Is your business resilient? Ask yourself these 5 questions

by Melissa Kaplan, Director of Digital and Innovation

Published on
October 26, 2016

Meteorologists have predicted a highly active storm season in Queensland for 2016/2017 with increased risk of damaging thunderstorms, rain, and cyclones.

In a Deloitte report published in 2015 from the Australian Business Roundtable for Disaster Resilience and Safer Communities, it stated that the total costs of disasters will rise to an average of $33 billion per year by 2050 unless steps are taken to increase resilience.

It’s a stark reminder to businesses, community groups, sporting clubs, and individuals to think about what they can do to prepare for potential risks to their businesses following a natural disaster.

Business resilience is a term increasingly used in relation to business continuity. It’s about rapidly adapting and responding to internal or external changes – opportunities, demands, disruptions or threats – and continuing operations with limited impact to the business. It takes into consideration all aspects of a business including its people, facilities, IT systems (hardware, software) and data.

Most organisations address some aspect of business resilience – whether it’s hosting IT systems offsite or taking out insurance to cover their known risks. But businesses can and should do more to improve business resilience. Ask yourself these questions to see how your business rates…

1. Are all risks covered?

Not just the obvious operational risks which are generally within your control, but the risks that could come from left field. Aon’s 2014 Australasian Risk Survey found that companies see external risks as the highest concern with regulatory and legislative change now leading the list for the first year. Other external factors that rate in the top ten include local and global economic conditions, increasing competition, and natural disasters. These broad risk areas need to be part of your risk management strategy. It’s also important to not just assess risks but prioritise them – identify the risks impacting the most critical elements of your business and put in place mechanisms to manage those risks as a priority.

2. Have we addressed the needs of our people?

In the event of a natural disaster, your people will be key to the organisation’s ability to effectively respond and recover. It’s the simple things that often get forgotten, for example, do you have access to an up-to-date contact list in hard copy? If you rely on your server to hold your contact lists they may not be easily accessible. How will you keep your staff regularly updated on the disaster (i.e. text messaging, phone calls, Facebook)? Who will be responsible for this important task? How will you manage communication with staff who are dealing with their own personal response to the disaster? All these questions should be asked and issues management plans put in place.

3. How will our facilities be impacted?

Natural disasters can be unpredictable and the length of their effects unknown. In the 2011 floods, one of Queensland’s leading retailers was placed in a trading halt as the company assessed the impact of the floods on a distribution centre which serviced 90 of its 211 stores. Organisations need to ask what minimum facilities and IT resources are required to maintain business delivery. Could the company continue to operate if facilities were impacted? What other facilities can be accessed if your main facility is out of operation? If you have warning, what plans can you have to reduce impact on your facilities?

4. How could a natural disaster impact our IT systems?

Many organisations now have back-up IT systems located off-site and replicated at another data centre in a different suburb, city, state or country. In the 2011 Queensland floods, a major Queensland engineering firm could not access their IT systems for over a week which had a significant financial impact. Do you understand the critical components in your IT infrastructure and what have you done to protect them or have redundancy for them? Do your IT disaster recovery priorities actually align to your business priorities and critical functions? Do your teams have alternate arrangements ready to go if they can’t use their IT systems? If you don’t have technological redundancy, what can you do to mitigate data loss and disruption?

5. Have we educated and trained our people sufficiently?

A plan is only as good as the people who use it, and to be of use, it needs to be understood and practised. When was the last time your team was reminded of their role and responsibilities under your business continuity and crisis management plans? Have all your new people been appropriately trained? Are your plans robust and have they been put to the test?

Now might be the perfect time to review and test your plans before your organisation faces a real disaster.