Business Resilience


Published on

Analyzing Your Organization’s Risk...
In order to develop a Business Continuity Plan a thorough understanding of your organizational needs and critical
processes is required - This process is known as a Business Impact Analysis:
This involves:-
• Knowing your critical activities, the effect of those activities being disrupted and the priority for recovery
of those activities; and
• Knowing what events could disrupt your critical activities and lead to a failure of your organisation.

Published in: Business, Economy & Finance
1 Like
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Business Resilience

  1. 1. Business Continuity Strategy Colin Dixon Head of Portfolio Strategy – BT Openreach
  2. 2. Contents • Why we need Business Continuity Management • Business Resilience Strategy development ► Classical BCM strategy ► Other strategic dimensions ► Bottom line ► Data-centric 2 In Confidence
  3. 3. Impact of Buncefield Fire UK -11th Dec 2005 •The incident cost firms more than £70m, according to a study by the East of England Development Agency. •Some 92 firms on the Maylands business park, employing about 9,500 people, were directly affected by the explosion. •Some 3,300 claims, worth a potential £700m, have been filed by individuals, loss assessors and companies. It’s not just you that suffers – or claims 3 In Confidence
  4. 4. Cause of Buncefield Fire •Investigators said a faulty gauge and safety devices led to the overfilling of fuel storage tank 912 leading to an escape of unleaded petrol and the formation of a cloud of flammable vapour that ignited. Cost of prevention less than £1000 vs Cost of disaster more than 700000X Bad stuff happens and you can’t always predict it 4 In Confidence
  5. 5. Global change • In the United States BCM was considered important to ensure compliance with regulatory requirements. • The emphasis shifted since September 11, 2001 and it has become critical to protect their customers and corporate value. • In the UK, the events of July 7 resulted in various authorities implement Business Continuity & Recovery Planning. • Europe is implementing BCM legislation • Insurance loss adjustors now insist on BC planning and performance This affects you if you want to trade with the US & Europe 5 In Confidence
  6. 6. You are vulnerable • Over 50% of businesses fail because of impacts outside their direct control • Where are you in the vulnerability chain? ► Supplier ► Consumer ► Broker ► Producer ► Protector • All of the above? Business relationships are too complex to rely on everyone else supporting you 6 In Confidence
  7. 7. Cost of Down Time Damaged Revenue Financial Productivity Other Expenses Reputation Performance Customers Direct Loss Cash Flow Impacted Employees Equipment and IT rental Suppliers Compensations Revenue Lost Hours Temporary staff Visibility Financial markets Lost future Lost Discounts Loss of motivation & Overtime costs revenue control Banks Billing losses Credit Rating Schedules disruption Extra delivery & travel costs Stakeholders Investment Stock price Loss of records Legal & regulatory imposed Losses costs 7 In Confidence
  8. 8. Why do you need a Business Continuity Plan? • Some Facts: ► 80% of businesses affected by a major incident close within 18 months. ► 90% of businesses that lose vital data from a disaster are forced to shut within 2 years. ► 58% of UK organisations were disrupted by the September 11th disaster. One in eight was seriously affected. • Day-to-day disruptions can threaten the business not just major emergencies. 8 In Confidence
  9. 9. Business Continuity Management (BCM) • BCM is defined by BCI (Business Continuity Institute) as: • ‘an holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value creating activities’. 9 In Confidence
  10. 10. Business Continuity Management (BCM) • Three principal objectives: 1. To be prepared for a disaster 2. To systematically and continuously identify exposure to risk 3. To increase the readiness to recover from ANY disaster with the minimal impact on your business. 10 In Confidence
  11. 11. Some terminology • When does a crisis becomes a disaster? How many Disruptions • Disaster = 1Crisis? • Crisis • Disruption • Event Impact The terms are less important than the outcomes Frequency 11 In Confidence
  12. 12. Classical Business Resilience Model • The six discrete components : ► Strategy, ► Organisation, ► Processes, ► Data / applications, ► Technology, ► Facilities / security. 12 In Confidence
