We implement Exonaut® – our Governance Risk and Compliance (GRC) software platform, and help organisations develop plans and steering documents. We also deliver trainings, tabletop and simulation exercises, workshops, and GAP-analyses in the fields of risk management, crisis management and business continuity management.

In accordance with our ISO 9001 certification, we have developed a well-defined quality assurance methodology. It is based on commonly agreed Rational Unified Process (RUP) for project management. 4C Strategies have several experienced quality controllers whose mission is to evaluate and assure the quality of all our deliveries.

For implementation of our software platform Exonaut® we have developed a rapid implementation process where we usually go-live within 6-12 weeks of project start-up. A project involving a crisis management or business continuity management training and exercise usually takes 1-3 months. However, we also have long-time client partnerships that entail trainings and exercises over the course of several years. The needs of each specific client determines how we tailor each project.

Exonaut®, our GRC software platform, help you integrate disparate sources of information from a wide array of compliance and risk processes, providing users with a single portal for all GRC-activities. Implementing this integrated platform saves you time and money by releasing your staff from tedious administrative tasks.

Further benefits include:

• Great tool for publishing of easy-to-grasp dashboards as well as clear, yet powerful, automated reports
• Increased situational awareness and risk-informed decision-making
• Cost efficient allocation of resources
• Real-time monitoring of risk mitigation activities to minimise risk exposure
• Reduced financial and reputational impact of incidents
• Digital audit trail for effective after-action review and development of best practice
• Increased ability to deliver on strategic objectives
• Facilitation of compliance obligations
• Reduced insurance costs.

Having delivered projects to financial sector clients for over 15 years, we have a good understanding of regulatory requirements and sector best practices. How often you should exercise depends on the size and type of the organisation. Generally, the Crisis Management Team (CMT) of a financial organisation should exercise at least once a year in order to keep their capability to respond effectively to major events at a decent level. Larger and more complex organisations tend to require more frequent trainings and exercises.

A tabletop exercise is carried out as a round-table discussion focused on the impact of different scenarios and decision-making procedures. This type of exercise is meant to be a learning experience for newly formed crisis management teams or somewhat immature organisations. The exercise is designed to be an informal meeting and the target audience is encouraged to react to, and openly discuss, the issues that arise from the scenario. This type of exercise is suitable for organisations that have not previously exercised or that simply need to develop new plans and strategies.

Simulation exercises, on the other hand, are carried out ‘live’ with roles and responsibilities acted out in real-time, in order to practice managing crisis situations in a more realistic setting. During simulation exercises the target audience reacts to realistic events that are gradually introduced by exercise managers. Compared to a table-top exercise, where the scenario is presented via PowerPoint or printed handouts, simulation exercises are more advanced as the scenario is simulated via phone calls, fake press conferences and media injects (YouTube-clips, social media postings, etc.) with the intention of increasing the level of realism. The simulation exercise allows for a higher degree of training and verification but it also requires more resources and advanced planning.

Distributed simulation exercises allow for the simultaneous testing of scenarios and incident management at several locations. A distributed exercise often focuses on communication and coordination across time and space and allows for complex and pressing demands to be simulated in a highly realistic manner.

European financial actors are generally required to have a defined, documented and trained organisation for crisis management and business continuity management. Crisis plans, business continuity plans, and IT recovery plans and normally required by law and generally it is the company’s board and/or CEO that are personally responsible to ensure that these plans are updated and tested each year. Feel free to contact one of our experts to see what laws and regulations your organisation have to comply with.

Our model for structured crisis management can be used during any type of crisis. 4C Strategies has 20 years of experience in working with all types of crises, from reputational to operational and financial. Lately we have seen an increased demand for our cyber scenario exercises.