Business Continuity in Challenging Times: Integrating Resiliency as a Strategic Priority

Presentation Aim

To outline the operational and strategic value of business continuity, and how it can be achieved.

Outline

Background and Requirements Value of Business Continuity Integrated Program Structures How to make your program succeed at the Tactical,

Operational, and Strategic levels

Background and Requirements

Blackout 2003

Workplace Violence

System Meltdown

Labour Disruption

Sabotage

Pandemic

Border Shutdown

Business Interruptions are Common

Financial losses

Business interruption

Loss of key client/key supplier

Loss of reputation

Legal liabilities

Injury to people

Environmental damage

Regulatory scrutiny

Loss of customer service

Going out of business

Blackout 2003

Labour Disruption

Pandemic

Border Shutdown

Cost of Not Preparing

Blackout 2003

Workplace Violence

System Meltdown

Labour Disruption

Sabotage

Pandemic

Border Shutdown

What Does Management Need?

Minimize negative surprise

Resolve uncertainty and variances from expectations

Process to identify opportunities

Maximize opportunity for success and good performance

Employ the entire organization in the business resilience process

Alignment of organizational objectives

Efficient communication process

Ability to enhance stakeholder confidence in management of their plans

13

Value of Business Continuity

Business continuity is about capability to prevent disruption and mitigate risks associated with failure to meet objectives

can mitigate significant operational risk

encompasses people, processes, and technology

is required for any organization offering continuous or a high level of customer service

is about maintaining a competitive advantage before, during, and after a major event

What is Business Continuity?

Note: These are strategic business issues

Minimize financial losses

Protect personnel

Protect assets

Protect and improve reputation

Enhanced customer service

Ensure high quality and efficient processes

Maintain stakeholder obligations

Business Continuity:Value Proposition

Integrated Program

Structures

4

Multiple silos across the organization

Disjointed and sometimes ineffective programs

Gaps between corporate goals and programs

Limited manageability and accountability

Often focus on compliance vs. competitive advantage

Need for better customer service

Business Continuity is not adequately leveraged into the strategic planning process

