Auditor Role in a Business Continuity Plan

Have questions about your business continuity program? You're not alone.

When we talk to businesses about their business continuity program and business continuity plans, we get asked everything from "What is one?" —at the most basic level, many businesses also don't understand that a business continuity plan, or BCP, is fundamentally different from a disaster recovery plan; the former is focused on keeping your business running through a disruption and the latter on resuming and recovering technology applications and infrastructure after a major technology disruption occurs—to questions on a more granular level, like:

  • What are the important roles in a business continuity program and plan?
  • What do those roles and responsibilities mean?
  • How do these roles interrelate?
  • How do we ensure we place the right people in each role?

As risk management and business continuity planning experts, Bryghtpath helps companies cut through all this confusion and get clear about the path to business continuity planning success.

BC-Roles-Responsibilities-What-is-BC-Planning Business Continuity Program Roles & Responsibilities

The Unexpected Benefits of a Good Business Continuity Program

First, let's take a step back to examine the "Why?" of business continuity planning. Why should you have an established business continuity program? If the pandemic has taught us anything, it's that the unexpected CAN and absolutely WILL happen.

One particular client of ours shared a debrief of their experience and how having a solid business continuity program and plans were critical to their response.

Their plan, like many others, was centered on a geographical redistribution of work based upon a potential region-wide disruption: "If interruptions are disrupted in Manila, we shift them to India. And if things get really bad, we bring it back to our operations center in the U.S."

When the pandemic hit, the same problem was shared by many—geographical redistribution was not a viable option because everyone was faced with the same pandemic-centered disruptions and restrictions.

Fortunately, although their business continuity plan did not anticipate a global disruption such as the COVID-19 global pandemic, our client's process of planning and responding to prior disruptions had exercised the organizational muscles they needed to quickly think of and implement new solutions. As a result, their pandemic response was swift and business carried on in the 'new normal' despite the disruption.

In debriefing the pandemic response ourselves, we discovered that our best-prepared clients were the ones who had a mature business continuity program in place. Not necessarily because they were able to pull from existing plans (because nobody expected the entire supply chain to be shuttered overnight for example) but because the preparedness of their organization allowed them to build over the standard disruption in a calm and organized fashion.

As a result, they could quickly react to a complex situation and shift operations in response—even if that situation didn't exactly fit the prepared scenarios in their plan.

As the pandemic response demonstrated, the value of a good business continuity program goes far beyond responding to planned disasters and more pedestrian objectives, like aligning to ISO 22301 and other common BCP standards. A solid business continuity program forms the foundation of organizational resilience. That resilience is now paramount for businesses to thrive, let alone survive, in response to the unlikely disruptions of our new normal.

BC-Roles-Responsibilities-Why-BC-Planning Business Continuity Program Roles & Responsibilities

Business Continuity Program Roles and Responsibilities

One of the first steps in establishing a good business continuity program is to define and assess key roles and responsibilities. In other words, what does each role really mean and does everyone have an agreement about the function and responsibilities for each?

Although we usually have recommendations for what these roles and responsibilities should look like, every business will have a slightly different approach based on their particular organization's structure and corporate culture. Against this backdrop, we typically assess each business's current organizational structure and who is assigned against each role.

55PYF1zh8YmiSN6UHi93ua5YfKk_41ALYKoBM6U2_xDgZDu6q-VC9bzeLTUoX0_3qnFVxmg1MON7Y_u7Mo1FHQ=s0 Business Continuity Program Roles & Responsibilities

We break down some of the most common roles and responsibilities below.

Board of Directors

Every board member has a fiduciary duty to exercise strategic level visibility and oversight over business continuity planning and progress. Importantly the board sets the foundation for continuity planning success by promoting a company culture that recognizes the value of well-managing risk.

Audit or Risk Committee

Specific board oversight and strategic level visibility is typically delegated to the board's risk or audit committee, as outlined in the committee charter. Sometimes another committee has this responsibility such as an operations or governance committee.

Executive Management

Each member of the executive team retains ultimate oversight and responsibility for continuity planning in their specific area of operations.

Executive Sponsor

One or two persons at the executive level (typically the general counsel, COO, CIO, CTO, or a C-Suite appointee) act as executive sponsors. They have direct oversight of the continuity planning program and usually chair the business continuity steering committee. They oversee the day-to-day management of business continuity planning activities at a tactical level and advocate for the program, as necessary, within the organization.

Business Continuity Steering Committee Members

The business continuity steering committee—usually an interdisciplinary team of six to eight people—meets quarterly or annually to ensure the business continuity program is aligned to corporate strategy and objectives and is maturing and making forward progress towards annual goals.

