The AFP published a Treasury in Practice (TIP) guide on Business Continuity last month…yes, that’s right: business continuity! Full credit to Tom Hunt and his colleagues at AFP for talking about the least discussed component of a treasury risk management program because, as Tom said, “Treasurers really need to be paying attention to business continuity.” And I could not agree more.
Additional reading: Five Questions CFOs Should Ask Themselves to Maximize Growth
So, to celebrate the recognition of business continuity in treasury, we created a webinar entitled “Avoid Treasury Disruption”. We started off by discussing how Business Continuity is much more than Disaster Recovery (DR). In fact, DR is just a small piece of a business continuity plan (BCP). An effective BCP has three phases:
1) Emergency Response Action Plan (ERAP). This is what you do in the first 72 hours following an emergency condition, which could be any range of scenarios from a massive natural disaster, a pandemic disease outbreak, or your treasury team winning Powerball and quitting the next day.
2) Disaster Recovery Plan (DRP). This is about executing (or madly scrambling) for the first month after such an event. You should have different plans for disaster recovery than emergency response. For example, an ERAP may include manually logging into bank portals for cash visibility and processing all corporate payments – because for three days you can probably get away with that. But that wouldn’t be tenable for an entire month, so a different plan is needed for the disaster recovery phase.
3) Business Continuity and Continuance (BCC). As the name “continuance” may suggest, BCC plans are from thirty days onwards. Here your organization is executing a permanent plan. If the entire treasury team quits, then a BCC solution would likely be to hire a new team. That is likely unrealistic in the short term, but after 30 days, the accounting and FP&A teams have exhausted their patience with cash management and bank resolutions – and a new solution is required such as finding people that actually like treasury to do treasury.
Now that we have talked about what you should do, it’s time to discuss what you shouldn’t do. And that is try to plan for specific examples and scenarios. My colleague and co-presenter on the webinar, Dr. Mark Zecca, explained it best by reminding us “not to chase scenarios”. Nobody in treasury can think of every scenario that could possibly happen. Not even Sci-Fi writers are creative enough to capture every possibility. In other words, if you chase scenarios your business continuity planning would be incomplete, because something was missed in the plan and therefore the plan didn’t cover that scenario. No Treasurer wants to explain to the Board that she could not have foreseen that a pack of wild monkeys broke into the office and stole all treasury’s tokens so that the team could no longer log into their bank websites.
The best solution is to focus planning around loss conditions – such as loss of personnel, loss of facilities, loss of services, and loss of access. Simply plan for the loss of the facility (i.e. company offices where treasury works) because it really doesn’t matter to the business continuity plan why the facility is unavailable. It’s just not there for treasury to use for a period of time, so treasury needs to develop plans for how the team will do treasury things for:
1) The first 72 hours
2) 3 days to 30 days
3) 30+ days
As long as business continuity plans cover these three stages of time and encompass the four loss conditions (loss of personnel, loss of facility, loss of services, and loss of access) then treasury will be in an excellent position to create effective business continuity plans to avoid treasury disruption.
You can view the webinar video and slides with the link below:
Kyriba and AFP present — Manage Risk: Building an Effective Business Continuity and Disaster Recovery Plan