Business Continuity Disaster Recovery COOP Crisis Management John Glenn MBCI
And it doesn't need to break the bank
Mom and Pop need Business Continuity, too
John Glenn, MBCI
Enterprise Risk Management Practitioner
This is not a plan and is not intended as a plan; it only lists suggestions on how a plan can be created with minimal expenditure.
I know a lot of people who are in the "small business owner" category.
Mom-and-Pop businesses run the gamut from Abstract & Title companies to Zen masters. Some are one-person operations, others have a few employees. None will ever be, nor do most want to be, a General Mills (General Motors no longer is the shining star it was before it needed a bailout).
The problem is, while this scrivener knows these good people need a real enterprise risk management plan, most lack any concept of risk management ("That's why I have insurance") and those that do have the concept are convinced doing due diligence would be far too expensive.
So, for the Moms and Pops who fall into this category, consider this:
Enterprise Risk Management defined
Enterprise risk management, by another name, is enterprise business continuity. The "operative word" is "enterprise."
Enterprise risk management - hereafter "ERM" because I'm too lazy to type out the phrase each time I use it - has almost nothing to do with computers.
ERM's first word is "enterprise." I could have written "holistic" or "all inclusive," but "enterprise" does the job just fine. ERM is, then, an enterprise process that includes everything the enterprise needs to stay in business. That means vendors of all types (including money vendors) and customers, and everyone and everything in between.
Risk, the second word, likewise is all-inclusive. All threats to "business as usual" are identified. Never mind that the risk may seem small - snow in Miami - we will deal with both the risk probability and the potential risk impact as we move forward. Right now, we want to identify anything - anything - that might put a dent in the bottom line. Something "off-the-wall?" Write it down. Risk identification is best undertaken with all hands; often one person's comment opens up a new train of thought. No risk is out of bounds
Management of risks is, for our purposes, a broad word. It includes risk avoidance and risk mitigation. Management also includes responding to risks that insist on happening no matter how good our plans.
"Our" plans? Actually, Mom and Pop's plan, but everyone plays a part from beginning to end, so any plan is a collective effort. It might help - I'll tell you it WILL help, but I'm prejudiced - to have a professional's input as the plan develops, but as an absolute necessity, professional input can be skipped.
Getting started
There are three primary divisions of any enterprise risk management plan: Input, Output, and, for want of a better term, "Throughput." Input and output functions are relatively common to all organizations, so we can deal with them first.
Input
Most businesses have vendors of some type. For a small motel whose owners do it all, the vendors might be the local market (detergents and cleaning materials), pool supplies, building supplies, sign painter, plumber, electrician, phone company, utilities provider, and, lest we forget, the money people.
Assuming the above, how does "Delivery system" fit into the scenario?
How do Mom and Pop get the supplies from the store to the business? In the family flivver? Is the car big enough. What if it is unavailable - a wind storm comes through and a tree falls on the vehicle? Is a rental truck or trailer needed, and does the local rental office have what's needed when it's needed? How about the trades folk - the painter, plumber, electrician - is their transportation sufficiently reliable that they can come when needed? If they can't respond, is there someone else who can provide the product or service?
The idea is not to go lifting the hood or pulling wheels to check brakes on any vehicles. The idea is to understand "things" happen and that there needs to be alternate resources. If the Local Mart is out of detergent, is there a MegaMart a little farther down the road that might have the product? Can Mom or Pop get to MegaMart? Will MegaMart deliver? (Probably there's a better chance Local Mart will find a way to deliver the goods - a good reason to patronize other Mom and Pop operations.
Mostly the concerns are what technically are termed "no brainers." The problem is, someone has to take some time to sit down, discuss the "what ifs" and come up with options to deal with the possibilities.
A few input questions to consider:
From vendor
Does the vendor have a business continuity plan? What happens if the vendor cannot deliver?
When was the vendor's plan last exercised and updated?
How critical is the vendor's product to the organization?
If the vendors fails to deliver, what are the options?
How does the product or service get to the Mom-n-Pop operation? What happens if delivery cannot be made (strike, closed roads for any reason)?
If the product is not delivered on time, what can be done until the product dose arrive? Is there a product stockpile available? Is there another vendor with stock?
From donor
Are there alternate donors who can make up the deficit of this donor fails to meet commitment or is no longer around?
How does the donation arrive? Bank transfer - what happens if the bank fails, there is a delay in fund transfer, or other transfer interruption? Can the Mom-n-Pop continue to service its clients without the promised funds? (If not, what can the clients do to "get by" until funds are available?)
Who are the vendors?
- advertising agencies and media
- air, roadway, rail, and waterborne carriers
- banks, creditors (money vendors)
- government
- public transportation & infrastructure
- raw material suppliers
- utilities (including landline, cell phones, and Internet providers)
- wholesalers, including raw materials and goods for resale
Vendors are any persons or organizations that provide any product or service that is needed by the organization. A short sampling includes:
Remember, at this point, you are looking for risks, threats. We'll look at their probability and possible impact later.
The vendor score sheet, below, may help analyze each vendors' criticality. Creating something similar with a spread sheet application may be helpful; the following strictly is an example.
Output
- Can the customer get to the business - roads and directions are clear?
- Are there alternatives available to the customer - newer, bigger competition?
Output has a flow similar to Input.
Can the product or service be delivered to the client/customer?
Is the customer still in business? Can the customer pay the bill (was a D&B or similar run recently, has the customer been in the news)? Does the customer have alternate vendors (someone providing a similar product or service)?
Is there still a client base, requirement?
How will the product or service be delivered to the client/customer? Can delivery be interrupted (weather, civic event, strike)?
For businesses where the customer comes to the store, the questions become
At Mom-n-Pop's place (throughput)
The graphic "Resources & Risks around the Mom-n-Pop sun" is an attempt to be "all things to all businesses" and, consequently, is over-kill for many and sorely lacking for others. This simply proves that all ERM plans are unique, even for the same type business.
The graphic attempts to do one thing: Get people thinking about risks to the business that they might fail consider.
It truly is critical that Mom and Pop get input from all people with an interest in the business. That includes employees, shareholders (often family members), insurance agents, tax person, the local fire and police departments (usually the information is "free-for-taxes"), and governments from town to state - a plan to create a new highway or widen an existing road can have a major impact, even if the roadwork is two streets over.
John Glenn, MBCI, has been helping organizations of all types avoid or mitigate risks to their operations since 1994. Comments about this article, or others at http://JohnGlennMBCI.com/ may be sent to Planner @ JohnGlennMBCI. com.
