orangeblock
Menu

Measured continuity is good governance

24 January 2010 | Compliance - Regulatory | General | CGF Research Institute (Pty) Ltd / ContinuitySA

Article by CGF Research Institute (Pty) Ltd and ContinuitySA (Pty) Ltd

The King III report on corporate governance has been finalised and is due to be released in March this year and South African business leaders will be compelled to re-evaluate many areas of their businesses, most particularly their governance, risk and compliance operations. Moreover, combining this with the new Companies Act 2008 which takes effect in June 2010, company executives will need to be in a position to implement changes to satisfy these new provisions in their organisations, while also finding ways to ensure their modifications have the desired impact. And while King III’s predecessor, King II, was mandatory for listed companies on the JSE, King III has a significantly further reach as the code for good governance will now be applicable to all legal business entities, thereby enforcing more executives to apply a far more concerted effort toward its compliance.

Says Terry Booysen, CEO of CGF Research Institute, "Good intentions are not good enough any more when it comes to corporate governance. Executives can find themselves in serious trouble if they do not ensure their business conduct and operations meet the provisions of what is expected from the likes of King III, the new Companies Act, Competitions Act, class actions and many other legal and regulatory measures due this year, which are designed to improve the manner in which we conduct business locally and abroad. The old adage of "you can't manage what you can't measure" is therefore more prevalent in South African business today than ever before. "

The only way to ensure that companies meet the new governance standards is for boards to appoint directors who are equipped to deal with these additional responsibilities whilst providing them the authority to implement and oversee the changes. These leaders will need to ensure each area affected by the new laws and governance recommendations is continually up to standard.

"One of the areas that will require serious focus is business continuity management. Many executives realise the need for business continuity and have grudgingly spent money on it in the past, but have never been able to be at ease, knowing their businesses are covered and would be able to recover in a real disaster. Similarly, MDs have had no way of knowing if the various divisions and business units in their companies are recoverable despite assurances from individual managers, as each manager has a different idea of what it means to have continuity plans in place," continues Allen Smith, CEO of ContinuitySA.

Most often businesses will spend money on some continuity planning without knowing whether it's well spent or if the plans will fall apart at the first emergency. What business needs is a common, standardised measure that will provide it with the assurance that money spent on business continuity management has been spent wisely. Clearly, not only should the business continuity plan be customised to suit the business’ environment, it must also be robust and tested to ensure its effectiveness of withstanding any form of business disruption.

Continues Smith, "Companies are advised to adopt the Business Continuity Maturity Model -- a system that provides a high-level overview of the company's current continuity standing in an easy to read dashboard -- which will show managers where they are prepared and where they fall short of the mark."

The model is designed according to the British BS25999 business continuity standard. It breaks down continuity planning into various components and measures each business division's readiness, combining the scores into an overall readiness level for the company.

To explain the concept of levels, one can refer to the BEE ratings common to South African companies. A company will decide which rating level is appropriate for its business and strive to attain that. This level may not be the highest, but will meet the requirements of the company for future business. The maturity ARTICLE

levels of business continuity work on a similar basis. For example, a Level 5 rating is the highest score, meaning all the components are in place and recoverability is certifiable to BS 25999 and that the business will enjoy service continuity even in a worst case scenario.

It's important to note that the Business Continuity Maturity Model is not a standard benchmark against other companies in the same industry, but is a measurement tool designed to assess each company's readiness according to its own requirements as per BS 25999. The comparison is not to how your competitors are doing, but to how close you are to achieving your desired state of continuity preparedness says Smith.

Given the up-coming 2010 World Cup Soccer event, organisations such as emergency services, or even organisations with trading desks at a financial firm, for example, will need to attain an almost perfect score as they will need to be up and running within less than an hour. In a retail environment or the hospitality business, or manufacturing plant; the need for immediate recovery is not as great and these type of organisations may be able to settle for a lesser rating as they may only need to recover operations in a day or two.

The Business Continuity Maturity Model allows businesses to accurately assess the value of their business continuity preparedness and identifies precisely where work is needed in an easy to read graphical format. It does not, however, remove the requirement for business continuity personnel certified by the BCI (Business Continuity Institute) to conduct the process, as the implementation and assessment needs to be in strict accordance with BS 25999.

"More importantly, the maturity model does not allow business leaders to avoid learning about and understanding business continuity principles. If you do not take business continuity seriously, you can't effectively determine what you want to achieve and the data provided by the maturity model will simply be a meaningless rating that does not lead to constructive action," continues Derek Taylor, Business Development Manager at ContinuitySA.

To ensure continued preparedness, the Business Continuity Maturity Model has been designed as a continual work in progress, allowing management to view its state of preparedness and make the necessary adjustments, repeating the process at regular intervals to ensure its continuity standards are eventually achieved and then maintained.

The Business Continuity Maturity Model empowers organisational leaders to make effective continuity decisions by delivering the first BS 25999 compliant measurement system to the South African market. The model offers a clear, unambiguous overview of the businesses continuity standing, highlighting areas where preparations are inadequate and improvements are required to ensure that when disaster strikes, the company is able to maintain or recover operations at a pace suitable to its specific needs.

quick poll
Question

If you had to hazard a guess, when do you reckon the COFI Bill will be signed into law?

Answer
View the Results arrow
FAnews April 2026
THE LATEST EDITION FANEWS MAGAZINE
  • Geopolitical risk: the rising threat to global trade and insurance markets
  • The regulatory tightrope: achieving consumer protection without overregulation
  • Liability disclaimers and consumer protection: key lessons from recent case law
  • From promise to payout: the real test for employee benefits
  • Retirement planning: when the maths doesn’t math
Products & Services
Useful Links
Important Links
Jobs

© FAnews | Privacy Policy | Site Map | Website Design by Online Innovations