Exit-Ready

Sometimes an enterprise has to get out of some business arrangement for some reason. It may be something the business has been considering for some time and finally comes to a decision after some trigger event, or it may occasionally be a totally unexpected requirement to find a way out, triggered by an event totally unexpected or at least uncertain.

Currently, at the time of writing, the world is digesting the news that the UK has voted to leave the European Union. This was not totally unexpected but was uncertain until a few days ago. What is clear now is that many important institutions such as the UK Government and The Bank of England have been developing two parallel plans for a long time in the run-up to the referendum. One plan for Remain and one plan for Leave. This is called ‘contingency exit planning’ and is an essential strategic activity for any serious business enterprise. Is your business ‘exit-ready’ for this or any other similar outcome? Let’s hope it is.

What concerns the Attributer is the frequently reported fact that so many business enterprises have no business continuity or contingency plans at all. Because this event was anticipated, maybe those affected will have been doing some work on double scenario planning too, but what about facing exit events that are totally unexpected and unplanned?

Some years ago the Attributer was attending a conference on information security and at lunchtime had popped outside for some fresh air and a bit of a walk. Also on the pavement outside the building was another attendee pacing furiously up and down, having a conversation on his mobile phone. After the call had ended a conversation was struck up and it transpired that the gentleman had some serious trouble back at the office in another country. He was the Information Security Manager for a large Scandinavian corporation and right now he was in London, away from the office.

He explained that his company had an outsourcing arrangement for managed security services and that they were happily having such things as malware protection, firewall management and email filtering provided by a service provider with whom they had a good working relationship. He had just been informed by phone that the service provider had been acquired by a much larger service providing company, and that this new owner was not intending to offer services of this type. Without notice, they were informed that the contract was ended. Phow!

Here it is then – the unexpected, unplanned exit, not of their making, but all the more surprising and shocking for that, a Black Swan. Could they have planned for this event? The answer (perhaps with hindsight) is yes they could. One thing that could have been done would have been to ensure that the contract had clauses in it giving them some protection against this type of outcome. It is not uncommon in the service provider industry for mergers and acquisitions to occur, so this could have been foreseen as a possible scenario. Wise after the fact eh? However, that’s what contingency planning is all about. Being wise before the fact by dreaming up business discontinuity scenarios and stress testing the organisation’s ability to survive those events. Not all Black Swans are unforeseeable – some are decidedly grey in colour. Brexit has been becoming a paler colour by the month for some time.

So, The Attributer concludes that contingency planning is an essential activity, and that within that activity, scenario planning is the main tool be which an enterprise can protect itself by foreseeing generic event types such as ‘forced exit’. SABSA uses business attributes to ensure that each and every business requirement is captured and risk assessed, and that controls such as contingency plans are put in place to meet the risk appetite of the company. Is your enterprise ‘exit-ready’?

The Attributer