I     Business Continuity Management

BCM is the process for management to oversee and implement resilience, continuity, and response capabilities to safeguard employees, customers, and products and services. Disruptions such as cyber events, natural disasters, or man-made events can interrupt an entity’s operations and can have a broader impact on the financial sector. Resilience incorporates proactive measures to mitigate disruptive events and evaluate an entity’s recovery capabilities. An entity’s BCM program should align with its strategic goals and objectives. Management should consider an entity’s role within and impact on the overall financial services sector when it develops a BCM program.

Figure 1: Business Continuity Management Cycle

The picture in Figure 1 depicts the iterative Business Continuity Management lifecycle and comprises ten steps, moving from step 1 to step 10 and starting over with step 1 again. Step 1 is to Oversee and implement resilience, continuity, and response capabilities. Step 2 is to Align business continuity management elements with strategic goals and objectives. Step 3 is to Develop a business impact analysis to identify critical functions, analyze interdependencies, and assess impacts. Step 4 is to Conduct a risk assessment to identify risks and evaluate likelihood and impact of disruptions. Step 5 is to Develop effective strategies to meet resilience and recovery objectives. Step 6 is to Establish a business continuity plan that includes incident respons, disaster recovery, & crisis/emergency management. Step 7 is to Implement a business continuity training program for personnel and other stakeholders. Step 8 is to Conduct exercises and tests to verify that procedures support established objectives. Step 9 is to Review and update the business conitinuity program to reflect the current environment. Step 10 is to Monitor and report business continuity and resilience activities.  Additionally, throughout the Business Continuity Managamenet lifecycle, Audit should be assessing the business continuity program's design effectiveness.


Previous Section
Next Section
II Business Continuity Management Governance