Five steps to assess vendor resiliency and protect business continuity
As businesses increasingly rely on external parties for critical services, they become more vulnerable to business interruptions. This is especially true when such businesses know little about their third party vendors' resiliency and recovery capabilities, according to a new PwC US whitepaper, which examines the effects that vendor resiliency, or lack thereof, can have on an organization's business continuity strategy.
Entitled, ‘Business continuity beyond company walls: When a crisis hits, will your vendors' resiliency match your own?’, the PwC report also notes that risk becomes greater when the organization has a limited understanding of its own business interruption threats, resiliency status and recovery capabilities and strategies.
"In a world of ever increasing dependence on third party vendors, you need to know if you can count on the other party when a crisis strikes," said Phil Samson, principal in PwC's Risk Assurance practice and the firm's Business Continuity Management services leader. "It's all about transparency - asking the right questions and pushing the right levers to determine whether your vendors will be able to weather a serious business interruption and quickly resume business as usual. The more you know about your own needs, your vendor's capabilities, and the robustness of your resiliency plans, the more comfort you'll have about staying on track toward your long-term strategic and operational goals even when faced with adverse developments."
According to PwC's report, reliance on third parties is gaining momentum, and if companies lack insight into their critical vendors' resiliency and recovery capabilities, they run the risk of their own strategic goals being derailed.
"Our clients are adjusting to the shift in global economic power and demographic shifts – two of the megatrends we identified – by increasing their use of strategic vendors to accelerate their global growth strategy and decrease time-to-market for their products and services. Along with the increase in strategic vendor reliance comes the need to more formally monitor vendor and other third party risks," said Brian Schwartz, PwC US Risk Assurance, Governance, Risk and Compliance leader.
In order to protect against business interruption risks, companies should institute a business continuity management program that encompasses vendor risk by incorporating increased resiliency and rapid recovery. PwC outlines five steps to help companies look beyond their own walls and examine interruption risk among the vendors who provide support:
Step 1: Map your vendor risk landscape
Step 2: Distinguish among different shades of red
Step 3: Be specific
Step 4: Trust but verify
Step 5: React
•Date: 19th April 2014 • US/World •Type: Article • Topic: BC general