Strategic Business Continuity Management

Similar documents
Business Resilience: Proactive measures for forward-looking enterprises

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

10 REASONS WHY YOU SHOULD INVEST IN RESILIENCY

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

A Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.

Business Continuity Planning and Disaster Recovery Planning

Risk Advisory Services Developing your organisation s governance for competitive advantage

Robotic Process Automation in Insurance. An ACORD/Capgemini Perspective

BENEFITS OF AN EFFECTIVE OUTSOURCING STRATEGY. March 1, 2017

An Enterprise Resource Planning Solution for Mill Products Companies

Towards the Next Agricultural Policy Framework

A Guide to. Cogeneration. Plant Solutions. Plant Solutions A Guide to Cogeneration

Extended Enterprise Risk Management

Internal audit insights High impact areas of focus

Managed IT Services. Eliminating technology pains in small businesses

12.0 Business Continuity Management

INTELLIGENT DIGITAL AUTOMATION PLATFORM

Managed IT Services. Eliminating technology pains for small businesses

CompuCom Wireless Failover Solution. Continuous Business Connectivity

Planning and design for smarter cities

Managed IT Services. Eliminating technology pains for small businesses

Legal Firms and the Struggle to Protect Sensitive Data IT Disaster Recovery Planning and Preparedness Survey

Introducing ISO 22301

Managed IT Services. Eliminating technology pains in small businesses

An Overview of the AWS Cloud Adoption Framework

Managed IT Services. Eliminating technology pains for small businesses

Global Crises: What We Really Need to Do to Be Prepared. Day One / Session C5

2008 BUSINESS RESILIENCY SURVEY RESULTS:

Navigating the Intersection of Vendor Management and Business Continuity

STAFFING IS YOUR STAFFING FIRM RIPE FOR GROWTH?

AMPLIFYING EMPLOYEE ENGAGEMENT & PRODUCTIVITY

Building and Maintaining a Business Continuity Program

My name is Sam Mulholland and I am the Managing Director of Standby Consulting.

The Cost of Tactical Project Management: And the Opportunity of Strategic Project Leadership

From its adoption as a discipline in the 1980s,

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

Managing reputation risk. Laura Toni, Deloitte Romania November 28, 2014

Leading financial institutions are transforming the way they manage IT risk

Outsourcing transparency evolution

Business Resilience They Cannot Do This Without You!

Communications in the Cloud:

Transforming the power and utilities IT organization

Making the business case for Cloud

Comprehensive Disaster Management Policy Framework for Trinidad and Tobago

The Value- Driven CFO. kpmg.com

IBM Sterling B2B Integrator

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

How Your Business Survival Depends On Disaster Recovery.

The Time is Right for Optimum Reliability:

Introduction. Context for Digital Transformation. Customer Experience

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

Visionary Leadership. Systems Perspective. Student-Centered Excellence

Incident Management Systems:

What the most. successful. CEOs know SHAPE FINANCIAL PERFORMANCE

Considerations when Choosing a Managed IT Services Provider. ebook

INFORMATION SERVICES FY 2018 FY 2020

Securing Global Transportation Networks: A Total Security Management Approach

Value Chain Management: The Next Evolution of Supply Chain Management

Your Workday Operating Model The Build Versus Buy Decision

Project Management 2020: Enabling Project Management Capabilities Outside of IT For information, contact Deloitte Touche Tohmatsu Limited.

10/9/2013. How to Create an Effective Disaster Recovery Plan. Hurricane Ivan and the Clover Hill Foods Flood of 2004 PRESENTERS

Market System Evaluation. June 2017

Volatility: the new reality Synchronize your supply chain planning to capture value in a volatile world

Beyond Cost Reduction

At the Heart of Connected Manufacturing

The Application Gap in Manufacturing

ISO Business Continuity Management. Your implementation guide

The Six Stages of a Crisis. Stage Five: Resolution

Core Values and Concepts

Shared Services in the Financial Services Industry: An Operating Model to Reach Strategic Goals

Driving Business Performance

BT and the Future of IT Security. Bruce Schneier Chief Security Technology Officer, BT BCSG. 27 February 2009

The future enterprise. A transformation road map for the automotive organization

Mid-market technology trends: Leveraging disruption to drive value The Dbriefs Private Companies series Anthony Stephan, Principal, Deloitte

Inventory Control Maturity Continuum

Dynamic Simulation and Supply Chain Management

Data, Analytics and Your Audit

Building a Roadmap to Robust Identity and Access Management

TEN. The TOP. Managed IT Services. reasons for. AMA Networks presents the.

