Integrating Resiliency as a Strategic Priority: Seven Guiding Principles to Bring Your Program to the Next Level<br />
Our Aim<br />To share Seven Guiding Principles that can help you make your business continuity and emergency management pr...
Outline<br /><ul><li>The Need - Background and Observations
The Audience - Who the Principles apply to
The Principles - Presenting the 7 Guiding Principles
Wrap Up, Questions, and Discussion</li></li></ul><li>Observations  <br /><ul><li>Many organizations have sound individual ...
Gaps between BCM/EM programs and strategic goals of the organisation
Often focus is on compliance vs. competitive advantage
BCM and EM practitioners struggle to obtain senior management and/or middle management support
Business Continuity and Emergency Management is not adequately leveraged within organisations
BCM and EM viewed as a cost centre not a value driver</li></ul>13<br />
What does it all mean…<br />Continuity is not a strategic priority<br />
What is Resilience from a Strategic Perspective?<br /><ul><li>Business resilience is about capability to prevent disruptio...
Can mitigate significant strategic and operational risk
Encompasses people, processes, and technology
Is required for any organization offering continuous or a high level of customer service
Is about maintaining a competitive advantage before, during, and after a major event</li></ul>Note: These are strategic bu...
Who Do These Principles Apply To?<br /><ul><li>Those responsible for business continuity and IT disaster recovery
Emergency Management Professionals and Staff
Executives and Senior Management
Risk Management Professionals </li></li></ul><li>The Seven Principles<br />#1  Integrate your program and link it with ris...
The Seven Principles (continued)<br />#5  Emphasize the strategic aspects and value proposition of your program – how it p...
# 1 Integrate Your Program<br />	Integrate your program and link it with enterprise risk and/or other business programs<br />
CRISIS MGMT.<br />ERP<br />Integrate Your Overview<br />Emergency Response Plan and Program<br />Crisis Management<br />BC...
Business <br />Crisis <br />Business <br />Disaster <br />Enterprise Risk <br />Continuity <br />Management<br />Continuit...
Integration does not necessarily mean organizational redesign
 Risk Management is a logical link but select what works best in your organization</li></ul>Integrated Program<br />Busine...
Integrated Resilience Functions<br />Example from our professional services firm<br />
# 2 Engage Key Stakeholders<br />Identify, engage and manage key stakeholders<br />
# 3 Understand the Business Operations<br />Conduct frequent and comprehensive analysis and risk assessments to fully unde...
Understand Your Business<br />Program Implementation<br />Training<br />Threat, <br />Vulnerability, Risk Assessment<br />...
Recovery<br />Plan Testing	    Strategy<br />Planning<br />Understand Your Business<br />An effective continuity program b...
Understand Your Business<br />An effective continuity program achieves resiliency through:<br /><ul><li>Dynamic Planning
Response and Recovery
Focus on People
Upcoming SlideShare
Loading in …5
×

Integrating Resiliency As A Strategic Priority

522 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
522
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Integrating Resiliency As A Strategic Priority

  1. 1. Integrating Resiliency as a Strategic Priority: Seven Guiding Principles to Bring Your Program to the Next Level<br />
  2. 2. Our Aim<br />To share Seven Guiding Principles that can help you make your business continuity and emergency management programs a strategic priority.<br />
  3. 3. Outline<br /><ul><li>The Need - Background and Observations
  4. 4. The Audience - Who the Principles apply to
  5. 5. The Principles - Presenting the 7 Guiding Principles
  6. 6. Wrap Up, Questions, and Discussion</li></li></ul><li>Observations <br /><ul><li>Many organizations have sound individual plans but lack synergy between them, sometimes resulting in a disjointed and potentially ineffective program
  7. 7. Gaps between BCM/EM programs and strategic goals of the organisation
  8. 8. Often focus is on compliance vs. competitive advantage
