The board will be legally required to protect the business
from known risks, says Marcus Hill
Is your board taking adequate measures to avoid risks to
your company? Apparently not, according to a report released in
2004 by the Chartered Management Institute, which found that three
out of four directors are putting their businesses at
risk.
To compound matters, if IT directors continue to do this, they will
be breaking the law if new legislation is introduced as planned in
2005.
The Operating and Financial Review, overseen by the Department of
Trade & Industry, has stated that board members will be legally
responsible for protecting their business from risks, such as
environmental and health and safety dangers or irretrievable data
loss. This legislation will affect all 1,290 UK quoted
companies.
All board members of large companies will need to include in their
annual report details of the risks facing the business and the
steps that should be taken to reasonably protect against them.
Failure to do so, or one of these risks becoming a reality, could
mean the loss of licence to operate and, in some cases,
imprisonment.
A business continuity plan is one of the obvious safeguards against
disaster, but the Chartered Management Institute report, which
questioned 461 institute members, found that less than 50% of all
companies had one and, of those, only 57% tested it annually to
make sure it works.
The fragmented nature of modern business - with many organisations
working across multiple locations using different applications and
devices - make business continuity more of a challenge. Business
continuity plans also need to be tested regularly and be adequately
funded.
But business continuity is not the only issue that needs to be
addressed by IT departments and their boards under the Operating
and Financial Review.
The review will also require companies to disclose any threats to
revenue-generating assets; declare the integrity of their supply
chain and their customer data; say what their intellectual property
rights are; and what organisations are doing to safeguard
them.
IT directors need to answer a wide range of questions, such as what
steps they would take to maintain critical business and customer
transactions in emergency or disaster situations; what the value of
their business data is; and what would happen if that data is
lost.
IT directors should be sure their department could manage
continuity of business operations over multiple locations,
functions, countries and activities.
Company boards ignore the risks faced by business at their peril.
The challenge for IT directors is explaining how technology can
ease the pain of compliance with yet another regulation.
Marcus Hill is business development director for corporate
mid-market at BT Retail
