BUSINESS CONTINUITY AND RISK MANAGEMENT IN TIMES OF CRISIS
In the wake of the Covid-19 pandemic, organizations, including those in financial services, are thinking hard about business continuity planning. The pandemic is raising awareness and prompting a considerable amount of investment, and while encouraging, there is much more to be done to prevent anticipated or unanticipated events from disrupting what used to be known as “business as usual.”
We believe the challenge of business continuity planning has become more, rather than less difficult - and this trend will only continue as the range of possible threat scenarios keeps changing and expanding. What we learned in both the global financial crisis and the pandemic, is that, in a highly connected world powered by ecosystems, partnerships and interdependencies, failure in one place can have a dramatic and unforeseen impact on another operation anywhere in your business.
The good news is that we have more powerful and more precise tools for the risk function to manage complexity and detect the early warning signals of impending crises. Data is a foundational element; risk managers are now in position to capture and analyze more data about potentially disruptive events, while boards and top management are more engaged with the risk team, especially when insights and recommendations are based on higher quality data informed by professional experience and focused on the areas of highest criticality.
We see three key steps that risk managers across industry lines are taking to address the complexity of the business environment, anticipate and detect emerging risks and communicate quickly with the broader organization:
1. As organisations move to a cloud-first strategy, risk is working to establish redundancy and backups among cloud providers and to realize the resiliency benefits derived from an acceleration to the public cloud. And, of course, risk itself is taking advantage of the cloud to capture and analyze internal and external data.
2. Risk is helping companies understand the benefits of resiliency. While the ability to recover quickly from adversity remains a critical attribute; successful companies will also seek to better prepare and sense emerging threats to mitigate these risks before they become crises.
3. Companies are realising the benefits of an integrated approach to resiliency and are naming chief resiliency officers to increase focus and heighten awareness. These are individuals who, in collaboration with business leaders, can get the different parts of the organization working together, incorporating continuity and resiliency into everyday strategy and operations.
The business environment is changing rapidly, and companies are facing a host of unforeseen risks. Maintaining business continuity depends upon fostering resiliency, and resiliency comes from adopting new technologies, new skills, and a new mindset. This means decompartmentalising risk and connecting it with the overall business.
Business continuity plans remain a critical tool in the risk management arsenal, but they need ongoing care and attention to remain current. They also need to be tested using modern scenario planning and modeling technologies. Above all, they need to be realistic, tangible, tested and executable. Companies have to devote the necessary resources to carry plans out if and when they need to go into effect.
This is a job for all three lines of defense in risk management – management control, compliance and risk management, and independent assurance. Working together, the three lines can develop an approach that can pay significant dividends, making the business stronger and more able to deliver for its stakeholders, even under the most difficult circumstances.
Speak to us about your Contingency Planning