Let’s now consider a real-life case study of a company that did not have adequate BCM. This company, let’s call it Acme Trading, was listed on Johannesburg’s AltX stock exchange where its maiden revenues were 327 percent higher than those of the previous year. Headline earnings were up by some 256 percent.
Six months later, headline earnings were down almost 100 percent. A company whose prospects had looked so bright soon lost its allure, and was ultimately delisted after only one year of trading on the AltX.
This spectacular fall from grace could not be attributed to anything dramatic like a terrorist attack or earthquake, but simply to a lack of effective operational risk management. The company was sunk by a combination of factors, including power outages, port congestion and poor harvesting practices—all operational risks that were, presumably, well understood within the company. Indeed, BCM planning could have ensured that there were simple and effective solutions in place, such as:
- Standby generators in case of power outages.
- Additional fuel on hand to top up the diesel tanks of refrigerated containers bounds for international destinations.
- Effective management of agricultural staff to ensure crops were harvested efficiently and on time.
King III, the new Companies Act and the Consumer Protection Act all, in their different ways, highlight the responsibility of companies and their directors to ensure that risks are managed adequately. Despite this, BCM is often overlooked as the most effective way to identify and manage operational risks effectively. While the board retains ultimate responsibility for risk management as a whole, the executive management team is responsible for implementing the operational risk management framework approved by the board and itsdirectors. This framework should be implemented throughout the whole organisation, and all levels of staff should understand their roles and responsibilities with respect to operational risk management.
The alternative, as we have just seen, can be frightening!
Next time, to conclude this series, some thoughts on how to embed BCM into the organisation.