Driving Proactive Business Continuity Assessment and Execution
Business Continuity Management (BCM) is an integral control within a company’s operational risk framework, one that requires meticulous planning and seamless execution. The impact that BCM has on a firm cannot be understated, as failure to manage the program properly can have damaging financial, reputational, regulatory/legal, and customer implications. Yet according to a recent business continuity study, 27.2% of companies surveyed do not have a business continuity plan in place and are not currently developing one.
A firm’s BCM program must be capable of evolving to address not only traditional outages, but also modern threats occurring with greater frequency, such as cybersecurity breaches and interruptions to services and/or technology provided by critical vendors. It is imperative to have a robust BCM program in place, one that can mitigate today’s threats with ease and precision — with the agility to address the unknown threats of tomorrow.
Companies should be asking themselves the following questions to determine whether BCM plans now in place are effective and comprehensive:
What are the worst-case impacts to your organization and does your current plan address each of those scenarios?
Is your communications plan agile enough to handle these scenarios?
Are your third-party vendors prepared? How can you be certain?
This article provides financial services firms with insights into both the assessment and execution of a BCM program. In the assessment areas, Personnel Assessment and Plan Assessment are recommended to be used together before an incident to deliver senior management full insight into the maturity and health of a firm’s BCM program. Additionally, the execution of a program leading up to and during an incident, can provide valuable lift to an organization while others may falter against real-world challenges and pressures.
Additional authors and contributors: Sara Laskoski and Brian Karp