Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
7 July 2020

Risk management planning for business disruption

We’re in the middle of a devastating global crisis caused by a microscopic entity. Who saw that coming? Bill Gates, for starters. As organisations overcome the initial shock and get to grips with protecting employees and productivity, attention will turn to the future. There will be many lessons. Perhaps the most important is that very few risks can’t be anticipated. COVID-19 is an unwelcome but timely reminder of the importance of up-to-date business continuity planning (BCP).

So what’s the key to effective BCP? The below considerations will help ensure your business is prepared for the expected and unexpected.

Identify the risks

What risks are you planning for? Some will be obvious. Many will hide in the details. Start with whoever knows the most about each business process and use workshops or questionnaires to find out what could negatively impact your business. This will help you to produce a risk register which will feed into your business continuity plans.

Identify what risks you can. However, it's impossible to determine all risks specifically. Instead, consider the impacts of unexpected generic events, for example, the loss of access to office buildings, connectivity and resources. Organisations that planned for spiked demand in service desk requests and remote connectivity were better prepared for COVID-19.


Create a controls framework

Enterprise and BCP risk assessments will form the basis for your controls framework, which should be monitored to ensure you can successfully detect, prevent or mitigate the impact of each risk.

When creating your controls framework, you should:

  • Be proactive. BCP is not merely a matter of deciding what to do if something goes wrong. Your plan should build up business resilience now to accelerate your return to business-as-usual practices after a disruption occurs.
  • Get buy-in. Continuity planning is a business-wide activity which depends on the input and backing of numerous employees. Your plan should be clear and concise and signed-off by all relevant stakeholders.
  • Train often. When disaster strikes, your team should automatically know what to do. There’s no substitute for regular training. Ensure control owners understand the purpose of control testing and how it improves risk management and business continuity.
  • Test and test again. Will your carefully designed response actually work? Increase your confidence with periodic testing, which will help you to refine your approach and ensure your measures are realistic and appropriate to the size, nature and complexity of your organisation.
  • Review regularly. Risks evolve. How fast will depend on your business and sector, not to mention the economy, environment etc. However, it’s a good idea to revisit the plan whenever implementing a business process change that could impact your risk profile. For example, when transferring a service desk unit to an offshore location

Conclusion—you can always be ready

Any risk to your strategic objectives is worth identifying, preparing for and mitigating. Both business continuity and enterprise risk management should work together to limit interruption to critical business processes. Involve operations stakeholders in the creation and regular testing, training and review of your business continuity plans to maximise their effectiveness.

It may be impossible to completely avoid the impact of crises on the scale of COVID-19, but you can ensure your business is better prepared to protect employees and establish a competitive advantage.