Executive Summary
Business Continuity Issues Facing Companies with Production Facilities

By Kennith D. Brock

Business continuity was not much of an issue 20 years ago: companies were greatly diversified, had numerous products, and smaller production facilities that were scattered mainly across the US with varying levels of presence around the world. That industrial landscape changed, and as organizations became more dependent on single IT systems, single suppliers and just-in-time (JIT) inventories, they also became highly vulnerable to interruption should that single system be disturbed. The “oil business,” for example, could be described as one straight-line process of drilling for oil, and moving that crude to a refinery for fuel production.  It could also be described as a disaster  “waiting in the wings.”  For when an entire system is at capacity, virtually any interruption, at any point, can “bring the curtain down” on the whole thing.  No longer are there duplicate production lines with excess available capacity. This situation is further exacerbated when one single-line company depends upon another single-line company for product or distribution.

Moreover, insurance is often not the answer. Certain “risks of doing business” that must be evaluated and planned for – lost customers, interruption due to non-insured events, loss of reputation  – go well beyond insurance coverage. Highly successful companies set the goal of business continuity, where enterprisewide considerations of all critical operations (data-driven and otherwise) and their dependencies are paramount to continued operation.

Hence the burgeoning field of business continuity management.  It reaches beyond the traditional IT realm and assesses critical business processes so companies can better understand how products get made and services get delivered.  It encompasses enterprise risk management, and includes the assets of the organization – people, machinery/equipment, product, capital, and data (as well as supply chain management).  When looking to improve operations, a business continuity program should address all business functions, interdependencies, and the necessary efficiencies in process.

An organization should approach business continuity by understanding the impact of downtime on its viability – and considerations must include more than just systems downtime. Earthquake or flood, fire and explosion, strike or public relations concerns, issues with suppliers, equipment or distributors – all can cause problems that materially impact the business.

Key prerequisites to successful business continuity programs include:

• A deep understanding of your business environment
• A determination of those processes and operations critical to achieving the business’ goals and maintaining important customer relationships
• An identification of critical path operational interdependencies and process bottlenecks (including supplier and distribution channels).

Expertise in each aspect of your business’ operation, from facilities to human resources to corporate data, is important in protecting the organization’s continuity.  Through a genuine understanding of the business, and by adequately identifying potential threats and their accompanying impacts, management can make informed decisions as to options available – ignore it, prevent it, insure against it, mitigate it, recover from it – in addressing each threat.

Business continuity experts can add value by helping facilitate management’s evaluative efforts, coordinating the input of different businesses, units, and functional areas, and advising the organization about choices such as acceptance, transfer or mitigation of threats.

Historically, many senior executives or boards of directors have considered business continuity the responsibility of the information technology (IT) department and the CIO.  But it is no longer sufficient or financially wise to put total responsibility on that one department.   Today, success in business continuity planning is measured in hours, not days.  Because transactions and communications occur in drastically contracted timeframes, the amount of work lost in an hour far exceeds that of just 5 or 10 years ago. Impacts to business continuity in some functions must be addressed in minutes while other operations or processes allow a longer recovery window.  It is essential to know the recovery window for all critical functions, and to have developed procedures that enable response within those windows.

Disasters place the personal reputations of boards of directors and senior executives at risk. The press has dissected a number of cases recently – embarrassing the company and the individuals running it.  Increasingly, executives are being held accountable for the consequences of business interruptions and lost business. Further, larger numbers of organizations are requiring suppliers to guarantee their supply, and to demonstrate that guarantee through a documented business continuity plan.

It is these factors that make business continuity the shared responsibility of all management from the Board of Directors and the CEO to Vice Presidents of key lines of business. Business Continuity Management has become an issue of responsible corporate governance.

Senior management commitment to the plan and then to the regular update and testing of the business continuity plan protects the company from the greatest threat of all – a false sense of security. The world is changing rapidly both within companies and outside. Failure to ensure that a business continuity program keeps pace with change leaves you vulnerable to catastrophic disruptions.

About the Author
Kennith D. Brock, Senior Vice President of GE Global Asset ProtectionSM Services, IRI, has over 30 years of risk management experience. He is responsible for loss prevention, risk management, facility asset management and business continuity solutions at IRI, a member of ERC’s Commercial Insurance division, a GE Company. For more information, contact Ken at kennith.brock@industrialrisk.com