Integrating Resiliency As A Strategic Priority

1. Integrating Resiliency as a Strategic Priority: Seven Guiding Principles to Bring Your Program to the Next Level

2. Our AimTo share Seven Guiding Principles that can help you make your business continuity and emergency management programs a strategic priority.

3. OutlineThe Need - Background and Observations

4. The Audience - Who the Principles apply to

5. The Principles - Presenting the 7 Guiding Principles

6. Wrap Up, Questions, and DiscussionObservations Many organizations have sound individual plans but lack synergy between them, sometimes resulting in a disjointed and potentially ineffective program

7. Gaps between BCM/EM programs and strategic goals of the organisation

8. Often focus is on compliance vs. competitive advantage

9. BCM and EM practitioners struggle to obtain senior management and/or middle management support

10. Business Continuity and Emergency Management is not adequately leveraged within organisations

11. BCM and EM viewed as a cost centre not a value driver13

12. What does it all mean…Continuity is not a strategic priority

13. What is Resilience from a Strategic Perspective?Business resilience is about capability to prevent disruption and mitigate risks associated with failure to meet objectives

14. Can mitigate significant strategic and operational risk

15. Encompasses people, processes, and technology

16. Is required for any organization offering continuous or a high level of customer service

17. Is about maintaining a competitive advantage before, during, and after a major eventNote: These are strategic business and community issues

18. Who Do These Principles Apply To?Those responsible for business continuity and IT disaster recovery

19. Emergency Management Professionals and Staff

20. Executives and Senior Management

21. Risk Management Professionals The Seven Principles#1 Integrate your program and link it with risk, performance improvement, and other business programs#2 Identify, engage and manage key stakeholders#3 Understand the business operations (and cost of not having resiliency) through comprehensive analysis and risk assessments#4 Identify and support the needs of senior management13

22. The Seven Principles (continued)#5 Emphasize the strategic aspects and value proposition of your program – how it protects people, reputation, cash flow, customer service#6 Customize and “size to fit” – Apply best practices but tailor your program to fit the structure, culture, and budget of your organization#7 Focus on people, process, technology and brand protection throughout response and recovery13

23. # 1 Integrate Your Program Integrate your program and link it with enterprise risk and/or other business programs

24. CRISIS MGMT.ERPIntegrate Your OverviewEmergency Response Plan and ProgramCrisis ManagementBCPDRPIT Disaster Recovery Plan and ProgramBusiness Continuity Plan and Program

25. Business Crisis Business Disaster Enterprise Risk Continuity ManagementContinuityRecoveryManagementPlanningRecoveryPeopleRisk AssessmentRisk AssessmentRM OptimizationRM OptimizationResponseResourcesInfrastructureRisk MonitoringRisk MonitoringManagementContinuity& CoordinationProceduresApplicationsData RecoveryProcessRisk ResponseRisk ResponseCrisis Disaster Emergency Technical Location & Communication Business Interim Business Integrate Business Resilience with other ProgramsDo not try to “go it alone”

26. Integration does not necessarily mean organizational redesign

27. Risk Management is a logical link but select what works best in your organizationIntegrated ProgramBusiness Business Crisis Crisis Business Business Disaster Disaster Enterprise Risk Enterprise Risk Continuity Continuity Integrated ProgramManagementManagementContinuityContinuityRecoveryRecoveryManagementManagementPlanningPlanningEVENTEVENTPeoplePeopleRisk AssessmentRisk AssessmentRecoveryRecoveryRM OptimizationRM OptimizationResourcesResourcesInfrastructureInfrastructureRisk MonitoringRisk MonitoringResponseResponseContinuityContinuityProceduresProceduresApplicationsData RecoveryApplicationsData Recovery& Coordination& CoordinationManagementManagementRisk ResponseRisk ResponseProcessProcessCrisis Crisis Disaster Disaster Emergency Emergency Technical Technical Location & Location & Communication Communication Business Business Interim Business Interim Business Post-EventPre-Pre-Event

28. Integrated Resilience FunctionsExample from our professional services firm

29. # 2 Engage Key StakeholdersIdentify, engage and manage key stakeholders

30. # 3 Understand the Business OperationsConduct frequent and comprehensive analysis and risk assessments to fully understand business operations and cost of not building resiliency

31. Understand Your BusinessProgram ImplementationTrainingThreat, Vulnerability, Risk AssessmentBenchmarkingElements of a Resilient ProgramResponse& RecoveryBusiness Impact AnalysisProgram MaintenancePlan DevelopmentRecoveryPlan Testing StrategyPlanning

32. RecoveryPlan Testing StrategyPlanningUnderstand Your BusinessAn effective continuity program begins with understanding the business Program ImplementationTrainingThreat, Vulnerability, Risk AssessmentBenchmarkingElements of a Resilient ProgramResponse& RecoveryBusiness Impact AnalysisProgram MaintenancePlan Development

33. Understand Your BusinessAn effective continuity program achieves resiliency through:Dynamic Planning

34. Response and Recovery

35. Focus on People

36. Value Creation

37. CommunicationProgram ImplementationTrainingThreat, Vulnerability, Risk AssessmentBenchmarkingElements of a Resilient ProgramResponse& RecoveryBusiness Impact AnalysisProgram MaintenancePlan DevelopmentRecovery StrategyPlanningScenarioTesting

