Necessity of Risk Management & Business Continuity Planning

Ruchi Maheshwari

Best companies are judged based on their business performance and shareholder returns. These companies plan to perfection so as to ensure that the business revenues and cost are well organised, reviewed and monitored. Periodic monitoring is done to ensure that the business successfully implement strategies and to take corrective action as necessary to meet the targets and deliver to management requirements. Even aspects of regulatory and legal changes having impact on companies top and bottom lines are given priority and are on the top agendas for the CEO’s & CFO’s. The business challenges and adversities are baked into the planning process as the same are forecasted based on the impact measured during the business operations.

However, inspite of monitoring the business performance there seldom are very few companies that monitor the unknown. These Companies could not care to take measures to manage sudden situations, especially this unforeseen pandemic situation we are currently facing. 

As the present situation emanating out of Covid 19, has led to a sudden situation of lockdown and isolation across the world, many companies or organisations are at cross roads to on how to manage, operate or even assess the extent of loss or financial impact this situation would lead them too. In such situations, there are the two important but a bit rarely focussed aspects of Operational Risk Management (ORM) and Business Continuity Planning (BCP) which could assist companies to manage or at least be prepared for such likely situations. These tools have the capability to be the torch bearers or the guiding light to the business to be able to manage and cope with such situations in a planned and organised manner. Currently, many of the companies and its employees are stuck as they have no plan B of operations or even don’t understand the challenges their businesses could face and the impact it may have on its revenues. They are trying to grapple around and are making the most pessimist and gloomy projections for the next couple of quarters creating more panic within the economy. 

Many companies have always thought that ORM and BCP as non-critical and a sheer waste of money to invest in people and related process. These companies would be the ones feeling the maximum brunt in such a situation. The benefits or the power of these tools can be recognised only by those companies and people who have experienced it and know the value it brings. Shared below are some of the challenges currently faced by many companies which could be better managed using the Ops Risk and BCP Techniques. 

·        Work from Home (WFH) – In this health situation the governments have asked all establishments unless critical or emergency services to shut down their offices or if possible work from home. It is easy to say WFH but did a lot of companies know things like – Who or which of their employees can WFH? Did the employees have accesses that are required for them to WFH? What are the activities that need to be performed while the employees are WFH? What happens to the customer facing activities that the company manages? What would the employees do if they are not WFH? 

·        Data Security – The companies do not have clear defined polices around data sharing while employees WFH. The employees are accessing a lot of the critical information for the company financial or customer data or employee related data which are being shared over on other than company defined platforms and can cause serious damage to the company’s reputation. Even the VPN security is challenged due to the high demand. The internet quality has also been adversely impacted across as the same is extensively used for work, meetings, entertainment, etc. 

·        Prioritization of Activities – Lot of the companies do not have defined list of activities which need to be performed by each of the function/department along with the timelines within which the same must be performed. They do not know which are the critical activities that need to be performed and which can be staggered or put off in such cases or situations when the office is not operational. Defining the criticality of the tasks is important to perform, manage and review. It is also important to effectively utilise all resource in time of uncertainty.

·        Regulatory Deadlines – As the current situation which has started from mid-March and may extend beyond April too, the companies had a lot of challenge with managing the Year end close and many other related activities which may have regulatory deadlines. The people are seeing challenges with their log ins or facing access issues which had never ever been tested or checked for such a scenario. There had been last minute request for extensions and waivers or possible penalties could also arise.

·        Supervisory gaps – There are tasks which are being picked and performed by employees from their homes but as the companies do not have the right and complete setups these are not being fully supervised. There is exception to the maker checker rule too in cases. This may lead to other issues which are being overlooked now. There could be possible financial risk of frauds which may surface later.

·        Risk Assessment – A robust Enterprise Risk Framework and the Risk Management methodologies would have assisted in not only identifying the potential risks for the companies in these situations but would also have defined the necessary controls which would minimise the impacts. The Assessment methodologies also help assess the Business Operations Impact and the Financial Impacts too.

·        Financial Impacts – In today’s time as each company is saying “Cash is King” but the situation is draining cash for companies as reduced operations are leading to nil or very marginal revenues with the fixed costs. The ORM and BCP techniques assist companies to bring out plan B or alternative ways that would have been planned for such situations. The projections for companies would be better planned and more accurate and the uncertainties would have been completely thought through and evaluated. All regulatory impacts assessments and notifications would also be triggered and actions initiated as per BCP process.

There are many more challenges which can be listed out but that would make no logic till the companies really incorporate and imbibe these tools in their basic DNA’s. The companies will need to understand the intrinsic value that ORM & BCP bring to the organisations and hence maybe overlook the cost involved or consider the same as an investment. Kindly learn from the current situation and take the action to save the future instances, if any. It’s never late to change ways for betterment.