994 which has contributed to recognition of BSM as a management discipline (Seymour and Moore 2000). After the London Bombings of July 2005; attacks on the London subway system during rush hour, the centre the focus of BCM changed significantly. The attack was one of the biggest crises the UK government and business organizations have ever faced. According to Sahin, Kapucu and Unlu (2008), the attack raised awareness for the need of adopting BCM in organizations. After the attack guidelines and regulations for disaster recovery were accelerated throughout public and private enterprise. However, in the year 2006 the nature of BCM started becoming increasingly internationalized (Herbane 2010). A number of countries produced competing standards of disaster recovery and business continuity practices (Herbane 2010). According to Birkland (2009) BCM has range of benefits to organizations that decide to implement this management philosophy. One of the most commonly cited advantages of BCM is concerned with an organizations customers; by implementing BCM an organization gives the perception that they care about the customers and have in place plans that can make sure service downtime is minimized and any adverse effects are handled. Secondly, BCM provides companies with an opportunity to differentiate themselves from competitors. Consumers prefer companies that have built service resilience through BCM and are able to recover and continue service despite the occurrence of adverse conditions. Thus BCM becomes an important differentiating factor from rivals who do not have the same capabilities. In case of an adverse event occurring, BCM enables an organization to preserve its reputation in the eyes of its customers; where adverse event affect all the players in the industry, the operator that is able to successfully handle the crisis reaps the benefit of increased customer confidence. Furthermore, BCM enables organization recover their business functions as quickly as possible thus they minimize losses in revenue and maintain market share (Elliott, Swartz & Herbane 1999a). Organizations that successfully handle adverse events can even see their market share increase as less prepared rival grapple with the crisis. In so doing organization practicing BCM are able to build and retain investor and customer confidence. BCM also sensitizes workers on the need to observe due diligence and be aware of the potential risk they pose to their organization by acting irresponsibly. According to American Bankers Association (2005), BCM can enable organization become more focused and efficient as it builds and relies on a system-wide view of the organization. BCM also leads to better relationships with insurance cover providers and in most cases businesses are offered insurance cover at lower rates. Nowadays, most insurance companies require the presence of business continuity plans as a pre-condition for issuing an insurance cover. Insurance companies also require companies to regularly review their BCM practices. Where businesses have in place proven business continuity plans the risk to business is reduced and therefore insurance companies offer their covers at lower rates. Some organizations where a business binds for tenders may require a business to prove they have adopted and embraced BCM. Prove of BCM in an organization show to the tendering organization they can maintain service delivery to customers. Thus a company that has adopted BCM has an advantage over rivals in tender bidding processes (Mattila, 2001). Globalization is one of the challenges that face business in the current business environment businesses. BCM can help organization overcome the challenges of globalization in a number of ways. First, BCM enables companies deal with competition brought about by globalization as a company that is able to successfully recover from adverse event has a better opportunity to withstand global competition (Hiles 2007). Secondly, BCM enables companies that operate globally to understand the risk cultural differences poses to their businesses and thus enable them in managing cultural diversity in their organization. Thirdly, companies operating globally have to contend with different legal regimes in every country they operate. BCM puts into consideration all the legal risks of a company operating across international boundaries. Therefore, organizations operating globally are able to reduce their legal risks and at the same time recover from any contraventions of laws. Changing demographic patterns worldwide is another significant challenge facing modern business organizations. Due to a rapidly aging population organizations in developed countries are losing their skilled workforce to retirement and sometimes the workers who have reached retirement age are required to work for more years. The relevance of this to BCM is those older workers are more error prone and may cause adverse events in the organization. Secondly, the younger workers who replace the retiring employee are inexperienced and therefore do not have the skill to make sure organizations avoid creating crisis in the organization. Therefore, the effects of shifting demographics have an impact of increasing the possibility of adverse events