Managing and Sustaining a Global Business Continuity Management Programme

Uploaded on

Arunabh Mitra, Vice President, Genpact, India

Arunabh Mitra, Vice President, Genpact, India

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Managing and Sustaining aGlobal Business Continuity Management Programme Presenter Name : Arunabh Mitra Company : Genpact
  • 2. Why Business Continuity Rapidly Changing Environment Highly Interconnected Risks Interdependencies for Value enhancement Dependencies on IT and Infrastructure for Business sustenance Lower Buyer tolerance and Competitive market environment  Floods in Thailand  Tsunami in Japan  Storms and Power outages in Americas  Volcanic Ash in Europe  Egypt Political disturbance  Connectivity Failures – RIM  Spams & Virus Attacks – Google, SonyHolistic BCM Framework…CXO/Board Priority © 2009 Copyright Genpact. All Rights Reserved.
  • 3. 2012 Global Issue Forecast iJet International IncLooking ahead to 2012,  Global economic instabilityiJET urges businesses,organizations and  Arab Spring activitiesTravelers to pay specialattention to these issues  Thailand, Cambodia, and Vietnam – Increase political discontent and business disruptions  Global health Issues  Elections and new political leadership in Iran, Egypt, China and Mexico © 2009 Copyright Genpact. All Rights Reserved.
  • 4. The New enterprise Pressure to outsource noncore processes through successive bursts of downsizing. Requirement to interoperate within these outsourcing communities has never been greater. Looking outward beyond enterprise - Value Webs beginning to redefine boundaries of businesses. Dynamic Buying Platforms & modern Supply chains are eroding classical definitions of a business relationship. New era of e-business partnerships is fluid, and these partnerships are reconstituted almost "on the fly." Connected enterprises are being built and then dynamically re-formed from the ground up. Globalization and push for real-time enterprise is on. Architecture needs to encourage new levels of information exchange. Cloud Computing - Next major computing trend that will match our enterprise and business needs as well as personal lifestyle to computing capacity.
  • 5. BCP Spends & Market Trends Volcanic Ash $ 365 bill & power outage, IT Man-Made disasters & Security Hurricane , Information & breach data security , power outage >300 % $109 bill $ EMEA America $ $ >100 %Acid mine rain, fire & Earthquake , $41.3 bill $floods , information Tsunami, oil $ & data security spills $ $ APAC Africa $ $ $ $ $ $ $ $ $ $ Global economic damage 6 % of the overall IT operating & capital budget is $ $ $ due to absence of or spent on BCP worldwide across all industries* Forrester $ $ ineffective BCP /DRP $ Research 2009 2010 2011 IDC Survey on BCP spend across 3 Industries Financial services Industry Manufacturing Industry Spend Healthcare Industry Spend Spend $500 MM $100 MM $80 MM
  • 6. GENPACT : Growing Global Footprint 16 Countries* | 57 Delivery Centers | 25 Languages | 58,000+ Employees Genpact Delivery Footprint 2008 2008 2010 2011 2012 • Unparalleled diversity & depth of services – over 600 customers managed representing Countries of 40+ industries operation 12 13 14 16 16 Operating • A leader in managing business processes Centres 35 39 42 51 57 Significantly Enhanced Capabilities to Serve Clients across the Globe* Presence in 21 countries | Delivery centers in 16 countries
  • 7. End-to-End Service Offerings Ranging FromSimple to Complex FINANCE & ACCOUNTING PROCUREMENT & SUPPLY CHAIN COLLECTIONS & CUSTOMER SERVICE • Accounts Payable • Indirect Sourcing & Procurement • Early & Late Stage Collections • Order to Cash • Inventory Optimization • Analytics/Skip Tracing • General Accounting • Order Management • Bankruptcy Originations • Closing & Reporting • Direct Procurement Support • Customer Care • Treasury & Tax • Fleet & Logistics Services • Technical/Product Support • Financial Planning/Analysis • Service Operations • Customer Acquisition & Sales HUMAN RESOURCE SERVICES RISK MANAGEMENT SERVICES IT INFRASTRUCTURE SERVICES • Talent Management • Internal Audit • End-user Services/Help Desk • Core HR Processes • SOX Advisory • Enterprise Computing • Workforce Analytics • Regulatory Compliance • Network Services • HR Information Services • Enterprise & IT Risk Management • Security Services • Fraud Risk Services Banking & Financial Services Healthcare Automotive Insurance Pharmaceutical Retail / CPG Transportation Hospitality Manufacturing Reengineering Targeted Analytics Focused IT
  • 8. Risks in IT/ITES Organizations Governance & measurement Risk Management Planning and Compliance to Process Organization Regulation Adherence to policy & Key focus should be to guidelines Non Inadequate ensure that there is a future State Compliance with Regulation or vision formal (enterprise level) Staffing & contracts Reprisal from Continuity & risk management Inoperable or employees Higher Churn Availability process implemented rate & unavailable Business processes Inadequate which leads to: skills Risk Culture Inadequate Escalating IT  Risk Identification costs or Poor Knowledge for Decisions ESM Quality  Risk Analysis and Diagnostic service Fraud Treatment Awareness Management Ineffective  Acceptance of Residual Security policy or Infra related to Info security Security risks Un authorized testing , Monitoring or Information access to IT Infra Internal systems  Risk transference by Security Risk Security Management Awareness & enabling outsourcing Training Data privacy IT security actions testing and Data loss prevention Scanning and Monitoring
