In a 2022 McKinsey report, Darryl Piasecki described the primary needs of chief operating officers, writing, “Companies need to be prepared for any disruptive event, no matter how apparently far-fetched.”
Adaptability, in other words, is foundational to the stability and growth of any business. And if we’ve learned anything from the pandemic, it’s that these “apparently far-fetched” disruptions may not actually be far-fetched at all.
In a globalized and fast-paced world, business operations remain vulnerable to large-scale and local complications and conflicts, ranging from power outages to natural disasters to economic downturns to cyberattacks to political instability. Even one of these disruptions can cause significant damage to any business.
For this reason, many COOs have learned to prioritize the creation and regular revision of continuity plans, a comprehensive document investment firms produce and use to sustain their business in the event of a crisis. The plan helps firms identify potential threats to their operations and outlines the steps they can take to overcome them.
While no one can predict the future, creating and implementing a continuity plan in your firm can — as one COO put it in the McKinsey report — allow you to “see [changes] coming, get in front of the marketplace, and gain an advantage.” If you’re ready to not only sustain your business but “gain an advantage” in the marketplace, read on to learn the seven components COOs should include in every continuity plan.
7 Key Elements of a Continuity Plan
When it comes to creating a continuity plan, it’s important to keep in mind that not all aspects of your business are equally critical. By focusing on the most essential functions, analyzing potential risks, and developing emergency response procedures, your firm can stay ahead of disruptions and minimize their impact. With that in mind, let’s take a closer look at the key elements every COO should consider when creating a continuity plan.
1. Critical Business Functions
Before you begin to create a continuity plan for your firm, you must identify your business’ primary responsibilities and functions and prioritize them based on operational and client needs. Psychologist Daniel Gilbert has pointed out that, when we’re under physical or psychological attack, our brains narrow in on what we perceive as immediate threats to our safety.
When we face a crisis that threatens our business’ survival, then, we naturally hyperfocus on the crisis itself. By identifying these functions before a crisis disrupts operations, however, you’ll be far more likely to keep a clear head as you begin to make decisions.
2. Business Impact Analysis
Every continuity plan must contain a thorough analysis of the potential risks and impacts that could disrupt a firm’s operations. These risks may include software failures, cyber or terrorist attacks, or natural disasters. If your business’s proximity to the ocean, for example, puts your firm at risk for hurricane damage, you might prepare your firm for communication complications in the event of fallen power lines.
3. Emergency Response Procedures
Once you’ve identified your critical business functions and the impact that crises can have on those functions, you must outline your firm’s emergency response procedures. In these procedures, you should identify who’s responsible for activating the emergency plan, how you’ll communicate emergency management information to your team and clients, and how you’ll ensure the company prioritizes and maintains its critical functions during and after the crisis.
Your firm should also review and update the procedures regularly to reflect changes in the firm’s operations and the evolving threat landscape.
4. Communication Plans
Once you’ve established emergency response procedures, create a plan for communication. Determine the channels you’ll use to communicate with your team, clients, and other stakeholders. To avoid miscommunication, appoint a single spokesperson whenever possible to provide regular updates and inform all parties of changes to the crisis at hand.
Get the latest news and leadership insights for hedge fund and family office professionals. Sign up for The Capital Return newsletter today.
By providing your email address, you agree to receive email communication from Arootah5. Backup Systems and Data Protection
As many firms have established work-from-home policies for employees, data protection strategies are proving more important than ever before. That’s why it’s not only important to identify how you’ll communicate with and protect your firm’s human resources, but also how you’ll protect your firm’s material resources.
Determine whether you want to house your servers in a separate location from your office, or if you want to move all data to the cloud. Identify vendors who can support you in choosing the option best suited for your business and then protecting, backing up, and restoring critical data and systems in the event of an outage or cyberattack.
6. Develop a Remote Work Plan
Create a remote work plan that allows staff to work from home or other remote locations in the event of a disruption. This plan should include procedures they can use to access critical systems and data securely.
7. Training and Testing Procedures
In addition to outlining emergency response protocols, it’s important your firm outlines a plan to train and test the procedures with your team. In fact, Rick Rescorla’s life story has proven that this training may not be merely important, but life-saving. In the early 1990s, Morgan Stanley hired Rescorla as a corporate security officer in the World Trade Center. After a terrorist attack on the building in 1993, Rescorla began to insist that all employees regularly participate in timed fire drills.
On September 11, 2001, Rescorla watched as a plane struck the South Tower of the World Trade Center then listened as the Port Authority advised everyone in the North Tower to remain at their desks. Ignoring this recommendation, Rescorla quickly and methodically triggered his well-rehearsed fire drill protocols and began ordering the Morgan Stanley employees out of the building. While Rescorla did not survive the attacks, he managed to evacuate nearly all 2,700 Morgan Stanley employees and is widely recognized as a national hero for his actions on that day.
While no firm can conceive of and train its team for every crisis, Rescorla’s story demonstrates the importance of anticipating and planning for crises as frequently and methodically as possible.
The Bottom Line
By establishing and implementing continuity procedures, COOs can help ensure investment firms are prepared to respond to unexpected events. This preparation can help the firm minimize the impact of the crisis on their business and clients.
If you need support putting a continuity plan in place at your firm, schedule a free consultation with an Arootah business advisor. Our advisors can support you in creating that plan and finding a preferred vendor to keep your data safe and easily retrievable in the event of a crisis.