Are your SME clients violating ASX Operating Rules?

Are your SME clients violating ASX Operating Rules? | Insurance Business

Are your SME clients violating ASX Operating Rules?

A growing number of Australian SMEs have been seeking listed status in recent years but – according to one risk management expert – many may not be fully compliant with official guidelines.

“ASX Operating Rules specify that all listed organisations need to have adequate disaster recovery and business continuity arrangements in place and they must be tested annually,” says Peter Emmett, regional manager for WA at global risk management firm Dynamiq.

“However, many SMEs neglect training and testing of plans as they are time-poor and lack the available resources due to business requirements.”

While this poses a barrier for businesses seeking additional revenue streams via investment, Emmett says it actually offers an ideal opportunity for brokers who want to increase their value proposition.

“By being an integral enabler to a client’s growth and their ability to list on the ASX, brokers provide support to their clients as specialist insurance and risk management advisors,” he says. “Ensuring their clients have robust business continuity plans as part of their risk management framework increases the value proposition brokers provide to their clients.”

While brokers may not be in a position to help their clients develop a business continuity plan (BCP), Emmett says they should take the time to talk to customers about the importance of implementing one that can steer them clear of several common mistakes. These include:

Preparing a BCP without first completing a Business Impact Assessment

“The BIA is essential for identifying critical business functions, and the potential impacts of various business interruptions on these functions,” Emmett tells Insurance Business. “It would be difficult to implement an effective BCP without having first completed the BIA.”

The BCP is not easy to follow

“During the response to a disaster, crisis management teams will often be subject to extreme conditions and heightened stress,” says Emmett. “BCPs should be easy-to-follow, step-by-step procedures for crisis management teams to efficiently follow and implement.”

Emmett also warns that, if management teams are using a business continuity plan (BCP) for the first time during a real incident, they will not be able to implement plans quickly and efficiently.

“Crisis management teams should be well-rehearsed in using BCPs in response to a range of potential business impact scenarios,” he advises. “A well-trained team utilising tested BCPs will be able to respond to any number of scenarios as required.”

BCPs not approved by senior management

“A BCP should be able to be implemented quickly and efficiently by crisis management teams during a response to a major business interruption,” says Emmett. “It is essential that plans are pre-approved by senior management to reduce approval times during the response phase to an incident.”

Peter Emmett will be hosting an online event on 12 September where he will offer advice on effective business continuity planningMore information can be found online.

Related stories:
Most SMEs “too busy” to develop continuity plans
SMEs a "soft target" for cyber crime