Preparing for events that can impact core operational processes, systems, data and technology has become the responsibility of elected officials, corporate management, and the board.

Regulators now demand that top management be prepared. Customers require it in their service level agreements and shareholders expect it.  The Whitehouse has even elevated preparedness to a national security priority.  Markets, regulators, and public opinion punish companies that do not adequately prepare for operational continuity when disaster strikes.

Risk Solutions International’s corporate and government clients are expanding their focus on emergency scenarios that impact human capital, create crisis management issues, and affect business partner relationships. They are redefining what functions and agencies are critical to ensure uninterrupted continuity with partners, customers, citizens, and employees.

Risk Solutions International’s Business Continuity Management professionals systematically identify key processes that may be impacted by disasters, and assist with planning and recovery strategies. We help companies and municipal and state jurisdictions stay in business and serve their constituents in the event of a severe disruption to their operations.

 Compliance and Standards

Recent high profile corporate failures resulted in the passage of the Sarbanes-Oxley Act (SOX). While the introduction of SOX may not be news to the financial reporting world, the approach to compliance may prove compelling to those responsible for business continuity. Aside from requiring corporate officers to take greater responsibility for the accuracy of financial reports, SOX mandates that organizations understand the risks that may impact the financial reporting process. A proper assessment of this risk environment would likely include lesser known operational and IT risks resulting from, among other things, inadequate disaster recovery or business continuity management plans.

Business Continuity Management is now specifically required across a multitude of industries. Under NYSE Rule 446 and NASD Rule 3500 Series, the SEC now mandates business continuity for financial services companies. The State of New York Insurance Department’s Circular Letter No. 7 requires that insurance companies licensed to conduct business in New York maintain rigorous business continuity plans. In today’s corporate governance world, similar industry-specific compliance requirements are imposed from many sources:

• FFIEC, SEC, NASD, OCC

Achieve corporate compliance now. Or watch investor confidence shatter. The simple fact is that most companies are still unsure about how to comply with the various sections of the Sarbanes-Oxley Act as well as industry-specific regulations. While the deadlines for compliance may vary, time is running short for public companies and their executives to ensure the effectiveness of internal controls.

While many organizations struggle to meet regulatory requirements, few embrace the true benefits that result from exercises necessary not only to identify risks to the financial reporting process, but also to mitigate those same risks. In the new regulatory era, “ho-hum” system outages pose a greater risk than category-five hurricanes or terrorist attacks. Consider the number of times in the past three weeks that the addition of a new piece of hardware or software, a virus, or other information-security threat has caused systems to be taken offline. When that downtime occurs, critically important data— for example, financial information under Sarbanes-Oxley or patient data under HIPAA— must be protected and managed in a compliant process.

Supply Chain

In today’s competitive business environment, companies recognize more than ever the need to provide their customers with dependable on-time delivery of their products and services. This requires more than just internal resiliency— it requires a commitment by every vendor in the supply chain to undertake a similar state of readiness.

Unfortunately, the inability to continue operations after an interruption may only become obvious after the supplier is no longer able to meet its obligation. The result is that the end product or service is delivered late to the client, if at all. The effect is loss of confidence and inevitably loss of sales and revenue. Recent examples abound where disasters suffered by single or sole source suppliers have had a major negative impact upon some of the largest companies in the world.

The first step in trying to reduce the impact of supply chain failure is to understand the capabilities of each vendor who is instrumental in the production process. A disruption in the delivery capability may manifest itself in a number of areas— organizational, operational, financial or the transport of goods and services. A weak financial position may be a sign that a company is unable to pay its suppliers and will invariably curtail, if not cease, operations. A lack of a tested business continuity plan at the site or product level would indicate that there would be a substantial delay in reestablishing operational capabilities.

Understanding the realities of weaknesses in the supply chain and occurrences of supply chain tampering will provide a justification for a realignment of strategy alliances, with the goal being to create a more robust and reliable end-to-end process.

COOP and COG

After facing numerous man-made, natural, and terror-related disasters in the last decade, the U.S. Department of Homeland Security (DHS) has issued requirements for government agencies and municipalities to have viable continuity of operations (COOP) and continuity of government (COG) plans. DHS grants billions of dollars to state emergency management agencies to fund these regional and local continuity plans. Hurricane Katrina resulted in a presidential order to review city plans to ensure a better state of readiness.

Risk Solutions International specializes in helping local and state jurisdictions cope with this new directive associated with the potential loss of operational or governmental capabilities.

Solutions

Risk Solutions International provides a comprehensive suite of solutions and services that help clients assess the sufficiency of their continuity management, design better plans, and exercise and test those plans.

Business Continuity Assessment Program (BCAP) — Risk Solutions International’s assessment tool identifies enterprise-wide strengths and weaknesses within our client’s current business continuity programs and evaluates potential risk factors that may affect their business, while benchmarking their plans against industry regulations and best practices.

