I have been hired as a new manager of the newly created Office of Continuity Planning of the Federal Financial Institutions Examinations Council in the United States charged with the responsibility of laying down the minimum standards and principles as well as report forms for the examination of financial institutions by the Federal Reserve system of the United States among other agencies. The council is an interagency body created by statute which has the onus of recommending and promoting uniformity in the supervision of these institutions. This organization or body faces a number of significant risks to its operations. These risks include new business practices and concerns wrought by increased terrorism. Other risks that face the organization include human error which may have adverse effect on the operations of the body. Natural disasters and technological failures also pose other major risks to the organization or body thereby posing risks to its delivery of its critical services.
Being the case that operating disruptions can and usually occur at any time without giving notice, and the huge ramifications of its possible occurrence, there is need for a business continuity planning. Given the critical role played by financial institutions in the economy of the United States, their need for their effective business operations cannot be gainsaid. Further, it is imperative that the effects caused by these operating disruptions are minimized so as to ensure that that the public trust and confidence in the financial institutions is not watered down. The mission of the Federal Financial Institutions Examinations Council is to assist examiners to evaluate and examine financial institutions as well as other service providers to ensure that critical financial services are availed. The office of continuity planning is charged with the function of developing a continuity plan for the organization which entails the process through which the financial institutions will ensure the recovery of operations including customer service even when adverse events occur. To this end, I have set out a number of key continuity objectives for my organization which are consistent to the organization’s mission as set out above. The three key objectives I have set out in the continuity plan include minimizing financial loss to the institution and mitigating the adverse effects wrought by the disruptions so as to reduce the impact on the reputation, liquidity, market operations, credit quality and legal compliance of the organization. The other critical objective as envisaged in the continuity plan is continuing to serve customers as well as other participants in the financial market.
The first pair of strategies aimed at achieving the objectives as outlined above includes conducting a business impact analysis. This strategy can be done in two ways as it is a pair. At this stage of the conduct of a business impact analysis, the potential impact of uncontrolled events on the business processes of a financial institution are usually identified. Alternatively, there should be a determination of how much is at risk through the identification and prioritization of key business functions. In this way, the management is able to establish the recovery priorities for business processes. The second pair of alternative strategies that could be engaged to meet the objectives as set out in the continuity plan is risk assessment. This may either take the form of a prioritization of the potential disruptions to the business while predicating the same on the severity or likelihood of the crystallizing of the disruption or through the conduct of threats analysis based upon the impact of such threat on the financial institution. In this way, the impact of the threat is not only viewed in terms of its effect on the institution but also the customers and the financial markets. The third and final pair of strategies through which the objectives may be achieved is through risk management. One of the alternative ways of approaching this strategy of risk management is by having specific steps relating to the immediate steps that need be taken during a disruption. On the other hand, flexible measures may be taken to respond to the unexpected threat scenarios and the dynamic internal conditions. The pros of having flexible measures to respond to the changing internal conditions and unexpected threats as opposed to one that is developed around specific events is that the plan enables the tackling of all specific types of threat scenarios that may present themselves such as technological failures as well as tornadoes.
Dallas Texas Organization disaster recovery Plan
The disaster recovery plan at Dallas Texas organization contains major features which include an emergency plan, a backup plan and a recovery plan. The emergency plan seeks to identify the immediate steps that are to be taken immediately upon the striking of a disaster. The backup plan in turn lays out down how the organization makes use of the backup files and equipment so as to resume its normal business processes. The recovery plan feature details the actions to be taken so as to restore processing operations and is distinct depending on every type of disaster. As it stands, the disaster recovery plan adopted by the Dallas Texas organization is deficient in a number of respects. First, its back up plan should subsume a specification of a location of an alternate computer facility in the event that the normal location of the organization is destroyed. Further, the plan is deficient in the sense that it lacks a test plan so as to avail an assurance of the completeness of the disaster plan.
The principles and capabilities of a successful recovery plan include an efficient emergency plan, a backup plan, a recovery plan and a test plan. A successful recovery plan has an effective test plan which contains information for simulating different levels of disasters. It is in this plan that additional recovery actions that are necessary, are made.
References
Adkins, G., Thornton, T., & Blake, K. (2009). A content analysis investigating relationships between communication and business continuity planning. Journal of Business Studies , 17-23.
Al-Badi, A., Ashrafi, R., & Al-Majeeni, A. (2009). IT disaster recovery: Oman and Cyclone Gonu lessons learned. Journal of Information management & computer security , 67-74.
Botha, J., & Von Solms, R. (2007). A cyclic approach to business continuity planning. Information management & computer security , 101-111.
Castillo, C. (2009). Disaster preparedness and business continuity planning at Boeing: an integrated model. Journal of Facilities Management , 13-17.
Cerullo, V., & Cerullo, M. (2006). Business continuity planning: a comprehensive approach. New York: Taylor and Francis.