Date post: | 21-Apr-2017 |
Category: |
Economy & Finance |
Upload: | mhm-mayer-hoffman-mccann-pc |
View: | 374 times |
Download: | 3 times |
#cbizmhmwebinar 1
CBIZ & MHM Executive Education Series™
Building an Actionable and Easy-to-Implement Business Continuity Plan Mark Madar March 31, 2016
#cbizmhmwebinar 2
About Us
• Together, CBIZ & MHM are a Top Ten accounting provider • Offices in most major markets • Tax, audit and attest* and advisory services • Over 2,900 professionals nationwide
A member of Kreston International A global network of independent accounting firms
*MHM is an independent CPA firm providing audit, review and attest services, and works closely with CBIZ, a business consulting, tax and financial services provider.
#cbizmhmwebinar 3
Before We Get Started…
• To view this webinar in full screen mode, click on view options in the upper right hand corner.
• Click the Support tab for technical assistance.
• If you have a question during the presentation, please use the Q&A feature at the bottom of your screen.
#cbizmhmwebinar 4
CPE Credit
This webinar is eligible for CPE credit. To receive credit, you will need to answer periodic participation markers throughout the webinar. External participants will receive their CPE certificate via email immediately following the webinar.
#cbizmhmwebinar 5
Disclaimer
The information in this Executive Education Series course is a brief summary and may not include all
the details relevant to your situation.
Please contact your service provider to further discuss the impact on your business.
#cbizmhmwebinar 6
Presenter
Mark has 22 years of experience in business continuity and disaster
planning with organizations of all sizes in the financial, manufacturing,
insurance, technology and professional services industries.
He is a member of CBIZ’s Risk & Advisory Services practice, providing
leading-edge consulting services to help organizations navigate the
complexities of controlling their business.
216.525.1956 • [email protected]
MARK MADAR National Director
#cbizmhmwebinar 7
Agenda
Why Create a Business Continuity Plan? 01
02 Different Types of Plans
03 The Business Continuity Plan Life Cycle
04 Looking Ahead
05 Questions?
#cbizmhmwebinar 8
WHY CREATE A BUSINESS CONTINUITY PLAN?
#cbizmhmwebinar 9
Planning to Meet Expectations
Clients, regulatory agencies and Board Committees are seeking to mitigate risk.
• Organizations are being asked to demonstrate their abilities in the following areas: • Develop plans that will address widespread events and
disruptions • Ensure personnel are trained on the plan • Store plans and critical files remotely for easy access • Communicate with clients and employees • Update plans regularly • Test regularly
#cbizmhmwebinar 10
How Would You React?
How do you RESPOND
to an incident?
How do you RECOVER from an
incident?
#cbizmhmwebinar 11
Having a Plan to Deal with the Unexpected…
A process whereby businesses can • Respond to an incident • Recover critical business
operations when confronted with adverse events such as natural disasters, technological failures, human error or other unplanned incidents.
#cbizmhmwebinar 12
Having a Plan to Deal with the Unexpected…
More simply described… It is a coordinated strategy involving plans that assures your business has the ability to continually meet your customers’ needs if faced with an unplanned business disruption.
#cbizmhmwebinar 13
Why Have a Plan?
• Reduce reliance on key personnel • Protect assets • Increase safety of all personnel • Minimize decision-making during
the recovery • Reduce delays during the recovery
process • Provide a sense of security • Limit potential exposure and
reduce legal liability • Provide organizational stability
#cbizmhmwebinar 14
Why Have a Plan?
• Maintain continuity of operations, stay in business!
• Maintain customer service • Relocate critical operations quickly • Minimize financial losses • Reduce disruptions to critical
operations • Achieve an orderly recovery • Comply with legal, contractual,
audits, and government regulations
#cbizmhmwebinar 15
DIFFERENT TYPES OF PLANS
#cbizmhmwebinar 16
Different Types of Plans
Incident Management
Plan Response &
Communication
Business Continuity Plan
Business Recovery
IT Disaster Recovery Plan
Technology Recovery
Evacuation Plan
Life and Safety
Procedures
#cbizmhmwebinar 17
Incident Management Plan
• Incident Management Team & Roles • Reference Life/Safety Procedures • Responding to an Incident-Tasks & Assignments • Damage Assessment Procedures • Declaring An Incident • Command Center/Alternate Work Site Location • Communication Planning- Notification Procedures • Initiate BCP Recovery Team
#cbizmhmwebinar 18
Business Impact Analysis (BIA)
• Interview key business process owners and leadership within the company to identify functions, risks and recovery objectives.
