In the last business continuity blog we talked about the three phases of Business Continuity Planning (BCP)–Emergency Response Action Plan, Disaster Recovery Plan, and Business Continuity and Continuance. We also discussed NOT chasing scenarios but rather planning for loss conditions–loss of personnel, loss of facilities, loss of services, and loss of access.
Additional reading: The CFO’s Toolkit: Minimise Risk and Ensure Compliance
Now, we will turn our attention to how treasury technology can help prevent treasury disruption.
The key to business continuity planning is minimizing – and ideally avoiding – disruption to treasury operations. Treasury technology solutions, such as treasury management systems, offer many features that empower treasury to avoid disruption altogether.
The best security feature of the cloud is that it takes the entire software solution (and data) off your premises. Data centers used by cloud treasury providers reside in different locations than the company offices, so treasury systems will continue to operate even if the company offices are disabled or inaccessible. Further, all good (and even most of the bad) cloud treasury providers will have their own business continuity plans to ensure the treasury software-as-a-service is always running. They build in redundancy of operations, replicating the entire environment so that all the data, the interfaces, the bank connections, and the security protocols are all available in the “backup location”. If done well, a treasury team should not be able to tell if they are in the primary environment or in the backup.
Treasury systems that are globally accessible – i.e. via the cloud – can allow the same workflows to be run anywhere in the world by authorized users. If setup correctly, the treasury system will feature standardized templates, processes, and visual workflow maps so that temporary and new employees can be onboarded very quickly. The system can be the documentation in many cases, which ensures that treasury is run the same way no matter who is performing the tasks. The treasury system will be a single repository for all data and documentation which ensures treasury information is consistent and available if other offices have to take over for a period of time.
Treasury systems need to be mobile. Especially to effectively support business continuity, treasury systems need to work at home (possibly on a really old desktop with an old internet browser), on tablets, on smartphones, and with low-speed web connections (e.g. having to use your iPhone as a hotspot for your tablet to get online). If a treasury system cannot support these uses, it isn’t going to be a reliable component in your treasury’s business continuity plans.
I don’t need to explain why security is important. Presuming treasury’s choice of technology is aligned with the organization’s information security policies, there will be certain authentication protocols used to login to the treasury system. They may include one (and ideally more than one) of multi-factor authentication using hard or soft tokens, IP Filtering, virtual keyboards, VPN, and SSO.
Invoking business continuity plans cannot mean that these security policies are abandoned, even for a short period of time. Such exceptions to policy seriously expose treasury to risk of internal fraud or cybercrime. Login procedures to treasury systems must be part of business continuity planning because “it was a disaster” is not an excuse to resort to only using UserID and password to access your treasury system.
Treasury technology enables treasurers to more easily create effective business continuity plans and, more importantly, minimize disruption to treasury if those plans need to be executed. But, don’t take my word for it. Try it for yourself. 🙂
You can view the webinar video and slides with the link below:
Kyriba and AFP present — Manage Risk: Building an Effective Business Continuity and Disaster Recovery Plan