Risk assessment failing to keep up with change

PUBLISHED : Tuesday, 26 December, 2000, 12:00am
UPDATED : Tuesday, 26 December, 2000, 12:00am

Many companies prepared thoroughly to meet risks that might arise from the Year 2000 computer bug. With encouragement from the Hong Kong Government, many developed contingency plans aimed at seeing them through any disruptions.

Those plans may now be gathering dust, while some companies have in the meantime increased their risk by branching out into 24-hour, seven-day-a-week online businesses.

'I would doubt, very much, they have updated their contingency plans to reflect that,' said technology risk specialist William Gee at consultancy Arthur Andersen.

The disaster recovery industry has changed with the advent of the Internet.

Analyst Radek Barnert of Goldman Sachs said: 'As we move more toward an IP [Internet Protocol] world, disaster recovery is more broad-based.'

Organisations are setting up Web sites and branching out into e-commerce. Suddenly, their systems must work 99.9 per cent of the time, Mr Barnert added.

'Most people's Internet presence is becoming mission critical.'

When it comes to planning business continuity for emergencies, Hong Kong lags other nations, including Britain, Australia and New Zealand, Mr Gee said.

'I don't think people have that awareness or perceived need to put in business continuity plans,' he said.

'It is, in a sense, not dissimilar to buying insurance.'

One of Arthur Andersen's clients experienced a computer crash and then reached for the data back-up.

It did not work, and the client was forced to re-input the data - telling no one, as it did not want to lose 'face'.

'They basically suffered in silence,' Mr Gee said.

'That is how people normally approach things here.'

It may take one or two such disruptions,before some firms draw up a plan, Mr Gee said.

Research house Gartner Dataquest has estimated that the value of the global business continuation industry will have reached US$575 million this year, touched US$722 million next year and US$907 million in 2002.

The industry's compound annual growth rate between now and 2002 would reach 25.64 per cent, it said.

A solid plan for a major disruption considers back-up, the installation of an uninterruptible power supply, computer recovery, new office space for staff, the needs of clients and more, Mr Gee said.

To ensure continued system availability and support, companies may have two system locations rather than one, try to avoid a single point of failure, or have two Internet connections, he said.

Even minor details make a difference when a disaster hits. Mr Gee recalled the time a typhoon hit a building in Hong Kong and the windows blew out, littering paper all over the streets.

'A clear desk policy is very important,' he noted.