Disasters are major natural or human-induced events which cause significant damage to the infrastructure critical to an organization or supply chain, and therefore significant disruption to its operations. War or terrorist attack, sabotage, floods, hurricanes, earthquakes, fires and so on and also, depending on the nature of a business, events such as power failures and systems failures are examples of disasters.
Hence, there is a critical need for planning recovery strategies from the effects of such disasters. Disaster recovery plans (DRPs) are subsets of business continuity planning which aim at ensuring that organizations can function effectively during and following the occurrence of a disaster. As such, they possess cost, performance, reliability, and complexity characteristics that make their development and selection crucial.
Third-party resources for disaster recovery
Third party resources from whom disaster recovery services can he obtained, or to whom they can be outsourced, include the following.
• Commercial services providing for off-site back-up storage of data and documents (including cloud – computing services and off-site archival facilities)
• Specialist services for the recovery of ICT systems and data centers, using specialist disaster recovery hardware and software components
• A range of commercial services to whom business-critical operations can be outsourced or contracted on short-term recovery (or ongoing) basis, with advance pre-qualification of outsource providers a priority for business continuity planning. This may include the use of: call centers (to maintain customer service); IT services (to maintain systems and data management); procurement services (to maintain procurement and supply); logistics transport and warehousing services; and so on
• Sources of alternative premises, facilities or work accommodation, if the
organization’s premises are damaged or rendered unsafe
• Public emergency services: e.g. for evacuation, clean-up and maintenance of public services (e.g. in the event of flood, fire, earthquake and so on, which may affect whole cities or regions)
• Grants and financial assistance (e.g. from government and government agencies, industry associations or trade unions) for disaster recovery.
• If premises, vehicles or equipment are damaged in a disaster, various business services may be used in disaster recovery.
• Alternative prices, facilities and/or operations may be maintained or provided by third-party disaster recovery services. Back-up office facilities are often designated as ‘cold’ (e.g. alternative space to house the staff); ‘warm’ (space plus equipment); or ‘hot’ (space, equipment, plus software and back-up data files, enabling the business to resume operations immediately). It should be obvious that maintaining a hot hack-up site is a costly process, in terms of up-front investment and management.
• Alternative premises or resources may he ‘lent’ or provided by other business units or sites, of the firm, or by supply chain partners or major corporate customers. The disaster recovery plan may require sufficient spare space to be kept available in designated branch offices or plants, for example.
• Alternative premises, equipment, vehicles and other resources can be hired from external providers, on a short-term basis (to allow for recovery).
• Serviced offices may be rented as required.
Review Questions
1. Design an organization structure of professional procurement audit firms
2. List five multinational and local procurement audit firms
3. Discuss five fundamental ethical audit principles that professional procurement audit firms should abide
4. Identify five risk management agencies
5. Discuss five risk auditing services sources
6. Discuss the advantages and disadvantages of external risk consultants.