What Should a Credit Union Risk Assessment Look Like?
If you are in the process of building a business continuity plan for your organization, especially if you work for a Credit Union, than this post is for you…
The first step in building a comprehensive Business Continuity Program is to conduct a Business Impact Analysis or BIA. The Second Step in the process is to conduct a Risk Assessment.
The primary goals of a Risk Assessment are:
-
Evaluate BIA assumptions using various threat scenarios
-
Analyze threats based on likelihood and potential impact to institution, members and financial market
-
Prioritize potential business disruptions based on severity which is determined by impact on operations and probability of occurrence
-
Perform “gap analysis” that compares existing BCP to policies and procedures to be implemented based on prioritized disruptions and resulting impact
A Risk Assessment should meet the following criteria:
-
Be Based on comprehensive BIA
-
Be Documented
-
Reviewed and approved by Board and Senior Management annually
-
Disseminated to employees
-
Properly managed when outsourced to 3rd party
A Risk Assessment should address these specific items:
-
Provide specifics regarding what conditions should prompt implementation of the plan and the process for invoking
-
Immediate steps that should be taken during a disruption
-
Flexible for unanticipated scenarios and changing internal conditions
-
Focused on impact of various threats that could potentially disrupt operations
-
Developed based on valid assumptions and interdependencies
Once you have finished the BIA and now the Risk Assessment you should be in a good spot to start building individual plans for each department and putting in the content/resources you will need to create the actual Business Continuity Plan.
Are you trying to determine the best way to store and organize a Business Continuity Plan? Are you curious about the different types of Risk Assessments Credit Unions should perform?
Fill out this short form:
Welcome to the Ongoing Operations blog archive.
For our most up-to-date information, please visit ongoingoperations.com.
HOME