Evaluating Program Effectiveness
Business continuity management (BCM) is an integral control within a company’s operational risk framework, one that requires meticulous planning and seamless execution. The impact that BCM has on a firm cannot be understated, as failure to manage the program properly can have damaging financial, reputational, regulatory, legal, and customer implications. According to a 2018 study, seven in 10 respondents (68.5%) noted they had an incomplete disaster recovery (DR) plan, and less than half of those surveyed (48.5%) had performed a DR test in 2017. “The percentage of businesses that suffered from a disaster recovery incident was essentially unchanged from those surveyed in 2016, and the lengths of those outages, and recovery completeness, was statistically the same. Even the percentage of businesses that felt very prepared to recover from a disaster barely tilted forward.” In 2014, 20% of surveyed businesses that suffered disruptions endured costs ranging from $50,000 to over $5 million. The lack of progress since 2014, in general, across the financial services industry is shocking, considering the costs incurred when there are disruptions.
The threat landscape facing financial services firms is constantly changing. As such, a firm’s BCM program must evolve to address not only traditional outages, but also modern threats occurring with greater frequency, such as cybersecurity breaches and interruptions to services and/or technology provided by critical vendors. It is imperative to have a robust BCM program in place, one that can mitigate today’s threats with ease and precision.
Is your organization’s BCM program ready to effectively handle both the most common and complex business continuity threats? This article provides financial services firms with two methods that Guidehouse uses to assess the strength of BCM programs:
When used together, these assessments deliver senior management full insight into the maturity and health of a firm’s BCM program. This valuable perspective can be used to identify weaknesses and ultimately enhance the BCM function, better safeguarding a company’s assets.