Business Continuïteitsmanagement

After the Crisis the Turnaround – Beyond the control of damage control

admin

Author: Eric Van den Broele

To my knowledge, this book has only been published in Dutch. (Na de Crisis de Ommekeer – De controle van de damage control voorbij) That is a pity. Yet I translate the summary because of the ideas in the book. It has a lot of them. I state some of them here.

An instrument during Covid19 was to financially support the organizations to continue to pay the wages.

The question: ‘How long can an organization survive after a crisis without external help?’ has therefore remained unanswerable.

No one has a crystal ball, but support measures can be given to financially survive. They must be distributed with wisdom. To this end, a so-called ‘shock resistance score’ (https://graydon.be/nl/resources/blog/strategie/hoe-maakt-u-echt-impact-met-de-schokbestendigheidsscore) of the organizations must be examined. The question is whether the organisations that were no longer really viable before the crisis are still ‘entitled’ to a survival support measure. To this end, it is insufficient to simply follow the statistics of artificial intelligence: a circle of wise men (experts) must examine these cases piece by piece, in order to make a weighted and supported decision.

Such a shock resistance score has more possibilities than during a major crisis. Even if a mayor has plans to redevelop a town square, the shops must be able to survive. However, they then have to go into a kind of ‘lockdown’ and lose sales. If the works take too long, they can go under. On the basis of a shock resistance score, the Mayor can document himself in advance and plan to prioritize the financial support from the start. And he can determine the budgets to guide those stores through the difficult period.

There are also ethical issues associated with this: if an organization’s shock resistance score is poor, suppliers may be able to cautiously refuse to deliver unless payment is made immediately.

But the knife cuts both ways: the government can also demand that the legal reserves be expanded by the organizations, just to increase their shock resistance score. Currently, this should be 10% of the capital. Failure to check this leads to non-compliance, which de facto weakens the competitive position of the organizations and therefore of the region.

After a crisis in which large government support was used, a recession can follow. Unbridled giving money cannot last. So choices have to be made. Balance must be sought, with social and societal justice. A crisis exposes anomalies. This raises questions

  • What do we want to do with our society?
  • Are we aiming for unbridled entrepreneurship with freedom – happiness?
  • Or entrepreneurship with sustainability, attention to the environment and society?
  • What do we support ?
  • Do we continue to aim to create more and more jobs by organisations, or do we look at sustainable, fulfilling work with future prospects?
  • Do we want companies with strong shock resistance?
  • What about companies with holdings abroad? Are we going to continue to make those holdings richer?
  • Is it time for a conversation with the private about how to do this? How do we have that conversation?

So questions are about

  • Hallmarks of undertakings
  • The impact on companies
  • What direction we want to go in as a society.
  • What do we do with companies that are on the verge of bankruptcy before the crisis?
  • What about start-ups in turbulent water?
  • What about shock-resistant companies that were little affected by the crisis? What about their mortgage? Their investments?

The government must make the right social choices. To this end, data mining is super important. Belgium is more equipped in this respect than neighbouring countries. It can order studies to know the effect of the measures in great detail. This provides post-crisis a number of lessons learned that in post crisis can help prepare a next crisis with rescue plans. To this end, intangibles can also be measured indirectly. Research into intangibles is needed to stimulate innovation and detect crime during and after the crisis. By working together regionally with the federal (justice) department, you create the test ground to find out how best to dose the approach for companies.

This data mining can also be used to determine the effect and effectiveness of the support measures: which support measures have worked to what extent. Which companies receive which support during the reconstruction? Which ones don’t ?

In addition, the government must continue to activate dormant savings. This requires trust. For example, with funds whose units are insured against a decrease in the value of the fund. Inclusion is important.

Focus on SMEs that develop technology that promotes environmental well-being.

Extra credit via payment term of 90 days instead of  30. With a tax advantage slightly higher than the loss of profit. This provides continuity in the customer portfolio, goodwill, loyalty, retention for supporting entrepreneurs.

Encourage to put financial surpluses into loans to customers or suppliers. Or to take minority participations.

The government as a business angel? (Is that possible?)

Symbiosis with organizations from other sectors: vans that are now half empty…

A third dimension is therefore, in addition to quasi-bankruptcy pre-crisis or during the crisis, also whether the company was not only economically healthy, but also socially responsible companies. Whether they can become later.

Check, among other things, whether the customers are activated.

  • Where do you give the right financial injections?
  • Where do self-reinforcing chain reactions occur?
  • How do we achieve maximum effect?
  • How do we limit the Flemish dependencies that come to the surface during the crisis?

