Value Achieved in Business Continuity Management
Old paradigms of business continuity management were isolated and focused on coordinating the back-office. Most implementations were overly technical and often confusing instead of aligning the organization. The line of business too often saw activities as a burdensome task that gets in the way of real work with no real value provided. Organizations need to look to new paradigms of strategy that expand the focus of business continuity into an operationally resilient context. Backend management and oversight of business continuity is still needed; however, this needs to be integrated and aligned with a broader perspective of operational risk management. Business continuity is only as good as the line of business understanding, participation, and alignment with it. It is no longer enough to have the right documentation; you have to show that the organization is operationally resilient.
One of Australia’s largest financial institutions, operating globally, recently carried out an internal audit that identified major gaps and associated risks within the institutions existing approach to business continuity management. The audit exposed that they lacked the ability to control and assess the risks associated with security and ongoing operations of their business at a branch level to deliver an effective business continuity strategy. The institutions leadership simply did not have a wholistic view of their exposures to risk. Data was always out of date impacting decision making.
The institution knew they had to change. They developed their key requirements and looked at several solutions available in the market. The business objectives of the project remediated the existing operating model in order to address gaps. The institution evaluated a range of solutions in the market and found that the greatest value to achieve their objectives was with ReadiNow. ReadiNow replaced an existing tool that was purpose built. Although the existing tool provided a reasonable basis to assess risks, the tool did not meet the institutions business continuity and broader operational risk management requirements.
GRC 20/20 has evaluated and verified the implementation of ReadiNow at the bank and confirms that this implementation has achieved measurable value across the elements of GRC efficiency, effectiveness, and agility. In this context, GRC 20/20 has recognized ReadiNow with a 2019 GRC Value Award in the domain of Business Continuity Management.
Table of Contents
- Organizations Strive for Operational Resiliency
- Business Continuity: A Critical Component of Operational Resiliency
- One of Australia’s Largest Financial Institutions Value Achieved in Business Continuity Management
- The Challenge This Organization Faced
- Solution to the Organization’s Problem – ReadiNow’s GRC Platform
- This Organization Achieved Value with the ReadiNow GRC Platform
- ReadiNow’s Efficiency Value
- ReadiNow’s Effectiveness Value
- ReadiNow’s Agility Value
- GRC 20/20’s Final Perspective on ReadiNow
- About GRC 20/20 Research, LLC
- Research Methodology
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 26+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.