Triaging Operational Risks: A Practitioner’s Guide to Business Continuity

By: | November 30, 2023

Skip Smith, BS, MS, ARM is the president of Innovative Risk Solutions, LLC, a consulting company specializing in developing cutting-edge Risk Management programs around safety, Environmental Sustainability, Crisis Management, Business Continuity, and Disaster Recovery. Before starting his business, he served as the Vice President of Safety, Business Continuity & Disaster Recovery at Scripps Networks/Discovery Channel, where he led the global functions for Operational Risk. Skip has worked for a number of fortune 500 companies in various leadership risk management roles, such as Coca-Cola, USA, Novelis, Popeyes, Service Master, and Hooters Sports Distribution.

In today’s business world, where uncertainties are ever-present, companies face a complex web of risks and potential disruptions. My work as an operational risk professional immerses me in the realm of evaluating business continuity and disaster recovery programs.

But how do you view the day-to-day effects of this complexity on the heartbeat of your business?

Imagine your business as a precisely calibrated machine, every part (hopefully) working in harmony. To achieve a level of operational excellence, professionals stepping into the operational risk field must be the masters of essential processes.

I’ve discovered that mastering business continuity and disaster recovery (BC/DR) is comparable to a high-stakes game — a “contact sport,” if you will. Expertise in this realm isn’t merely about assessing impacts; it also involves crafting highly efficient mitigation plans and drawing on sound metrics in strengthening recovery capabilities.

A key insight struck me when I realized that understanding business process “failures” is the foundation for building the skills to prevent them. This understanding led me to conduct more precise business impact analyses, identify potential risks on the horizon and devise strategies robust enough to defend against the unknown.

I invite you to join me on this expedition as I reveal the fundamental pillars of this crucial domain, setting the stage to be successful as a leader in BC/DR.

Conducting Business Impact Analyses

One of the core skills required for a business continuity and disaster recovery professional is the ability to conduct comprehensive business impact analyses (BIAs). This involves a meticulous review of critical business functions and operations, analyzing dependencies across vendors, facilities, personnel and technology infrastructure.

By measuring the potential impact of a business interruption, identifying vulnerabilities and pinpointing single points of failure, professionals can develop effective continuity strategies, budget recommendations and action plans.

Operational Mitigation Strategies

To reduce or eliminate identified risks, a proficient professional must recommend operational mitigation strategies. This involves assessing the financial, reputational and operational impacts of potential downtime, quantifying these impacts, and prioritizing mitigation efforts. A holistic approach, which includes categorizing and measuring business risks, enables professionals to identify and address threats across key business departments.

Understanding IT Systems and Process Interdependencies

Professionals in this field must possess a deep understanding of the intricate interdependencies between IT systems and business processes. This knowledge allows for the identification of critical junctions that may disrupt operations during downtime or disasters. To ensure you’re using the correct target strategies to safeguard against disruptions, think about the following four areas:

  • Mapping Critical Dependencies: By mapping these dependencies, professionals can pinpoint essential junctures susceptible to disruptions. This mapping process serves as the foundation for developing precise strategies to safeguard against potential disruptions.
  • Developing Targeted Safeguard Strategies: Armed with insights from mapping dependencies, professionals can create targeted strategies. These strategies are specifically tailored to protect critical interdependencies, ensuring a robust business continuity and disaster recovery framework.
  • Analyzing Operational Vulnerabilities: A key skill involves analyzing operational vulnerabilities arising from IT systems and process interdependencies. This analysis provides a comprehensive understanding of weak points, enabling professionals to proactively address potential issues and enhance resilience.
  • Implementing Contingency Plans: Professionals must be adept at crafting contingency plans based on the identified interdependencies. These plans outline precise actions to be taken during disruptions, ensuring a swift and effective response to minimize downtime and mitigate adverse impacts.

Establishing Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)

It is essential to establish clear and attainable recovery time objectives and recovery point objectives in collaboration with key operational departments and IT, ensuring the organization’s resilience.

Equally important is aligning these objectives with business priorities and critical processes, forming the foundation of robust BC/DR plans. To achieve this, conducting thorough risk assessments through detailed interviews and utilizing the gathered data to set baseline recovery objectives is crucial.

Integrating recovery time actual (RTA) into this process enables professionals to ensure rapid recovery, minimize potential losses during disruptions and establish measurable targets that significantly enhance essential business metrics. Moreover, it is vital to align business priorities and critical functions to create effective disaster recovery plans and establish measurable targets that drive essential business metrics.

Continuous Assessment and Improvement

To be a leader within your organization in this area, professionals must constantly evaluate and enhance recovery capabilities. This involves collaborating with IT teams and assessing the effectiveness of implemented mitigation strategies, as well as using reliable metrics for organizational sustainability.

Routine assessments and testing of existing recovery capabilities such as backup solutions, redundancy measures and business continuity/disaster recovery plans offer valuable insights for improving an organization’s resilience.

Gaining Consensus and Collaboration

Finally, professionals in this field must possess strong collaboration and communication skills. Facilitating discussions and workshops to gain consensus on process criticality metrics is vital in aligning the organization’s understanding of critical processes and their importance in maintaining business continuity. By fostering collaboration with key stakeholders, professionals can ensure a comprehensive and unified approach to disaster recovery planning.

The role of a business continuity and disaster recovery professional is vital in safeguarding organizations from potential risks and disruptions. By possessing the necessary skills in conducting business impact analyses, recommending operational mitigation strategies, understanding interdependencies, establishing recovery objectives, continuous assessment and fostering collaboration, professionals can effectively enhance an organization’s resilience and preparedness.

In an ever-evolving business landscape, the importance of these skills cannot be overstated, as they contribute to the long-term success and sustainability of businesses as they face adversity and — hopefully — opportunities. &

More from Risk & Insurance