  9. 9. BCM and EM practitioners struggle to obtain senior management and/or middle management support
  10. 10. Business Continuity and Emergency Management is not adequately leveraged within organisations
  11. 11. BCM and EM viewed as a cost centre not a value driver</li></ul>13<br />
  12. 12. What does it all mean…<br />Continuity is not a strategic priority<br />
  13. 13. What is Resilience from a Strategic Perspective?<br /><ul><li>Business resilience is about capability to prevent disruption and mitigate risks associated with failure to meet objectives
  14. 14. Can mitigate significant strategic and operational risk
  15. 15. Encompasses people, processes, and technology
  16. 16. Is required for any organization offering continuous or a high level of customer service
  17. 17. Is about maintaining a competitive advantage before, during, and after a major event</li></ul>Note: These are strategic business and community issues<br />
  18. 18. Who Do These Principles Apply To?<br /><ul><li>Those responsible for business continuity and IT disaster recovery
  19. 19. Emergency Management Professionals and Staff
  20. 20. Executives and Senior Management
  21. 21. Risk Management Professionals </li></li></ul><li>The Seven Principles<br />#1 Integrate your program and link it with risk, performance improvement, and other business programs<br />#2 Identify, engage and manage key stakeholders<br />#3 Understand the business operations (and cost of not having resiliency) through comprehensive analysis and risk assessments<br />#4 Identify and support the needs of senior management<br />13<br />
  22. 22. The Seven Principles (continued)<br />#5 Emphasize the strategic aspects and value proposition of your program – how it protects people, reputation, cash flow, customer service<br />#6 Customize and “size to fit” – Apply best practices but tailor your program to fit the structure, culture, and budget of your organization<br />#7 Focus on people, process, technology and brand protection throughout response and recovery<br />13<br />
  23. 23. # 1 Integrate Your Program<br /> Integrate your program and link it with enterprise risk and/or other business programs<br />
  24. 24. CRISIS MGMT.<br />ERP<br />Integrate Your Overview<br />Emergency Response Plan and Program<br />Crisis Management<br />BCP<br />DRP<br />IT Disaster Recovery Plan and Program<br />Business Continuity Plan and Program<br />
  25. 25. Business <br />Crisis <br />Business <br />Disaster <br />Enterprise Risk <br />Continuity <br />Management<br />Continuity<br />Recovery<br />Management<br />Planning<br />Recovery<br />People<br />Risk Assessment<br />Risk Assessment<br />RM Optimization<br />RM Optimization<br />Response<br />Resources<br />Infrastructure<br />Risk Monitoring<br />Risk Monitoring<br />Management<br />Continuity<br />& Coordination<br />Procedures<br />Applications<br />Data Recovery<br />Process<br />Risk Response<br />Risk Response<br />Crisis <br />Disaster <br />Emergency <br />Technical <br />Location & <br />Communication <br />Business <br />Interim Business <br />Integrate Business Resilience with other Programs<br /><ul><li>Do not try to “go it alone”
  26. 26. Integration does not necessarily mean organizational redesign
  27. 27. Risk Management is a logical link but select what works best in your organization</li></ul>Integrated Program<br />Business <br />Business <br />Crisis <br />Crisis <br />Business <br />Business <br />Disaster <br />Disaster <br />Enterprise Risk <br />Enterprise Risk <br />Continuity <br />Continuity <br />Integrated Program<br />Management<br />Management<br />Continuity<br />Continuity<br />Recovery<br />Recovery<br />Management<br />Management<br />Planning<br />Planning<br />EVENT<br />EVENT<br />People<br />People<br />Risk Assessment<br />Risk Assessment<br />Recovery<br />Recovery<br />RM Optimization<br />RM Optimization<br />Resources<br />Resources<br />Infrastructure<br />Infrastructure<br />Risk Monitoring<br />Risk Monitoring<br />Response<br />Response<br />Continuity<br />Continuity<br />Procedures<br />Procedures<br />Applications<br />Data Recovery<br />Applications<br />Data Recovery<br />& Coordination<br />& Coordination<br />Management<br />Management<br />Risk Response<br />Risk Response<br />Process<br />Process<br />Crisis <br />Crisis <br />Disaster <br />Disaster <br />Emergency <br />Emergency <br />Technical <br />Technical <br />Location & <br />Location & <br />Communication <br />Communication <br />Business <br />Business <br />Interim Business <br />Interim Business <br />Post-Event<br />Pre<br />-<br />Pre-Event<br />
