Tag Archives: BCI

Immediate Vault Immediate Access

Resiliency in 2018: Q&A With BCI’s David Thorp

Posted on by

Organizational resiliency is a focus of the Business Continuity Institute (BCI) and executive director David Thorp. It was the theme of this year’s annual Business Continuity Awareness Week, which Risk Management Monitor covered in May, and was the focus of BCI’s updated manifesto.

We reached out to Thorp to get his insight on organizational resiliency, how businesses can improve their continuity plans and for ways to better incorporate them into their culture.

Risk Management Monitor: What companies have best demonstrated resilience?

David Thorp: A few examples of organizations that have displayed a high level of resilience are Apple, TomTom, and PostNL.

Apple displayed resilience when they reemployed Steve Jobs to reshape the company.

TomTom started by making software for Palm computers. It has dealt with a rapidly changing marketplace and over the years it has:

  • produced navigation software for PDAs (personal digital assistant)
  • produced its own navigation devices
  • developed live traffic information
  • acquired a digital mapping company
  • developed navigation software for smartphones
  • struck up deals with car manufacturers

PostNL (formerly TNT) has had to adapt to the decline in regular mail as well as tapping into the requirement to deliver more packages (outside working hours) as a result of an increase of web shops.

RMM:  What do organizations most commonly overlook in their continuity planning?

DT: Two most commonly overlooked aspects are keeping plans up to date and exercising/testing.

Business continuity management is often initiated as a project, usually assisted with external expertise. Internal personnel frequently have this role in addition to their “normal” functions. As the organization changes, these plans often get overlooked. After one or two exercises have been carried out, the focus on exercising quickly diminishes.

Unfortunately, these two aspects have a large impact on the ability to recover as planned. It could be argued that this is an indication of a lack of management commitment.

RMM: Why do so many companies overlook their continuity planning and emergency preparedness?

DT: The biggest reason is that it is not a requirement for many organizations. When not required by a regulator or a customer, the organization must:

  1. know about continuity planning and emergency preparedness
  2. understand their risk
  3. understand its value before there is a possibility of it being implemented

By not having done a risk or impact analysis, it is also easy for organizations to think that a disruptive event will not happen to them and therefore not worth the hassle and investment.

RMM: How much time and effort does creating and initiating a business continuity plan take?

DT: This depends on the size and complexity of the organization, the ambition level and the resources available. For small organizations, it is possible to create and exercise plans within a month—but this would typically take a little longer as the required people will also have other tasks. For a large and more complex organization, it may take two-to-three years to reach the desired maturity level.

RMM: What advances would you like to see the global risk management community achieve with regard to planning and preparedness?

DT: I would like to see a better understanding of each other’s disciplines and a better collaboration between them. There is much overlap between the two disciplines and with better collaboration, we can more efficiently and effectively minimize risks and improve the continuity. We are currently working on better understanding how we achieve synergy between business continuity and risk management. We see this as being a prerequisite for achieving organizational resilience. Collaboration with other disciplines is also necessary.

RMM: We’ve seen examples of reputation crises that have in some cases forced companies to close. How can organizations avoid these pitfalls?

DT: A major factor in managing the extent of the reputation damage is the quality of the crisis communication. How well and honestly you inform those affected and of course how you deal with social media makes the difference in how you are perceived. The subsequent actions need to be in line with the messages communicated.

RMM: What has changed in the BCI’s Manifesto for Organizational Resilience that risk professionals should know about?

DT: The manifesto is built on the simple premise that resilience is not the responsibility of one part of the organization—it is the responsibility of discipline within an organization working closely together toward a common purpose. Risk Management, emergency planning, disaster recovery, security, facilities management, business continuity management, supply chain management, IT management, HR management…all have an equal role to play in delivering resilience.

The manifesto contains our undertaking to seek out alliances with other professional bodies along the spectrum of what might be termed “resilience disciplines” in order to work collaboratively. This would make organizations more resilient than if we each work within our own silo.

Business Continuity Awareness Week Takes On Emergency Preparedness

Posted on by

Resilience is constantly on the minds of risk professionals. If last year taught us anything—between ransomware attacks, natural disasters, and pandemics, just to name a few examples—it is that businesses have unlimited reasons to plan for major disruptions.

To help professionals address emergency preparedness, the Business Continuity Institute (BCI) has initiated the annual Business Continuity Awareness Week (BCAW), May 14 through May 18. The online event will feature 29 webinars tackling a variety of issues under the resiliency umbrella, including crisis leadership, workplace recovery and data breaches that will be hosted by BCI members and organizations such as Amazon and Google. Additionally, BCI will host three onsite launches for its organizational resilience manifesto in London, Toronto and Sydney.

BCI uses the global event as a vehicle to raise awareness of the profession and demonstrate the value effective business continuity management can have to organizations of all sizes. The organization is also hosting a blog writing competition and a photo face cut-out contest with Amazon vouchers for prizes.

Other resources include BC24, an interactive roleplay game where you and up to five colleagues can test your responses in an emergency and tackle the challenge of recovering after an incident. The game is designed to encourage critical thinking about the importance of decisions made in a crisis and demonstrates how these decisions can impact the wider organization. There is free access to the game for the month of May only.

