Following the terrorist attacks of Sept. 11, 2001, the banking industry realized that no business is immune from catastrophic events. The severity of the 2004 and 2005 hurricane seasons, however, taught financial institutions that disaster recovery programs alone cannot protect their businesses, forcing banks to reevaluate the strength of their backup plans.
With the destruction wrought by Hurricane Katrina still largely visible, banks have renewed their focus on preparedness as they rethink their risk management strategies and bolster their business continuity plans.
Rather than rely on disaster recovery plans to pick up the pieces after a business disruption, banks are shifting their focus to business continuity plans to keep operations running through a disaster.
An all hazards perspective changes the way you deter, detect, defend and document the existing and future operational risks to your enterprise. In many institutions, disaster recovery was the responsibility of a specific group in the company, many times found in the IT department. Moving the corporate mentality to an "All Hazards" point-of-view takes the specialty of disaster recovery and spreads it across the whole organization. It includes the idea that hazards include much more than the typical thinking of hurricanes, tornadoes or earthquakes.
By implementing an "All Hazards" process for risk management that is utilized by every team and business unit you create a culture of continuity. A standards-based process could be:
If this six-step process is incorporated into the daily planning and continuous monitoring of corporate missions, then it's possible to quickly move from a reactive mode to a proactive mode for managing risk. You eliminate the thinking that a single department or person is in charge of Business Continuity or Disaster Management. In the daily work schedule there must be time allocated to use this simple process when new missions are created or existing missions reexamined. The sales manager, loan manager and security manager all perform their own process within their own subject matter domain. This puts the expertise for risk mitigation in the hands of the most knowledgeable person for that particular process, system or external event.