Business Continuity: Risk & Resiliency Planning · business continuity planning and execution •...

Business Continuity: Risk & Resiliency Planning

Katie Stevens, Directory Technology Consulting Practice Leader | ProtivitiCarrie Penman, Chief Risk & Compliance Officer| NAVEX GlobalSam Abadir, Director, Industry Solutions | NAVEX Global

Copyright NAVEX Global, Inc. All Rights Reserved. |

About the Presenters

Katie Stevens Carrie Penman Sam AbadirDirector, Technology Consulting

Practice LeaderProtiviti

Chief Risk & Compliance OfficerNAVEX Global

Director, Industry SolutionsNAVEX Global


Agenda

• What is Business Continuity?

• BCM Planning Lifecycle

• Planning for a Pandemic

• Risk Assessment Process

• Pandemic Execution Timeline

• Important Considerations

• BCM for the Compliance Manager


Business Continuity Management OverviewPandemic Planning

Internal Audit, Risk, Business & Technology Consulting

Protiviti Perspective provided by Jimmy W., Toronto


Business Continuity Management is…

…the development of strategies, plans and actions which provide protection or alternative modes of operation for those activities or business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise.

A series of actions taken to gain control of the event quickly to minimize the effects of an interruption, prepare for and oversee recovery and manage communications throughout the event.

Crisis Management & Communications

The recovery of IT processes, systems, applications, databases, and network assets used to support critical business processes.

IT Disaster RecoveryPlanning

The process initiated to resume business operations to a level consistent with the business requirements.

Business ResumptionPlanning

Recovery Strategies

Business Impact Analysis / Risk Assessment


BCM Planning Lifecycle

BCM Quality Assurance

Quality AssuranceImplementation

Project Management and Knowledge Transfer

Crisis Management Strategy

Business Recovery Strategy

IT Disaster Recovery Strategy

IT Architecture Strategy

BCM Diagnostic

Risk Assessment

BCM Program Governance

Business Impact Analysis

Implement Crisis Management Plan

Implement Business Recovery

Plan

Implement IT Disaster

Recovery Plan

Implement IT Architecture

Test Crisis Management Plan

Test Business Recovery Plan

Test IT Disaster Recovery Plan

On-Going BCM Lifecycle Planning & Management

Strategy DesignBusiness Assessment


Planning for a pandemic

• Buildings, infrastructure, access to power and telephony are intact.

• Significant absenteeism (estimates range from 40-60%) can inhibit production capabilities, as fear of exposure and care for sick family members keep employees away from work.

• Supply chain disruption and logistical challenges as suppliers and transportation companies also face absenteeism.

• Travel bans, closings of schools and businesses and cancellations of events could have major impact on employees and customers

Pandemic Planning is different from Business Continuity in following ways:


Risk Assessment ProcessThe continuum of pandemic phases with indicative WHO actions

Source: WHO

http://www.who.int/influenza/preparedness/pandemic/GIP_PandemicInfluenzaRiskManagementInterimGuidance_Jun2013.pdf


Pandemic Execution TimelineCrisis response to a pandemic event will evolve as successive waves of infection take hold and the long-term operational implications of an event become apparent.

Alert Phase

Crisis Management & Emergency Communications

Response Phase Recovery PhaseSurveillance

Strategic Business Prioritization

HR Pandemic Benefits Activation

Expense Management

Employee Health Monitoring

Public Sector Engagement

Vendor SLA Confirmation

Health Training & Awareness

Core Business Re-Alignment

Staff Acquisition & Re-Allocation

Procurement & Financing

Restricted Access to Facilities

Humanitarian Response

Vendor Acquisition

Social Distancing & Health Protocol

Remote Access Deployment

Market Share Protection / Extension

Succession & Rightsizing

Debt Refinancing

Selective Restart of Operations

Vaccine Acquisition / Distribution

Vendor Triage

Infrastructure Re-MarketingTime

Technology Provisioning

WHO

CDC

StateBOH

MediaWork Force Re-Integration

Zero to 60 Days Four to Five Months 12 to 18 MonthsApproximateTimeframes

Key Pandemic

Events

• Sustained human-to-human transmission.• Rapid global spread of human infection.• Shortages in anti-viral medications.• Shortages in personal protective equipment

• First wave infection rate of 20% to 30%.• 1% to 2% death rate of those infected.• Pandemic agent is isolated by CDC.• First vaccines produced within six months.

• Successive waves of pandemic infection.• Natural immunity begins to takes hold.• Vaccine production scales upward.• Public distribution of vaccine initiated.


Important Considerations

Communication• The organization must have an effective way to reach those working for our company to inform them of the status of the pandemic

flu approaching or affecting the company and their responsibilities during the pandemic.

• The company should also validate and activate its emergency call procedures directing employees with recorded messages, delivering information about their work activities.

• The organization must have an effective way to reach employees, and alert them to their responsibilities during the pandemic

Training• Information and training is at the heart of pandemic flu planning and containment. The company’s goal is to ensure employee comprehension

and understanding of how employees may be exposed to pandemic flu, what their responsibilities are, and what protective measures they can take. Due to the complexity of a flu pandemic and the continuity and recovery process, training can be provided.

Inventories, Supplies, and Services• The company’s supply chains may become disrupted in a flu pandemic, during Phase 1 & 2, thus it should consider stockpiling products and

supplies that may be needed. If the supply is running short, supplies should be stocked at an alternate leased sites in close proximity.


BCM for the Compliance Manager



• Compliance is the underestimated need in business continuity planning and execution

• Influence, leadership and risk management must be integrated throughout BCM

• Pandemic planning provides unique and challenges that compliance managers must be involved with



• Risk and BCM leaders are moving forward fast…ensure they have compliance insight

• New normal operations and contracts

• Privacy impacts

• Reporting to local, state and federal agencies

• Regulatory change is eminent

• Don’t forget the implication of ethics when planning

• Your reputation may be at risk internally and externally



• As the world and your business is reopening your business continuity plans will change faster than ever

• Conflicts and decisions will need to be based on compliance and risk

• Compliance needs a seat at the table…if not the head of the table

People

Locations Supplies

Technology

Vendors

Risks


Key Takeaways

1. Focus on preparedness

2. Understand upstream and downstream dependencies

3. Adjust for the remote work environment

4. Be ready to course correct quickly

5. Don’t forget the implication of ethics when planning


QUESTIONS

Business Continuity: Risk & Resiliency Planning · business continuity planning and execution •...

Documents

Transcript of Business Continuity: Risk & Resiliency Planning · business continuity planning and execution •...