Business Continuity in Challenging Times: Integrating Resiliency as a Strategic Priority
Presentation Aim
To outline the operational and strategic value of business continuity, and how it can be achieved.
Outline
Background and Requirements Value of Business Continuity Integrated Program Structures How to make your program succeed at the Tactical,
Operational, and Strategic levels
Background and Requirements
Blackout 2003
Workplace Violence
System Meltdown
Labour Disruption
Sabotage
Pandemic
Border Shutdown
Business Interruptions are Common
Financial losses
Business interruption
Loss of key client/key supplier
Loss of reputation
Legal liabilities
Injury to people
Environmental damage
Regulatory scrutiny
Loss of customer service
Going out of business
Blackout 2003
Labour Disruption
Pandemic
Border Shutdown
Cost of Not Preparing
Blackout 2003
Workplace Violence
System Meltdown
Labour Disruption
Sabotage
Pandemic
Border Shutdown
What Does Management Need?
Minimize negative surprise
Resolve uncertainty and variances from expectations
Process to identify opportunities
Maximize opportunity for success and good performance
Employ the entire organization in the business resilience process
Alignment of organizational objectives
Efficient communication process
Ability to enhance stakeholder confidence in management of their plans
13
Value of Business Continuity
Business continuity is about capability to prevent disruption and mitigate risks associated with failure to meet objectives
can mitigate significant operational risk
encompasses people, processes, and technology
is required for any organization offering continuous or a high level of customer service
is about maintaining a competitive advantage before, during, and after a major event
What is Business Continuity?
Note: These are strategic business issues
Minimize financial losses
Protect personnel
Protect assets
Protect and improve reputation
Enhanced customer service
Ensure high quality and efficient processes
Maintain stakeholder obligations
Business Continuity:Value Proposition
Integrated Program
Structures
4
Multiple silos across the organization
Disjointed and sometimes ineffective programs
Gaps between corporate goals and programs
Limited manageability and accountability
Often focus on compliance vs. competitive advantage
Need for better customer service
Business Continuity is not adequately leveraged into the strategic planning process
Need for Integrated Programs
Integrated Enterprise Risk Programs
Integrated Business Continuity Functions
The Goal is Business Resilience
Integrated Business Resilience: Plans and Programs
Integrated Program
Pre-
Business Continuity Planning
Crisis
Ma
na
ge
me
nt
Disa
ster
Re
cove
ry
Bu
sine
ss C
on
tinu
ity
Crisis Management
Em
erg
en
cy R
esp
on
se
Co
mm
un
icatio
n
& C
oo
rdin
atio
n
Inte
rim B
usin
ess
Pro
cess
Business Continuity
Pe
op
le
Lo
catio
n &
R
eso
urce
s
Pro
ced
ure
s
Disaster Recovery
Ap
plica
tion
s
Te
chn
ical
Infra
structu
re
Da
ta R
eco
very
EV
EN
T
Enterprise Risk Management R
M O
ptim
izatio
n
Risk A
ssessm
en
t
Risk R
esp
on
se
Risk M
on
itorin
g
Integrated Program
Pre-Event Post-Event
Business Continuity Planning
Crisis
Ma
na
ge
me
nt
Disa
ster
Re
cove
ry
Bu
sine
ss C
on
tinu
ity
Business Continuity Planning
Crisis
Ma
na
ge
me
nt
Disa
ster
Re
cove
ry
Bu
sine
ss C
on
tinu
ity
Crisis Management
Em
erg
en
cy R
esp
on
se
Co
mm
un
icatio
n
& C
oo
rdin
atio
n
Inte
rim B
usin
ess
Pro
cess
Crisis Management
Em
erg
en
cy R
esp
on
se
Co
mm
un
icatio
n
& C
oo
rdin
atio
n
Inte
rim B
usin
ess
Pro
cess
Business Continuity
Pe
op
le
Lo
catio
n &
R
eso
urce
s
Pro
ced
ure
s
Business Continuity
Pe
op
le
Lo
catio
n &
R
eso
urce
s
Pro
ced
ure
s
Disaster Recovery
Ap
plica
tion
s
Te
chn
ical
Infra
structu
re
Da
ta R
eco
very
Disaster Recovery
Ap
plica
tion
s
Te
chn
ical
Infra
structu
re
Da
ta R
eco
very
EV
EN
T
Enterprise Risk Management R
M O
ptim
izatio
n
Risk A
ssessm
en
t
Risk R
esp
on
se
Risk M
on
itorin
g
Enterprise Risk Management R
M O
ptim
izatio
n
Risk A
ssessm
en
t
Risk R
esp
on
se
Risk M
on
itorin
g
RM
Op
timiza
tion
Risk A
ssessm
en
t
Risk R
esp
on
se
Risk M
on
itorin
g
Success at the Tactical, Operational, and Strategic Levels
Elements of the Program
Response& Recovery
Program Maintenance
Benchmarking
Elements of an Effective Business Continuity Program
RecoveryPlan Testing Strategy
Planning
