Investing in Business Continuity Management
description
Transcript of Investing in Business Continuity Management
kpmg
Investing in Business Continuity Management
ISSA 2003
Rick CudworthInternational Service Line Leader for
Business Continuity Management KPMG LLP
kpmg 2Copyright: KPMG LLP
Agenda
What has changed? Why should I invest? How do I determine priorities? What are my options? How do I maintain my investment? What is my return on investment?
kpmg 3Copyright: KPMG LLP
What has changed?
September 11, world-wide terrorism, anti-globalisation Increased regulatory pressure Corporate governance High dependence on information availability Customers expectations Employees livelihoods
kpmg 4Copyright: KPMG LLP
Business Continuity protects reputation
and shareholder value
Reputation Shareholders Employees Customers Regulators Financial
markets
Results Revenue
growth Cash flow Share price Competitive
advantage
Market Brand value Market share Position Customer
loyalty Cross-selling Agility Innovation
Costs Customer
turnover Productivity Backlogs Recovery costs Lost data Litigation Compensation
Why should I invest?
kpmg 5Copyright: KPMG LLP
Basic Plans and
procedures Donothing
Best endeavours
Good Recovery facilities
Best
Co
st o
f R
eco
very
So
luti
on
Co
st o
f R
eco
very
So
luti
on
Time to RecoverTime to Recover
Resiliencein place
How much should I invest?
kpmg 6Copyright: KPMG LLP
How do I determine my priorities?
Slower
Best<2 hour recovery
Basic3-5 day recovery
Minimal>5 day recovery
Better24 hour recovery
Mission Critical
Non-Mission Critical
Faster
Portfolio VaR
Daily management information
Market risk management
Payment and settlement
Trading
Accounts payable
Manage tax
Project tracking
Manage Compliance
Exchange Positions
ATMs
kpmg 7Copyright: KPMG LLP
% o
f bu
sine
ss r
ecov
ered
0
20
40
60
80
100
2 ho
urs
4 ho
urs
Day 1
Day 2
Day 3
Wee
k 1
Wee
k 2
Mon
th 1
Mon
th 3
Close manage and control positions
Regular mid-office/ back-office functions in place Commence entrepreneurial trading (at reduced trade
volume)
Capabilities to recover first
Next wave of capabilities to recover
What capabilities need not be recovered
Key decision parameters are likely to be:
Cost (upfront and ongoing)
Time to implement
Flexibility
How do I determine my priorities? (continued)
kpmg 8Copyright: KPMG LLP
Is it sufficient to react to a disaster?Is ensuring the availability of operations sufficient ?Should business continuity capabilities be providedacross the extended enterprise?
React:Manage:
Transform:
Hours/ Minutes
Customer
Customer satisfaction
Downtimetolerance
Focus
Impact
Risk
Zero downtime
All stakeholders
Extended enterprise
Days
Event
Facilities/ processes
Information assets
Availability
Manage
Competitive position
Competitiveness
Transform
Physical assets
Recoverability
React
Value
How do I determine my priorities? (continued)
kpmg 9Copyright: KPMG LLP
What are my options?
People Promote continuity
culture Invest in training and
awareness Reduce reliance on key
individuals Demonstrate leadership,
commitment and clarity of thought in business continuity
Facilities Flexible and scaleable Share costs Split-sites In-house or Outsource (Syndicated or
dedicated)
Technology Invest appropriately Choose scaleable solutions Embed business continuity within the
SDLC
Determine recovery strategies that are right for your business
Hot , Warm , Cold ?
kpmg 10Copyright: KPMG LLP
How do I maintain my investment?
Time
Co
st e
ffec
tive
nes
s o
f B
CM
pro
gra
mm
e
Provisioning with maintenance and governance
Provisioning with maintenancebut without effective governance
Provisioning without effective maintenance and governance
Project driven Inefficient Expensive Short term value
Process driven Efficient Cost effective Long term value
kpmg 11Copyright: KPMG LLP
Emergency Response
Crisis Management
Command Centre
Call Tree
Desktop Walkthroughs
Simulation Exercise
Live Test !
How do I maintain my investment? – The Testing Element
Testing
Low Risk
Low Risk
Low Risk
Low Risk
Low Risk
Medium Risk
High Risk
Ensures the organisation has developed viable business continuity arrangements that work.
Ensures the business continuity arrangements meet the needs of the business.
Ensures the organisation has identified and trained personnel for their business continuity roles and responsibilities.
Types of Test Risk Profile Reward
kpmg 12Copyright: KPMG LLP
How do I maintain my investment? – The Cultural Element
Practice managing the incident
Managing the immediate problems from capability loss
Practice recovering the business
Recovery/ restoration of all critical activities
Restoration of all data
Embed BCM within Change Management and Operational Risk
Making BCM a part of everyday normal business operations – managing risk so that I am always there for my customers and stakeholders.
kpmg 13Copyright: KPMG LLP
What is the return on my investment?
A Business Continuity programme can help drive:
Effective risk management Lower cost of data management Contained insurance costs Lower economic cost of capital
A recoverable, resilient and robust operational structure will result in improved shareholder value and company performance.
kpmg 14Copyright: KPMG LLP
British Bankers Association Guide to Business Continuity Management
The Guide contains: Forward by Sir Howard Davis Step by step approach Real life examples Addresses difficult challenges
The BBA guide provides some helpful tips to delivering a successful Business Continuity programme