  28. 28. Integrated Resilience Functions<br />Example from our professional services firm<br />
  29. 29. # 2 Engage Key Stakeholders<br />Identify, engage and manage key stakeholders<br />
  30. 30. # 3 Understand the Business Operations<br />Conduct frequent and comprehensive analysis and risk assessments to fully understand business operations and cost of not building resiliency<br />
  31. 31. Understand Your Business<br />Program Implementation<br />Training<br />Threat, <br />Vulnerability, Risk Assessment<br />Benchmarking<br />Elements of a Resilient Program<br />Response<br />& <br />Recovery<br />Business Impact Analysis<br />Program Maintenance<br />Plan Development<br />Recovery<br />Plan Testing Strategy<br />Planning<br />
  32. 32. Recovery<br />Plan Testing Strategy<br />Planning<br />Understand Your Business<br />An effective continuity program begins with understanding the business <br />Program Implementation<br />Training<br />Threat, <br />Vulnerability, Risk Assessment<br />Benchmarking<br />Elements of a Resilient Program<br />Response<br />& <br />Recovery<br />Business Impact Analysis<br />Program Maintenance<br />Plan Development<br />
  33. 33. Understand Your Business<br />An effective continuity program achieves resiliency through:<br /><ul><li>Dynamic Planning
  34. 34. Response and Recovery
  35. 35. Focus on People
  36. 36. Value Creation
  37. 37. Communication</li></ul>Program Implementation<br />Training<br />Threat, <br />Vulnerability, Risk Assessment<br />Benchmarking<br />Elements of a Resilient Program<br />Response<br />& <br />Recovery<br />Business Impact Analysis<br />Program Maintenance<br />Plan Development<br />Recovery<br /> Strategy<br />Planning<br />ScenarioTesting<br />
  38. 38. # 4 Support Needs of Senior Management<br />Identify and support the needs of senior management<br />
  39. 39. Management needs to...<br /><ul><li>Minimize negative surprise
  40. 40. Resolve uncertainty and variances from expectations
  41. 41. A process to identify opportunities
  42. 42. Maximize opportunity for success and good performance
  43. 43. Employ the entire organization in the business resilience process
  44. 44. Align organizational objectives
  45. 45. Enhance stakeholder confidence through the execution of their plans</li></ul>Note: These are all value drivers a business continuity and emergency management programs can influence <br />13<br />
  46. 46. # 5 Understand and Emphasize Your Value Proposition<br />Emphasize the strategic aspects and value proposition of your program<br />
  47. 47. Value Proposition<br /><ul><li>Minimize financial losses
  48. 48. Protect personnel
  49. 49. Protect assets
  50. 50. Protect and improve reputation
  51. 51. Enhanced customer service
  52. 52. Ensure high quality and efficient processes
  53. 53. Maintain stakeholder obligations </li></li></ul><li>Blackout 2003<br />Labour Disruption<br />Workplace Violence<br />System Meltdown<br />Natural Disaster<br />Pandemic<br />Border Shutdown<br />Value Proposition<br />The Cost of Not Preparing:<br /><ul><li>Financial losses
  54. 54. Business interruption
  55. 55. Loss of key client/key supplier
  56. 56. Loss of reputation
  57. 57. Legal liabilities
  58. 58. Injury to people
  59. 59. Environmental damage
  60. 60. Regulatory scrutiny
  61. 61. Loss of customer service
  62. 62. Going out of business</li></ul>Blackout 2003<br />Labour Disruption<br />Pandemic<br />Border Shutdown<br />
  63. 63. # 6 Customize and “Size to Fit”<br />Apply best practices but tailor your program to fit the structure, culture and budget of your organization<br />
  64. 64. Tailor to Culture<br /><ul><li>Understanding risks and business needs, you can customize your plans and response