Vendor Continuity Assessment Program (VCAP) — Risk Solutions International assesses the policies, management practices and operational resilience of current vendors and supply chain. We help create a vendor due diligence, selection and management process that meets business continuity requirements. We can be an organization’s audit arms and legs to ensure that supply chain disruptions do not leave it unprepared.

coopER-65— Risk Solutions International’s comprehensive government preparedness assessment tool that maps to the Federal Emergency Management Agency’s (FEMA) Federal Preparedness Circular (FPC) 65. This fully automated, web-based solution delivering content recognized by the Disaster Recovery Institute International (DRII) on a platform approved by the American Institute of Certified Public Accountants (AICPA) provides an independent third party validation of your operational planning for the resilience of your critical government agencies and departments during emergencies.


Policies and Procedures — Risk Solutions International assists in the design of enterprise-wide policies and procedures that adhere to regulatory requirements and industry leading practices. Documented policies and procedures ensure that business continuity practices are consistent throughout the organization and meet corporate governance and audit requirements.

Risk Assessment — Risk Solutions International identifies, assesses and ranks the potential risks that may impact an organization. We compare the control environment to best practices that we have both designed and observed, to ensure that we are providing a complete picture of potential areas for concern.  Where exposures exist, we recommend controls that can be implemented to mitigate the impact of the threat/scenario.

Business Impact Analysis (BIA) — Risk Solutions International’s analysis assesses the quantitative and qualitative impacts, including the financial implications, performance impacts and brand/reputation impact of an unexpected business disruption on key processes, products and services. We identify business process-driven Recovery Time Objectives and documents critical resource requirements to meet those RTOs so our clients can easily identify and fulfill their recovery needs.

Gap Analysis — Risk Solutions International reviews recovery site contracts and data back-up policies to ensure alignment with business needs. We compare existing recovery capabilities (i.e. information technology recovery times, facilities and systems availability, etc.) with business requirements obtained during the business impact analysis.

Strategy Selection — Risk Solutions International provides management with solutions for work area and systems recovery for the various sites where business and operational activities can be resumed with minimal impact to existing processes and maximum transparency to business partners.  We identify internal and external recovery solutions that meet business needs and capabilities.  We identify the advantages and disadvantages and the associated costs (preparation/execution) of those recovery solutions. We analyze options based on our experience of what has worked for peer groups in similar situations and help our clients select the most appropriate strategy. We also align their strategy to their insurance coverage.

Manual Workarounds and Data Restoration Plans — Risk Solutions International can help clients document the tasks associated with working in an environment where information technology (IT) is unavailable or severely hampered. We deconstruct the IT process into manual tasks that can be employed during an outage. The process also contains information on how to maintain control of manually recorded processes. Additionally, we help identify the data restoration tasks that are necessary to reconstruct information and transactions that were not backed up or were lost in the IT environment.

Business Relocation Plans — Risk Solutions International creates plans for command and control, logistics, and staffing concerns for facilities during a disruption to primary operating facilities — for corporate headquarters, service centers, manufacturing and distribution sites and call centers.

Business Continuity Plan Development — Risk Solutions International develops and documents Business Continuity Plans that detail all the pre-determined procedures that will be carried out in the event that a disaster occurs. Our plans serve as a blueprint for roles and responsibilities, activities and contact information for the successful recovery of operations and activities. We customize an electronic BCP toolkit to a format that conforms to technology and communications requirements across platforms and geographies.

Exercises and Validation — Risk Solutions International offers independent testing services that address senior management’s crisis management requirements and end-user systems needs. We provide tabletop testing and off-site systems recovery testing capabilities. Our toolkit includes a testing program with test scripts, post-test checklists and post-test exercises. It verifies your existing capabilities through realistic scenarios and provides for employee awareness and training and plan updates and maintenance.

Training and Awareness — Risk Solutions International provides tailored training programs on business continuity activities and compliance with industry regulations (“Trainer the Trainer” and employee awareness programs).  Effective training is critical to ensure that employees and processes support the business continuity program.

Recruiting Services — Risk Solutions International provides hiring and staff development support for business continuity management personnel.

Project Management Services — Risk Solutions International can provide support for continuity-related implementations such as identifying the business continuity team, developing the project plan, managing, executing and implementing the planning process. Project management support can reduce project failures, including budget overruns, implementation delays and failure to accomplish objectives.

Unparalleled BCM Expertise

Our Business Continuity Management practice is comprised of highly trained and certified industry practitioners bring a combined sixty-five years of experience to their work. Risk Solutions International consultants have expertise across a wide spectrum of commercial, governmental, and educational organizations. They are industry thought leaders who have helped develop national standards for business continuity management and governmental continuity of operations (COOP). They understand that the costs of not managing disaster risk can be far greater to our clients than the cost of sound preparation and testing.

For More Information