The Accenture Controllership organization, which includes nine shared services centers, led the business resiliency plan and implementation effort by collaborating with the Risk Management and Compliance team under Accenture’s Global Business Services Network group. From the outset, the project team designed a rigorous business resiliency plan with the realistic view that such a plan for an organization of 7,000 people would take time to shape, implement and test.
The plan took shape in five stages:
Organization and governance
The team used the ISO 22301 Business Continuity Planning Framework to structure the capability, drawing also on the experience and knowledge of the Global Risk Management and Compliance group. A governance model was established along with leadership commitment. The team defined roles and responsibilities that spanned locations globally. These initial steps helped embed a business resilience mindset in Controllership, which fosters a “One Controllership” culture of working as one unit, using common language and driving the same objectives and goals.
Document review
The team proceeded to work through an information gathering exercise. Team members reviewed every Controllership activity, identifying which were critical and at what point in the month they were critical—and which activities to put on hold in the event of having to execute to the plan. The activities went through a business impact analysis and a threat and risks assessment. The results of this analysis were used to determine how to provide the fail-over support. In parallel, the team identified the need to develop incident response documentation for the teams.
Incident response planning
To help respond to the most common scenarios, the team prepared an extensive location and recovery strategy. The strategy focused not only on a few locations, but on all shared services center locations along with connections to other key Accenture functions. During this stage, Controllership teams put in place cross-training and transferred knowledge. A very important step was establishing accelerated access management rights for critical systems during an incident when work is shifted to another team in another geography. Throughout this stage, Controllership sent out communications to inform and educate all impacted employees and stakeholders on implementing business resiliency actions should an incident arise.