Nick Sutton, operations consultant, with Automata Global Business Continuity Solutions, discusses how business continuity professionals can gain more budget allocation for their departments by highlighting the direct benefits of business continuity to their finance directors.
The profile of business continuity has never been higher. The increasing reliance of businesses on technology, coupled with the increased risk of terrorist attacks – as highlighted by the recent tragic events in London – has meant that businesses are increasingly likely to suffer significant disruptions.
Despite this, a common problem encountered by many business continuity managers is the difficulty of getting budget allocated to spend on business continuity. One recurring question is “How do I convince CFOs/financial director to loosen the purse-strings and spend budget on BCM?” While these senior finance figures may be able to accept the more general benefits of business continuity, there are a number of benefits which directly relate to their roles and responsibilities. Convincing financial directors that business continuity management will directly benefit them may be the most direct and successful way of getting budget allocated. Some of these direct benefits are shown further on in this article.
The general benefits of a good business continuity programme are well-known and numerous, but here is a brief summary of some of the major plus-points:
- The planning that goes into the conception of a programme – including BIA and risk analysis – can often prove to be a valuable way of taking stock of an entire organisation’s processes. The enhanced understanding of an organisation afforded by a business continuity programme can lead to the enhancement and streamlining of processes and subsequent expenditure reductions.
- Disciplines involved in protecting organisations such as physical security, logical security, risk management, insurance etc can be given improved focus if they are conducted in conjunction with a business continuity management programme emphasising mission critical activities.
- In many organisations rational structures may be overlooked when growth becomes the most important driver. A business continuity management programme can assist in rectifying this problem by mapping out the organisational structure. This assists in highlighting where bureaucratic and inefficient structures have developed.
- The effective handling of a business continuity incident – particularly a large-scale one – can have a positive effect on a company’s market value. Successfully negotiating a potentially devastating incident can increase public confidence in an organisation. In the case of an industry-wide incident, a company may be judged against its competitors on how the incident is managed. By successfully handling a business continuity incident when its competitors fail a company may achieve stand-out in the market.
Business continuity can provide a number of benefits to financial directors, some of which are less obvious than others. Most financial directors will have one eye on the rising costs associated with running a business, particularly as they become more dependent on increasingly complex and expensive IT infrastructures. One expense that can often spiral out of control is that associated with storage area networks (SANs) and the memory used by them. Garry Poole, CEO of Automata, has seen how BCM can help in this area: “One of the areas in which I have seen clients make the largest savings is in terms of their expenditure on IT storage. BCM specialists can help identify the critical storage needs of an organisation. IT departments are often working blind and need input from people who understand an organisation’s needs. This is where guidance from consultants has often proved to be invaluable, helping to focus IT budgets significantly.”
The introduction of the Sarbanes Oxley (SOX) Act as well as the Companies Bill (often considered the UK’s equivalent to Sarbanes Oxley: seehttp://www.dti.gov.uk/companiesbill/ ), has raised the profile of business continuity in the world of finance. SOX is primarily focused on ensuring the accuracy of financial data and the ability of an organisation to report that data correctly. Accuracy of data is of course inextricably linked to IT security and resilience and this is just one area in which business continuity can play an important part of an organisation’s strategy. The focus that BIA can give to IT strategy and expenditure - through its identification of needs, shortfalls and priorities -makes for an IT infrastructure that can be relied upon to produce accurate data. One theory well-known amongst business continuity specialists is the ‘Backlog Trap’. The after-effects of interruptions to normal work flows can result in severe backlogs, built up while attention is focused on dealing with the abnormal situation or during resultant system- downtime. The increased workload brought about by clearing this backlog can often lead to errors being made or shortcuts having to be taken, both of which can affect the accuracy of data. Business continuity programmes can ensure that system-downtime is kept to a minimum and will also put in place measures to ensure backlogs are minimised and are subsequently cleared effectively.
One provision of SOX is the requirement that companies must disclose to investors the various scenarios and contingent liabilities that have the potential to affect the value of their investment. In this regard business continuity becomes profoundly relevant since it identifies these potential threats to an organisation. Furthermore, a business continuity programme can also minimise (and in some cases entirely negate), the likelihood of these threats being realised. Given the choice between investing in an organisation with a sound business continuity programme or one without such a programme, one would clearly be reassured by the knowledge that the investment was being made in a company with some inbuilt resilience.
The scandals that have rocked the financial world either side of the Atlantic have further highlighted the importance of IT security in maintaining the integrity of accounting data and financial reports. It is always difficult to legislate for crimes committed from the inside, and detecting fraudulent behaviour, often by employees with vast knowledge of the particular systems, is even more troublesome. However, business continuity can provide some protection against this very real threat. By helping an organisation understand its normal work flows, processes and system dependencies the various practices common to business continuity can help an organisation detect unusual activity, assign correct authority and permissions to individual user accounts and put in place checks and balances to monitor usage. While this may not provide a foolproof defence it may be that earlier warning is given. The ultimate responsibility lies with the people who decide how to account for profits, losses etc, but a business continuity focused IT infrastructure can certainly help facilitate this accounting.
No comments:
Post a Comment