Post on 31-Dec-2020
© 2015 Avalution Consulting, LLC | All Rights Reserved
Avalution Consulting
Creating a Business Continuity Program that Resonates with
Management
Michael Bratton and Kirk Kinsey
Agenda and Objectives
• Discuss how business continuity can support organizational objectives and strategies
• Introduce a management system as a means to drive alignment
• Discuss ways to engage management and garner support
2
What Do Businesses Care About?
3
What Do Businesses Care About?
• Meeting stakeholder obligations and expectations
• Preserving brand and reputation• Improving the bottom line and growth
4
How Can Business Continuity Support?
5
How Should Business Continuity Support?
Performance
Critical Products
and Services
Business Continuity
6
Traits of an Unsuccessful Business Continuity Program– A Case Study
• Audit vs. the bottom-line• Misaligned scope• Management not interested
– View business continuity as a burden– Don’t understand the process
• No metrics to manage business continuity performance
• Business continuity is afraid to bother the business• Unclear roles and responsibilities
7
Root Cause
• No mechanism to tie business continuity activities to overall organization/management strategies and objectives
• Solution: Use a management system to ensure alignment to the organization’s strategic objectives
8
Management System
Set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives.
9
Business Continuity Management System
ISO 22301 The international standard
for Business Continuity Management Systems
10
Case Study – BCMS Solutions
11
Symptom
Audit vs. Bottom Line Focus
Poor Scope
Management Disinterest
Unclear Roles and Responsibilities
Improper Evaluation Criteria
A look at which management system components will help “stamp out” common BC program problems.
Solution Set
Objectives and Priorities
Products and Services, Scope
Leadership Involvement, Management Reviews
Competencies and Documentation
Metrics, Management Reviews
The Value of a Management System
• Built-In (Consistent) Executive Involvement
• Scope Based on Products/Services
• Alignment to Other Disciplines
• Continual Improvement
12
Engaging Management: Set Risk Tolerances (and Priorities)
• Risk appetite should be measurable
• Risk appetite can change based on organizational priorities
• Ensure management “buys-in” to the risk appetite
• Establishing risk tolerances will enable better decision-making (and will drive program outcomes)
13
Product Service Approach
No more than 4 hours of downtime
for Service X
Organizational Approach
No more than a $50,000 financial
loss
Engaging Management: Setting an Appropriate Scope for Business Continuity
• Scope your BCMS so it aligns to your organization’s most important goals
• Product and Service Approach• Work with the steering committee to get the scope
just right
14
Review:• Financial Reports and
Statements•Marketing Materials•Website
Identify Risk Tolerances
Prioritize Products and
Services
Develop Scope
15
Engaging Management: Setting an Appropriate Scope for Business Continuity
Gold Chains
Manufacturing
Foundry
Distribution
Enterprise Resource Planning
Procurement
•Facility•People•Apps/Data•Vendor•Equipment
Engaging Management: Establish a Review Process
Establish a cadence for management reviews with the steering committee– Discuss the scope, performance,
viability, and cost of the BCMS– Remember to speak management’s
language and avoid BC jargon– Follow-up (and more importantly,
deliver) on past requests and assignments
16
SAMPLE AGENDA
Program Scope Review• Value Stream Prioritization• Maximum Downtime
Review• Organizational Changes
Business Resiliency Program Performance Review• Metrics• Exercise Results• Audit Findings• Customer Feedback
Corrective Actions
Action Items
Additional Topics
Engaging Management: Program Documentation
• Documenting program requirements will help in holding others accountable
• Specifying competencies as part of the process will help make sure that “the right people” participate
• At minimum, best practice is to have a business continuity policy (the what) and operating procedures (the how)
17
Engaging Management: Measuring Performance Appropriately
• Remember that BIAs, strategies, and plans are just a means to an end:– Quality is far more important than quantity
• Effective business continuity is the ability to continue to meet expectations and deliver products/services after a disruption– Strong performance during real-life
scenarios, exercises, and plan walk-throughs is the best indicator of successful business continuity
18
Metrics Approach 1
Performance to Requirements
Metrics Approach 2
Recoverability
Metrics Approach 3
Maturity
ProcessUpdated
BIA?Updated
Plan?Performed Exercise?
Went to Training?
Rating
Process X Yes No Yes Yes
Process Y Yes Yes No No
Process Z No No Yes No
This is the wrong (or an incomplete) It reinforces a check the box view point.This is the wrong (or an incomplete)
approach. It reinforces a check the box view point.
19
Engaging Management: Measuring Performance Appropriately
Product / Service
Business Continuity Objective Current State Recovery Capability
Rating
Perform Customer Support
Ensure No More Than 4 Hours Downtime with Less than a 90 Second Wait Time
8 hours, Estimated 4 MinuteWait Time at Recovery
Manufacture Product
10 Days Target Safety Stock (offsite), Maintain Contingency Sourcing Agreement Effective Within 7 Days
1 Days Safety Stock, Contingency Sourcing Agreement With Acme Pending
Process Warranty Claims
Seamless Failover Between Each Claims Handling Region in the United States,
Claims Failover Process Complete and Demonstrated –No Downtime
Bill Customers
Restart Bill Generation and Catch Up On All Back Logged Work Within 5 Days; Suspend Collection Reminders to Protect Customer Relationship
Billing Tested and Restarted in Three Days – Back Log Closed in 4 Days
20
Engaging Management: Measuring Performance Appropriately
Other Things to Consider
• Build awareness of the need for business continuity
• Whenever possible, simplify
21
Conclusions
• Make sure your program is aligned to organizational priorities
• You are responsible for demonstrating the value of business continuity
• It is ok for the program to change as the organization changes
22
Questions & Discussion
23
Let’s Connect
866.533.0575 | avalution.com
@Avalution-Consulting
@Avalution
perspectives.avalution.com
24
Michael BrattonManaging Consultantmichael.Bratton@avalution.com
Kirk KinseyConsultantkirk.kinsey@avalution.com