Need for Integrated Programs

Integrated Enterprise Risk Programs

Integrated Business Continuity Functions

The Goal is Business Resilience

Integrated Business Resilience: Plans and Programs

Integrated Program

Pre-

Business Continuity Planning

Crisis

Ma

na

ge

me

nt

Disa

ster

Re

cove

ry

Bu

sine

ss C

on

tinu

ity

Crisis Management

Em

erg

en

cy R

esp

on

se

Co

mm

un

icatio

n

& C

oo

rdin

atio

n

Inte

rim B

usin

ess

Pro

cess

Business Continuity

Pe

op

le

Lo

catio

n &

R

eso

urce

s

Pro

ced

ure

s

Disaster Recovery

Ap

plica

tion

s

Te

chn

ical

Infra

structu

re

Da

ta R

eco

very

EV

EN

T

Enterprise Risk Management R

M O

ptim

izatio

n

Risk A

ssessm

en

t

Risk R

esp

on

se

Risk M

on

itorin

g

Integrated Program

Pre-Event Post-Event

Business Continuity Planning

Crisis

Ma

na

ge

me

nt

Disa

ster

Re

cove

ry

Bu

sine

ss C

on

tinu

ity

Business Continuity Planning

Crisis

Ma

na

ge

me

nt

Disa

ster

Re

cove

ry

Bu

sine

ss C

on

tinu

ity

Crisis Management

Em

erg

en

cy R

esp

on

se

Co

mm

un

icatio

n

& C

oo

rdin

atio

n

Inte

rim B

usin

ess

Pro

cess

Crisis Management

Em

erg

en

cy R

esp

on

se

Co

mm

un

icatio

n

& C

oo

rdin

atio

n

Inte

rim B

usin

ess

Pro

cess

Business Continuity

Pe

op

le

Lo

catio

n &

R

eso

urce

s

Pro

ced

ure

s

Business Continuity

Pe

op

le

Lo

catio

n &

R

eso

urce

s

Pro

ced

ure

s

Disaster Recovery

Ap

plica

tion

s

Te

chn

ical

Infra

structu

re

Da

ta R

eco

very

Disaster Recovery

Ap

plica

tion

s

Te

chn

ical

Infra

structu

re

Da

ta R

eco

very

EV

EN

T

Enterprise Risk Management R

M O

ptim

izatio

n

Risk A

ssessm

en

t

Risk R

esp

on

se

Risk M

on

itorin

g

Enterprise Risk Management R

M O

ptim

izatio

n

Risk A

ssessm

en

t

Risk R

esp

on

se

Risk M

on

itorin

g

RM

Op

timiza

tion

Risk A

ssessm

en

t

Risk R

esp

on

se

Risk M

on

itorin

g

Success at the Tactical, Operational, and Strategic Levels

Elements of the Program

Response& Recovery

Program Maintenance

Benchmarking

Elements of an Effective Business Continuity Program

RecoveryPlan Testing Strategy

Planning

Training Program Implementation

Plan Development

Threat, Vulnerability, Risk Assessment

Business Impact Analysis

Areas of Focus

An effective continuity program begins with understanding the business

Response& Recovery

Program Maintenance

Benchmarking

Elements of an Effective Business Continuity Program

RecoveryPlan Testing Strategy

Planning

Training Program Implementation

Plan Development

Threat, Vulnerability, Risk Assessment

Business Impact Analysis

…achieves resiliency through:

Dynamic Planning Response and

Recovery Focus on People Value Creation Communication

Response&

Recovery

Program Maintenance

Benchmarking

Elements of an Effective Business Continuity Program

Recovery Strategy

Planning

Training Program Implementation

Plan Development

Threat, Vulnerability, Risk Assessment

Business Impact Analysis

Scenario Testing

Areas of Focus

We must consider a business resilience program based on business response and business recovery

OPERATIONAL

STRATEGIC

TACTICAL

Building the Program

We must consider business response and business recovery

Immediate internal emergency response

plansBusiness Response

STRATEGIC

TACTICAL

OPERATIONAL

STRATEGIC

TACTICAL

Building the Program

We must consider business response and business recovery

Immediate internal emergency response

plans

Externalcustomer-focused response/recovery

plans

Business Response

Business Recovery

Building the Program

OPERATIONAL

STRATEGIC

TACTICAL

Building the Program

Immediate internal crisis response plans

Externalcustomer-focused response/recovery

plans

Risk plans linked to Strategy and Performance ManagementB

usin

ess

Res

ilien

ce

Business Response

Business Recovery

OPERATIONALOPERATIONAL

STRATEGIC

TACTICAL

We must consider business response and business recovery

What You Can Do

Plans should be aligned with your strategy

Identify critical people, processes & assets (BIA)

Identify threats, understand vulnerabilities & assess risks

Incident Response Act Decisively Employee assistance programs Scenario Testing

Tactical Planning Considerations:

Tactical plans (response plans) “keep your house in order”

OPERATIONAL

STRATEGIC

TACTICAL

Protect your liquidity Identify critical suppliers Vendor and sourcing alternatives Streamlining processes for

minimum disruption Reliable communication channels

Operational Planning Considerations:

Operational Plans (recovery plans) help to keep your business in order and your clients satisfied

OPERATIONAL

STRATEGIC

TACTICAL

What You Can Do

Leverage your gains before the crisis worsens

Understand changing customer requirements

Review key business objectives to ensure relevancy

Focus on value-creation & Innovation – customers, products, services

Project volumes and set priorities Protect your brand

Strategic Planning Considerations:

Business Resilience transforms a “crisis” into a competitive advantage

OPERATIONAL

STRATEGIC

TACTICAL

What You Can Do

Keys to Successful Program Implementation

Strong “tone at the top” and sponsorship needs to be in place

Self-assessment is a ongoing process, not a one-time event or a panacea

People in the businesses will need to understand “what’s in it for me?” and be motivated to adopt self-assessment

Active participation will be required by all levels including senior management and support provided by designated champions in each key business unit

Recognize that other organizations are leading the way, therefore, key learning from early implementers can be leveraged to facilitate progress

Why Leverage Business Continuity Principles to Manage Risk?

Early Warning Systems Systematically identify, assess, and prioritize issues

associated with driving forces Avoid unwanted risks and protect assets in place Reduce chance of repeat problems Identify value within the organization

Operational Resilience Prevent and rapidly respond to potential catastrophic failures Secure and protect people, processes, and assets Align goals with vendor requirements

Enhance Organizational Value Ensure threats are understood and impacts of a disaster mitigated Maintain public confidence by demonstrating service resiliency Accelerate ability to respond to change and capitalize upon

opportunities

No Big Surprises

No Big Mistakes

No Big Missed

Opportunities

Thanks – Now we can eat!

Thank you.

“When the tide goes out, we find out who’s been swimming without a bathing suit”– Warren Buffett, July ‘07

Cliff Trollope416-515-3851cliff.trollope@mnp.ca