4 ways credit unions can address key person dependency risk in IT

When it comes to Business Continuity and Disaster Recovery, the disaster event scenarios that often come to mind are data breaches, natural disasters, and, more recently, pandemics. One aspect of BCDR that often gets overlooked, however, is key person dependency risk, and specifically within the IT department.

Reducing Key Person Dependency Risk

When a major IT role leaves the organization, voluntarily or involuntarily, an enormous gap in knowledge becomes apparent. The organization often is at a loss as to what to do.

The job market has changed drastically over the past 12 months and it’s a job seeker’s market. Organizations are losing people with key institutional knowledge. If your credit union is not properly prepared for a key person’s exit, it can cause a ripple effect organization wide.

Here are four ways your credit union can plan for and address key person dependency and risk.

1. Institute and maintain an internal knowledgebase
   Developing some form of database, such as a configuration management database (CMDB) or an internal knowledge library, will help when turnover occurs in the IT department. Many of our clients are developing internal wikis or intranet sites specifically to hold this information so as to not spend time rediscovering things they’ve already learned and established. This can include things like software configurations and permissions, templates, or industry and third-party contacts, for example.
2. Systemization and documentation
   The first step above cannot happen without a standard protocol for documenting critical processes. This goes together with Business Impact Analyses (BIA) which prioritize and determine criticality of systems. Many of our clients have asked for a BIA as part of their rediscovery work when someone left the organization and left them in a lurch. Structuring existing processes, systemizing them, making sure they’re up to date, and understanding criticality/dependencies and where critical information is shared is all part of this exercise.
3. Cross-training and outsourcing
   One strategy being adopted by organizations is to stop relying on internal resources that might leave and supplement that with outsourcing to specialists that focus exclusively on each part of their business. This has the downstream effect of freeing up their internal resources to focus on things they already do best and encouraging employee innovation and growth, which itself leads to less turnover.
4. Succession plans and contingency plans
   These empower someone else to carry out the same tasks and incorporates #2 above by creating a systematic process for training other members in the organization to be capable of assuming the role. Define the learning, training, and development experiences that your credit union requires for leadership positions and other key areas and positions.

Looking ahead

Credit unions need to develop a strategy to mitigate the impact of the loss of a key IT team member, something that has the potential to adversely affect business operations and your customers. This includes a contingency plan if the risk is actually realized. Dataprise vCIOs are uniquely positioned to not only advise your credit union on what others are doing to mitigate key person dependency, but also to actively assist you in the development of initiatives to reduce this risk greatly.

For more information on BCDR and managing key risk dependency, read our blog and watch our on-demand webinar Preparing for the Modern Disaster: BCDR Strategies for Today and Beyond.