Business Continuity Program Manager

The business continuity program manager has direct oversight and responsibility for business continuity program operations, reporting, and day-to-day activities. They manage and set the programmatic expectations that guide business unit leaders and business continuity planners in writing their continuity plans.

Business Continuity Team Members

Team members execute day-to-day BCP planning activities under the direction of the business continuity program manager.

Business Continuity Plan Owners

Business unit leaders (i.e. payroll, corporate travel, physical security, information security, HR) are responsible for creating their respective unit's business continuity plan under the guidance of the program manager.

Business Continuity Planners

Business unit plan owners often delegate business continuity planning activities to internal team members, or what we call "business continuity planners." They pull from their business unit area expertise and knowledge to write the continuity plan for their respective business unit.

Want to learn more about Business Continuity?

Our Ultimate Guide to Business Continuity contains everything you need to know about business continuity.

You'll learn what it is, why it's important to your organization, how to develop a business continuity program, how to establish roles & responsibilities for your program, how to get buy-in from your executives, how to execute your Business Impact Analysis (BIA) and Business Continuity Plans, and how to integrate with your Crisis Management strategy.

We'll also provide some perspectives on how to get help with your program and where to go to learn more about Business Continuity.

Read our Ultimate Guide to Business Continuity

3 Keys to Continuity Program and Planning Success

BC-Roles-Responsibilities-Keys-to-Program-Success Business Continuity Program Roles & Responsibilities

1. Board-level commitment.

Even before the pandemic, we found that many of our clients came to us with a clear board mandate to implement or improve their business continuity plans and program But equally important to board-level buy-in is their demonstrated commitment towards an effective business continuity program that is focused on continual improvement.

Like any corporate-wide effort, the success of your business continuity program efforts largely rests on company-wide buy-in. And that buy-in begins at the top. That's why it's critical for your board and executive leadership to have continued high-level involvement in continuity planning efforts and to model the importance that continuity planning plays in managing risk.

2. Steering committee members who get the "big picture".

Steering committee members should understand the importance of continuity planning and commit to doing it effectively. Critical thinking skills and a big picture perspective are also critical to this role. Steering committee members should not only well-represent their area of responsibility, but also have the ability to think horizontally across organizational silos and understand the interdependencies of processes and people within the organization.

Serving on the business continuity steering committee is also an excellent growth opportunity for mid-level leaders with senior leadership potential. It provides the opportunity for both strategic and operational insights, along with developing risk-management expertise

3. Business unit ownership over plan creation.

One mistake we often see is when program managers or continuity team members are tasked with writing the business continuity plans for each business unit. However, it's the business plan owners who are most directly driven by the business, so it's critical that business continuity plans align well to their day-to-day leadership management responsibilities. As a result, it is important that the actual plan creation, including writing, editing, and revising, is done by the actual business unit that will put the plan into action.

Ideally, each business unit leader will exercise direct oversight and responsibility using his or her knowledge of their department to make sure their business continuity plan is completed and carried out. The actual "doing" of creating the plan is sometimes delegated to business unit team members. The ideal team member for this task should understand their function well, be organized, and be able to collaborate well with others in the organization to execute planning activities.

How can we help establish your business continuity program roles & responsibilities?

Well-defined and understood business continuity program roles and responsibilities can help you hum through your next disruption. If you still have more questions than answers about business continuity planning and business continuity programs in your business, we would love to help.

Bryghtpath works with the world's leading brands, public sector agencies, and nonprofit organizations to strategically navigate uncertainty and disruption.

  • Our proprietary Resiliency Diagnosis process is the perfect way to advance your business continuity & crisis management program. Our thorough standards-based review culminates in a full report, maturity model scoring, and a clear set of recommendations for improvement.
  • Our Business Continuity (including establishing effective governance and program roles/responsibilities) & Crisis Management services help you rapidly grow and mature your program to ensure your organization is prepared for the storms that lie ahead.
  • Our Ultimate Guide to Business Continuity contains everything you need to know about Business Continuity
  • Our free Business Continuity 101 Introductory Course may help you with an introduction to the world of business continuity – and help prepare your organization for your next disruption. Our paid 5-Day Business Continuity Accelerator might just be the thing you need to jumpstart your business continuity program.
  • Learn about our Free Resources, including articles, a resource library, white papers, reports, free introductory courses, webinars, and more.
  • Set up an initial call with us to chat further about how we might be able to work together.

bellabaces.blogspot.com

Source: https://bryghtpath.com/business-continuity-program-roles-responsibilities/

0 Response to "Auditor Role in a Business Continuity Plan"

Enviar um comentário

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel