Manage risks to cut down on disasters
BUSINESSES in Asia are becoming more dependent on computers to control their vital operations and keep them globally competitive.
However, few of Asia's large organisations have adequate recovery plans should a disaster happen.
More than 90 per cent of computer rooms are at the mercy of problems that have nothing to do with software bugs, network failures or user vandalism.
The main villain is site infrastructure.
More than 50 per cent of disasters and computer installation problems are related to the computer's environment. Therefore, it is important to plan a computer site carefully, if a company is to reduce the risk of a disaster occurring.
Management should be concerned about computer disasters. The Chubb Insurance Group of America commissioned a research project among computer-dependent companies that had suffered a disaster and discovered nine out of 10 firms went into liquidation within18 months.
The immediate effects of having a computer disaster include loss of trading, damage of critical company records, disruption of key activities, such as distribution and shipping.
However, there are also secondary effects, including damage to public image, loss of competitiveness, commercial confidentiality, breach of security, legal implications and obligations, staff morale and customer confidence.
With so much at stake, it is vital that Asian managers consider recovery strategies, paying special attention to the role computers play in their organisation. Risk management is vital.
The concept of risk management involves reducing the vulnerability of assets through the adoption of counter measures.
Such counter measures act in different ways, including reducing the impact of a disaster, detecting a disaster before it escalates, or easing recovery from a disaster.
Management must access the risk their companies face due to a computer disaster and form clear counter measures.
Many managers use purely quantitative methodologies for accessing risks.
One such method is the Federal Information Processing Standards Publication - FIPS PUB 65 (1979) .
This key guideline for accessing risk covers the role of management in assessing risk, security examination, asset cost analysis and threats to assets, expressions of impact and frequency of disasters, and the selection of safeguards.
While quantitative risk management methodologies are excellent for situations where risk factors and costs can be accurately described, they generally do not apply to areas where an absence of reliable data, or definable result, exists.
In such cases, management can turn to qualitative methodologies to help assess non-tangible business impact, such as political/personal embarrassment and high-impact/low probability risks.
One effective qualitative risk management methodology, called Delphi , was developed by the Manufacturers Hanover Trust Co to assess the risk to their overall business functions. Experts use questionnaires to determine the 10 most likely threats and thenqualify the consequential and opportunity losses that may result.
These losses are estimated in order of magnitude, rather than costs.
The final step is a control analysis in which experts select from a threat/control menu those controls which they consider would be effective in reducing losses.
Since so few companies in Asia have experience in planning for computer disaster recovery, bringing in experts is often a wise decision.
Unfortunately, there are few Asian-based consultants specialising in this field.
However, several computer vendors offer computer recovery services. A few vendors, such as ICL, even offer ''hot sites'' - a permanent standby computer and EDP facility.
Gary Scarborough is marketing manager of ICL Hongkong.
Companies suffering a major disaster can quickly gain access to computer power until their internal systems are brought back on-line.
ICL takes the concept of disaster recovery one step further than other vendors, by offering a full range of services which protect an entire business, not just the computers. It calls this ''business recovery''.