Expect the Unexpected!

Does your BIA and risk assessment prepare you for that worst-case scenario?

By Tahiti Weaver, Assistant Vice President, Compliance

Are your operations resilient to winter mayhem and other unexpected emergencies? In order to ensure business continuity, the FFIEC advises taking a planning and preparedness approach that includes a business impact analysis, a risk assessment, risk management, and risk monitoring and testing.

Business Impact Analysis (BIA)

During the winter, heavy snowfall and extreme cold can immobilize an entire region. Such weather conditions can cause disruptions to heat, power and communications services to your facility for days at a time.

Does your BIA…

__ Identify the potential impact on operations that could result if services or utilities are unavailable?

__ Prioritize business functions and processes, including internal and external interdependencies?

__ Estimate the maximum allowable downtime as well as the acceptable level of losses associated with your critical business functions and processes?

__ Define recovery time objectives (RTOs), recovery point objectives (RPOs) and the critical path for recovery?

__ Identify the minimum resources required to ensure business continuity (such as staff, access to data or technology)?

Risk Assessment

After identifying specific risks that will most likely impact your credit union, your assessment of potential disruptions to operations and any related assets should help you establish the types of weather and natural disasters that pose the greatest risk to operations. The worst-case scenario for the 2014/15 winter weather forecast potentially can threaten access to premises, availability of technology as well as personnel.

Does your Risk Assessment…

__ Focus on the impact of possible threats on operations, members and services rather than the specific nature of a threat?

__ Consider recent severe weather-related trends when establishing the probability of occurrence?

__ Evaluate each BIA assumption according to the threat scenarios?

__ Prioritize potential disruptions based on severity, as determined by the impact on operations and the probability of occurrence?

__ Analyze gaps based on existing plans and procedures compared to prioritized disruptions and their resulting impact on your credit union?

Risk Management

Risk management follows the BIA and risk assessment in the business continuity planning cycle. It is the phase dedicated to identifying, assessing and reducing risk to an acceptable level through a written enterprise-wide business continuity plan (BCP). By documenting plans and preparations to minimize service disruptions and financial loss via mitigation strategies, your BCP will reflect the BIA assumptions and prioritize threat scenarios identified in the risk assessment. This can include procedures for relocating to alternate sites, deploying alternate staff, activating backup facilities or technology.

Monitoring & Testing

Fortunately, information about severe weather events (such as ice storms, blizzards and strong winds) will typically be forecasted. As such, there is time to plan in advance. By testing your business continuity plan before the winter season sets in, you can evaluate the resilience of your operations to winter mayhem. Both the BIA and risk assessment are integral to preparing for potential business interruptions, including the effects of severe winter weather. After completing both processes, you can plan for business continuity in the event of the worst-case winter scenario this season.

Tahiti Weaver can be contacted at tahiti.weaver@alloyacorp.org