Business Challenge

A recent audit had revealed that a small home equity/mortgage lender was at risk of incurring penalties for violating state and federal regulations regarding business continuity planning.  Not only could a crisis potentially put them out of business, but it could also subject the company’s corporate officers to civil liability litigation stemming from their fiduciary responsibility to diligently protect shareholder interests.

Solution

The company was serious about developing business continuity and disaster recovery plans, but it didn’t know where to begin.  Forsythe started by proposing a model framework for thinking about business continuity planning, in order to identify what the company’s business continuity recovery objectives should be, and how it might prioritize them. 

This process led the company to engage Forsythe to perform a business impact analysis (BIA), evaluating how different areas would likely be affected by disruption to business processes, to what degree, how quickly, and what the operational, financial, legal, and public relations consequences might be.   The next steps in the BIA were to identify what IT applications and systems supported each of these business processes, and to determine interdependencies between systems.  The final steps were to establish a recovery time objective and a recovery point objective in keeping with the company’s business continuity requirements.

Results

The BIA illustrated that the business unit whose interruption would create the greatest losses was the loan administration department, which included collections and foreclosures.  The company then engaged Forsythe to conduct a risk mitigation strategy analysis on the loan administration department.  The goal of this analysis was two-fold: to have experienced professionals address the most urgent problem first, and to use Forsythe’s work as a model the company could follow in conducting its own risk mitigation strategy analyses for its other departments.

Forsythe successfully designed a risk mitigation strategy and developed business continuity plans for the company.  These included the creation of crisis management teams, emergency response teams, salvage and reclamation teams, an incident management process, an emergency response process, and guidelines for what roles should be assigned to each team.  Then, Forsythe built specific plans and procedures for each recovery team, including some basic recommendations for handling public relations in the event of a disaster.  Forsythe also wrote disaster recovery processes for the technology supporting the department, and offered a recovery site recommendation.

Having taken care of its most immediate risk mitigation priorities, the company has also reached a consensus among its departments on disaster recovery strategy and planning—which is not always an easy thing.  It is now involved in applying Forsythe’s risk mitigation strategy model to each of its other departments, one at a time.