What Should A Credit Union Risk Assessment Look Like?

For those credit union leaders in the process of building a business continuity plan, this post is for you.

 

By Ongoing Operations

 

The first step in building a comprehensive business continuity program (BCP) is to conduct a business impact analysis or BIA

As credit unions look at their business continuity and disaster recovery planning efforts, it is wise to start at the core. Include all departments and functional areas in the BIA. Make sure it outlines the processes and functions within each department and ranks them according to criticality. The report should also describe potential risks, financial impact, and the criticality of each business process to help determine the requirements necessary for sustainability, even in a disaster timeframe. Based on the outcome of this analysis, departments are able to focus on the areas in which documentation, cross training, and additional planning are needed. Single points of failure can be identified and plans for resolution created.

The second step in the process is to conduct a risk assessment.

OGO_Image

Image courtesy of Ongoing Operations, LLC

The primary goals of a risk assessment are:

  • To evaluate BIA assumptions using various threat scenarios
  • To analyze threats based on likelihood and potential impact to institution, members, and the financial market
  • To prioritize potential business disruptions based on severity, which is determined by impact on operations and probability of occurrence
  • To perform gap analysis that compares existing BCP to policies and procedures to be implemented based on prioritized disruptions and resulting impact

A risk assessment should meet the following criteria:

  • Be based on comprehensive BIA
  • Be documented
  • Be reviewed and approved by Board and Senior Management annually
  • Be disseminated to employees
  • Be properly managed when outsourced to a third party

A risk assessment should also address these specific items:

  • Provide specifics regarding what conditions should prompt implementation of the plan and the process for invoking it.
  • List immediate steps that should be taken during a disruption.
  • Create flexibility for unanticipated scenarios and changing internal conditions.
  • Focus on the impact of various threats that could potentially disrupt operations.
  • Be formed on a basis of valid assumptions and interdependencies.

Once a credit union has finished the BIA and risk assessment, it should be in a good spot to start building individual plans for each department and putting in the content and resources needed to create the actual business continuity plan.

Are you trying to determine the best way to store and organize a business continuity plan? Do you worry about how to get your employees or co-workers engaged in the BCP process? If you have these or other questions please e-mail us at info@ongoingoperations.com or visit our blog.

Kirk Drake is founder and CEO of Ongoing Operations, LLC, a rapidly growing CUSO that provides complete business continuity and technology solutions. With its recent acquisition of Cloudworks, Ongoing Operations has expanded its market niche and become the leader in hosted solutions for credit unions and their providers. Kirk is a well-known and respected industry leader with over 15 years of experience designing and implementing advanced IT Systems and Disaster Recovery Solutions. Prior to founding Ongoing Operations, he served as Chief Technology Officer for NIH Federal Credit Union, a $400 million financial institution. During his time at NIH, Kirk spearheaded critical system conversions and led many projects to strategically advance the credit union, allowing it to better serve its members. Kirk is also an expert in designing collaborative solutions and developing innovative technology platforms. During Kirk’s tenure at Ongoing Operations, the CUSO has grown to one of the top twenty CUSOs in the nation and successfully recovered numerous clients in actual disaster situations.

This sponsored content article is provided to the credit union community for shared insights and knowledge from a recognized solutions provider in the industry. Please note that the views and opinions offered here do not reflect those of Callahan & Associates, and Callahan does not endorse vendors or the solutions they offer.

If you are interested in contributing an article on CreditUnions.com, please contact our Callahan Media team at ads@creditunions.com or 1-800-446-7453.

 

Dec. 3, 2012


Comments

 
 
 

No comments have been posted yet. Be the first one.

 
Advertisement