occurring within the organization. BCM on the other hand works to minimize, handle and recover from the increased risk brought about by changing demographics (Birkland 2009). BSM can also assist organizations in addressing the challenge of rapidly accelerating technological change. Rapid change in technology means organizations are constantly involved in system changeover throughout time. Furthermore, organizations which use IT systems are involved in constant updating processes to keep up with technology meaning their systems become unavailable. Every few years the organization is dealing with a new technology which they are not unsure how it works thus increasing the risk of failure (Keller, Powell, Horstmann, Predmore & Crawford 2005). Through BSM an organization is able to lessen the risk of new technology failing and affecting the operations of the organization. Where organizations services fail due to problems with technology the organizations that have adopted BCM are able to recover their services in a short time and communicate more effectively. Furthermore, BCM encourages organizations to undertake periodic reviews of their disaster recovery plans to include any risks that arise from adoption of new technology. Periodic review of DRP also enable organizations to adopt the new technology that help to enhance the organizations resilience therefore turning changes in technology from a disadvantage to an opportunity for the organization. Economic uncertainty and economic crisis in a number of countries is another challenge organization face in the current business environment (Alesi, 2008). Most people and investors have lost confidence in investments and spending power and spending intent has become low. BCM enables organizations handle these challenges by giving investors the confidence that management can be able to handle adverse conditions that may affect their investments negatively. On the other hand customers have confidence the organization can deliver services despite the occurrence of adverse events. For example in the financial services consumers will be more confident in depositing their money with organizations that have fully embraced BCM (Alfalla-Luque & Medina-Lopez 2009). The challenge of increased connectivity in the world means the technological systems used by any organization are interconnected with other systems and that means failure affects all interconnected systems (Boin & Smith 2006). Secondly, where an organization is implicated in the occurrence of an adverse event such information about the company spreads across the globe very fast. BCM enables an organization deal with this challenge by making sure organizations systems are resilient and are not the ones that contribute to vulnerability of the interconnected systems. In the event of occurrence of an adverse event a BCM enables company communicate effectively to counter the negative publicity enhanced by an interconnected world. Growing multiplicity and shifting power bases means businesses have to consider multiple factors in their operations to satisfy each of the state and non-state actors. Dealing with each of these actors means that a business is exposed to diverse risk. The holistic nature of BSM means a business factors in every risk into its disaster planning (Keller, Powell, Horstmann, Predmore & Crawford 2005). For example BCM in an organization enables the organization fulfil its duty of protecting the public under the civil contingencies act. For a successful business, BCM has to be part of the organizational culture. In other words, business continuity management has to be embedded in the organization for it to work effectively. This process is accomplished through a combination of cognizance and training. Cognizance and maintaining awareness of BCM is crucial in the organization (Lodge 2009). Some of the mechanisms of raising awareness include; making members participate in developments of the organization’s strategy, briefing all the stakeholders of the organization both orally or in written form, gathering information from both internal and external incidences and making them the bases of your learning and, every participation and exercises should be discussion based. In case, there are new employees in the business, they it is important to make them aware of the organization’s BCM more so during induction process (Alfalla-Luque & Medina-Lopez 2009). Gone are the days when things are done without basic education. With this in mind, it is good to ensure that the staff dealing directly with organization’s business continuity programme are fully trained or receive training on the same (Smith 2005). It is paramount to remember that to manage risks one needs to smoothen running of an organization so that the business can operate normally even in the event of disruption (Elliott, Swartz & Herbane 1999b). For a successful BCM to be fully implemented, a business continuity management lifecycle needs to be put in place so that it can collectively cover/ cater for all phases and aspects of the programme. The BCM programme should ensure that the business organization achieves its objectives (Lodge 2009). In addition, it should ensure that the tolerance is at its maximum during the disruption