38. # 4 Support Needs of Senior ManagementIdentify and support the needs of senior management

39. Management needs to...Minimize negative surprise

40. Resolve uncertainty and variances from expectations

41. A process to identify opportunities

42. Maximize opportunity for success and good performance

43. Employ the entire organization in the business resilience process

44. Align organizational objectives

45. Enhance stakeholder confidence through the execution of their plansNote: These are all value drivers a business continuity and emergency management programs can influence 13

46. # 5 Understand and Emphasize Your Value PropositionEmphasize the strategic aspects and value proposition of your program

47. Value PropositionMinimize financial losses

48. Protect personnel

49. Protect assets

50. Protect and improve reputation

51. Enhanced customer service

52. Ensure high quality and efficient processes

53. Maintain stakeholder obligations Blackout 2003Labour DisruptionWorkplace ViolenceSystem MeltdownNatural DisasterPandemicBorder ShutdownValue PropositionThe Cost of Not Preparing:Financial losses

54. Business interruption

55. Loss of key client/key supplier

56. Loss of reputation

57. Legal liabilities

58. Injury to people

59. Environmental damage

60. Regulatory scrutiny

61. Loss of customer service

62. Going out of businessBlackout 2003Labour DisruptionPandemicBorder Shutdown

63. # 6 Customize and “Size to Fit”Apply best practices but tailor your program to fit the structure, culture and budget of your organization

64. Tailor to CultureUnderstanding risks and business needs, you can customize your plans and response

65. Not every organization needs the expensive strategy option; advancements in teleworking and a sound BIA will allow for a more cost-effective and creative (i.e. In house) recovery

66. You need to understand the culture and the tolerance

67. You can’t do this in your office or straight from paper

68. Every organization, or every department has different priorities that you need to understand and address# 7 Focus on People, Process, Technology & Brand ThroughoutFocus on people, process, technology and brand protection throughout response and recovery

69. TACTICALOPERATIONALSTRATEGIC…Throughout Response and RecoveryWe must consider a business resilience program based on business response and business recovery

70. TACTICALOPERATIONALSTRATEGIC…Throughout Response and RecoveryWe must consider business response and business recoveryImmediate internal emergency response plansTACTICALBusiness ResponseSTRATEGIC

71. TACTICALOPERATIONALSTRATEGIC…Throughout Response and RecoveryWe must consider business response and business recoveryImmediate internal emergency response plansBusiness ResponseExternalcustomer-focused response/recovery plansBusiness Recovery

72. TACTICALOPERATIONALSTRATEGIC…Throughout Response and RecoveryWe must consider businessresponse and businessrecoveryImmediate internalemergency responseplansBusiness ResponseExternalcustomer-focused response/recovery plansOPERATIONALBusiness ResilienceBusiness RecoveryRisk plans linked to Strategy and Performance Management

73. TACTICALOPERATIONALSTRATEGICWhat can you do…Tactical plans (response plans) “keep your house in order”Plans should be aligned with your strategyTactical Planning Considerations:Identify critical people, processes & assets (BIA)

74. Identify threats, understand vulnerabilities & assess risks

75. Incident Response

76. Act Decisively

77. Employee assistance programs

78. Scenario TestingTACTICALOPERATIONALSTRATEGICWhat can you do…Operational Plans (recovery plans) help to keep your business in order and your clients satisfiedOperational Planning Considerations:Protect your liquidity

79. Identify critical suppliers

80. Vendor and sourcing alternatives

81. Streamlining processes for minimum disruption

82. Reliable communication channelsTACTICALOPERATIONALSTRATEGICWhat can you do…Business Resilience transforms a “crisis” into a competitive advantageLeverage your gains before the crisis worsensStrategic Planning Considerations:Understand changing customer requirements

83. Review key business objectives to ensure relevancy

84. Focus on value-creation & Innovation – customers, products, services

85. Project volumes and set priorities

86. Protect your brandConclusion The 7 Guiding Principles HelpKeys to Successful Implementation1. Strong “tone at the top” and sponsorship 2. Assessment is a ongoing process, not a one time event 3. People in the businesses will need to understand “what’s in it for me?”4. Active participation will be required by all levels 5. Ask for assistance from experts#1 Integrate and link your program #2 Identify, engage and manage key stakeholders.#3 Understand the business#4 Identify and support the needs of management#5 Emphasize the strategic aspects and value proposition #6 Customize and size to fit”#7 Focus on people, process, technology and brand protection throughout

87. Thank YouCliff Trollope, CBCP, CAS416-515-3851cliff.trollope@mnp.caShandaChronowich, CBCP416-515-3820shanda.chronowich@mnp.ca“When the tide goes out, we find out who’s been swimming without a bathing suit”– Warren Buffett, July ‘07

Integrating Resiliency As A Strategic Priority

More Related Content

What's hot (20)

Similar to Integrating Resiliency As A Strategic Priority (20)

Integrating Resiliency As A Strategic Priority