In this way, among other things, make the crisis a catharsis.

Benchmarks for (only) a first direction are those of the nine-grid of Graydon.  (https://graydon.be/nl/ITAA-YourInsight)

We learned that we depend on long logistics chains, that we are dependent and vulnerable, that our economic credo is not shock-proof, that decisiveness is lacking, that local trade was creative, that web technology is powerful, that social cohesion in many neighbourhoods has become stronger, that commuting has been questioned, that a new approach to the working environment was possible…

Furthermore, incentive of equality is necessary for effective better prosperity. Otherwise, the rich will become richer, the poor poorer, with all the consequences for social robustness. To this end, the dissemination of knowledge is necessary. That doesn’t happen spontaneously. This makes one stronger. Organize learning how to make connections and associations, avoid specializing too quickly. E.g. through a course ‘overarching consideration’. Show common ground between sciences, between abstract thinking and everyday experience. Teach them to reflect on the environment, on themselves, on their future. (Jacques Attali: ‘Peut-on prévoir l’avenir?’ 2015)

In addition, a self-confident region in a self-confident Europe is needed to stand stronger. To this end, the growth capabilities must stimulate people to know and acknowledge their own values. Belief in one’s own abilities, interest in the other…

For this, four tools are needed: social structure or governance format, communication, technology and economics.

In terms of leadership in the crisis, it is necessary post-crisis to rethink the structures and their power:

  • What was helpful?
  • What was pointless?
  • What was bothersome?

In terms of institutions, one must therefore check which ones can be renewed, which ones have to grow, which ones have to shrink and which ones are allowed to leave.

In order to organize society, economy and technology for the people of tomorrow, we must therefore prevent or counteract the far-reaching brain drain from our region (Flanders).

In addition, our region must support its social cohesion. Tackling ‘the others are wrong’ thinking, tackling human (social) poverty (not the lack of prosperity alone). To this end, it must stimulate binding action and communication. That starts with connection in neighborhoods. The aim that everyone is involved and takes responsibility. Ask how to engage people from other communities. Decision-making at subsidiary level based on interests. That creates

  • Chances
  • Social cohesion
  • Hope
  • Creativity
  • Integrates cultures

This can only occur in the long term, thanks to a long but sustained lead time. The state should not be a dogma. The state must create opportunities that correct unevenness of opportunity.

In terms of economy, re-shoring is needed. It is equivalent to securing our supply, control over the flow of goods and services. About its quality. Shorter transport links. It is more efficient and cheaper in the long run. Consequences can be: better air quality, decongestion of our roads and more circularity.

Then there is the issue of the failing entrepreneur. It must be able to restart; instead of seeing him or her as a kind of criminal, see him or her as someone who can learn from his or her experience. Or accompany him or her to paid employment.

With technology you can do a lot in terms of artificial intelligence. However, it is also dangerous relative to GDPR and human rights.

All this is to be resilient. This is necessary for the organizations and our region to be able to meet the others in full confidence and respect.

Natech Risk Assessment and Management – Reducing the risk of Natural-hazard Impact on Hazardous Installations

admin

Authors: Elisabeth Krausmann; Ana Maria Cruz; Ernesto Salzano
The problem that is currently on the rise is that of technical disasters triggered by previous natural disasters or natural events. Examples include frost, heat, drought, rainfall, floods, earthquakes, whether or not combined in tsunamis, lightning strikes, etc.
In an extensive introduction, the authors give a number of examples of what these natural phenomena can do. And that is quite something: ranging from power cuts and pipe breaks, to destruction of storage tanks and explosions. These in turn give rise to an evacuation of the employees of the company, the environment, with or without death toll, as well as a possible enormous economic damage and the stagnation of (parts of) the economic activity in the affected area. It is therefore not for nothing that people want to arm themselves against the even worse domino effects of such events. To this end, these so-called Natech events are studied. To make the world a little safer.
Unfortunately, no two Natech disasters are the same. Although performing risk assessments makes progress in this regard, according to the authors, it remains (for the time being) an impossible task to compare the results of risk assessments. That makes it difficult to prioritize. Yet there are some standard works that the authors regularly refer to, among many other things in their detailed literature lists. Namely the so-called purple book, red book, green book and yellow book from TNO. But perhaps more important for their discussion are the software packages RAPID-N, PANR, the methods of TRAS 310 and TRAS 320, risk curves and ARIPAR-GIS. These contain qualitative, semi-quantitative and quantitative risk assessment modules.
After a number of chapters in which RAPID-N, ARIPAR-GIS and RISKCURVES are illustrated with discussion of the results, two chapters deal respectively with structural (technical) measures and organizational (more administrative) measures.
An innovative framework, which the authors say is worthwhile, was proposed by IRGC and consists of the following five elements:

