BCM Presentation - Investment or Expense?


Published on

BCM Presentation - Investment or Expense? (in English)
A recent presentation I made evaluating if BCM is investment or expense.

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

BCM Presentation - Investment or Expense?

  1. 1. Business Continuity Investment or expense? Sidney R. Modenesi, MCBCC, MBCI IV Seminário de GCN Gestão da Continuidade de Negócios Brasília – 25/06/13 1 This is a quick and straight translation of the original presentation, i.e., some translation errors may occur.
  2. 2. Agenda  Opening  What is Business Continuity  Some local significant regulations  Standards and Good Practice  Real experiences  Investment or expense  Adjourn 2
  3. 3. Presenter  Sidney R. Modenesi, MCBCC, MBCI, BS 25999 Technical Expert;  BCI Area Representative for Brazil;  STROHL Brasil General manager since 2002;  Bachelor in Computer Sciences, IME/USP;  Master Degree in Entrepreneurship, FIA/FEA/USP;  Approved in the DRII certification exam in 2000;  Approved as MBCI by BCI in 2005;  BS 25999 Technical Expert by BSI in2011;  Contacts: sidneymd@thebci.com.br sidney_modenesi@strohlbrasil.com.br +55 11 5583-0033 3
  4. 4. Business Continuity Institute  Global leader institute in Business Continuity;  Mission: to promote the art and science of Business Continuity worldwide;  With 10.000+ certified professionals in 100+ countries;  Supported the development and enhancement of many Business Continuity standards as:  PAS 56, BS 25999, ISO 22301/22313, GPG 2013 ... 4
  5. 5. Assumptions “If anything can go wrong, it will.” Murphy s Law “And more, it will go wrong in the worst manner, at the worst moment and in a way it will cause the worst possible damage.” Corollary “Murphy was an optimist”. Clark s Law Noeh Arch 1st documented record of Business Continuity in the Human Kind history, although using an inside information … 5
  6. 6. What is Business Continuity? (according to ISO 22301/22313) It is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. 6
  7. 7. What is Business Continuity? (according to ISO 22301/22313) 7
  8. 8. What is Business Continuity? (according to ISO 22301/22313) Or simply: to restart in a planned way services, products and/or critical business processes in a alternate location, in a priory defined time frame and service level, before the consequences and impacts become unacceptable. 8
  9. 9. Local significant regulations 3380 Regulation – BACEN (like FED) Defines the implementation of the Operational Risk management strucuture in accordance with the Basel II agreement. Be in force since July 29th, 2006. VI – existence of contingency plans containing strategies to be adopted to assure continuity conditions of core activities and to limit severe losses due to operational risks. 9
  10. 10. Significant regulations Business Resiliency and Continuity Principle 10: Banks should have business resiliency and continuity plans in place to ensure an ability to operate on an ongoing basis and limit losses in the event of severe business disruption. The Committee’s paper, High-level principles for business continuity, August 2006, discusses sound continuity principles in greater detail. 10
  11. 11. Local significant regulations SAC Law (Customer Service Centers) SUSEP – Circular # 285 (insurance market) 4. Operational Continuity Plans: 4.1. to indicate a summary plan of the operational continuity in contingency or emergency situations; 4.2. to present the results of the last test of the operational continuity test. 11
  12. 12. Standards and Good Practice in BCM ISO 22301:2012 Good Practice Guidelines 2013 12
  13. 13. Real experiences World Trade Center – 09/11/2001 London Underground - 2005 13
  14. 14. Real experiences Riots – 2006 ... Riots – 2006 ... RJ, SP ... 14
  15. 15. Real experiences 15 Vulcano in Iceland Vulcano in Chile
  16. 16. Real experiences Fukushima, Japão - 2011 16 Due to the Fukushima earthquake and tsunami some Brazilian car factories had to close one of the production shifts due to lack of core components. BALANCE: Lost sales
  17. 17. Real experiences Oklahoma tornado - 2013 Petrópolis/RJ - 2011 17
  18. 18. Real experiences 18 All variations of flue Dengue, an endemic local problem
  19. 19. Real experiences Fire in one of the Social Security buildings in Brasilia (INSS) - 2005 Data Center fire - 2009 19
  20. 20. Real experiences – Social Midia Foreign Affairs invasion – 06/13 Brasilia Congress invasion – 06/13 20
  21. 21. Real experiences – Crisis management 21
  22. 22. Real experiences The potential risks list is endless:  Naturals:  Heavy rains, earthquakes, vulcanos, tornados ...  Humans, accidentals or deliberates:  fire, explosion, contamination ...  Technological:  Hacker, invasion, virus, systemic failure... 22
  23. 23. Risk Appetite For each non eliminated risk  An strategy developed, documented, tested and updated will be needed  To restart in a planned way services, products and/or critical business processes in a alternate location, in a priory defined time frame and service level, before the consequences and impacts become unacceptable. 23
  24. 24. Implementation cycle • To identify and mitigate risks. • FOR EACH NON ELIMNATED RISK • Recovery Strategies • Developed, documented, tested and updated • To planned restart services, products and/or business processes in an alternate location • PDCA - Plan, Do, Check and Act 24
  25. 25. Investments and expenses The development and implementation of the Recovery Strategies will require de: • Initial (upfront) investments to adapt office space, electrical power, network, PABX and phone lines, desks, chairs, workstations ... • Recurring expenses to maintain all this infra structure and • Eventual expenses with exercises, testes and validation tests (DRP). 25
  26. 26. Equilibrium point RISK APPETITE Time Financial and operational losses Investments in prevention and contingency $ t0 t1< t0 < Risk Appetite t2 > t0 > Risk Appetite $ 26
  27. 27. Investment or expense? • Financially BCM has: – Implementation investments  CAPEX – Recurring expenses  OPEX • In the Management or Risk Appetite point of view BCM helps to increase the operational resilience – Increasing availability, productivity and time redution of the interruptions  Investment –It is part of the business cost. 27
  28. 28. Return of investment Plan Do Check Act Plan the recovery strategy Implement the recovery strategy Exercise, test and stress the recovery strategy Treat the Non Conformities: •Update the Recovery Strategies and/or •Update the BAU daily processes. Benefits: improve in the quality, productivity and availability of the critical products, services and business processes. 28
  29. 29. Adjourn A well developed, implemented and maintained Business Continuity Program will:  Increase the Risk Awareness;  Reduce the organization risks;  Reduce the interruption durations;  Bring ROI;  Increase the organization value, specially with a BCMS certification. 29
  30. 30. Closing Plan for the WORST Work for the BETTER. 30
  31. 31. Closing Contacts: Sidney R. Modenesi  sidneymd@thebci.com.br  sidney_modenesi@strohlbrasil.com.br  +55 11 5583-0033 31