Business Continuity: How Exactly Did We Get Here?
The Difference Between Regulation and RealityYesterday afternoon I heard from a friend of mine who is responsible for Business Continuity Program at her financial services organization. Well, after all the greetings and grievings that come with old friends, the topic of the discussion turned to - if she is on the right path with the Business Continuity Planning for her organization. Before I go any further, I must tell you that this is a depository institution and with all the focus on BCP we have heard about from the regulatory agencies in the last number of years, this should not be a topic that has not been addressed in significant depth at this institution. Well, there is always a difference between what should be happening vs. what is happening! So, here's the million-dollar scenario I was presented with - "We have a well-documented BCP. The organization has never had any issues with this plan, mind you - we have never had to activate this plan since it was developed. I have just taken ownership of this function at the organization. Recently we had an audit and they noticed a number of findings with this plan."
Sadly speaking, I knew what was coming next. Here were the findings from the audit they recently went through.
I am not convinced, but it sounded like that this friend of mine didn't have any doubts about the marching orders she will be following for months to come. I will share with you what I told her in the next issue of this blog. What got me thinking and I am eager to hear from the community - 'So, how did we get here?' Based on my experience in the industry, they are not alone in the industry going through this. Many institutions I regularly speak with have had one or more issues (and sometimes other issues) listed above. Is it the lack of understanding of the BCP process on these institutions' part or is it simply a matter of lack of resources and overall complacency on the management's part?
Stay tuned to learn more about what I told my friend.