  1. Risk preassessment: an early warning and “framing” of the risk to provide the problem with a structured definition. Or how it is framed by the various stakeholders and interested parties, and how best to deal with it.
  2. Risk assessment. By combining a scientific risk assessment (of the hazard and the probability of it) combined with a systematic ‘concern’ assessment (of public concerns and perceptions) to form the basis of knowledge for taking subsequent decisions.
  3. Characterization and evaluation: making use of scientific data and a thorough understanding of the societal values ​​affected by the risk to determine whether the risk is acceptable, tolerable (with or without mitigation of the risk as a requirement) or intolerable (unacceptable).
  4. Risk management: all actions and remedies that are necessary to avoid, reduce, share or retain a risk.
  5. Risk communication: how stakeholders and interested parties and society understand the risk and participate in the risk governance process.

The work is, in particular, a piece of “compulsory” reading material for continuity managers and risk managers of large companies that are important for the economic motor of a region or country with large industrial installations. It requires a healthy portion of common sense, but also a sufficient knowledge of process engineering to grasp the storylines. In addition, an open view of a wide range of sciences, technical and non-technical, and of society, is necessary to correctly assess the importance of this work.

Adaptive Business Continuity – A New Approach

admin

Authors: David Lindstedt; Mark Armor
Adaptive Business Continuity wants to blow a new wind through the BCM world. To this end, they throw, among other things, the BIA and the risk assessment overboard. When I read the arguments why they do this, it’s not clear why. After all, if I read the authors’ arguments in Appendix B (the manifesto), then there is the following in B.5.1 page 154:
“Adaptive BC discourses a sequential approach. Continuous value, coupled with the core mission of continuous improvements in response and recovery capabilities, leads to the adoption or a non-linear approach that adjusts to ongoing feedback from all participants. … “.
The manifesto in https://www.adaptivebcp.org/manifesto.php also states that things are becoming increasingly complex:
“How long can an organization without a particular service almost always depend on an integrated combination of factors too numerous to identify and too complex to quantify. Moreover, the changes that result from the exact timing and actual impact of a disaster on a service will dictate different judgments about applicable recovery strategies, priorities, and time. Definitive changes to a service’s holistic “ecosystem” cannot be foreknown. ”

Nobody can deny that the problems are becoming increasingly complex. However, it can be denied that linear problems no longer occur can be denied. That is why I would like to look back at the picture of the full spectrum of possible disasters. I tried to discuss this in a previous blog, at https://emannuel.eu/en/artikels/resilience-strikt-genomen-disaster-management-red-ants-gray-rhinos-black-swans-de-verhouding-van-bcm-risico-management-rm-en-crisis-management-cm/ in question 6:

However, when I get the idea of linear issues, difficult or complicated issues and complex issues from the article of https://emannuel.eu/en/artikels/herhaalt-de-geschiedenis-zich-of-niet/# then I come to the next figure:

I believe that Traditional BCM has a linear approach. This is extremely suitable for linear issues and systems with a (well) known impact and linearisable systems from the complicated part of the spectrum. The question that remains is whether the arguments of the authors are clear enough to put this linear approach aside. This I deny: the objectives of Adaptive BC are not clearly defined enough to throw traditional BCM overboard here. After all, no arguments are given. The BIA simply refers to an article by Rainer Hübert, the authors of which do not reflect the line of thought.
Mutatis mutandis, I think the argument to drop the risk assessment is a non-argument.
After all, they write:
“Administering a proper risk assessment and implementing the resulting action items may necessitate deep knowledge of actuarial tables, information security, insurance and fraud, state and federal regulations, seismological and meteorological data, and the law. Typical continuity practitioners do not possess such deep kn owledge; those who do are most likely specifically trained as risk managers. Adaptive BC practitioners as such should eliminate the risk assessment from their scope of responsibility. ”
I do not agree with this: a BC manager does not need to be an expert in all these matters. Rather, he / she must be able to know the right experts within the company, gain their trust, facilitate and coach them in order to achieve results. Then making a risk assessment is not hopeless and not unusable. I leave the criticism of the readers to judge a lot of other claims to the detriment of traditional BCM: it is clear that the authors are trying to declare the traditional BCM dead for reasons they unclearly articulate.
Has the Adaptive BC depreciated for me? No, not at all. Because they offer an answer to issues from a different part of the disaster spectrum: possibly, provided that they have a solid foundation, a solution can be distilled here for complicated and complex systems where I think traditional BCM has a harder time answering as follows:

So in my opinion, the time of traditional BCM is not over as long as there are linear issues. In addition, Adaptive BC will have to develop further into a more mature activity, which can claim its own part of the spectrum of disasters, together with monitoring, building scenarios and future scanning. But next to Traditional BCM. Not instead of.
So there is still work to be done.

