Business continuity management in United Nations system organizations (JIU/REP/2021/6)

Business continuity is defined as the capability of an organization to continue delivery of essential and time-critical services at acceptable predefined levels during and/or following a disruptive incident. The United Nations system organizations often operate in volatile environments and can be exposed to disruptions due to natural and human-made disasters. Moreover, the current COVID-19 pandemic has seriously tested business continuity management and organizational resilience. Yet, the pandemic also provided an opportunity to gain from good practices and early lessons learned and to strengthen business continuity management. Without an effective business continuity management framework, organizations run the risk of incoherent and uncoordinated responses, thereby amplifying crises and degrading organizational resilience.

 

The Joint Inspection Unit released its report on business continuity management in the United Nations system organizations to inform legislative organs and governing bodies and respective executive heads on the status of business continuity management policies, plans, processes and practices across United Nations system organizations and to identify good practices and lessons learned. The review found that in the past ten years, substantial progress has been made in the UN system, however, gaps in core elements of effective business continuity management frameworks and capacity remain.

 

Notably, the rigour and discipline around maintenance, exercise and review regimes for business continuity plans have been found to be lacking sufficient attention. Not all participating organizations have established criteria to update and test their business continuity plans. Such provisions are identified as essential to ensure that plans are not only updated regularly with new or emerging risks, but also serve to prepare staff and embed business continuity management as a dynamic and iterative practice. Business continuity management must include the discipline to conduct post-crisis reviews to highlight good practices and to address gaps and shortcomings to prepare for future disruptive incidents. Internal management reviews should be employed to provide a more comprehensive assessment of how various aspects of business continuity management have performed during particularly challenging and/or critical periods to inform revisions to policies and procedures.

 

Across the United Nations system organizations, the inter-agency mechanisms can and should play a role in further integrating the system-wide policy on the organizational resilience management system and business continuity management as one of its key components. Inspectors also encourage the CEB to focus efforts on sharing good practices and leveraging inter-agency networks and communities of practices to further business continuity management and organizational resilience. Given the impact on the occupational health and safety of staff in the recent pandemic, consultations with medical and counselling services in their business continuity planning processes must be a priority. Regular and substantive interactions between enterprise risk management and business continuity management functions should also be facilitated by senior leaders to truly capitalize on complementary potential. Inspectors also suggest a requirement to report to the legislative organs and governing bodies on progress on implementation of the policy adopted by the CEB on the organizational resilience management system.