Test your customers’ business reliability

Test your customers’ business reliability

The last few years have clearly shown that no company is immune to an unforeseen event that is serious enough to jeopardize its activity. Prolonged absence of a key member of the team, natural disasters, health crisis, widespread computer errors, cyber attacks, … the possibilities are endless.

So specifically, how do you check that your customers are prepared? Here are 5 questions to start the discussion.

Have you defined a business continuity plan?

According to the government, the nature, frequency and cost of crises have evolved significantly over the last 20 years (see chart below). In this context of increasing uncertainty, organizations that have taken a prior step to ensure the continuity of their activity are the most resistant to destabilizing events; .

Asking your client about the existence of a business continuity plan (BCP) in his business is to increase his awareness of these issues very directly. But the existence of such a plan is not enough, it must also be updated regularly, because the threats and risks that weigh on the company develop over time.

Main global shock
Global disaster loss 1970-2010 (source: Swiss Re, Guy Carpenter & Company LLC)

Global shocks

(Source: Guide to Creating a Business Continuity Plan, Minister of Finance [1])

What is a business continuity plan?

Business continuity management identifies potential threats to an organization, as well as the impacts that these threats, if they become a reality, could have on the organization’s business operations, and [fournit] a framework for building the resilience of the organization, with an effective responsiveness that ensures the interests of its key stakeholders, its reputation, its brand and its value-creating activities.

The Business Continuity Plan (BCP) sets out the strategy to guarantee the resumption and continuity of its activities following a disaster or event that seriously disrupts its normal operation.

How many days can you endure if the collection chain breaks?

One of the principles of business continuity management is to focus on the vital functions of the company, to estimate the maximum allowable interruption duration (MAID) for each one. In VSEs / SMEs, however, the collection function is often very high on the priority list.

Lack of cash is actually the main cause of business failure, and VSEs / SMEs have little room for maneuver in this area: they are paid on average in 42.4 days and pay their suppliers in 48.5 days. The health crisis and the recovery have also shown this: A company can be profitable and at the same time be insolvent due to a need for working capital despite its management. Small businesses can therefore not afford long periods of unavailability of billing and debt collection services. Being robust also means checking your cash to avoid insolvency.

Dematerialization processes, and in particular payments, are crucial to ensure the continuity of these two key functions. By managing deposits and withdrawals online with a solution like Libeo, companies reduce the risk of running out of cash for logistical reasons. Libeo also gives executives a clear vision of future payouts, month by month, giving them the means to manage their cash flow as closely as possible.

How would you ensure business continuity if you could no longer access your data?

This is a threat that is beginning to become well-known to executives: According to a study by Forrester Consulting, 33% of VSEs / SMEs with fewer than 250 employees have been hit by a cyber attack in the previous 12 months. [2].

In this regard, statutory auditors are particularly well placed to support VSEs whose organizations and information systems they generally know. The Superior Council of the Order also published a guide to cybersecurity for state-authorized public accountants in 2018, available at Bibliordre.

To reduce his risk exposure, the business manager can work on various points, including in particular:

  • classification of company data and management of associated access rights;
  • management of employee departures and associated rights;
  • performing penetration tests;
  • increase team awareness of best practices;
  • review of data storage and duplication conditions (inside the company and outside).

How will you communicate with your employees in the event of a major crisis?

In certain particularly critical situations, traditional forms of communication are no longer useful (especially cyber attacks) or poorly adapted to the urgent nature of the situation. How to communicate in this case?

Recommend that your customers maintain a GDPR-compliant database of employee contacts with multiple means of communication to reach them, even before they arrive at the workplace. It can also be helpful to plan ahead for the methods of this communication, and in particular its transmission to all teams. Should the manager personally contact each employee? Should managers be asked to cascade information? How to ensure a good reception at the end of the chain?

And what would you do if …?

In addition to the few specific questions mentioned above, it is important to encourage the leader to think about the environment and the risk factors specific to his organization. The Business Continuity Plan Wizard distinguishes between 3 main types of crisis situations that can be used to nurture this reflection:

  • a short and brutal episode. It will e.g. often be a climatic episode, which requires protection of the company and its resources (human and material), during the event;
  • an extended episode. This is especially true of a pandemic, but also of a cyber attack that would paralyze the company’s IT system. In this situation, in addition to the protection of resources, there is the issue of maintaining or resuming priority activities without waiting for the crisis to end;
  • a lengthy episode with the company website useless, inaccessible or inaccessible. This is especially the case with a major fire or an earthquake. In this case, it will also be necessary to provide a fallback mechanism (data transfer, physical transfer of what may be, general telework, etc.).

By discussing these 3 types of crises with the leader, threats that may seem abstract are made more concrete.

Once these risks have been listed, it is recommended to prioritize them according to two criteria: the probability of the scenario occurring and its severity. The most critical risks are those that are both frequent and large.


Leave a Comment