For further information please click here for the Business Resilience Construction List

Why should small businesses in the UK consider pre planning for disasters which may or may not affect their business?

There have been many incidents recently which have had a serious impact upon businesses. Here are some examples

• Buncefield. December 2005. 400 businesses affected. Total economic loss £5 billion and 2,500 jobs lost.

• Explosion at Nypro (UK) chemical plant in Flixborough in June 1974. 28 fatalities, 36 injuries and extensive property damage

• Terrorist attack in London. July 2005

• British Midlands air crash at Kegworth. January 1989. 46 fatalities

• Carlisle floods January 2005. 3,000 properties flooded

• Fire in BT tunnel in Manchester March 2004. 130,000 phone lines affected

• Boscastle August 2004. Flash flood devastated local businesses

• Tornado in Birmingham July 2005 19 injuries and many properties affected

• Earthquakes in UK. Although small in magnitude, they do exist and there were five in March 2006 alone.

The Company Law Reform Bill. This could have serious implications for Company Directors and their responsibilities and liabilities. It is likely to create more of a need to protect shareholders interests, part of which would be a robust Business Resilience plan.

The Civil Contingencies Act 2004. In order to ensure planning and preparation for threats posed to UK businesses, whether due to internal systems failures or external emergencies such as Terrorism or natural disasters, frontline emergency responders must maintain Business Continuity arrangements, and since May 2006, must promote Business Continuity planning to businesses and voluntary organisations in their locality.

Three elements to Business Resilience Planning

1. Sound Risk Management

2. Disaster Recovery Plan/Business Continuity

3. Business Interruption Insurance

1. Sound Risk Management

Prevention is better than cure in avoiding business disruption and reducing risk.

Businesses must take an active role in eliminating causes of accidents and managing their exposure to risk.

Buying insurance is the last link in the chain, put in place as a safety net for risk transfer to run alongside a risk management programme. This should bring benefits in the wider availability and reduced cost of your insurance programme.

Not only insurers but investors and statutory bodies now demand better information on companies exposure to risk and how those risks are managed. Of particular importance are:

Evaluation of risks

To ensure the most effective protections are in place.

• Fire risk assessments

The Regulatory Reform (Fire Safety) Order 2005 requires companies to undertake self assessment, to replace Fire Certificates, from October 2006. Failure to have completed written assessments could lead to enforcement and prosecution. Businesses should undertake fire risk assessments of the workplace, provide fire risk assessment training, and audit fire risk assessment controls.

• Security

Good security means having control of the premises. Review the effectiveness of the existing protection against current standards, design enhancements etc.

• Health and Safety Policy

Businesses with five or more employees must demonstrate a robust Health and Safety Policy. A risk control programme is required to include safety standards and procedures and to include specific risk assessments for the particular trade or business and premises.

2. Business Continuity

The Civil Contingencies Act requires local responders (emergency services and local authorities) to maintain Business Continuity Plans and from May 2006 for local authorities to provide advice and assistance to businesses in relation to business continuity.

Why needed:

1. To ensure recovery from a disastrous event that could otherwise destroy the capability of the business to function.

2. Protect vital assets.

3. Mitigate risk.

4. Manage crisis and recovery

5. Remain within legal and regulated framework for the business.

6. Retain confidence of stakeholders – customers, suppliers, financiers and employees.

Areas for consideration as identified by the Business Continuity Institute

1. Programme - proactively managing the process

2. People - roles and responsibilities, awareness and education

3. Processes - all organisational processes

4. Premises - buildings and facilities

5. Providers - supply chain, including outsourcing

6. Profile - brand, image and reputation

7. Performance - benchmarking, evaluation and audit

The Business Continuity Institute has developed a 5 stage Business Continuity Management process.

Stage 1 Understanding your business. Use risk assessments to identify and evaluate recovery priorities

and assess risks that could lead to disruption of service.

Stage 2 BCM Strategy.

