Just over the course of one month into 2020 and the world has been bombarded with a flurry of disasters and unforeseen events. Headlines have been filled with alarming and heartbreaking news — from the wildfires in Australia, to the eruption of the Taal Volcano, and just recently, the outbreak of COVID-19 (coronavirus disease 2019) affecting numerous countries around the world.
With these events happening all over the globe, we come face-to-face with the glaring fact that disasters are not a matter of “if,” but “when.”
Given the increasingly frequent occurrence of unfortunate events, whether natural or man-made, are organizations prepared to face such ever-evolving and emerging threats? Taking a proactive stance seems to no longer be an option, but a necessity. It is more crucial than ever for companies to ensure that they have an established plan in place to guide the organization on how best to respond and safely maintain operations in the face of unprecedented situations. Recent events should serve as a wake-up call to revisit and ensure that business continuity plans (BCP) are robust enough to cater to all sorts of disasters.
DEVELOP AN ORGANIC, EVOLVING BCP
First, companies should review their existing BCP and check that all potential threats, whether natural or man-made, are considered in the plan. This would entail the broadening of their perspective to anticipate the current and future risks that the organization may face. The next step would be to update these plans periodically in order to tackle new and continually emerging threats in the industry. This likewise involves checking if the roles and responsibilities are still correct and sufficient, if advances in technology solutions and infrastructure are accounted for, and if procedures to recover critical services are still applicable. The organization should consider specific plans catering to different threats, such as Pandemic Plans and IT disaster recovery (IT DR) plans. These plans should also cover high-risk, low probability events.
Having well-documented plans are only the starting point of a well-developed Business Continuity Management (BCM) program. The plans and strategies must also be exercised to test the effectiveness of the strategies. When planning for exercising activities, the organization must consider the current BCM maturity to ensure effectiveness of the testing activities. For example, the organization must start off with tabletop exercises and then transition into simulated exercises as the program progresses.
In light of reviewing the BCM, organizations should consider the following points.
AWARENESS AND COMMUNICATION
The safety of employees should be a top priority, making awareness and communication initiatives especially critical. Organizations should establish proper communication channels and procedures and deploy an emergency broadcast process that will allow the company to reach employees quickly and measurably. Employers must also account for their employees in times of a disaster and be able to escalate emergencies to the proper authorities as necessary.
Employers must ensure that their people are regularly updated with reliable information regarding the situation, both to manage the spread of correct, verified information from authorized sources as well as to control the spread of harmful and panic-inducing disinformation.
The company’s leaders should maintain communications through easily accessible media, such as printed posters, e-mails, weekly updates, programs and activities. As an example, to increase awareness on the organization’s pandemic plan, the business should send out awareness e-mails regarding the extent of the virus as well as countermeasures and preventive actions. The organization must also consider the company culture in crafting an effective BCM Awareness program.
BUSINESS IMPACT AND SUPPLY CHAIN CONCERNS
Given the unexpectedly broad impact of the COVID-19 virus outbreak, businesses should revisit their 2020 and Q1 budgets. Determine areas where operations will be impacted, including key suppliers, vendors, and third parties. Consider the impact of the disaster on key suppliers and vendors, as this will also impact the delivery of services if disruptions occur, especially for suppliers that provide manpower services. If necessary, identify back-up suppliers and vendors as a pre-disaster activity. This will ensure that critical services and products provided by affected suppliers will continue in the event of a disaster. Organizations should also determine key dependencies, assess potential impacts on these services and align with key clients on adjustments to any affected expectations and deliverables.
Additionally, businesses should consider revisiting their contracts with clients or third parties, especially long-term or high value contracts. Client initiatives for their own business continuity should also be taken into consideration, since this can possibly cause delays in the completion of the project/engagement. As an example, the recent outbreak of the COVID-19 restricts work obligations which require teams to work on-site with clients, since quarantine and lockdown measures are in effect in infected countries like China. It is also important to thoroughly go through contracts with strict timelines, stipulations of damages in case milestones are not met, or those with a termination clause in cases of unforeseen events. In reviewing these, organizations should always put into perspective their capabilities to deliver their products and/or services even under extremely difficult circumstances.
Business must also look into the impact of disasters on the organization’s assets and workforce. Different disasters call for different responses and organizations must be able to adapt to each one. For example, disasters such as fires, earthquakes, typhoons and floods would affect the organization’s facilities and equipment. Situations such as cyber or hacking attacks would necessitate a different set of responses and resources from digital security teams.
Similarly, disasters such as pandemics will directly impact the workforce in terms of physical health and contagion control protocols. In such an eventuality, leave policies must be updated and clearly communicated to the workforce, and health insurance policies for employees must be revisited. Employees that have symptoms or illness should be allowed to remain at home or work from home and seek medical care as soon as possible.
BUSINESS SUCCESSION AND BACKUPS
In times of disaster, leadership may not be available to address urgent and critical concerns; thus it is essential to develop a plan for leadership continuity in the event that key decision makers are affected. Organizations should also consider setting up physically separate back-up teams that can be deployed in times of disaster. These identified back-up and alternate personnel must also know their roles and responsibilities in times of crisis. For companies with multiple office locations, this may mean designating one office as a support team for another location. Additionally, the company should also include data back-up processes as part of their regular safety protocols.
As new threats emerge in the ever-evolving world, people and organizations must stay vigilant not just about COVID-19, but other possible issues that may arise. Practice additional caution by staying updated on current events, carefully examining the organization’s level of readiness and adapting.
Consider that just weeks prior to the virus outbreak, parts of the country were affected by storms and earthquakes while Metro Manila was severely affected by the Taal volcano eruption, which led to the closure and suspension of work and classes in several locations. An emergency can occur at any time, so being prepared with a strategic and tested business continuity plan is essential to ensure the safety of a company’s people and the continuity of business-critical services in times of disaster.
This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the authors and do not necessarily represent the views of SGV & Co.
Senior Manager Alvin Manuel, Manager Shaun Cusi, and Associate Dawn Casocot are from the Advisory Service Line of SGV & Co.