Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
The sudden outbreak of COVID-19 has prompted most business leaders to brace for the toughest phase in their careers. The biggest challenge facing them right now is business continuity. They are revisiting, testing, and reworking their business continuity plans to proactively figure out the best-suited approach for their unique situations. The key here is the speed of response to a situation in these uncertain times. Hence it is imperative to have a 360 degree agility assessment of resources, systems, policies, procedures and capacities in hand to mitigate risks. Your business continuity plan should be able to mitigate the adverse impact on critical assets, have guidance to bounce back after initial disruption quickly, have the ability to launch new processes specific to the particular crisis, i.e. elements defined which can be quickly assembled and customized to take care of that specific situation.
Below is a rundown of various factors to watch out for and skillfully navigate the impact of the crisis that lingers for a considerable time, even after it is over.
Apart from maintaining business continuity in the short run, the after-effects of the current situation and the tough decisions to be taken to survive can have an impact on customer trust, investor and staff trust, and branding among others.
If you have a comprehensive corporate risk management policy, and tool, its principles still hold good. If your tool facilitates you to identify, assess risks, and develop the preparedness and response actions to the identified risks, escalates them to the C-suite, and monitors all the levels, you can do the planning under the corporate risk management policy. However, understanding the process greatly helps build a robust plan.
Your goal can be very focused on increasing the company’s resilience in case of potential disruptions. After defining the purpose, enlist your key objectives of the plan in clear terms. Elements may include:
• To ensure continuity of critical business operations and IT operation essential for conducting business during the crisis.
• To minimize the disruption of critical operations to a near-zero level with a resilient business continuity strategy and framework while meeting regulatory requirements.
While executing each of the following steps of the business continuity planning process, make sure to document them. They can be verified and revised before releasing the final plan.
While the ultimate responsibility may rest with the board, accountabilities for management and execution must be defined. A senior executive accountable must:
• Help employees to understand and become familiar with the plan so that they can effectively carry out their roles when the plan is ready.
• Ensure that the plan is maintained, reviewed, tested, and revised regularly.
• Approve and sign off every time the revisions or updates are made
• To start planning, invite the head of each function including representatives from operations, supply chain function, human resources, administration, IT, and communication, security and other departments of your business.
• Use a risk matrix as shown below to identify and record key risks. In the same matrix, record the potential consequences on staff, operations, assets and facilities. Obtain the risk levels by defining the impact of the characteristics and likelihood of occurrence.
Using the risk scoring table, determine the risk criticality levels. These scores will allow you to prioritize addressing of risks.
Once you have scored the risks, classify which risk actions you need to start, and which risk actions are already in effect. For those risk actions already effective, check and ensure if you need to bolster or improve them. Consider the following examples:
• During this time of COVID–19, banks may have to make adjustments in operating models and make swift innovations due to the misaligned revenues and cost. Also, there is a huge change in customer service preferences. Customers are increasingly looking to run their financial life through apps and online banking. And so, banks are expected to act swiftly to increase awareness and take other response actions.
• A retail store that focused on offline sales might choose to increase the focus on online sales.
This step mainly will help in budgeting and finance allocation.
• Policies and SOPs for remote working.
• Policies and SOPs the safety and protection of employees of some essential roles that need to be conducted from an office or on location.
• Cancellation of business trips, meetings and events and the arrangements for virtual meetings.
• A taskforce to continuously assess the COVID-19 situation and a clear command and control matrix, covering all functions with a needed backup.
• Engagement with the third parties and partners who support to strengthen the continuity of your operations further and minimize the impact.
• SOPs for communicating emergencies.
• Facility specific security plans.
• Asset protection policies – e.g. inventories, information technology resources, etc.
Use risk assessment and possible scenarios as triggers for activation or deactivation of the plan.
Monitor and regularly update the plan according to the evolving risks and needs.
Apart from the plan, as we enter more normal times, people will expect businesses to be more aware of social responsibilities, and particularly during the pandemic, how the company is aligned with environment, health and safety-related activities. All will play a big role in brand building and will need to be well thought-out and documented.
Here’s to your business continuity planning success!
Priyabrata Manages MetricStream University & ComplianceOnline functions for MetricStream which enable partners and customers through training, content and expert services.