REPORT: Risk Management Shortfalls Lead to Business Interruption Threats

In the past 12 months, two-thirds of local businesses have been affected by business interruption, including such issues as power outages, natural disasters and public unrest.

This is according to the 2014 Metrofile Information and Records Management Trends Index conducted among more than 200 management executives from local business operating mainly in the financial services, consumer goods and services and business services industries, among others.

Greg Comline, General Manager of Global Continuity South Africa – a group company of JSE-listed Metrofile Holdings Limited - says this statistic highlights the importance for businesses of every size to have an effective disaster recovery plan (DRP) and business continuity plan (BCP) in place. 

“A synchronised BCP and DRP are two key elements required for the continuation of business processes and information systems to enable organisations to recover from an unexpected interruptions,” he said.

The survey also found that approximately 40 percent of businesses have no DRP or BCP in place.

“This is highly concerning because in the event of a serious interruption, such as a natural disaster or cyber-attack which can render key functions incapacitated, both the revenue and bottom line may be severely affected,” Comline continued.

Of the 40 percent that do not have a DRP or BCP, a staggering 78 percent of businesses do not foresee the implementation of one in future.

Comline points out that the main reason for the absence of either is usually a lack of understanding for the associated risks as well as a concern for the expenses of implementing a strategy.

He added: “It is often worthwhile working with credible suppliers to cover the business requirements for continuity planning and in most cases this can be done cost effectively, saving the company from potential financial losses and reputational damage in the long run”.

The problem is not only the lack of a DRP, but also dependence on a mediocre or vague plan that is not tested regularly.

A third of businesses with a DRP admit to limited confidence in their existing structure and believe that the business will still experience a setback following a medium to severe business interruption. Comline says that not testing the DRP at least biannually means companies sometimes do not realise the scale of the issue and this reduces the resilience of the business.

“By not having a synchronised Business Continuity Programme in place, the business itself and the various stakeholders are all at risk,” he concluded. “The biggest mistake a business of any size can make is doing nothing until it is too late.

“At times, not even the cover from Business Interruption insurance can buy the critical resources that you need to recover from a disaster.”