#7 – ARE YOU PROTECTING YOUR DIGITAL ASSETS? – DAN SWANSON

Are You Protecting Your Digital Assets?
Safeguarding assets has been an important objective of all organizations for centuries. In today’s digital age however, what does safeguarding your assets really mean? Who is responsible for it? And how is “protection” actually achieved?

The COSO framework for enterprise risk management recognized the importance of safeguarding assets as an implicit component of effective internal control. Its landmark 1992 framework even defined internal control as: “[A] process … designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of financial reporting; and compliance with applicable laws and regulations.”

Continue reading

#3 – SUPPLY CHAIN CONTINUITY – BETTY KILDOW – SUPPLY CHAIN @ RISK

Every company’s supply chain – from procurement through delivery and everything in between – is directly tied to cash flow, profitability, and growth, as well as to essential intangibles such as customer trust, stakeholder confidence, company reputation, and protection of the brand.  In addition, there are increasingly stringent regulations and audit requirements that apply to supply chain risk management.

When a disaster or significant disruption of operations occurs –whether it is internal or external such as a supplier failure – your operations can be slowed down or even brought to a halt, possibly with grim consequences.  Logic tells us that to successfully manage enterprise risk the supply chain must be fully considered and integrated in a comprehensive business continuity program.   Yet despite growing awareness and reminders in the form of an ongoing series of disasters experienced across the globe over the past few years, many business continuity plans still do not adequately address the supply chain.

In alignment with business continuity best practices, here are some of the initial steps to take to identify and mitigate supply chain risks when selecting suppliers.  These guidelines are equally applicable to contractors, outsourcing companies, and other business partners.

 

As a first step, map your supply chain and identify:  critical suppliers (primary and their tiers), single points of failure, single points of contact, as well as internal dependencies including the IT support needed to keep the supply chain functioning.

Caveat Emptor!  Gain an understanding of who your critical suppliers are and which ones are high risk suppliers.  Avoid taking on a risk-laden supplier by making certain each of your suppliers is capable of managing their risks and continuing to deliver at a level to meet your requirements even in the face of a disaster.

Conduct an evaluation to gain full understanding of the inherited risks that come with each supplier.  The following list of questions, while not all-inclusive, will help provide you with vital information to consider during the supplier selection process:

  •        What are their risks and vulnerabilities?
  •        Are supplier’s operations geographically dispersed?
  •        What are the supplier’s logistics risks such as possible port closures, shortage of containers for ocean shipping, and customs issues?
  •        Are there geo-political issues that can cause operational disruptions?
  •        How transparent are their operations?
  •        How vulnerable are their suppliers?
  •        How likely are they to face shortages of purchased raw materials?
  •        How financial healthy is the supplier?
  •        Do they have proven effective security to protect your company’s data and intellectual property?
  •        Will they jeopardize your ability to meet regulatory or legal requirements?
  •        Are their business ethics in alignment with yours?
  •        Does the supplier consider your company a priority customer?

Gain an understanding of suppliers’ risk management capability by asking the right questions about their business continuity program.  Some of the basic questions to ask are:

  •        Do they have a Business Continuity Program?
  •        Is it enterprise-wide or recovery of IT only?
  •        When was the plan initially develop and when was it last tested, reviewed, and updated?
  •        Has the plan been audited; if so, by whom and what were the results of the audit?
  •        Does the plan provide for continuation or restoration of operations that will allow the supplier to meet SLAs and contractual obligations?

A well-developed and maintained business continuity program is critical to successfully managing supply risk and maintaining a resilient supply chain. Taking the steps necessary to identify, assess, and manage supply chain risks will help organizations mitigate and respond to disruptions that can carry serious financial and reputational consequences.

BIO:  Betty A. Kildow, CBCP, FBCI, has been a business continuity consultant for two decades, working with a broad range of companies and organization in the development and implementation of tailored programs to manage risk.  Betty is a member of the Peer Review Panel for the Business Continuity Journal and serves as a Board Member of the Institute for Supply Management (ISM) Risk Group.  Long a strong proponent of supply chain business continuity, she is the author of “A Supply Chain Management Guide to Business Continuity” (AMACOM 2011), also available in Japanese:  事業継続」のための サプライチェーン・マネジメント 実践マニュアル, プレジデント社 (President, Inc. 2011).  She can be contacted at BettyKildow@comcast.net