This article is in collaboration with Trinity’s global partner, B.Riley.
Business Continuity Management, or BCM, is a framework for identifying an organization's risk of exposure to internal and external threats. The goal of BCM is to provide the ability to effectively respond to a variety of threats, such as natural disasters or data breaches, and plan for the prioritization and recovery of essential functions. BCM focuses on the operational aspect of an organization, in contrast to Disaster Recovery, which focuses on the restoration of key systems, networks, and access to data.
Among the clearest lessons since the emergence of COVID-19 is that disruptive events must be planned for as a core part of every organization’s long-term strategy. Until recently, continuity and resilience planning were viewed as the purview of compliance or internal audit functions, rarely reaching into strategic plans or Board of Directors agenda. However, the impact of COVID-19 has demonstrated that long duration events with a global reach can arise from a variety of sources. These include wildfires, climate shifts, cyber-attacks, as well as the ongoing threat from virus mutations.
Every organization needs to have a strong BCM and make it a strategic priority. BCM is about creating and regularly updating a plan to support operations during a disruptive event. To be effective, it needs to include involvement of senior leadership, board level updates, and regular planning sessions with key staff. Such planning allows an organization to understand its capabilities to fulfill its mission in the event of an unforeseen crisis.
An effective BCM program must include the following considerations:
The landscape for BCM planning has changed considerably since the appearance of COVID-19. The expected duration of an operational disruption has increased significantly from those prepared for in most plans. The increased risk of cyber events means that plans must contemplate loss of key systems for weeks and not mere days. The potential for extended supply chain disruption creates a need to affirm key vendors’ resilience capabilities or seek quickly accessible alternatives.
A key part of ensuring a BCM program remains effective is challenging the plan’s assumptions and continually improving the planning process. Experts external to the organization can assess the quality of the planning efforts against best practices. In addition, experts can lead a testing process that is objective and ensure that plan assumptions are in line with the risks faced by the organization. Finally, external expertise can readily share lessons learned by other organizations during recent crisis events.
A BCM program is a critical part of an organization’s risk planning progress. It can no longer be considered a back-office obligation but must be a core part of every strategic plan and be thoroughly communicated within the organization. The above considerations will provide for a dynamic planning process that is attuned to the priorities and requirements of key stakeholders and customers. During an operational disruption, the effectiveness of the recovery plan may determine the survival of the organization.
This is where one of Trinity’s global partners – B.Riley – can help your organization. A diverse financial services provider, B. Riley “helps clients in every industry sector to develop organizational and risk systems to prepare for, respond effectively to, and recover from operational disruptions and to develop the compliance systems necessary to support this capability. Their Compliance, Risk & Resilience team includes professionals experienced in enterprise risk management, cybersecurity compliance, business continuity, disaster recovery, crisis management, and operational resilience”. B. Riley believes that organizations should address these risks by “making operational resilience both a strategic imperative and a competitive advantage, and compliance an intended outcome”.