28 November 2005

Operational Continuity: Top Ten

As your Board of Directors Meeting agenda is prepared for your next conference call, Operational Continuity should be near the top of the list of priorities. The risk of a significant business disruption is increasing and shareholders are increasingly asking for additional oversight by boards to make sure that executive management is on top of Operational Risk Management issues.

Here is a top ten list for your board to consider. If you can answer "Yes" to these items then you are well on your way to a high level of Operational Continuity in your organization:


1. The Board of Directors reviews and approves company-wide contingency plans annually.


2. Formal documented guidelines, policies, and procedures exist for the development and maintenance of business Continuity/Disaster Recovery, Emergency Response (evacuation and life safety) and Crisis Management plans (public relations and communications).


3. An Operational Risk Assessment that categorizes potential threats (internal and external) has been performed on all corporate facilities for both information technology and work areas.


4. There is a current (updated annually) Business Impact Analysis that determines recovery time objectives (the maximum tolerable time to recover critical business functions) and existing resources supporting each function.


5. Recovery strategies exist for the resumption of critical business processes and support services.


6. The Operational Continuity Plan and the recovery efforts are driven by the business requirements of the Business Impact Analysis.


7. A Gap Analysis has been performed to identify the differences between Business Impact Analysis (business requirements) and the current environment.


8. Business recovery strategies have been developed for all essential business functions.


9. Manual workarounds exists for processes that could be completed in the absence of automated systems.


10. Business Continuity and Disaster Recovery plans are exercised and tested bi-annually.


If you answered "No" or "Don't Know" to any of these ten, then your organization is at risk to a myriad of threats including shareholder legal actions. Catastrophic losses caused by natural disasters such as hurricanes, earthquakes, flooding, drought, tornados, fires and winter storms or man-made events such as terrorist acts are tragic and complicated, taking an awful toll in human lives and resulting in insurance claims that run into the millions or billions of dollars and, often, litigation.

No comments:

Post a Comment