Business Resilience Management

Any modern business enterprise with strategic vision necessarily considers Business Resilience Management (BSM) as one of the basic ingredients of its organisational mission.  BSM is wider in scope than the more popular Business Continuity Planning (BCP) which deals with how an organisation prepares for fortuitous incidents that could jeopardize the organisation's core mission and its long-term objectives. Incidents include local ones such as building fires, regional ones like earthquakes, or national calamities like pandemic illnesses. 

The main objective for resilience program is to trigger a conscious business process that facilitates (1) the emergence of collective, organised and systematic response encompassing all the organs of a business enterprise including Enterprise Risk Management, Business Continuity Management, Disaster Recovery Planning, Regulatory Compliance, Information Protection, Technology Governance, Financial Accounting & Treasury and Business Operations; and (2) policies and standards responsible for organising and aggregating value to enterprise.  As such, for a successful formulation of BSM, the active involvement of the Executive Management or the Board of Directors is absolutely essential.

 

Lots of information is available on the web about various components of Business Resiliency Management.  A few of them are furnished below for further reading and reference purposes.

 

 

Broadly, three phases of BSM can be envisaged, namely, (1) The Emergency Response Phase; (2) The Incident Management Phase; and (3) Business Continuity Phase.  These phases are discussed in detail hereunder.

 

The Emergency Response Phase deals with the preparations to encounter potential disasters, no matter whether natural, technological or man-made.

 

There is no hard and fast rule as to when an Emergency can occur.  It can occur at any time.  Apart from disastrous situations arising out of conventional hazards such as Fire, Earthquake, Hurricane, Flood or similar nature's fury, non-conventional hazardous situations attributable to acts of terrorism, workplace violence and other forms of man-made or technological disasters also trigger emergencies requiring appropriate measures aimed at ensuring the safety of the lives and property in business enterprises.  Essentially, therefore, prudence requires business enterprises to identify the risks, determine effective actions and formulate befitting strategies as pre-emptive and protective mechanism at least to contain, if not ward off the disastrous consequences of a fortuitous incident.

 

The Emergency Response Phase provides for a collective and organised series of actions to be initiated in response to Emergency situations capable of injuring people, damage property or contaminate the environment at a workplace.  Emergency Response Planning (ERP) is the formulation, documentation and implementation of policies and procedures; and organising teams of personnel designated to implement them in order to avoid or at least contain the effects of a disaster.

 

In some countries, there are statutory regulations mandating emergency planning or dictating staffing, equipment, training, and documentation requirements.  As such, failure to formulate and maintain ERP may also result in regulatory fines and penalties apart from civil liability for damage to property and injuries to occupants and the surrounding community.

 

It is, therefore, necessary to formulate ERP that is compliant with applicable statutory regulations and in conformity with standards prescribed by authorised Government or Quasi-Government agencies in the realm of Occupational Safety, Health Administration or Environmental Protection.  It is also essential that appropriate training is imparted to all designated personnel who are expected to implement the ERP.  The goal of Emergency Response Planning is to develop a capability that will enable effective decision-making and execution of protection strategies for whatever situation that might unfold.  It is recommended to develop standardised processes when developing site-specific capabilities for handling emergencies, which may begin with an assessment of ERP preparedness.

 

This phase comprises of the processes and procedures for assessing the magnitude and scale of incidents and the steps to be initiated by the teams assigned with designated responsibilities.

 

During the Incident Management phase, designated personnel will be empowered under a set of laid down procedures or processes that help them identify and assess the impact of perils that threaten the safety of employees and business operations and recommend strategies to mitigate exposure; determine appropriate levels of response commensurate with the potential consequences of impending threats, the availability and capabilities of internal and external resources and regulatory/statutory requirements; organise teams to respond to impending threats; draw-up building structure-specific and hazard-specific procedures; co-ordinate with Public/Government/Quasi-Government Emergency Services; and organise Mock Drills and simulated exercises to impart training to employees on techniques and tactics to be employed during actual Incident Management.