X-Events. The Collapse of Everything

admin

Author: John Casti

The book is written “For the connoisseurs of unknown unknowns” and is divided into three parts.

The first part – Why ‘normal’ is not normal anymore – talks about complexity theory. The complexity theory means that each issue has two (or more) sides, for example a service delivery of an organization has an organization side and a customer side. Both have a certain degree of complexity. Without going into the definitions of complexity here, but from the gut feeling, we can view the delivery of electricity in the USA as an obvious example. We can say that the demand side is very complex: different quantities, different times, different needs that have grown throughout history as a very complex system. But there is an outdated infrastructure that has a low complexity with regard to the current state of technology. Between both complexity levels there is a gap, which according to the complexity theory is a source of vulnerabilities, and can trigger an extreme event to correct the system. For example, a blackout. This example is a simple illustration of the theory, which is obvious. The best solution for the continuity of the customer side and the supplier side in this case is an increase of the complexity on the supplier side, until it equals that of the customer side. In other words, a technical upgrade.

The first part ends with seven complexity principles:

Complexity Main characteristic
Emergence The whole is not equal to the sum of the parts
Red Queen hypothesis Evolve to survive
For nothing the sun sets Exchange between efficiency and resilience
Goldilocks principle Freedom levels are ‘just right’
Incompleteness Only logic is not enough
Butterfly effect Small changes can have huge consequences
The law of the required variety (this is the somewhat important one) Only complexity can control complexity

Part two is a collection of 11 chapters, each of which deals with a separate case, in which the complexity gap is shown each time and how a disaster can arise from it.

In part three, the author argues that the breadth of the gap or the excess of complexity can be seen as a new way of quantifying the risk of an extreme event. This, however, without really going into formulas.

Finally, the author determines three principles with which the gap can be made smaller or can be prevented.

– A first principle is that systems and people must be as adaptive as possible. Because the future is unprecedented but increasingly dangerous, it is wise to develop the infrastructures with a large degree of freedom, to be able to counter or use what you encounter.

– The second aspect, resilience, is closely related to the first principle, that of adaptation. With this you can not only collect hits but also take advantage of them.

– The third principle is redundancy. This is a proven method in the security sciences to keep a system or infrastructure going when faced with unknown unforeseeable and foreseeable shocks. Actually this is about extra capacity that is available when, for example, a defect occurs.

Exponential Organizations

admin

Authors: Salim Ismail; Michael S. Malone; Yuri Van Geest

Humanity has been busy with productivity since time immemorial. Production provided people with scarce resources that were / are worth a lot due to their scarcity. In the last decade, the Internet has come to the forefront, including the concept of “Creative Destruction” and “disruptive technology”. The big companies usually thought about the Internet 15 years ago as “something that is a phenomenon of time”. Nowadays, after an explanation about exponential organizations, they realize that the internet is a phenomenon that is the beginning of everything.

But what are they, those “Exponential organizations”?

It is usually small organizations that make use of the latest technology to come up with new solutions for market demands, for which solutions sometimes already exist. Through the new application they conquer the market in a very short time, in an exponential way. Examples include smartphones and tablets, which have given the photography and the paper newspaper world a problem.

The “nice thing” about this phenomenon is that because technology has become common good, an adolescent in a garage can do an invention that can turn the world of a gigantic company with thousands of employees upside down in a very short time.

That is why it is important that all organizations transform themselves into exponential organizations and tackle themselves disruptively. Because if they do not do it themselves, someone else will. Hence disruption as a means to do risk management and business continuity.

In the book, which is the result of a study by SU (Singularity University), the authors give a number of points of interest. These are given by the mnemonics MTP, SCALE and IDEAS.

Very important is that in contrast to large monoliths the small ExOs are very Lean and Mean organized. The book does not go very deep on this, but large monoliths can also benefit from their advantages by collaborating with existing ExOs or by creating ExOs at the borders of their organization.