Integrating Resiliency as a Strategic Priority:Seven Guiding Principles to Bring Your Program
to the Next Level
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Our Aim
To share Seven Guiding Principles that can help you make your business continuity and emergency management programs a strategic priority.
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Outline
� The Need - Background and Observations
� The Audience - Who the Principles apply to
� The Principles - Presenting the 7 Guiding Principles
� Wrap Up, Questions, and Discussion
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Observations
� Many organizations have sound individual plans but lack synergy between them, sometimes resulting in a disjointed and potentially ineffective program
� Gaps between BCM/EM (Business Continuity Management and Emergency Management) programs and strategic goals of the organisation
� Often focus is on compliance vs. competitive advantage
� BCM and EM practitioners struggle to obtain senior management and/or middle management support
� BCM and EM is not adequately leveraged within organisations
� BCM and EM viewed as a cost centre not a value driver
13
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
What does it all mean …
Continuity is not a strategic priority
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
� Business resilience is about capability to prevent disruption and mitigate risks associated with failure to meet objectives
� Can mitigate significant strategic and operational risk
� Encompasses people, processes, and technology
� Is required for any organization offering continuous or a high level of customer service
� Is about maintaining a competitive advantage before, during, and after a major event
Note : These are strategic business and community issues
What is Resilience from a Strategic Perspective?
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Who Do These Principles Apply To?
� Those responsible for business continuity and IT disaster recovery
� Emergency Management Professionals and Staff
� Executives and Senior Management
� Risk Management Professionals
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
The Seven Principles
#1 Integrate your program and link it with risk, performance improvement, and other business programs
#2 Identify, engage and manage key stakeholders
#3 Understand the business operations (and cost of not having resiliency) through comprehensive analysis and risk assessments
#4 Identify and support the needs of senior management
13
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
The Seven Principles (continued)
#5 Emphasize the strategic aspects and value proposition of your program – how it protects people, reputation, cash flow, customer service
#6 Customize and “size to fit” – Apply best practices but tailor your program to fit the structure, culture, and budget of your organization
#7 Focus on people, process, technology and brand protection throughout response and recovery
13
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Integrate your program and link it with enterprise risk and/or other business programs
# 1 Integrate Your Program
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Integrate Your Overview
BCPDRPERP
Business Continuity Plan and Program
Emergency Response Plan and Program
Crisis Management
IT Disaster Recovery Plan and Program
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Integrate Business Resilience with other Programs
Integrated Program
Pre -
Business
Continuity
Planning
Crisis
Managem
ent
Disaster
Recovery
Business
Continuity
Crisis
Management
Em
ergency R
esponse
Com
munication
& C
oordination
Interim B
usiness
Process
Business
Continuity
People
Location &
Resources
Procedures
Disaster
Recovery
Applications
Technical
Infrastructure
Data R
ecovery
EV
EN
T
Enterprise Risk
Management
RM
Optim
ization
Risk A
ssessment
Risk R
esponse
Risk M
onitoring
Integrated Program
Pre-Event Post-Event
Business
Continuity
Planning
Crisis
Managem
ent
Disaster
Recovery
Business
Continuity
Business
Continuity
Planning
Crisis
Managem
ent
Disaster
Recovery
Business
Continuity
Crisis
Management
Em
ergency R
esponse
Com
munication
& C
oordination
Interim B
usiness
Process
Crisis
Management
Em
ergency R
esponse
Com
munication
& C
oordination
Interim B
usiness
Process
Business
Continuity
People
Location &
Resources
Procedures
Business
Continuity
People
Location &
Resources
Procedures
Disaster
Recovery
Applications
Technical
Infrastructure
Data R
ecovery
Disaster
Recovery
Applications
Technical
Infrastructure
Data R
ecovery
EV
EN
T
Enterprise Risk
Management
RM
Optim
ization
Risk A
ssessment
Risk R
esponse
Risk M
onitoring
Enterprise Risk
Management
RM
Optim
ization
Risk A
ssessment
Risk R
esponse
Risk M
onitoring
RM
Optim
ization
Risk A
ssessment
Risk R
esponse
Risk M
onitoring
�Do not try to “go it alone”� Integration does not necessarily mean organizational redesign� Risk Management is a logical link but select what works best in your organization
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Example from our professional services firm
Integrated Resilience Functions
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Identify, engage and manage key stakeholders
# 2 Engage Key Stakeholders
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Conduct frequent and comprehensive analysis and risk assessments to fully understand business operations and cost of not building resiliency
# 3 Understand the Business Operations
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Understand Your Business
Response& Recovery
Program Maintenance
Benchmarking
Elements of a Resilient Program
RecoveryPlan Testing Strategy
Planning
Training Program Implementation
Plan Development
Threat, Vulnerability, Risk Assessment
Business Impact Analysis
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Understand Your Business
An effective continuity program begins with understanding the business
RecoveryPlan Testing Strategy
Planning
Response& Recovery
Program Maintenance
Benchmarking
Elements of a Resilient Program
Training Program Implementation
Plan Development
Threat, Vulnerability, Risk Assessment
Business Impact Analysis
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
An effective continuity program achieves resiliency through:
� Dynamic Planning� Response and
Recovery� Focus on People � Value Creation � Communication
Response&
Recovery
Program Maintenance
Benchmarking
Elements of a Resilient Program
RecoveryStrategyPlanning
Training Program Implementation
Plan Development
Threat, Vulnerability, Risk Assessment
Business Impact Analysis
ScenarioTesting
Understand Your Business
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Identify and support the needs of senior management
# 4 Support Needs of Senior Management
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Management needs to...
