Information Technology

Finance’s role in operational risk management

By the Business Continuity Institute
Information Technology
Published: 20 January 2017

Two-thirds (66%) of financial executives in the US say their organisation has been harmed by equipment failure during the last five years, 6 out of ten (60%) have been impaired by data breaches or cyber attacks, while more than half (52%) have had their operations affected by natural disasters. Yet the majority (54%) say their organisations have not developed or tested any formal loss recovery plans. This is according to a new study commissioned by FM Global.

Finance’s role in operational risk management: CFO research on building a resilient company also revealed a low level of preparedness for operational risk events as only a third (34%) of financial executives believe their organisation was very well prepared to recover from an equipment failure. Just a third (33%) felt they were very well prepared to recover from a natural disaster, while merely a quarter (24%) were very well prepared to recover from a data breach/cyber attack.

“It’s surprising the number of companies that have been harmed by operational risk events, coupled with the relatively low number of companies that feel they are very well prepared for a disruption event,” said Eric Jones, operations vice president and global manager of business risk consulting, FM Global. “The findings reveal the opportunity for financial executives to implement stronger plans with increased data, to help move resilience forward within their organizations.”

There is also an increasing perception of risk as over two-thirds (70%) of financial executives are concerned that their revenues or earnings will become more vulnerable to operational risk over the next two years, and nearly 6 out of ten (60%) say the need to manage operational risks will make it more difficult to meet revenue and earnings targets over the next two years.

Some of these findings echo the results of the latest Horizon Scan Report published by the Business Continuity Institute which features cyber attacks, data breaches and IT/telecommunications failures as the top three concerns for business continuity professionals. Adverse weather features high on the list in eighth place, although other natural disasters such as earthquakes and tsunamis are not quite as concerning.

Overall, the study found a need for improved resiliency with 86% of respondents say their companies will need to be more resilient in the future.