The fundamental problem is uncertainty. The uncertainty of the unexpected dropping on your head, and the uncertainty of not knowing how much you don’t know.
Imagine - you are driving in to work one day, to the company you own. You drive around the corner, and see your building is a smouldering ruin, nothing left of it. What do you do?
If the question, “What do I do now?” - is uppermost in your head, you’re in trouble. That is the wrong time to ask that question. Hopefully, what is in your head is, “I’ll invoke my Business Continuity Procedures. We all know what to do. We’ve practised it. Everyone knows their part, knows how to do it, and has what they need to do it. We’ll get through this.”
The right time to ask that question is in Business Continuity Planning meetings. Hopefully from this comes an up-to-date, comprehensive plan, relevant specifically to your company, that will enable you to handle any disruption. Do you have this in place? If not there is work to be done.
Not to be driven by fear. Rather to be driven by the understanding of the importance of addressing uncertainty.
Another element of uncertainty is getting some handle on those things that can go wrong, that can cause headaches, that can cost you in time, money, hassle, reputation or embarrassment. Identifying these and handling them is the role of Risk Management – assessment, analysis and treatment. Do you have an up-to-date, thorough Risk Assessment of all areas of the company? If so have all of those risks been handled or treated and is it up-to-date? If not there is work to be done.
Of course, uncertainty is not the only driver. Steps do need to be taken to handle uncertainty, as best you can. Steps also need to be taken to handle what you know needs doing. One issue with this one – are you doing everything that you should be doing, and what do you base that on? It is really difficult to get a handle on what you should know but don’t. One solution here is Compliance. Compliance to a standard like the ISO family of standards – a collection of industry best-practice. Some compliance is legal and mandatory. Some optional, some a pre-requisite to doing business or to gain a competitive edge. Whatever the drive for compliance, it provides a pre-defined framework of steps and principles. When compliance is a part of business practice, some ongoing element of audit (external and / or internal) is often required. Are you compliant? If not to some standard, then at least to your industry best-practice? If not there is work to be done.
Some compliance standards only apply to certain elements of a company, rather than the entire company. From the perspective of the entire company, are you doing everything that you should be doing? Or more usefully, are you running, controlling and managing as efficiently and effectively as possible – and what do you base that on? This is the realm of Governance. There are many governance frameworks, some formal, some less so. In the absence of any specific framework, Genesis GRC has its own Governance Framework. Do you have a handle on your governance? Are you achieving your business goals as efficiently and effectively as possible? Are all controls and procedures in place that should be in place, and are these all effective, reviewed and up-to-date? If not there is work to be done.
All of this, in varying forms, applies to all companies, organisations and businesses – from the multinational corporation to the one-person business and local trade-person.