Identify alternative strategies available to mitigate loss and assess their potential effectiveness in maintaining the business ability to deliver its critical functions.

Stage 3 Developing and implanting a BCM response.

Developing the response to challenges and the plans underpinning the response.

Stage 4 Establishing a BCM culture.

Ensuring a BCM culture is contained in the organisation by raising awareness throughout the organisation and its key stakeholders and training for key staff where appropriate.

Stage 5. Maintaining and Auditing BCM.

Ensure plans are fit for purpose, up to date and quality assured.

Checklists

1. Generic plan covering response to wide range of scenarios e.g. invocation procedure, command and control, access to financial resources.

2. Specific plans for emergency where generic arrangements are not likely to be sufficient.

3. Exercising plan. Validating plans, rehearsing key staff, testing systems (uninterrupted power supply).

4. Training of key staff.

5. Review of plan – staff changes, organisational changes, change in suppliers etc.

Areas for consideration when constructing a plan

(a) Emergency and Crisis Management organisation

- Simple clear and enforced from management downwards

- needs to steer the system and if necessary challenge existing laws, regulations and rules

- clearly defined responsibilities to analyse, plan, instigate measures and communications.

- Need for joint decisions where business operates out of other locations

(b) Consider training staff to do other “skilled” work in emergency

(c) Consider forming special teams (for larger organisations) dealing with company medical services or fire fighting units.

(d) One nerve centre for all operations – co-ordination with external services – fire services and clean up agencies.

(e) Availability of personal protective equipment, helmets, weatherproof jackets, sturdy footwear.

(f) Suitable transport provision – arrangements to charter transport may be required.

(g) Ensure reliable means of communications

- continuously updated list of telephone numbers

- ensure emergency managers always carry telephone lists

- may require “messengers” if mobile network becomes overloaded.

(h) Emergency planning. Carry out in advance as much of the work as possible that needs to be done in an emergency.

(i) Emergency plans should include both optional measures and standing orders.

(j) Plan a little, practice a lot. Avoid emergency plans being understood only by the people who have written them.

(k) Preparation of Business Impact Analysis, i.e. plan measures and scenarios on imaginary and crisis situations by applying a working group to represent all sectors of the organisation. In a disciplined discussion they are likely to reach a consensus in their assessment.

(l) Test the plan at regular intervals

3. Business Interruption Insurance

Once the Business Continuity Plan has been formalised, Business Interruption insurance can assist further. Insurers have recognised the benefit of Risk Management and Business Continuity Planning and will offer premiums that reflect suitably protected businesses.

Policies are arranged in order to protect businesses following on from a property damage loss (fire, flood, theft etc) at the premises.

The cover will provide for the shortfall in turnover from the date of loss until normal trading can be resumed. The policyholder selects the maximum period that it would take to return to normal trading following a loss. This is termed the indemnity period and is usually expressed as 12 months, 18 months or 24 months, dependent upon the type of business and the premises concerned. The policy will also pay for continuing standing charges; those costs which may still be payable even though the business is operating on a much reduced basis following a loss. These costs may include lighting, heating, wages etc. Payments for additional costs incurred in minimising the effects upon the business may also be paid, such as temporary accommodation or overtime payments.

Extensions to the insurance may be required to cover denial of access, public utilities, suppliers or customers after an interruption to the business resulting from property damage.

Loss of a key supplier, for example could have a significant impact upon the business.

An insurance broker will provide impartial advice in discussing your insurance programme and evaluating quotations for your business. The broker will work with you to understand your business and design the right insurance product for your needs. He can also assist with Risk Management and the construction of a Business Continuity Plan.

For these reasons it is essential that a business puts in place Business Interruption and Business Continuity Plans and develops a robust Risk Management programme in order to minimise the effects on their business, thereby developing a business resilience solution.   

Links

www.preparingforemergencies.gov.uk
www.businesscontinuityexpo.co.uk
www.thebci.org
www.airmic.com
www.survive.com
www.axa4business.co.uk

Click here to print this page