  • 9. Operational Environment - Forces at work Changing Regulatory / Legal RequirementsClients everchanging Operations, OrganizationsEnvironment/ GRC & BCM Globalrequirements Processes Presence Compliance to multiple business/ Global requirements
  • 10. Critical Success factors for a Robust BCMS Is the BCM Is the current aligned to BCM scalable to leading Industry global Practices ? requirements Does current BCM Is the current cater to all enable BCM awareness faliures and levels and testing of complexity program embedded in the Org culture BCMS at Genpact Is current BCM meeting client industry government and Is there a BCM regulatory Maturity compliances Roadmap ? across How well is the geographies BCM integrated Is the Current with the BCM scalable Enterprise Risk and flexible to manage organic Management & inorganic Program? growth
  • 11. Genpact Business Continuity ManagementArchitecture (BC/DR) Core Business Continuity / Disaster Recovery Plan Project Project Project Project Project Project Project BCP BCP BCP BCP BCP BCP BCP  Facility Design Physical Security Facilities and People Component  Employee Health & Safety  IT Architecture + Redundancy Technology Component  Information Security  Service Delivery Fundamentals  Compliance Operational/Business Component  Governance Model  Internal & External Audits • Tier 1 – Core BC Plan covers the Facilities & Technology Infrastructure • Tier 2 – Project BC Plan addresses the customer specific BCDR strategy requirements © 2009 Copyright Genpact. All Rights Reserved.
  • 12. Layered Approach to BCMS Organization Organization wide BCP Country 1 Country 2 Country wide BCPCity 1 City 2 City 3 City wide BCP Process 1 Process Level BCP Process 2
  • 13. Elements of BCM Program Onsite Tracking & Reporting Tactical [Metrics/Plan/Gap Closure] Onsite Participation Onsite Assessment [Discussions/Testing/Drills] [FMR/RA/Command Centre] Resource Management Program Communication Change Management Program Automation Knowledge Management Strategic Quality Governance Risk & Compliance New Initiatives Management Metrics & Reporting Strategic Planning & Roadmap Program Governance Genpact Corporate BCP ProgramDR & Crisis Management SLAs, MSAs & Compliance Audit & Training
  • 14. Increasing Business Continuity Competency 14 MaturityGenpact founded Bucharest, Romania & Acquired AXIS risk Danville, IL,as GE Capital’s Delhi, India, Consulting in Mumbai, India Acquired Creditek in Johannesburg, SA,operations center Hyderabad, Bangalore, Jaipur, India and ICE Consultancy Wilkes-Barre, PA Brazilin Gurgaon, India India India India in Netherlands 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009-10 Acquired EDM Dalian, Budapest, Kolkata, Changchun, China & Manila, PH Guatemala City & Started operations China Hungary India Acquired MoneyLine – Irvine, CA Lublin, Poland in Mexico Level 1 Level 2 Level 3 Level 4 Level 5 Level 6 Maturity Model Ad-hoc Elementary Defined Progressive Collaborative Generative Comparative Model Organization “At Risk” “Competent” Performer “Best In Class” Corporate Competencies General Attributes of an organization at Each Maturity Level Leadership Commitment VL L M H H H VL L Employee Awareness L M H M VL L Entity Wide Penetration L L M H VL L M M Measurement Systems H M VL L M External Coordination L H H VL L BC Program Management M H H H 75 Customers in BC Fold across 13 countries – more than 400+ Business Disruption handled © 2009 Copyright Genpact. All Rights Reserved.
  • 15. Program Maturity Model 1. Staged Requirements (Elementary , Mature , Advanced) 2. Risk based assessment process 3. Focus on Ongoing operations & External Audits 3. Org Maturity = f (x) ( Values , Performance ) 4. High Maturity Higher Rewards
  • 16. Challenges in BCM  Company objectives are not aligned with business continuity objectivesBCMS  Recently acquired Company Personnel not included in BCM StructureFramework  BCMS Policy and Procedures are not updated on a regular basis  Vendors / outsourced operations are not included in the BCMS framework  BIA results are subjective and not based on a framework and does not include qualitative /quantitative analysis Business  BIAs are not updated along-with changing business model and interdependencies Impact Analysis  BIA for IT systems and applications are not undertaken  Business continuity objectives are not identified for support functions  Threat / Risk assessment is not linked to companies ERM Threat / Risk assessment not undertaken for infrastructure enablers Risk  Risk assessment results have not been closed on a timely manner Assessment  Mitigation action plan was not undertaken to treat / tolerate / terminate / transfer risks  Country / city / facility and process level BCPs are not integrated Business  Business Continuity Plan not available with critical resources responsible for recovery and teams not trained on the plans Continuity Plans  Redundant information in multiple plans  Bulky, non readable business continuity plan document  BCM calendar is not comprehensive and does not cover entire organization BCM Testing  BCM plans not tested / exercised on a regular basis maintenance and  Only table top simulations are undertaken, actual drill/test not awareness performed
  • 17. Key Takeaways 17  Build resilience in design  Understanding of Customer operating and demographic landscape  Regional Statutory requirement – Flexible to changing environment  Integrate BCM into Enterprise Risk  People Safety - Highest on priority  Integrated risk management to reduce costs  Long term view  Alignment of business continuity objectives with the company’s goal © 2009 Copyright Genpact. All Rights Reserved.
  • 18. Thank You© 2009 Copyright Genpact. All Rights Reserved.