  65. 65. Not every organization needs the expensive strategy option; advancements in teleworking and a sound BIA will allow for a more cost-effective and creative (i.e. In house) recovery
  66. 66. You need to understand the culture and the tolerance
  67. 67. You can’t do this in your office or straight from paper
  68. 68. Every organization, or every department has different priorities that you need to understand and address</li></li></ul><li># 7 Focus on People, Process, Technology & Brand Throughout<br />Focus on people, process, technology and brand protection throughout response and recovery<br />
  69. 69. TACTICAL<br />OPERATIONAL<br />STRATEGIC<br />…Throughout Response and Recovery<br />We must consider a business resilience program based on business response and business recovery<br />
  70. 70. TACTICAL<br />OPERATIONAL<br />STRATEGIC<br />…Throughout Response and Recovery<br />We must consider business response and business recovery<br />Immediate internal emergency response plans<br />TACTICAL<br />Business Response<br />STRATEGIC<br />
  71. 71. TACTICAL<br />OPERATIONAL<br />STRATEGIC<br />…Throughout Response and Recovery<br />We must consider business response and business recovery<br />Immediate internal emergency response plans<br />Business Response<br />Externalcustomer-focused response/recovery plans<br />Business Recovery<br />
  72. 72. TACTICAL<br />OPERATIONAL<br />STRATEGIC<br />…Throughout Response and Recovery<br />We must consider businessresponse and businessrecovery<br />Immediate internalemergency responseplans<br />Business Response<br />Externalcustomer-focused response/recovery plans<br />OPERATIONAL<br />Business Resilience<br />Business Recovery<br />Risk plans linked to Strategy and Performance Management<br />
  73. 73. TACTICAL<br />OPERATIONAL<br />STRATEGIC<br />What can you do…<br />Tactical plans (response plans) “keep your house in order”<br />Plans should be aligned with your strategy<br />Tactical Planning Considerations:<br /><ul><li>Identify critical people, processes & assets (BIA)
  74. 74. Identify threats, understand vulnerabilities & assess risks
  75. 75. Incident Response
  76. 76. Act Decisively
  77. 77. Employee assistance programs
  78. 78. Scenario Testing</li></li></ul><li>TACTICAL<br />OPERATIONAL<br />STRATEGIC<br />What can you do…<br />Operational Plans (recovery plans) help to keep your business in order and your clients satisfied<br />Operational Planning Considerations:<br /><ul><li>Protect your liquidity
  79. 79. Identify critical suppliers
  80. 80. Vendor and sourcing alternatives
  81. 81. Streamlining processes for minimum disruption
  82. 82. Reliable communication channels</li></li></ul><li>TACTICAL<br />OPERATIONAL<br />STRATEGIC<br />What can you do…<br />Business Resilience transforms a “crisis” into a competitive advantage<br />Leverage your gains before the crisis worsens<br />Strategic Planning Considerations:<br /><ul><li>Understand changing customer requirements
  83. 83. Review key business objectives to ensure relevancy
  84. 84. Focus on value-creation & Innovation – customers, products, services
  85. 85. Project volumes and set priorities
  86. 86. Protect your brand</li></li></ul><li>Conclusion <br />The 7 Guiding Principles Help<br />Keys to Successful Implementation<br />1. Strong “tone at the top” and sponsorship <br />2. Assessment is a ongoing process, not a one time event <br />3. People in the businesses will need to understand “what’s in it for me?”<br />4. Active participation will be required by all levels <br />5. Ask for assistance from <br /> experts<br />#1 Integrate and link your program <br />#2 Identify, engage and manage key <br /> stakeholders.<br />#3 Understand the business<br />#4 Identify and support the needs of <br /> management<br />#5 Emphasize the strategic aspects <br /> and value proposition <br />#6 Customize and size to fit”<br />#7 Focus on people, process, <br /> technology and brand protection <br /> throughout<br />
  87. 87. Thank You<br />Cliff Trollope, CBCP, CAS416-515-3851cliff.trollope@mnp.ca<br />ShandaChronowich, CBCP416-515-3820shanda.chronowich@mnp.ca<br />“When the tide goes out, we find out who’s been swimming without a bathing suit”<br />– Warren Buffett, July ‘07<br />

×