Is your phone system holding you back or helping you fly?

Cashing in on order-to-cash Accelerating the deal s revenue growth potential

ORACLE FINANCIAL ANALYTICS

JULY 2015 [MICRO]GRIDS TODAY. Themes and Outcomes ONTARIO SMART GRID FORUM

Business Resilience: Equipping the FM for Success

INTRODUCTION. NOS Priorities Roadmap, p. 3

Table of Contents. Introduction: Leading & Sustainable Retailing NSLC Strategic Planning Approach... 2

The Future of Internal Auditing:

Strategic Meetings Management: Solutions and Consolidation Opportunities

Governance and decision rights. HR Business Partner and Centers of Expertise. The HR Chief Operating Officer. HR Organization

Business Continuity Advice. Loss of premises

Beginning a Business Sustainability Plan

Securing Capabilities in the Cloud: Security and Privacy in the Evolution of Cloud Computing

Global Talent Mobility: The 21 st Century Business Imperative

Adaptive Business Continuity Manifesto

Turn Your Business Vision into Reality with Microsoft Dynamics NAV

Transcription:

Strategic Business Continuity Management Steven J. Ross Deloitte & Touche New York Prospering in the Secure Economy Leading organizations must confront the new realities of today s uncertain economy The emerging regulatory environment and new standards are shaping industry s vision of acceptable recoverability The business case for recoverability investments must become strategic in order to move beyond the cost impact Prospering in the secure economy requires better risk management, improved response, integrated strategy, and extended supply chain protection Government is a source of information and best practices for industry Protecting and even creating greater shareholder value demands a strategic, proactive approach at the CEO leadership level Prosperity Security/ Availability 2 High Level Indicators World Economic Forum Annual Meeting Survey By a ratio of more than two-to-one, members believe the next generation is more likely to live in a prosperous (59%) rather than safe (27%) world Members tend to believe the outlook for their personal security looks better now (65% assign positive ratings) than it will in 10 years time (only 41% assign positive ratings) A majority of members believe 40% or more of their company s market capitalization is represented by brand/reputation Conclusion: Perception and resulting risk to shareholder value is a greater economic threat than loss of specific assets 3 1

Five Strategic Realities for the Future Rapid Change The global business climate has been nothing if not tumultuous in recent years. New Regulatory requirements Organizations are confronting a host of new security requirements. Heightened threats and greater uncertainty Organizations remain unclear about what kinds of threats warrant the greatest concern Complex and interdependent risks Interdependent supply chains put organizations at greater risk due to the multiple partners and handoffs involved in production and distribution. Globalization and the 24/7 news cycle Organizations now have only minutes not hours or days to respond proactively to an incident before risking possible damage to their reputation. 4 The Evolution of Business Continuity Disaster Recovery (DR) Business Continuity Planning Business Continuity Management Organizational Focus on Risk Mitigation DR hit the corporate agenda in the mid 80s as businesses began to increasingly rely on mainframe computers The enthusiasm for The terrorist attacks of the DR started to wane early to mid 90s made firms as it became realize that DR did not evident that a more effectively mitigate risks. BC proactive approach evolved as a result. to risk mitigation was required 9/11 Tokyo Subway Attack Oklahoma Bombing With the technology boom and roaring economy of the late 90s, BC, although a standard business practice, was given little attention WTC Bombing Bishopsgate Bombing Tower Group estimates that the North American Security Industry spend on Business Resiliency will increase to over $1 billion in 2003 from $633 million in 2001 9/11 highlighted that risk mitigation plans had to protect against events previously considered unimaginable. Combined with a struggling economy, BC had to evolve Late 80s Early 90s Mid 90s Late 90s Early 00s Mid 00s Preparations for crises have evolved from disaster recovery and business continuity planning into a more comprehensive approach called Business Continuity Management. 5 Management Perspectives Disaster Recovery Plan I have a data center, I might need a data center Business Continuity Plan I do business in one place, I might have to it somewhere else Business Continuity Management I do business in one place, AND I have to it somewhere else, too The recognition of the inevitability of disruption makes business continuity a strategic concern 6 2