period. It is also worth mentioning that, BCM arrangements are reviewed either through formal audit or self-assessment in regular intervals (Smith 2005). The reviews should be used as the feedback information as amendments done accordingly. All of the abovementioned factors prove that, for a business continuity management programme to be successful, it must be embedded in the same organization (Mainiero 2002). Conclusion The holistic nature of BCM means businesses covers all the risks in their operating environment in their disaster recovery plan. BCM has evolved from a discipline mainly focused on the recovery of IT infrastructure to cover all the facets of a business’s operations. The evolution of BCM has been driven by factors such as legislations, technological evolution and the need to fulfill standards in managing of organization. Governments have recognized the need to build resilience in businesses so critical services do not become unavailable. As discussed above embracing BCM in an organizations has a number of distinct advantages to organizations most notably organization are able to retain a good reputation with the public and retain their market share. Confronted by complexity and other challenges in the modern business environment, organizations need various strategies to address these challenges. BCM addresses these challenges in various ways by mostly by facilitating resilience in service delivery throughout all the facets of the organization. References Alesi, P 2008, Building enterprise-wide resilience by integrating business continuity capability into day-to-day business culture and technology, Journal of Business Continuity and Emergency Planning, Vol. 2, issue 3, pp. 214–220. Alfalla-Luque, R & Medina-Lopez, C 2009, Supply chain management: Unheard of in the 1970s, core to today’s company, Business History, vol. 51, no. 2, pp. 202–221. American Bankers Association 2005, Business continuity planning, born in DP, needs human element, ABA Banking Journal, April, pp. 46–48. Birkland, TA 2009, Disasters, catastrophes, and policy failure in the homeland security era, Review of Policy Research, vol. 26, no.4, pp. 423–438. Boin, A & Smith, D 2006, Terrorism and critical infrastructures: Implications for public– private crisis management, Public Money and Management, vol. 26, no.5, pp. 295–304. British Standards Institution 2006, BS 25999-1 Code of practice for business continuity Management, British Standards Institution, London. Doughty, K 2001, Business continuity planning – protecting your organization’s life, Auerbach, London Elliott, D 2009, The failure of organizational learning from crisis – a matter of life and death? Journal of Contingencies and Crisis Management, vol. 17, no. 3, pp. 157–168. Elliott, D, Harris, K & Baron, S 2005, Crisis management and services marketing, Journal of Services Marketing, vol. 19, no. 5, pp. 336–345. Elliott, D, Swartz, E & Herbane, B 1999a, Just waiting for the next big bang: Business continuity planning in the UK finance sector, Journal of Applied Management Studies, vol. 8, No. 1, pp. 43–60. Elliott, D, Swartz, E, & Herbane, B 1999b, Business continuity management – preparing for the worst, Incomes Data Services, London. Herbane, B 2010, 'The evolution of business continuity management: A historical review of practices and drivers', Business History, 52, 6, pp. 978-1002, Herbane, B, Elliott, D & Swartz, E 2004, Business continuity management – time for a strategic role? Long Range Planning, vol. 37, pp. 435–457. Hiles, A 2007, The definitive handbook of business continuity management, Wiley, London. Jablonowski, M 2006, Precautionary risk management – dealing with catastrophic loss potentials in business, the community and society, Palgrave Macmillan, Basingstoke: Keller, S, Powell, A, Horstmann, B, Predmore, C, & Crawford, M 2005, Information security threats and practices in small businesses, Information Systems Management, (Spring), pp. 7–19 Lodge, M 2009, The public management of risk: The case for deliberating among Worldviews, Review of Policy Research, vol. 26, no. 4, pp. 395–408. Mainiero, LA 2002, Action or reaction? Handling businesses in crisis after September 11, Business Horizons, (September–October), 2–10. Mattila, AS 2001, The effectiveness of service recovery in a multi-industry setting, Journal of Services Marketing, vol 15, issue 7, pp. 583–596. Perry, RW, & Mankin, LD 2005, Preparing for the unthinkable: Managers, terrorism and the HRM function, Public Personnel Management, vol 34, issue 2, pp.175–193. Rodetis, S 1999, Can your business survive the unexpected? Journal of Accountancy, vol 187, no 2, pp. 27–32. Roe, E 2009, Preventing transboundary crises: The management and regulation of setbacks, Review of Policy Research, vol 26, issue 4, pp. 457–471. Sahin, B, Kapucu, N, & Unlu, A 2008, Perspectives on Crisis Management in European Union Countries: United Kingdom, Spain and Germany, European Journal of Economic and Political Studies , 1 (1), 19-45. Seymour, M & Moore, S 2000, Effective crisis management, Continuum, London. Smith, D 2005, Business (not) as usual: Crisis management, service recovery and the vulnerability of organizations, Journal of Services Marketing, vol 19, No. 5, pp. 309–320. Read More