GAFM Articles > > Risk Management > The Dimensions of Risk Management -September


The Dimensions of Risk Management -September


By Michael Vincent

28 December, 2006

This month we explore the issue of disaster recovery.   Many businesses plan for a disaster,  less perhaps plan for a rapid resumption of activity after a disaster strikes.

 

Majorie Riley,  is a risk management practitioner from Western Australia,  she is an experienced manager of risk and has worked with some major firms in several states.     Her research project focused on disaster recovery and business resumption.  Majorie believes that an outcome of recovery and contingency planning will be the facilitation of a rapid resumption of critical business operations.

 

Disaster recovery planning can be defined as, "The organisation's ability to develop effective plans and procedures to ensure the continued running of its operations in order to minimise the impact of a disaster."    Disaster recovery planning is becoming an increasingly important issue for businesses.   Section 232.2 and Section 232.4 of the Corporation Law have increased the responsibility of Directors of Companies for the business assets and operations of their organisations.  Additionally more stringent audit requirements require increased planning and forethought is undertaken in order to protect assets.   The increased reliance of businesses on telecommunication  network systems  has also made them more vulnerable to even short term disasters which affect these systems.

 

Studies in the USA indicate that a high percentage of companies which are affected by disasters for more than two weeks failed as a business entity within two years of the disaster occurring

 

 

The disaster recover planning process can take from 12 to 24 months to develop, depending on the size and complexity of the organisation and the identified risks to the organisation.   The report identified seven distinct stages and allocated time according to the above framework,  the stages are:

                                                                                                            

Stage 1.    Risk assessment.

Risk assessment focuses on disaster avoidance.                            

           

Stage 2.    Business impact analysis.

  

To inform management of the potential cost of the disaster and to justify management's' decision about investing an a disaster recovery plan.

 

Stage 3.    Risk minimisation and strategy selection.

This stages involves the entity in analysing the business resumption options available and the likely cost of each.

 

Stage 4.    Management approval.

Full management support for all aspects of the disaster recovery plan is essential for proper development, maintenance and to ensure sufficient resources are allocated in a budgetary sense.

 

Stage 5.    Disaster recovery plan formulation and  management.

A well documented plan which defines tasks and responsibilities is essential.  The plan should detail the management structures and actions to be carried out in the event of a disaster and must contain a comprehensive list of the facilities the business will require to resume operations.  The key areas of the business must be identified and the order listed in which they will be resumed.

                              

Stage 6.    Testing.

The conduct of tests at regular intervals ensures that plans are workable and help to identify and documents changes as they occur.

           

Stage 7.    Maintenance and monitoring.

Once the disaster recovery plan is established it must be kept up to date.  Maintenance strategies should be included as part of the original disaster recovery plan to ensure the plan remains an effective organisational strategy.

 

Finally we will look at a telecom disaster to illustrate the finding of the research report.   Part of Majorie's research project dwelt on communications and the absolute nature of telecommunications in today's world.

 

Telecommunications is vital to the operation of a business as it acts as a medium which facilitates, CO-ordinates, guides and directs the day to day running of business.

 

Loss of telecommunications infrastructure can have a significant if not devastating effect on the operations of an organization,  therefore it is vital to have a disaster recovery plan in  place, which includes the loss of telecommunications.

 

A telecommunication disaster is considered to be a pure risk, ie. There is only an opportunity of a loss or no loss and no chance of a profit.   The possible outcomes are, 1. Adverse, there is a loss or disaster and 2. Neutral, no loss occurs and the status quo remains.

 

A systematic risk management approach to the potential of a telecommunication disaster would include:

 

           Avoidance.            Retention.            Passive retention.            Loss control and resumption.            Non - Insurance transfer.            Insurance.

 

Potentially no area of business is more likely to be affected by disasters than communications and little exists to safeguard this facility against disruption.    If there is a widespread disaster,   telecommunications providers will face many demands from affected businesses and the wait may be long and costly.

 

Disaster recovery should therefore be factored into any management strategic plans.  Failure to adequately plan for a telecommunications disaster demonstrates the the organisation is not only guilty of managerial oversight but of a  much worse offense, that of managerial incompetence. 

 

           

About the Authors

Senior Lecturer,

Department of Accounting and Finance,  Faculty of Business and Economics

Member Login

Username:
Password:

Login Forgot Password
Validate Member

Search Articles

All Rights Reserved 1996 -2012 American Academy of Financial Management ® Business Global Site Design by HeathWallace for AAFM ® 2008 All Rights Reserved

Join our groups on linkedin and Facebook

 
Asia - HK - China - India - Latin - Arabia - EU - Brazil - Africa - USA - US - AFA - DE