7 8 9 3

10 Madrid Bombing 11 12 4

13 14 15 5

Northeast Blackout 16 Hackers Northeast Blackout 17 Chicago Fire Hackers Northeast Blackout 18 6

Civil Disturbance Chicago Fire Hackers Northeast Blackout 19 Computer Viruses Civil Disturbance Chicago Fire Hackers Northeast Blackout 20 Floods Computer Viruses Civil Disturbance Chicago Fire Hackers Northeast Blackout 21 7

Tsunami Floods Computer Viruses Civil Disturbance Chicago Fire Hackers Northeast Blackout 22 Earthquake Tsunami Floods Computer Viruses Civil Disturbance Chicago Fire Hackers Northeast Blackout 23 Earthquake Hurricanes Tsunami Floods Computer Viruses Civil Disturbance Chicago Fire Hackers Northeast Blackout 24 8

Tsunami Earthquake Hurricanes Tornado Floods Computer Viruses Civil Disturbance Chicago Fire Hackers Northeast Blackout 25 Tsunami Earthquake Hurricanes Tornado Floods Computer Viruses Civil Disturbance Chicago Fire Hackers Mudslide Northeast Blackout 26 Recognizing the Business Exposure Sales & Marketing Inventory Orders Supply Chain Purchasing Cash Management Manufacturing Human Resources Accounting/ Reporting Payroll A typical business contains a number of distinct but interacting processes 27 9

Recognizing the Business Exposure Sales & Marketing Inventory Orders Supply Chain Purchasing Cash Management Manufacturing Human Resources Accounting/ Reporting Payroll A typical business contains a number of distinct but interacting processes 28 Recognizing the Business Exposure Sales & Marketing Inventory Orders Supply Chain Purchasing Cash Management Manufacturing Human Resources Accounting/ Reporting Payroll With varying tolerances for interruption (RTO). 29 Recognizing the Business Exposure Orders Supply Chain Manufacturing When each process entailed a separate application set, they could be recovered over time. 30 10

Recognizing the Business Exposure Inventory Orders Supply Chain Purchasing Manufacturing When each process entailed a separate application set, they could be recovered over time. 31 Recognizing the Business Exposure Sales & Marketing Inventory Orders Supply Chain Purchasing Manufacturing Human Resources When each process entailed a separate application set, they could be recovered over time. 32 Recognizing the Business Exposure Sales & Marketing Inventory Orders Supply Chain Purchasing Cash Management Manufacturing Human Resources Accounting/ Reporting Payroll When each process entailed a separate application set, they could be recovered over time. 33 11

Recognizing the Business Exposure Sales & Marketing Inventory Orders Supply Chain Purchasing Cash Management Manufacturing Human Resources Accounting/ Reporting Payroll But ERP systems have integrated all (or at least many) applications into one application 34 Recognizing the Business Exposure Sales & Marketing Inventory Orders Supply Chain Purchasing Cash Management Manufacturing Human Resources Accounting/ Reporting Payroll And therefore the most critical process dictates the recoverability requirement for all. 35 Thinking Strategically What business are we in? Who are our competitors? How do we make money? How do we approach the market? How much risk can we afford? How much cost can we afford to reduce the risk? What do our regulators want? 36 12

Thinking Strategically about BCM What business are we in? Can we stay in that business if we fail to serve our customers? Are we part of the critical infrastructure? Are we a merger target? Is our industry growing? Are we growing? How deep are our capital reserves? 37 Thinking Strategically about BCM What business are we in? Who are our competitors? Can they promise a higher level of availability? Would they take market share if we could not produce? Would they increase their visibility with our key customers? Are we ahead of or behind industry norms? 38 Thinking Strategically about BCM What business are we in? Who are our competitors? How do we make money? How leveraged are we? How long can we sustain interrupted cash flow? What are the choke points in our ability to realize revenues? Do we have alternatives? Can we re-capture lost sales when we recover? What responsibility do we have to our customers? 39 13

