2016 PA Statewide Payroll Conference Disaster Recovery · Payroll Business Continuity Recovery –...
Transcript of 2016 PA Statewide Payroll Conference Disaster Recovery · Payroll Business Continuity Recovery –...
2016 PA Statewide Payroll Conference Disaster Recovery
Go to APAcongress.org for more details about the biggest
payroll event of the year
Speaker
Bruce E. Phipps CPP
Vice President – American Payroll Association
2011 APA Payroll Man of the Year
Principal Product Manager
US Legislative Analyst
ORACLE Corporation [email protected]
610-729-3586
Disaster Recovery
“The best way to explain the importance
of disaster planning is this; get up
from your desk right now, walk out the
door and know that everything you left
behind is destroyed. Then tomorrow,
go back to work.”
(Bob Weaver, US Secret Service)
Blank slide for images and graphics
Agenda
Disaster Recovery vs. Business Continuity
Key Components to Disaster Recovery & Business Recovery
Comprehensive Business Continuity
Business Continuity Planning Cycle
Business Continuity Recovery Plan
Payroll Business Continuity Recovery Plan
8
Why Plan for a Disaster
Recent Natural Disasters
Hurricane Sandy October 22 – 31, 2012
North American Blizzards
• November 7 - 10, 2012
• December 17 - 22, 2012
• December 25 - 28, 2012
Blizzard of 2013
• Winter Storm Nemo/Blizzard of 2013
Boston Marathon
Disaster Recovery vs Business Continuity
Disaster Recovery focuses on the plan to reestablish operations by protecting the “Tools” of the business…
• Systems and Hardware
• Data integrity and back-up
• Facilities and security
• Data Flow
• People resources and documentation
Disaster Recovery Plan
Illustrates how IT supports the business
Step-by-step procedures to ensure the recovery of each critical component of the IT infrastructure
• Hardware
• Data (electronic and paper)
• Applications
• Telecommunications
• Specialized Equipment
• Supplies
Communication and contact information
Business Continuity keeps the business running during a disaster…
• Provides location to perform work
• Enables staff to resume work or provide for subsititutes
• Enables systems and hardware to be deployed or interim solutions placed in operation
• Completes the functions of payroll department
Disaster Recovery vs Business Continuity
Types of Disasters
Catastrophic climate or geological events
Government economic crisis
Political unrest
Labor walkouts or strikes
Security breaches
Computer attacks
System failures
Worker relocation
Why It Is Important to Plan
Disruptions can have serious impact
Missed or late payrolls
• Potential federal, state, and local violations
• Contractual breach – unions
• Employee morale and productivity
Late third-party payments
Late tax and regulatory filing
Late posting of General Ledger data
Plan Development
Response: Responding to the event
Resumption: Resuming critical and essential functions
• Limited Service Offering – 60%???
Recovery: Resumption of non-critical functions
• Full / Near-full Service Offering – 90%???
Restoration: “Back to the Norm”
Key Components to Disaster Recovery
Create Comprehensive Recovery Plans
Identify communications with
a delivery plan
Involve Senior Leadership
Establish government,
civil authorities, and private sector contacts before an event occurs
Ensure plan is communicated to team
Key Components to Disaster Recovery
Emergency Management: Able to continue critical business processes within a predetermined period following a disaster or other business interruption
Continuity Planning: Able to resume normal business processes within a predetermined period following a disaster or other business interruption
Business Continuity Elements
First bullet starts here
Payroll Business Continuity Team
Include functional subject matter experts and project management resources
Include reps from:
• Human Resources/Payroll
• Benefits/Compensation
• Legal/Public Affairs
• Finance/Treasury
• Communications
• Operations & Information Technology (IT)
Business Continuity Planning
Business Impact Analysis
Risk Assessment
Recovery Strategy
Plan Implementation
Exercising Validation
RTO/RPO in Business Continuity Planning
RPO (Recovery Point Objective)
Amount of data,
measured in time,
that can be lost in
a disaster
• Consider if there is a means to reconstruct the lost data
• Need to look at what risks you will bear for the costs
Business Impact Analysis
Foundation for business continuity planning
programs
• Determine Recovery Time Objectives (RTOs)
• How long can we go without _____?
• Recovery Point Objectives (RPOs) based on their corresponding functions
• How much data can we afford to loose?
• Realize the current state of recovery preparedness and established workarounds
• Evaluate recovery resource requirements
Business Recovery Strategy
Identify Business Functions, RTOs & RPOs
Determine IT Network and System Requirements for current and future years
Design a Displacement Strategy
Educate Business Units on roles and responsibilities to build plans
Maintain & Exercise Business Recovery Plans
Business Continuity Recovery Scenarios
Disaster - Event which renders company’s facility unusable or inaccessible for a period of time estimated to exceed “xx” calendar days
Worst-Case Interruption – Company’s facilities are totally unusable or inaccessible and there is no salvageable equipment, data, documentation, etc.