• Document findings by functional areas-departments • Identify recovery strategies • Summarize approach into Business Continuity Plan
#cbizmhmwebinar 19
Business Continuity Plan
• Assigned BCP Recovery Team & Roles • Prioritized Critical Functions & Recovery Time Objectives • Critical Roles, Assignments, Backup Lead/Staff Resources • Critical IT Equipment, Systems & Data Files-Prioritized • Loss of Facility-Alternate Work Space Strategy • Loss of Vendor/Service Provider Dependencies Strategy • Loss of People Strategy • Loss of Technology Strategy
#cbizmhmwebinar 20
IT Disaster Recovery Plan
• IT Infrastructure Overview • Systems Overview • IT Recovery Strategies • Inventories • System Recovery Procedures • Tasks & Assignments • Technical Specifications • Vendor Dependencies
#cbizmhmwebinar 21
Usability
Is the implementation of the Plan easy-to-understand by everyone? • Can Executive Management & Crisis Team easily assess the
emergency? • Do Department heads understand their roles during an incident? • Does the Plan prioritizes the most critical business functions?
(Controls unnecessary documentation) • Are testing/training programs in place to review overall readiness? • Are /procedures developed for manual processing? (Is recoverability
dependent on systems availability?) • Can procedures be followed by someone outside the critical
function? (You cannot expect availability of all subject matter experts during an incident)
#cbizmhmwebinar 22
Recoverability
The most important recoverability requirements are often defined by your customers (internally and externally). What are their expectations?
• Addresses requirement needs of clients and prospects – Business Continuity Planning and program maintenance is not an option with customers
• Must be an ‘Actionable’ plan – continued availability of your services and support that is verifiable
• Distinguishes you from your competitors
#cbizmhmwebinar 23
THE BUSINESS CONTINUITY PLAN LIFE CYCLE
#cbizmhmwebinar 24
Business Continuity Planning Life Cycle
PROJECT INITIATION
DISCOVERY – FUNCTIONAL
REQUIREMENTS
STRATEGIES
PLANNING
CRISIS COMMUNICAITON
EXERCISE / TESTING
MAINTAINING / UPDATING
TRAINING / AWARENESS
• What is in place today? • Define the Business Continuity Plan project
objectives and requirements, scope and cost. • Executive support • Identify BCP Team assignments • Establish Business Continuity policies
#cbizmhmwebinar 25
Business Continuity Planning Life Cycle
PROJECT INITIATION
DISCOVERY – FUNCTIONAL
REQUIREMENTS
STRATEGIES
PLANNING
CRISIS COMMUNICAITON
EXERCISE / TESTING
MAINTAINING / UPDATING
TRAINING / AWARENESS
• Identify client servicing needs and current regulation requirements
• Site / Operational assessment and interviews (Business Impact Analysis)
• What are the hazards / threats / vulnerabilities? (Risk Assessment)
• Key personnel interviews
#cbizmhmwebinar 26
Business Continuity Planning Life Cycle
PROJECT INITIATION
DISCOVERY – FUNCTIONAL
REQUIREMENTS
STRATEGIES
PLANNING
CRISIS COMMUNICAITON
EXERCISE / TESTING
MAINTAINING / UPDATING
TRAINING / AWARENESS
• Where will we go? • How will we operate? • What will we do for our employees?