Thinking Strategically about BCM What business are we in? Who are our competitors? How do we make money? How do we approach the market? Do we sell to consumers or other businesses? Do we sell on the Internet? Do our customers come to us or do we reach out to them? Do we sell through intermediaries who depend on us for products? 40 Thinking Strategically about BCM What business are we in? Who are our competitors? How do we make money? How do we approach the market? How much risk can we afford? Have we experienced losses? Are we in a target business or location? Will better controls mitigate our risk? Have our auditors or the Board expressed concern? What does insurance cover? 41 Thinking Strategically about BCM What business are we in? Who are our competitors? How do we make money? How do we approach the market? How much risk can we afford? How much cost can we afford to reduce the risk? How much can we accomplish with limited expenditure? Can we leverage existing assets? Can we accomplish availability goals with business as usual solutions? Is there a current ROI on our investment in availability? 42 14

Thinking Strategically about BCM What business are we in? Who are our competitors? How do we make money? How do we approach the market? How much risk can we afford? How much cost can we afford to reduce the risk? What do our regulators want? Is improved availability a necessary cost of doing business? How much criticism can we absorb? Have we been cooperative with the regulators in the past? Whose job is at risk? 43 The Strategic Imperatives Recovery 44 The Strategic Imperatives Recovery Resilience 45 15

The Strategic Imperatives Recovery Resilience Compliance 46 The Strategic Imperatives Recovery Compliance Resilience Preservation 47 The Strategic Imperatives Recovery Compliance Resilience Preservation Response 48 16

The Strategic Imperatives Recovery Compliance Response Resilience Preservation Anticipation 49 The Strategic Imperatives Recovery Compliance Response Resilience Preservation Anticipation Trust 50 The Strategic Imperatives Recovery Compliance Response Trust Resilience Preservation Anticipation Validation 51 17

The Strategic Imperatives Recovery Compliance Response Trust Resilience Preservation Anticipation Validation Operations 52 The Strategic Imperatives Recovery Compliance Response Trust Operations Resilience Preservation Anticipation Validation The business, itself 53 Tactical vs. Strategic Business Continuity Planning has historically been tactical Establishing alternative resources Deploying personnel after a disaster To make Business Continuity Management more strategic, it is necessary to think beyond the hot site Re-thinking the way a company does business Incorporating recoverability into business as usual (BAU) Accepting disruption as a condition of doing business, without accepting that disruptions must cause an interruption in service Incorporating resilience into cost models 54 18

Beyond the Hot Site Re-deployment Deconstructing the enterprise so that no critical activity can be halted by a regional outage May be active-active or mirrored staffs Entails significant shifts in technology Requires shared databases and transaction flows Highly resilient networks are essential Triage and backlog become major issues 55 Beyond the Hot Site Active - Active Transactions Function A Function A Data Mirror Staffs Transactions Transactions Function A Function B Data 56 Beyond the Hot Site Contingent Outsourcing Relying on a third party during an emergency Requires extensive training and recurrent testing Optimum solution is to outsource some positions/functions on a permanent basis Involves recovery staff in routine operations Core of the recovery capability Mitigates turnover in normal times 57 19

Beyond the Hot Site Large Scale Data Replication Extending high availability beyond critical data and applications to all, or most, of the enterprise database Assumes that the complexity of integrated businesses makes it impossible to disentangle critical and non-critical data Huge costs in storage and networks can be mitigated by more intelligent design 58 Beyond the Hot Site Supply Chain Redundancy Dual sources of required resources Balance of effectiveness Multiple suppliers Single supplier with guaranteed redundancy (telco, power) Consideration not only of materials but data and tools as well 59 Accepting Ownership A strategic view of Business Continuity Management engages senior management and the Board of Directors Surely as valid a concern as share price and financial statements Reflects the regulatory viewpoint In the integrated, Internet era, resilience equals market share 60 20

Resilience = Market Share 61 Resilience = Market Share 62 Resilience = Market Share 63 21

Resilience = Market Share 64 Resilience = Market Share 65 Resilience = Market Share 66 22

Resilience = Market Share 67 Strategic Business Continuity Management Recoverability + BAU = Resilience Business Continuity Management is so much more than developing a continuity plan It must comprehend a much broader, proactive view of recoverability, availability and resilience Effective Business Continuity Management must be a way of thinking about businesses and providing solutions on an organizational basis address the need for the business to continue and grow under routine circumstances, not just recover from a disaster 68 Steven Ross stross@deloitte.com 69 23

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback