In: Accounting
Corporate Directors are ultimately responsible for Continuous Continuity (C2) of the Enterprise
The modern enterprise that effectively manages the myriad of potential threats to its people, processes, systems and critical infrastructures stands to be better equipped for sustained continuity. A Business Crisis and Continuity Management (BCCM) program is a dynamic change management initiative that requires dedicated resources, funding and auditing. Corporate Directors must scrutinize organizational survivability on a global basis.
Since effective BCCM analysis is a 24/7 operation, it takes a combination of factors across the organization to provide what one might call C2, or "Continuous Continuity". A one-time threat or risk assessment or even an annual look at what has changed across the enterprise is opening the door for a Board of Directors worst nightmare. These nightmares are "Loss Events" that could have been prevented or mitigated all together.
According to the risk management best practices from sources such as the Turnbull Report1 and specifically Principle 13 of the Basel II Capital Accord, the Board of Directors and corporate management are responsible for the effectiveness of the Business Crisis and Continuity Management of an organization. The following testing techniques must be used to ensure the continuity plan can be executed in a real-life emergency2:
Table-top testing: Discussing how business recovery arrangements would react by using example interruptions
Simulations: Training individuals by simulating a crisis and rehearsing their post-incident/crisis management roles
Technical recovery testing: Testing to ensure information systems can be restored effectively
Testing recovery at an alternate site: Running business processes in parallel with recovery operations at an off-site location
Test of supplier facilities and services: Ensuring externally provided services and products will meet the contract requirements in the case of interruptions
Complete rehearsals: Testing to ensure the organization, employees, equipment, facilities and processes can cope with interruptions
Many of these best practices talk about a BCCM that will be periodically updated. Periodic is not continuous. Change is the key factor here