|
|
|
Achieving business resilience
Markets worldwide are changing with technology. Customers are becoming increasingly powerful, as companies find themselves adapting to their customers and their requirements. Similarly, an organization’s technology must change to provide customers with services and information that he/she demands.
At a BCRS event on Oct 15, IBM’s Service Delivery Manager for UK, Mike Moriarty, gave a detailed presentation on what growing customer demands mean for the corporation. He stressed that business resilience is essential to all organizations, as it is turning into a matter of survival.
What is business resilience? According to Mike Moriarty, it is the ability to rapidly adapt and respond to risks, as well as maintaining continuous business operations, enabling growth and being a trusted partner.
The importance of business resilience can be gauged from two growing trends. Firstly, businesses are becoming increasingly dependent on customers, and succeed or fail based on customers’ expectations of them. Therefore companies must provide as much information and services to the customer as they possibly can.
Then there is cyber warfare and cyber terrorism. Companies are under attack from hackers as well as competitors. They face threats ranging from virus attacks to information theft. This renders them incapable of providing promised services and so customers may switch to a competitor that can serve them better. Thus, business resilience becomes a matter of core importance to organizations.
The classic business model of a stand-alone company was the IT infrastructure as a small, contained unit, firmly circumscribed by the boundaries of the organization. IT assets were to be used only inside the corporate domain, ensuring a controlled and safe environment.
This has changed the recent internet model, which was a link between the customer and IT facilities of an organization, exerting external influence on corporate IT. Information began travelling faster and reached customers sooner. At the same time, customer demands grew, with increasing expectations of an organization’s IT services.
In the contemporary e-utility model, customers are directly linked to the organization by it’s own IT setup, which is no longer contained within the organization bubble, but transcends it. The corporation no longer controls its IT assets, since data contained on the system is so intermingled that it is hard to differentiate between what belongs to the corporation and what is related to customers. IT is a great leveller, putting large and small companies in the same arena, as better availability means more satisfied customers. In general, the “softer” the product, the greater its risk and opportunity.
As mentioned earlier, a company’s survival is now dependent on customer expectations, which is why it is important to have a capable and reliable IT infrastructure. However, with advances in technology increasing the rate of idea flow, customers are growing impatient and demand instant gratification. This is what leads to business resilience.
A survey in the presentation revealed that downtime costs most companies less than $50,000 per hour, but for some four per cent of the companies, the cost is above $5 million per hour. No wonder then that 40 per cent of the enterprises that experience disasters go out of business within five years.
Monetary loss is the inevitable consequence of downtime, including losses in brand equity, goodwill, trust and loyalty, revenue, market share, and productivity.
Thus, most corporations are interested in knowing how to engender business resilience into a corporation. For this purpose, Mike outlined six layers of resilience: strategy, organization, process, application, technology, and facilities. One must begin with strategy as the first element. This layer involves corporate governance into the project, ensures continuity, and provides for proper communication and risk management within the organization.
Next comes organization. Here, the roles and responsibilities of all concerned must be explained and implemented. Structures within the organization must be modified where necessary, and relevant skills developed.
Then there is the third level, i.e., processes. This involves modification of business and IT processes. Applications and data comprise the fourth layer in which data storage and security is brought up to mark. Application architecture and design must be modified to increase resilience, and backup and recovery mechanisms must be put in place.
The fifth layer is technology, where architectures must be secured and system management and networks must be modified. The final layer is facilities, which involves updating and modifying security and power. Access must be safeguarded and environmental threats must be allowed for.
It follows then that resiliency assessment must be undertaken in order to incorporate it into a business. Certain guidelines must be followed in this regard.
(1) It must be led by consultants;
(2) It be scenario driven;
(3) Benchmarking must be used against at least 500 companies;
(4) Rankings must be created for all resiliency layers;
(5) Tools should be generated for reporting and for executive summaries;
(6) The process should be continuous and recommendations should be made at the end of every cycle.
The exercise aims at creating integrated risk management, causing uninterrupted availability and integrity of critical information required to make business decisions, measure performance and support corporate governance. Therefore every organization must view problems and opportunities in broader terms. They must understand how their business model has or will change. Organizations must determine where they stand and what their risks are. A resilience strategy should be incorporated in their budget cycle and team members should understand their business. Only then, can resiliency continuously increase over time.
The writer is an MIS professional and a regular contibutor
|
|
|
|
