Since the beginning of 2020 and especially in these recent months the global community has been affected by the outbreak of COVID-19. Occurrences like these are the ones where the importance of disciplines such as risk management and business continuity is truly emphasized. Crises like these, no doubt, test the quality of an organization’s management and the effectiveness of the organization’s processes.
This blog post focuses on the benefits of a well-implemented business resiliency as a component of their GRC program, and how this can be applied to events such as the Corona virus outbreak.
Business continuity planning is one of the core areas of business resiliency. Business continuity combines making business impact analyses, which evaluate the significance of a disruption of your company’s business processes on the continuity of your business, and business continuity plans that address how the processes are to be recovered in the event of a disruption. Your business continuity plan also contains recovery objectives which you set for the process.
In the context of COVID-19, your organization would be able to have business continuity plans in place for all your processes in case of a disruption, along with business impact analyses, to understand what impact the disruption of a particular process has on the overall business from a continuity perspective.
While business continuity plans address what your company is to do during the disruption of your business processes, the disaster recovery plans are used for bringing your business back to a normal state after a disruption. These can be further augmented with recovery strategies and tasks.
After a pandemic such as the Coronavirus, your disaster recovery plans would allow you to plan for how to return your company’s business processes to their normal state, once either a cure has been administered or no new infections are being reported. With a clear disaster recovery plan in place, returning to a normal state is simply a matter of following a plan that has been previously made.
Crisis management is used for response to crisis events, which functions in cooperation with your bc/dr planning for recovering your business processes during and after a crisis. Crisis communication is used for reporting crisis events and sending emergency notifications to communicate crisis information to appropriate personnel.
With crisis communication and management plans in place, your company can effectively keep your company informed of all developments as the situation progresses, and the decisions that your company’s management makes in terms of response to the situation.
Integrated GRC processes
However, the next step for the separate disciplines is a seamless integration between them within an organization, which can be a difficult task. This is where integrated GRC comes in.
For example, integrating business continuity with risk management allows you to plan for how to specifically address a business process being disrupted by a specific type of risk. The Coronavirus in this case would be treated as a personnel risk, and the information gained in the context of risk management can be used in the context of business impact analyses and continuity plans in order to make the plans more accurate and realistic.
For more information on how to implement an integrated GRC framework in your company and consulting in all relevant areas, please contact us at at Governify.
– Axel Wrede, Business Development Manager, Governify