Often, employees find it challenging to prove to boards the importance of having a truly executable disaster recovery/business continuity plan. Although boards are well aware of NCUA Requirements, many may cite excuses such as lack of time, money or even interest in building out a comprehensive, tested plan. If you’re among the many that are looking for support from leadership teams, or your board, these three steps could go a long way to help get your initiatives pushed through.
Secret #1: Determine their Risk Tolerance
Everyone serving in leadership roles or on your board should be aware of the FFIEC Requirements on Business Continuity and NCUA Recommendations, or at least the basic principles of risk management. Although everyone has an individual bias towards how they respond to the risks that face their organization, there should be an overall consensus about your organization’s risk tolerance. It is vital that those responsible for the health of your organization understand and agree on the risk tolerance of the credit union as a whole. This way, everyone will conceivably agree on how and where to appropriately spend time, energy and resources preparing an optimal recovery solution.
Before approaching your team, consider examples of different threats that could occur, and determine the impact (risk) those disasters could have on the following:
- Reputation (impacts credibility to members and the overall community)
- Financial Well-Being (losses and costs of an outage)
- Responsibility (to members, stakeholders, employees and the greater community)
- Requirements (FFIEC, NCUA, Audits etc. that all require a plan in place to restore operations)
Secret #2: Determine the ROI on having a tested, proven plan
Once you’ve analyzed these aspects, your next step should be to determine the return on investment (ROI) of having a proven plan in place, i.e. a tested recovery strategy. Leadership will most likely require hard numbers or evidence that will illustrate how the time and money invested into this program will benefit your members in the long run, and outweigh the potential losses if any type of disaster were to occur.
Understanding how having a current documented or tested recovery strategy can help you serve your members, and maintain requirements or regulations within your industry, or better position your credit union for employees and the community following a disaster, are just a few examples of the “return” a successful business continuity strategy can have.
We all have a duty to enable the communities we serve to recover quickly in the hours and days following a disaster, and that requires commerce to resume. Serving our members with their financial needs immediately, regardless of the scope of damage or interruption we have experienced, is a foundational responsibility. That responsibility requires that we have some basic needs met, like power, office space, communications access, and computer systems. And having a proven plan to restore these fundamental elements can pay huge dividends when you’re able to serve members in their greatest time of need.
Secret #3: Present a “program”, not a project
When you’re ready to sit down with the board or leadership team to present your case, don’t ask for a simple “test” of your strategy. At this point, you’ve put the work in and deserve to request a comprehensive, ongoing program; one that will not only help your organization get prepared, but stay prepared. Here are a few essential elements to have in your program:
- A Crisis Management Team – This should be comprised of members of senior management and representation from each critical department.
- A Branch Recovery Strategy – A strategy that incorporates all departments, and ensures the viability of your strategy no matter the type or scope of interruption. The strategy should have multiple redundancies to ensure you can resume critical operations in a timely manner, and serve your members where they live.
- A Testing Plan – A plan to at least annually test your plan, in a variety of ways, using multiple scenarios. The plan should involve all critical operations and staff, and enable you to push the current recovery strategy to its breaking point.
- A Budget – The financial commitment should include at least one annual test, even one as simple as a 2-hour mock recovery “table-top” drill to practice and keep your strategy up-to-date.
To help get you started with unlocking managements support, download Agility Recovery’s free Risk Assessment Form to identify threats to your organization and where to focus your mitigation effort.