Business Continuity Planning: Where do we start?

Published: 16 Dec 2019

Pete Holmes, Aviva Risk Consultant, answers everyone’s first question on how to plan for the unexpected.

Over the past 12 years, I’ve regularly visited Aviva clients to help with Business Interruption Insurance and Business Continuity Management (BCP). This involves gaining an understanding of how the business operates, where it earns its money, and what protections are in place. The process is very much collaborative one, with both broker and client, during which we work together to build a relationship, get a picture of the risk, and to offer any risk management help and advice we can.

Preventing big losses from small incidents

There’s no doubt that protecting the business against the impact of interruptions is of the utmost importance. Even a minor insurable incident, a small fire for example, can lead to a considerable impact on the business’s ability to provide its usual service levels to its customers – something which can result in a sizeable loss of profit. Business Continuity Management and Planning has been solidly proven to help minimise the likelihood of an incident occurring – or, if does occur, minimise its impact and maximise the business’s chances of making a fast and full recovery.

I often see businesses with a limited BCP, an out of date BCP, and surprisingly on occasions, no BCP at all. In fact, in a recent Aviva survey [1]Footnote 1, 19% of businesses do not identify or document any key risks. This leaves them with no focus or clear priorities should an incident leading to an interruption occur. This would mean their down-time after an incident is likely to be substantially longer, while they sort out what they need to do – risking a serious loss of customers and market position.

So, Business Continuity Planning is key, and the single most important question I’m asked on this subject is “Where do we start?” The answer is Business Impact Analysis (BIA).

Four key factors that could prevent a crisis

Business Impact Analysis is at the centre of continuity management. It looks at four crucial areas, to provide a full picture of the threats to a business: the key areas to protect, and how to provide either increased protections in an area, or established work-arounds, to mitigate the impact of an incident.

  1. Threat analysis 
    Threat analysis is an important stage in the BIA process. This should involve all areas and concentrate on what could happen to stop, or seriously affect, the business’ ability to service its customers. Fire, flood and theft are all serious factors, but other issues including weather, denial of access, supply chain issues, and incidents at a key customer’s premises should all be considered.

    The other three areas all need consideration, though some smaller businesses may merge two, or all three into one assessment. 

  2. Products and services
    Products and services should be carefully examined. What are the key aspects to the business? A dominant product line or lines? A key customer contract? Each business will have its own priorities, and these are what the BCP should prioritise to protect the business.

    Once the products and services have been assessed and a list of priorities made, we need to determine the Maximum Tolerable Period of Disruption (MTPD) – this is how long the business has to restore services to its customers before they might be expected to go elsewhere. From this, we can set a recovery time objective – a period for retrieval before the MTPD expires.

  3. Processes
    The third stage is to consider the processes needed to provide the prioritised products and services which were previously examined.

  4. Activities
    Following directly on from this, we need to identify the activities required to provide the processes for the recognised priorities. This will entail making a list of the staff and resources, equipment, utilities, raw materials etc that the processes require, to support recovery by the set recovery time objective.

Back to the question: this is where we start…

The BCP is built around the findings and priorities of the Business Impact Analysis, and should provide a concise, relevant and usable plan, to protect against issues from happening in the first place, assist in managing an incident if one does occur, and focus the activity afterwards to protect service to the business’ customers as far as is possible.

Without Business Impact Analysis, any plan would lack direction and priorities. And that’s why it has to be the answer to that often-asked “Where do we start?” question.

Explore Business perspectives

Your hub for expert insight and knowledge

Discover more

Expert view articles

Health & Wellbeing

How to spot if your employees are burning out

Aviva’s Dr Doug Wright looks at how to spot the signs of burn-out and what you and your employees can do to prevent it.

How long do we have? Piecing together employees’ retirement

Pieces of our life puzzle may not all be in place yet, but businesses can help employees plan for retirement by exploring life expectancy and flexible pension options.

Neurodiversity: 5 ways to support a neurodiverse workplace

Debbie Bullock, Aviva’s Head of DEI and Wellbeing Lead, on how to create an inclusive neurodiverse wellbeing strategy.

Health & Wellbeing

World Mental Health (Every) Day

Debbie Bullock, Aviva’s wellbeing lead, looks at how we would all benefit from thinking of every day as a mental health day.

Finding lost pensions: Help your employees find their forgotten savings

Putting aside a little time to track down old pensions could be an investment that’s well worth making.

Wellbeing and business risk: what can’t be left to chance

Debbie Bullock, Aviva’s Wellbeing Lead, on why wellbeing is a business risk that needs to be taken seriously.

How driving auto enrolment into next gear may benefit employees

Dale Critchley celebrates the tenth anniversary of auto enrolment and explores the changes that could help make the next ten years a race to the finish line for employee retirement.

Pension

Five points for trustees considering consolidation

With trustees of smaller occupational schemes being urged to consolidate, Dale Critchley looks at what they should be thinking about.

Health & Wellbeing

Why supporting menopause in the workplace is important

Deborah Garlick, Director at Henpicked: Menopause in the Workplace, explains why introducing menopause support at work makes sense for savvy organisations.

Pensions: Learning lessons from our ancestors

Dale Critchley delves into our archives to look at how pensions have changed over the years. And found there’s a lot we can learn...

Sustainability

Pension power: our best defence against climate change?

Shane O’Brien shows how we can all do our bit to help turn villains into heroes on climate change.

Sustainability

Investing to improve the world we live in

Laura Stewart-Smith explains how providers and pension schemes can keep members aware and engaged with ESG investing.

Menopause is a business issue: what can employers do to help?

Medical Director Dr Subashini M, Aviva UK Health, discusses ways to support employees experiencing menopause and help them stay in work.

How the Retirement Living Standards can improve pension incomes

The Pension and Lifetime Savings Association (PLSA)’s Retirement Living Standards were recently updated. Discover how Aviva embeds the new figures in various initiatives.

How you can help create a Living Pension for your employees

Steve Jackson, Senior Proposition Manager at Aviva, talks about a Living Pension for all workers and how you can make a difference.

The emotional impact of opening up society – how it may affect your employees

Debbie Bullock, Aviva’s Wellbeing Lead, talks about why the end of restrictions may not mean the end of anxiety for some people.