The importance of planning for business continuity has become abundantly clear with the coronavirus pandemic.
Before the pandemic, the onset of cybersecurity risks resulted in a wealth of resources, such as the CGMA Cybersecurity Risk Management Tool, that focus on risk mitigation, response and remediation strategies for the seemingly inevitable cyber intrusion. While businesses have widely adopted strategies to address cyber risks, broader business continuity plans may not have been a priority.
Nearly 75% of U.S. companies report some supply chain disruption due to coronavirus-related transportation restrictions, and more than 44% of U.S. companies have no plan to address supply chain disruption from China.
The role of finance professionals in managing supply chain risk — a key component to ‘get back to business’ — is addressed in the Financial Management article, ‘Finance’s crisis role in managing supply chain risk.’ Julia Graham, Airmic’s deputy CEO and technical director, emphasises the necessity of managing risks across the organisation by taking an enterprise risk management approach and managing potential disruptions with a business continuity plan.
While addressing the immediacy of supply chain disruptions is front and center, a broader business continuity plan is imperative.
Creating a business continuity management plan
Step 1: Initial assessment and objective setting
Review the organisation’s current strategy, disaster recovery and crisis management plan, compliance requirements, etc.
Step 2: Critical process identification
Identify critical business functions, processes and process owners, along with key resources and tools needed for implementation.
Step 3: Business impact analysis
Evaluate the potential impact of a disruption to ‘business as usual’, ranging from customers to suppliers, employees to stakeholders, financial reporting to reputation.
Step 4: Continuity response approaches
Preparation — with plans for human resources, facilities, IT and data storage, customers and suppliers, etc. — and crisis management are the two areas of continuity response approaches.
Step 5: Plan, implement, and test
Ensure your staff is familiar with plans, and with testing, identify gaps and areas for improvement.
Step 6: Monitor, validate, and improve
Monitor the effectiveness of the organisational changes and adjust as needed.
Business continuity management requires you to identify critical processes, analyse potential impacts and assess the trade-offs between cost and recovery time objectives of different responses. Effective business continuity management takes a comprehensive approach — top-down, bottom-up and organisation-wide. Finance professionals are uniquely positioned to facilitate this.