THE BT BLOG #8

0

Guest blog by Michael Kavanagh, CEO of the Association of Compliance Officers of Ireland (ACOI)

The Relevance of Business

Continuity Planning in

navigating economic

uncertainty

In recent months, much has been made of the value of having a good Business Continuity Plan (BCP), with the COVID-19 pandemic illustrating just how important business continuity planning is in helping firms respond effectively to crisis and remain operational.

Our belief in the importance of BCPs is supported by our members, the majority of whom have utilized business continuity planning to a great extent. We recently conducted a survey of our members, to explore the effectiveness of such strategies in helping businesses prepare for, and stave off, the worse of a crisis.

Business continuity planning has been effective across 91% of our members, with almost half of businesses saying that they will need to tweak their planning in response as they move forward. The COVID crisis has been a unique and unprecedented shock and while businesses are learning to adapt, the outlook is extremely uncertain.

We recommend all businesses conduct a thorough review of their response strategy and further engage in business continuity planning if they have not already done so. In effect, Business Continuity (BC) refers to maintaining business functions or quickly resuming them in the event of a major disruption, such as we have experienced in recent months with the pandemic, or perhaps a natural disaster, malicious attack, or cybercrime. An effective BCP outlines the procedures and instructions an organisation should follow in such an event, and covers areas such as human resources, IT, business processes, assets, and any other areas which determine the continuity of the business.

Top considerations for an effective BCP:

  • Identify key business areas and critical functions – people, places, systems.
  • Conduct a full business impact analysis with complete, end-to-end reviews of business critical processes. This would include planning for remote workforces, for cybersecurity events, ensuring that plans for regular back up of critical data and systems are in place, and ensuring that appropriate testing of support capabilities and resources is conducted.
  • The plan document should detail how firms will maintain IT and business operations and services in the event of a disruption. For critical systems and dependent services, firms should ensure that 24/7 support capabilities are in place.
  • Liaise with human resources to identify where staff are and where they would need to be to ensure safety and enable business continuity, as well as to devise alternative, possible remote working solutions in the event of a business disruption.
  • Implement financial management measures with financial teams to help to manage future costs for the long-term health of the business and jobs security.
  • Don’t wait until a crisis arrives to test your plan – generate scenarios and test your system recovery procedures with staff.
  • Create a communications plan, identify a compliance officer to assist with communication, and review your BCP annually to ensure it remains relevant and effective.

What we have found from our research is that the skills of a compliance professional are very much in line with those needed to produce and manage an effective Business Continuity Plan. Those organisations that already have compliance professionals in place may benefit from immediate access to required skillsets, such as risk-assessment, attention to detail and excellent communication skills.