Build your operational resilience

The Financial Conduct Authority and Bank of England are reviewing the operational resilience of firms and expecting them to take reasonable steps to ensure they continue to comply with their regulatory obligations, notwithstanding any adjustments made to their usual practices in the context of extraordinary circumstances.

Gettyimages 1182850660 WEB

For many organisations, the Covid-19 crisis tested their ability to adapt to a whole set of new normals with many re-thinking their appetite for risk. For regulated businesses who are required to have robust operational resilience requirements to non-regulated businesses who should have clear business continuity and disaster recovery plans, the need to gain assurance over these mechanisms has never been more important.

Technology resilience remains one of the major challenges facing businesses and yet Boards typically receive very little assurance that management understands the vulnerabilities that exist, the quality of the arrangements in place and whether testing is effective.

How can we help?

The Evelyn Partners' risk advisory team is experienced in advising on business continuity, disaster recovery and operational resilience. The team has worked with a wide range of organisations providing:

  • Vulnerability assessments: evaluating all critical services to ensure that all end-to-end dependencies have been identified; looking at Recovery Time Objectives (RTOs) for all vulnerability scenarios (security attack, natural disaster, single points of failure, infrastructure weaknesses, data centre disruption, third party dependencies, data corruption, reliance on telecoms or digital platforms, people risks, premises and critical IT processes)
  • Resilience assessments: an in-depth assessment of the security and resilience plans in place against the vulnerability assessment and established good practice
  • Oversight/monitoring: how management monitors and predicts emerging performance issues across IT infrastructure. We look at whether the assurance provided to the Board and senior management is appropriate, informative, robust and timely