The concept of providing a health check is sound and progressive. It is a truism that any system, human or otherwise, will eventually go wrong. As the owner of systems we always therefore have a choice; to wait until the problem manifests itself and then set about fixing it, or become proactive and assess the likelihood and probability of a problem occurring.
By adopting the first course of action we can reassure ourselves that we are avoiding unnecessary expenditure, and that we will of course be able to sort it out if and when it does arise. This reassurance will however sound rather hollow when we find out that the problem is now probably terminal and that, had we acted sooner we could have ‘nipped it in the bud’.
The second proactive course now seems far more sensible, being able to apply a stitch in time will almost certainly prevent the need for nine.
But we just don’t want you to think about the obvious risks that may exist within your business, it’s often the subtler ones that may catch you out! Our teams can support you because we have a wide range of risk management and related mainstream business skills including:
- security audits & surveys
- environmental management
- security & information management
- overt and covert technical security solutions
- risk assessment, risk entity profiling & risk mitigation
- business impact analysis, service interruption analysis
- crisis & incident management
- supply chain management auditing
- succession planning
- change management
- performance management
- programme and project management
- strategic & business planning
- training delivery
- table top and live exercising
- coaching & mentoring
- business & financial analysis
- ICT audit, review & fail over testing
Health Checking – A Prelude to Impact Analysis & Business Continuity Planning
The following is an extract from a health check carried out for a retail based buying group with a turnover of some four million pounds per annum. The company is currently performing well in a difficult environment and would be judged as successful by any means of assessment. The senior management team however had the foresight and prudence to ask for a ‘drains up’ examination of their operation. The findings, and recommendations, have enabled them to identify a programme of modifications and
improvements which will substantially improve their future resilience and ensure their crisis and incident management capacity is improved:
Here we see poor overall incident or business interruption preparedness and a fragmented view amongst employees and managers of risk responses and the critical ICT room being extremely vulnerable to fire, the backup power supply did not work and represented a fire risk in its own right and critical data and systems were not regularly saved and safely stored.
This is what the health check exposed when the spotlight turned to examining the current level of planning and incident management structures to respond to a crisis or significant business interruption (SBI)
With the 10 year anniversary of 9/11 bringing back so many vivid memories of extreme risk, recent domestic riots and looting of businesses, many of which will never recover, a gloomy economic environment and threats from unpredictable and unseasonable weather interruptions to businesses a constant reality managing risks has never been so important to us all.
Do should reading this post get you thinking about just how resilient your operation would be in the event of a significant business interruption, pause and examine your feelings for a moment; would you honestly describe them as confident or complacent?
If, and only if, your honest appraisal is the latter then you could do far worse than get in touch with Leema Risk or perhaps check out the training opportunities on bcptraining.org.uk which include health checking processes in BCP1.