Training Program Implementation
Plan Development
Threat, Vulnerability, Risk Assessment
Business Impact Analysis
Areas of Focus
An effective continuity program begins with understanding the business
Response& Recovery
Program Maintenance
Benchmarking
Elements of an Effective Business Continuity Program
RecoveryPlan Testing Strategy
Planning
Training Program Implementation
Plan Development
Threat, Vulnerability, Risk Assessment
Business Impact Analysis
…achieves resiliency through:
Dynamic Planning Response and
Recovery Focus on People Value Creation Communication
Response&
Recovery
Program Maintenance
Benchmarking
Elements of an Effective Business Continuity Program
Recovery Strategy
Planning
Training Program Implementation
Plan Development
Threat, Vulnerability, Risk Assessment
Business Impact Analysis
Scenario Testing
Areas of Focus
We must consider a business resilience program based on business response and business recovery
OPERATIONAL
STRATEGIC
TACTICAL
Building the Program
We must consider business response and business recovery
Immediate internal emergency response
plansBusiness Response
STRATEGIC
TACTICAL
OPERATIONAL
STRATEGIC
TACTICAL
Building the Program
We must consider business response and business recovery
Immediate internal emergency response
plans
Externalcustomer-focused response/recovery
plans
Business Response
Business Recovery
Building the Program
OPERATIONAL
STRATEGIC
TACTICAL
Building the Program
Immediate internal crisis response plans
Externalcustomer-focused response/recovery
plans
Risk plans linked to Strategy and Performance ManagementB
usin
ess
Res
ilien
ce
Business Response
Business Recovery
OPERATIONALOPERATIONAL
STRATEGIC
TACTICAL
We must consider business response and business recovery
What You Can Do
Plans should be aligned with your strategy
Identify critical people, processes & assets (BIA)
Identify threats, understand vulnerabilities & assess risks
Incident Response Act Decisively Employee assistance programs Scenario Testing
Tactical Planning Considerations:
Tactical plans (response plans) “keep your house in order”
OPERATIONAL
STRATEGIC
TACTICAL
Protect your liquidity Identify critical suppliers Vendor and sourcing alternatives Streamlining processes for
minimum disruption Reliable communication channels
Operational Planning Considerations:
Operational Plans (recovery plans) help to keep your business in order and your clients satisfied
OPERATIONAL
STRATEGIC
TACTICAL
What You Can Do
Leverage your gains before the crisis worsens
Understand changing customer requirements
Review key business objectives to ensure relevancy
Focus on value-creation & Innovation – customers, products, services
Project volumes and set priorities Protect your brand
Strategic Planning Considerations:
Business Resilience transforms a “crisis” into a competitive advantage
OPERATIONAL
STRATEGIC
TACTICAL
What You Can Do
Keys to Successful Program Implementation
Strong “tone at the top” and sponsorship needs to be in place
Self-assessment is a ongoing process, not a one-time event or a panacea
People in the businesses will need to understand “what’s in it for me?” and be motivated to adopt self-assessment
Active participation will be required by all levels including senior management and support provided by designated champions in each key business unit
Recognize that other organizations are leading the way, therefore, key learning from early implementers can be leveraged to facilitate progress
Why Leverage Business Continuity Principles to Manage Risk?
Early Warning Systems Systematically identify, assess, and prioritize issues
associated with driving forces Avoid unwanted risks and protect assets in place Reduce chance of repeat problems Identify value within the organization
Operational Resilience Prevent and rapidly respond to potential catastrophic failures Secure and protect people, processes, and assets Align goals with vendor requirements
Enhance Organizational Value Ensure threats are understood and impacts of a disaster mitigated Maintain public confidence by demonstrating service resiliency Accelerate ability to respond to change and capitalize upon
opportunities
No Big Surprises
No Big Mistakes
No Big Missed
Opportunities
Thanks – Now we can eat!
Thank you.
“When the tide goes out, we find out who’s been swimming without a bathing suit”– Warren Buffett, July ‘07
Cliff [email protected]