Having recently returned from the global Business Continuity Institute (BCI) World conference held in London, November 2015, there is a lot to share regarding trends and good practices for Business Continuity (BC).
The good news is that from my experience with the South African market when compared to our overseas counterparts, we are beginning to make inroads when it comes to preparing for the worst.
Many organisations in South Africa have already established continuity plans and emphasis is now on training and testing. The big difference is that globally, there is a massive drive to ensure supply chain resilience which is something we lack.
Whether it be driven by a need for compliance or based on safeguarding our most valuable assets, more organisations in South Africa have seen the light…and yes, pun intended considering the load shedding disruptions prevalent in 2015.
A hot item for the BCI conference pertained to “building resilience throughout an organisation’s value chain”.
While you may have put together robust continuity plans to ensure your organisation is resilient, have you considered if those you depend on have done the same?
While we may have little “power” in analysing our electricity supplier’s continuity plans, there are other key suppliers we can interrogate.
The first step would be to analyse your value chain to determine who your key suppliers/service providers and customers are.
Your Service Level Agreements (SLA) should incorporate provisions to allow you to review or audit your supplier’s continuity plan and even request evidence of testing. If this is not in place, it is certainly something to incorporate going forward.
The list below includes examples of questions to consider when assessing your suppliers:
Some of these questions may not be relevant to your supplier if the service or product being provided is not critical to your business. Your assessment should be customised to the nature of your business and relationship with your supplier.
Consideration should also be given to whether your supplier’s continuity plans will allow for a recovery within your Recovery Time Objective (RTO). A question could also be posed regarding your supplier’s suppliers and their readiness to respond to a disaster.
An excellent case study relating to supplier resilience pertains to a project we were involved in encompassing an assessment of over 300 suppliers for a large global client in the financial services sector.
During the assessment, we found that while our client had implemented strong controls to protect customer information, not all suppliers had followed suit. So much so that customer information became publicly available resulting in reputational loss to our client.
So the next time you are in your boardroom, ask yourself if you have visibility on your strategic suppliers because this might as well be your ‘weakest link’.
If you would like further information or have any questions, please contact Nashikta Authar at firstname.lastname@example.org (Associate Director) on 031 327 6000.
© 2020 KPMG Services Proprietary Limited, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.