30 Jun Why BC Planning has become a Key Business Investment
Business Continuity planning has proven to no longer be just ‘nice-to-have’, but rather a key business necessity. As the pandemic has made evident, the businesses which took a more reactive approach encountered many hurdles, some of which (5 months in) have been make-or-break for businesses unwilling or unable to plan ahead. Although the common consensus is that businesses tend to view compliance as an expense rather than an investment, it’s important to educate clients about the huge impact lack of action could have on their organization. We have all heard about the horror stories that can unfold for organizations unable to recover from a disaster (or an event overlooked in a poorly-structured BC plan). An adequate BC Plan looks well beyond your day-to-day operations. A well-structured plan should be embedded across your key assets and mission-critical systems, should assess foreseeable vulnerabilities, and consider access to your organization’s assets during and after an emergency. A key element: sometimes we believe that a backup system strategy is enough, but BC is way more than that. Furthermore, we need to consider other factors that can be aligned to other risks, that could serve as a trigger for an interruption in your business. Examples include:
- Failure to communicate with essential workers, their families, and how to assist them if they need some support during some crisis.
- Cyber-attacks caused by the need to provide remote access for your employees following an emergency.
- During the aftermath of an emergency, an employee has no access to your network. With no support from your Help Desk, and his computer having suffered critical damage, he is unable to perform his essential tasks timely. This employee is responsible to run the bi-weekly payroll, which is a time-critical task. How much time will it take the organization to replace the device? How will the Organization contact the employee? Is there a backup plan to run the bi-weekly payroll?
Our Internal Audit, IT Consulting Practice, and Compliance services are designed to help enhance the efficiency and effectiveness of internal audit functions and the IT environment. Our team works with organizations to optimize their enterprise risk management programs, internal controls, review third-party relationships, and comply with regulations and governance, and sustainability initiatives.
- Cyber Security Consulting Services
- IT Risk Assessment
- Business Continuity Planning
- Internal Audit Project Management, Assessment, and Test (includes serving as Internal Audit Department)
- Penetration Testing
- Vulnerability Assessment
- Service Organization compliance with the requirements per the AICPA Statement on Standards for Attestation Engagement No. 18 (SSAE 18)
- Sarbanes-Oxley Act of 2002 (SOX) compliance testing and project management
- Phishing Testing
- Development of Risk Assessments for all operational and financial areas, including Information Security/Cyber Security.
- Assist in developing and implementing policies and procedures that accomplish alignment of key management processes to strategic objectives for Operational, Financial and Information Technology areas.
This process is integral to protect and safeguard critical data and keep your business running smoothly. Is your business in need of an IT Audit? Trust your team of IT experts at FPVG to ensure the highest level of service and stay informed, efficient, and compliant. CONTACT US TO LEARN MORE.
About the author: Wilfredo Vera Pujols, CISA, CDPSE
A skilled consultant in the areas of Internal Audits and Compliance, Vera holds a BBA in Information Services from the University of Puerto Rico Mayaguez and a Master’s in Computer Sciences from the illustrious Polytechnic University of Puerto Rico. He has used his excellent preparation in the last 3 years of his specialty in Auditing and Consulting, Internal Controls, and SOX for our diverse clientele. Among some of his major clients are Evertec, Triple S of Puerto Rico, and Banco Popular, to name a few. We are sure that this ISACA member, along with the expertise of FPV & Galíndez’s skilled Consulting Department will provide strategic solutions for any IT and Cybersecurity needs your organization may have.