Business Continuity Recovery Scenarios
Less-Severe Interruption – Ability to resume operations because of the plan identification structure for each time-sensitive operation, information system & support area
Localized Emergency – Equipment vendors & local utility companies able to replace computer & communications hardware & telephone circuits in “xx” calendar days
Business Continuity Recovery Components
Documentation Files – Required for resumption/recovery purposes; backed up off-site and/or electronically imaged
Computer Files – Required to implement resumption of Mainframe, WAN & PC/LAN operating environments and /or support time-sensitive business operations; backed up off-site
Business Continuity Recovery Components
Backup Storage Locations – Backup items for resumption/recovery stored on/off-site or quickly obtained or created from other identified sources
Internal and External Contacts – Information necessary to quickly complete internal & external contacts required during resumption; documented/maintained in plan
Business Continuity Recovery Components
Cloud Computing – Applications hosted by vendor in the “cloud” are accessed through the Internet along with data files
Recovery Windows
Recovery Cost Balancing
Business Continuity Recovery System Interfaces
Bank for ACH files
Tax authorities – federal, state, local
Benefit providers – health, 401(k), etc
Third party vendors – outsource providers
Distribution vendors – printing and distribution
Union organizations
Business Continuity Recovery System Interfaces
Time and attendance application
Payroll application/ERP
Benefits application
Accounting system
Banking application
Tax application
ESS/MSS application
Business continuity Recovery Components
Communication devices to feed various forms of communications receipt
• Home/Cell Phone – off-duty and emergency response personnel (include text messages)
• Work Phone - emergency response on duty
• Fax Machine – Transmit information to remote sites
• Laptop/Smart Devices – access to remote servers, SAAS
• Printer – document notification responses/reports
Payroll Business Continuity Recovery – In Action
Step 1 – Senior Payroll Management to meet to identify:
• Functions and Processes – Critical and essential
• Projected impacts on payroll processing
• Impacts over time – Prolonged Outage
• Operational and financial issues
• Expected timeline of displacement of people and technology
• Outage tolerance – Loss of functionality
• Backlog – Impact of loss data
• Impact: Staff, Facility, Technology, Information
Payroll Business Continuity Recovery – In Action
Step 2 – Senior Payroll Management and key payroll personnel establish alternate work area(s)
• Set up work spaces & equipment
• Create shift schedules & confirm staffing roles
• Set initial plan for following 2 weeks
• Evaluate employee “assistance plan” needs
• Confirm sufficient resources for those who will work from home or alternate location
• Technology – Hot Spots or Air Cards
Payroll Business Continuity Recovery Planning
Building the plan
• Create a Disaster Recovery Plan binder
• Establish approval process to initiate all security access to senior payroll operations
• Include system support analysts on phone tree
• Define risks and plan for mitigation & response
• Store off-site supplies critical to complete payroll processing
• Inventory and identify critical supplies and equipment for payroll processing
• Ensure your plan includes third party vendors and suppliers
• Identify three components of your operations – input, process, and output
Input, Process, and Output
Input
• Setting up employee income and deduction records
• Pay Adjustments
• Time Data
• Tax Records
• Upload spreadsheets
Process
• Process data in application
• Validate payroll data
• Bank transfer processing
• Validate general ledger data
• Calculate gross to net
• Generate tax deposits and filing
Output
• Checks/advices
• Third Party Payments
• Tax Returns and payments
• Files for internal organizations
• Reconciliations
• Reports (internal/external)
Testing Plan Elements
Right People. Right Place. Right Time.
Team Structure
Employee Roosters
Tasks/Functions
Vendors/Non-Vendors
Locations
Resources (supplies/other items)
Miscellaneous
Plan Testing - Why?
Determine unknowns
Know the unknowns
Testing and exercising verifies plan
Creates awareness & readiness
Testing & Exercising
Test at Least once a year
• Systems, applications, data recovery and telecommunications
• Work area/offsite facilities
• Work around procedures
Document tests
• Identify gaps
Why it needs to be done?
Testing & Exercising
Checklists – Verify backup tapes are offsite and current
Walkthrough – Fire Drill
Tabletop – Chemical Spill
Component – Call tree drill or work from home
Verify transactional processing via working from offsite facility or location
Types of Plans
Crisis Management or Response Plan
Business Continuity/ Recovery/ Resumption Plan
Disaster Recovery Plan
Pandemic or Workforce Continuity Plan
Crisis Management Plan
The Action Plan • Command and Control • Detailed Checklists for Management
Decision-Making Following a Disaster (Human & Facilities Related)
Policies & Procedures • Facilities Evacuation, Assessment,
Movement • Human Resources - Sick Leave,
Worker’s Compensation, Privacy • Media Handling
Call Trees/Lists • Employees, Customers, Vendors &
Media • Notification scripts and priorities
Business Continuity Plan
Alternate Step-by-Step Procedures for operating critical business functions on-site & offsite after a disaster
Minimal Operational Resources to maintain operations with a minor reliance on people and IT
Pre-Position Operational Resources at alternate sites
Communication and contact information
Pandemic Plans Workforce Continuity
SARS H5N1 H1N1
Workforce:
• Reduced workforce available
• Duration of the pandemic (“waves” vs. “returning to normal”)
• Social distancing (telecommunting vs. dislocation)
• Facilities cleanliness and supplies
Financial Services:
Impact on smaller and international institutions
Impact on time sensitive and complex functions
Technology:
Delays in service
Increase usage in suburban areas
Supply Chain:
Internal, external, business partners, government
Stress on the Health Care System
Degraded service levels
Operational infrastructure
THANK YOU
Bruce E. Phipps CPP Vice President – American Payroll Association
2011 APA Payroll Man of the Year
Principal Product Manager
US Legislative Analyst
ORACLE Corporation [email protected]
610-729-3586