In an effort to bring BCAW awareness into the workplace, BCI advises risk managers to initiate campaigns in their companies, with suggestions including:

  • Run an exercise. You can use BC24 or devise your own exercise to ensure that employees and colleagues are informed on what to do during an incident.
  • Host Q&A sessions. These can be in-person or on social media channels. Asking your staff important questions relating to your incident response strategies can help in identifying your training needs.
  • Circulate your documentation. Does your staff know where to find your business continuity plans? Why not circulate them to everyone, asking for feedback or questions.
  • Hold competitions. You put some fun into learning by holding your own contests. Devise a quiz relating to your business continuity plan, or even send staff members on a scavenger hunt for clues relating to an incident.
  • Host a webinar. BCI will host webinars throughout BCAW, however, there may be a topic relevant to your organization or discipline that it does not cover. You can contact the BCI with questions on how to host a webinar and the best ways to engage your staff.
  • Publish white papers. Every organization approaches disaster recovery in a slightly different way. You can share your analysis with staff members by publishing white papers from various disciplines. This raises awareness about resilience and helps employees understand your organization in more depth. You can email yours to BCI here, and it may publish via its news channel through BCAW.
  • Social media. Social media campaigns will be running throughout the week, asking questions about business continuity and organizational resilience. Tweet BCI at @thebceye with your BCAW activities to inspire other organizations.

Costs Climb as Companies Move to Mitigate Supply Chain Interruptions

Posted on by

Some 70% of companies have experienced at least one supply chain interruption during the past year, with an unplanned IT or telecommunications outage the leading cause, according to the eighth edition of the Business Continuity Institute’s (BCI) Supply Chain Resiliency Report, produced in association with Zurich Insurance Group.

Covering 526 respondents in 64 countries, the report studies the causes, costs, and frequency of such events while also looking at companies’ progress in responding to supply chain interruptions and mitigating further occurrences.

While 70% of respondents reported at least one supply chain interruption during the past 12 months, only 17% said they have had no supply chain disruptions, with 13% saying they did not know. Perhaps more alarming is the increase to 13%—from 3% previously—of respondents reporting more than 20 such incidents.

Also alarming is the upward trajectory of costs associated with supply chain disruptions. The portion of respondents reporting cumulative losses of more than € 1 million (,058,171.

buy symbicort online www.methanol.org/wp-content/uploads/2022/08/png/symbicort.html no prescription pharmacy

30) resulting from supply chain interruptions jumped to 34% in this year’s survey from just 14% previously.

An unplanned IT or telecommunications outage was the leading cause of a supply chain disruption for the fifth consecutive year, followed by a loss of talent or skills, which jumped to second place from fifth, and then cyberattack or data breach, which dropped to third place from second. Despite this drop, the portion of respondents which said that cyberattacks and data breach had a ‘high impact’ on their supply chains increased from 14% to 17%.

Reaching the top 10 for the first time was terrorism, which moved to ninth from eleventh, while currency exchange rate volatility had the largest move up the list of event causes, jumping to seventh from 20th last year and cracking the top 10 for the first time since 2012. Insolvency in a company’s supply chain also reentered the top 10 for the first time since 2012, moving from 14th to 10th.

Lost productivity (68%), increased cost of working (53%), and customer complaints received (40%) were listed as the top three consequences of a supply chain interruption by respondents. The perception of such incidents can also hurt a company, with damage to brand reputation/image (38%), shareholder/stakeholder concern (30%), and share price fall (7%) all named by respondents as consequences of a supply chain disruption.

“It is crucial to note that the percentage of organizations reporting reputational damage as a result of supply chain disruption is at its highest level since the survey began. As this coincides with greater media scrutiny and social media discussions related to organizations, this result might be a good opportunity to reflect on reputation management and how supply chain disruptions might translate into adverse publicity for a given organization,” said the report.

As threats and costs grow, there appears to have been at least some progress in more closely addressing the issue.

While the percentage of respondents without firm-wide reporting of supply-chain incidents remains high at 66%, the portion of those using firm-wide reporting has grown steadily across the past five reports, rising from just 25% of respondents in 2012 to 34% in the 2016 report, the latest.

buy bactroban online www.methanol.org/wp-content/uploads/2022/08/png/bactroban.html no prescription pharmacy

Similarly, the portion of respondents which employ no reporting has declined steadily from 39% in 2012 to 28% in 2016.

buy avodart online www.methanol.org/wp-content/uploads/2022/08/png/avodart.html no prescription pharmacy

As reporting is on the rise, so too is the complexity of interruption incidents as external supply chains cause more incidents. The portion of respondents which said the majority of their interruptions came from external supply chains jumped to 24% from 9% previously, and the portion attributing at least a quarter of interruptions to external suppliers more than doubled to 34% from just 15% previously.

Even with reporting on the increase, however, insurance uptake appears to be declining. Just 4% of respondents said they were fully insured against supply chain losses, down from 10% previously, with small and medium-sized enterprises more likely to be uninsured, at just 39%, than large organizations at 62%.

“These variations in insurance uptake may indicate a need to revisit business continuity arrangements and risk transfer strategies pertaining to supply chain disruptions,” according to the report.