� Minimize negative surprise
� Resolve uncertainty and variances from expectations
� A process to identify opportunities
� Maximize opportunity for success and good performance
� Employ the entire organization in the business resilience process
� Align organizational objectives
� Enhance stakeholder confidence through the execution of their plans
13
Note: These are all value drivers a business conti nuity and emergency management programs can influence
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Emphasize the strategic aspects and value proposition of your program
# 5 Understand and Emphasize Your Value Proposition
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
� Minimize financial losses
� Protect personnel
� Protect assets
� Protect and improve reputation
� Enhanced customer service
� Ensure high quality and efficient processes
� Maintain stakeholder obligations
Value Proposition
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
The Cost of Not Preparing:
� Financial losses
� Business interruption
� Loss of key client/key supplier
� Loss of reputation
� Legal liabilities
� Injury to people
� Environmental damage
� Regulatory scrutiny
� Loss of customer service
� Going out of business
Blackout 2003
Labour Disruption
Pandemic
Border Shutdown
Value Proposition
Blackout 2003
Workplace Violence
System Meltdown
Labour Disruption
Natural Disaster
Pandemic
Border Shutdown
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Apply best practices but tailor your program to fit the structure, culture and budget of your organization
# 6 Customize and “Size to Fit”
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
• Understanding risks and business needs, you can customize your plans and response
• Not every organization needs the expensive strategy option; advancements in tele-working and a sound BIA will allow for a more cost-effective and creati ve (i.e. In house) recovery
• You need to understand the culture and the toleranc e
• You can’t do this in your office or straight from p aper
• Every organization, or every department, has differ ent priorities that you need to understand and address
Tailor to Culture
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Focus on people, process, technology and brand protection throughout response and recovery
# 7 Focus on People, Process, Technology & Brand Throughout
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
We must consider a business resilience program based on business response and business recovery
OPERATIONAL
STRATEGIC
TACTICAL
…Throughout Response and Recovery
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
We must consider business response and business recovery
Immediate internalemergency
response plansBusiness Response
STRATEGIC
TACTICAL
OPERATIONAL
STRATEGIC
TACTICAL
…Throughout Response and Recovery
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
We must consider business response and business recovery
Immediate internalemergency
response plans
Externalcustomer-focused
response/recoveryplans
Business Response
Business Recovery
…Throughout Response and Recovery
OPERATIONAL
STRATEGIC
TACTICAL
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
…Throughout Response and Recovery
Immediate internalemergency response
plans
Externalcustomer-focused
response/recoveryplans
Risk plans linked to Strategy and Performance Management
Bus
ines
s R
esili
ence
Business Response
Business Recovery
OPERATIONALOPERATIONAL
STRATEGIC
TACTICAL
We must consider business response and businessrecovery
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
What can you do …
Plans should be aligned with your strategy
� Identify critical people, processes & assets (BIA)
� Identify threats, understand vulnerabilities & assess risks
� Incident Response
� Act Decisively
� Employee assistance programs
� Scenario Testing
Tactical Planning Considerations:
Tactical plans (response plans) “keep your house in order”
OPERATIONAL
STRATEGIC
TACTICAL
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
� Protect your liquidity
� Identify critical suppliers
� Vendor and sourcing alternatives
� Streamlining processes for minimum disruption
� Reliable communication channels
Operational Planning Considerations:
Operational Plans (recovery plans) help to keep your business in order and your clients satisfied
OPERATIONAL
STRATEGIC
TACTICAL
What can you do …
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Leverage your gains before the crisis worsens
� Understand changing customer requirements
� Review key business objectives to ensure relevancy
� Focus on value-creation & Innovation – customers, products, services
� Project volumes and set priorities
� Protect your brand
Strategic Planning Considerations:
Business Resilience transforms a “crisis” into a competitive advantage
OPERATIONAL
STRATEGIC
TACTICAL
What can you do …
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Conclusion
The 7 Guiding Principles HelpKeys to Successful Implementation
1. Strong “tone at the top” and sponsorship
2. Assessment is a ongoing process, not a one time event
3. People in the businesses will need to understand “what’s in it for me?”
4. Active participation will be required by all levels
5. Ask for assistance from experts
#1 Integrate and link your program #2 Identify, engage and manage key
stakeholders.#3 Understand the business
#4 Identify and support the needs of management
#5 Emphasize the strategic aspects and value proposition
#6 Customize and size to fit”
#7 Focus on people, process, technology and brand protection throughout
Chartered Accountants & Business Advisors mnp.camnp.camnp.camnp.ca
Thank You
“When the tide goes out, we find out who’s been swimming without a bathing suit”– Warren Buffett, July ‘07
Shanda Chronowich, [email protected]
Cliff Trollope, CBCP, [email protected]
Top Related