Part 2, Challenges of Continuing Remote Work
In our previous post on the coronavirus remote work era, we discussed some technical and security factors that treasury needs to make sure they have covered as they send workers home. In this second post, we’ll talk about the challenges of continuing remote work, focusing on three areas: 1) backup plans, 2) extending the business continuity plan, and 3) capturing the gaps.
“For treasury, a crisis is a classroom.”
No current precedent exists for this situation. The term mass experiment is apt, and its use accurately suggests that no one feels terribly confident about how this is going to go. In the last post, we discussed making preparations and trying to anticipate where new vulnerabilities and problems might arise, but in such uncharted territory, anticipating problems has to involve realizing that you can’t anticipate every problem that might arise.
These scenarios call for backup plans. You’ve done your best to make sure the VPN will function appropriately, but what if it can’t stand the volume of traffic anyway? How will your team continue to perform vital operations? What if the IP filter that was supposed to allow in your home network blocks you? What if the computer used by treasury staff fails, and they are unable to access the TMS you use to make time-sensitive payments? What if several key staff are unavailable caring for sick family members?
Musing on how badly things could go is absolutely not the point. The point is to decide ahead of time on backup plans so that vital functions such as payments continue to run on time, even if not at peak efficiency. For example, if you usually use a TMS and are unable to access it during this time for some reason, will you have certain employees return to the office, or will you keep them home and have them use bank portals and spreadsheets?
Consider as well any risks you might incur with your backup plans. For example, in a recent blog post for Kyriba, Bob Stark made this observation while discussing the long-term use of business continuity plans (a topic we’ll discuss in the next section of this post): “Several readers pointed out that their business continuity plans included using bank portals for payments, which makes enforcement of centralized payment polices and fraud-detection screening impossible. Some feared that inconsistent payment controls could increase the risk of payments fraud.” Preparing these backup plans and considering the risks you might face ahead of time will help keep any glitches in the process from becoming emergencies.
Extending the Business Continuity Plan
We cannot yet know how long it will be before employees in various regions will be able to return to their offices. That being the case, treasury must consider the possibility that this time of remote work will extend for quite some time, perhaps months instead of a few weeks. As Bob Stark notes in the same article referenced earlier, “Many shared that disaster recovery (DR) or business continuity plans (BCP) were intended for relatively short time periods (e.g., up to a week) and did not incorporate long-term technology solutions.” At this point, some companies have undoubtedly already been working remotely for longer than the extent of their continuity plan.
While certain aspects of a continuity plan might extend over greater lengths of time without alteration or complication, treasury should consider that some new issues will appear if staff remain unable to return to the office for a longer period of time.
To give examples: If you run into a problem with your computer (hard drive failure, etc.), what is your recovery process? Do you have another machine that has the right image, and you just need your data copied onto it? How will you implement system updates to avoid falling behind? If your company requires (onsite) network connection password changes every quarter, how will this policy be accommodated or changed? Does IT have some imaged machines ready to go?
As you work through these questions, you will need to coordinate with other departments. The cooperative nature of treasury as one of the only departments that must work with every single other headquarter department is well known (or should be). In this situation, that cross-departmental reach increases. Remote work and the extension of the business continuity plan requires conversations with legal and sales regarding access to confidential and proprietary information. IT must be involved in the conversation to help work through the technological and security risks and logistics. Remote work and crises in general add and change vulnerabilities that affect many departments, so it’s vital for treasury to keep reaching out and involving others.
Capturing the Gaps
For treasury, a crisis is a classroom. These are the moments when your risk management can be honed by experience and close observation. Some lessons learned may be imprinted on our memories. Other valuable insights might be forgotten in the wake of more urgent tasks and in the confusion, disorientation, and overwhelm of tumultuous times unless we find a way to record them.
During this time, try to capture the gaps you find in your business continuity plan, in your risk management as it applies to this situation, and in your preparedness in general. This does not need to be complicated or conclusive – you can simply take notes on the problems you encounter so that they can be referenced, digested, and accounted for at a later date. Let’s make sure we learn from our gaps.
What are you learning? Drop us a note.
Part 1: Equipping Staff and Securing the Environment
N.B. If you’re interested in helping the industry or gaining insights into the weekly developments of your peers’ views, click here to access the Treasury Coalition website. The Treasury Coalition was formed in response to the rapid changes and effects of the COVID-19 pandemic and seeks to monitor the industry’s response on a weekly basis through the Global Crisis Monitor survey. From the website, you can participate in the survey, register for results, or both.