#cbizmhmwebinar 27
Business Continuity Planning Life Cycle
PROJECT INITIATION
DISCOVERY – FUNCTIONAL
REQUIREMENTS
STRATEGIES
PLANNING
CRISIS COMMUNICAITON
EXERCISE / TESTING
MAINTAINING / UPDATING
TRAINING / AWARENESS
Create Business Continuity Plans: • Crisis Management – Incident Response • Site / Operational Recovery • IT / Systems Recovery
#cbizmhmwebinar 28
Business Continuity Planning Life Cycle
PROJECT INITIATION
DISCOVERY – FUNCTIONAL
REQUIREMENTS
STRATEGIES
PLANNING
CRISIS COMMUNICAITON
EXERCISE / TESTING
MAINTAINING / UPDATING
TRAINING / AWARENESS
• Who approves the messages and when are they published?
• How will we communicate to the media? • How will we communicate with employees? • How will we communicate with customers?
#cbizmhmwebinar 29
Business Continuity Planning Life Cycle
PROJECT INITIATION
DISCOVERY – FUNCTIONAL
REQUIREMENTS
STRATEGIES
PLANNING
CRISIS COMMUNICAITON
EXERCISE / TESTING
MAINTAINING / UPDATING
TRAINING / AWARENESS
• How often do we test? • Who will be involved? • What are the objectives? • Follow-up and lessons learned • Tabletop Exercise for developed Plans
#cbizmhmwebinar 30
Business Continuity Planning Life Cycle
PROJECT INITIATION
DISCOVERY – FUNCTIONAL
REQUIREMENTS
STRATEGIES
PLANNING
CRISIS COMMUNICAITON
EXERCISE / TESTING
MAINTAINING / UPDATING
TRAINING / AWARENESS
• Who is responsible? • How often should it be updated? • How do we communicate changes to the Plan?
#cbizmhmwebinar 31
Business Continuity Planning Life Cycle
PROJECT INITIATION
DISCOVERY – FUNCTIONAL
REQUIREMENTS
STRATEGIES
PLANNING
CRISIS COMMUNICAITON
EXERCISE / TESTING
MAINTAINING / UPDATING
TRAINING / AWARENESS
• Training people for preparedness: • Home • Work
• Understand their roles in recovery • Understand the business commitment to
employees and clients
#cbizmhmwebinar 32
LOOKING AHEAD
#cbizmhmwebinar 33
Elements of an Actionable BCP Program
• Risk Evaluation Results and Controls • Business Continuity Defined
Strategies • Emergency Response and Operational
Procedures • Business Continuity Plans (Site
/Dept), IT DR Plans • Testing and Exercises • Awareness & Training Program • Public Relations & Crisis
Communication Procedures • Coordination with Public Authorities
#cbizmhmwebinar 34
An Ongoing Approach
This is a process, not just a project. • Annual risk assessment/BIA, plus plan reviews • Efforts for next year identified before your budget cycle • Annual testing of at least some aspect of the plan • Ongoing BCP coordination
#cbizmhmwebinar 35
Summary: Today (Year 1)
Focus on: • Assessing impacts and risks. • Establish crisis management-response
protocols to react to disruption. • Developing business recovery strategies
that respond to assessed risks and impacts.
• Testing strategies for viability, effectiveness, and to ensure solutions meet requirements.
#cbizmhmwebinar 36
Summary: Business Continuity Tomorrow
Evolve the Business Continuity Program to: • Utilize program as a way to establish risk control • Incorporate the program as part of business-as-usual and an
extension of normal operations rather than reactive project.
#cbizmhmwebinar 37
? QUESTIONS
#cbizmhmwebinar 38
If You Enjoyed This Webinar…
Upcoming Courses: • 4/13 & 4/20: First Quarter Accounting & Financial Reporting Issues Update
• 4/28 & 5/3: Eye on Washington – Quarterly Business Tax Update
Recent Publications: • Cyber Risk - Now, It IS the Daily News
• Invest in Specialty Skills and Other Tips for Internal Audit Planning
• Prepare for Anything: How to Build an Actionable Incident Response and Recovery Strategy
#cbizmhmwebinar 39
Connect with Us
linkedin.com/company/ mayer-hoffman-mccann-p.c.
@mhm_pc
youtube.com/ mayerhoffmanmccann
slideshare.net/mhmpc
linkedin.com/company/ cbiz-mhm-llc
@cbizmhm
youtube.com/ BizTipsVideos
slideshare.net/CBIZInc
MHM CBIZ