  13. 13. Business Resilience Management Process Process Analyse Business Test Analyse Risks Plan Develop Develop Plan Strategy 13 In Confidence
  14. 14. Business Resilience Strategy • Three stages – ► Business Recovery • Ability to respond quickly and effectively. ► Business Continuity Business Business Recovery Continuity • How quickly – and painlessly – would you be able to get Business back to ‘business as usual’. Resilience ► Business Resilience Strategy • Implies built-in protection and safeguards for your business assets, resource and business critical data. Business Resilience Where you start depends on the circumstances 14 In Confidence
  15. 15. Risk Assessment • Ask scenario based questions e.g: ► What if the IT system fails causing 4 weeks data loss? ► What if sales information was not available for 6 weeks? ► What if there was a strike by the workers? ► What if your major supplier went bust? ► What if there was a flood causing damage to your building and equipment? ► What if there was a fire? ► How to survive a terrorist bomb attack? • The best practice is to identify every category of risk and quantify their impact on the business as well as to the local community. Retro-analysis is time consuming and complex but necessary 15 In Confidence
  16. 16. Mitigation actions to Consider Five options - • Do nothing; accept the status quo • Reduce the likelihood of events causing risk Cost • Reduce the effect of risks to a more manageable level • Reduce risks to negligible level • Eliminate risk completely. Effectiveness BCM decision making is hard 16 In Confidence
  17. 17. Business Resilience Strategy • Basic strategy framework: ► Ensure Business Continuity plans are in place ► Ensure communications can be maintained ► Staff are trained to react in an emergency ► Effective Communication Plan ► Ensure key data are accessible ► Organisation - control and leadership The basic template is simple – the rest is not 17 In Confidence
  18. 18. BR Strategy Development • Some options to consider: • An impact analysis. • Consult your insurer. • Seek advice from your solicitors and accountants • Revisit your SLAs and contractual obligations to your clients. • Consider the use of external assistance - reciprocal arrangement for the use of facilities with another company. • Contract with a specialist supplier of Business Recovery service. • A secondary site for immediate take over. • An outsourced hot site ready for restoration of last day’s data. • A cold site where equipment and communications can be installed in the event of a disaster. Strategy is very dependent on the organisational goals 18 In Confidence
  19. 19. Implementation – How? • BCI handbook of best practise • Following presentations • Work it through in your organisation • Copy others –(carefully) •But how to mobilise your organisation and who pays? •Without cultural buy in BCM will be ineffective 19 In Confidence
  20. 20. Other strategic dimensions • Risk appetite • Bottom line • Communications • People • Data 20 In Confidence
  21. 21. Risk appetite – who pays? • How much buy in can you get? • different people have different attitudes to risk (at different times!) •Corporations have short Sales memories CFO •Without exec support you Maintenance cant do BCM Risk CEO appetite •If it is not part of the culture it won’t be effective Procurement Operations Operational Fiscal focus focus 21 In Confidence
  22. 22. Getting he buy in - Bottom line impacts Critical business dimensions • Solvency - now! • Liquidity - how long have you got? • Brand protection - who’s hurt?.....will they keep buying? • Supply lines (in & out) – how long can they keeping going? • Restoration – BAU is it the best solution? •Target elements of the analysis and strategy on the owners of the critical dimensions •Make it personal – gain support •Look for quick wins 22 In Confidence
  23. 23. Carlisle UK (January 2005) 23 In Confidence
  24. 24. Resilient Telecommunications • The UK emergencies highlighted communication systems problems - ► BT plc tunnel fire in Manchester (April 2004), ► Floods in Bocastle (August 2004) and Carlisle (January 2005), and ► The bombings in London (July 2005) • Loss of communications has the most immediate impact on businesses • Coupled with other impacts this can be catastrophic • It is always high profile • have back up communications for critical functions - probability you will need it = 99%+ •This is a simple low cost & effective way to introduce the concept of BCM to the organisation’s culture 24 In Confidence
  25. 25. People development • Impact means crisis, and a crisis is no time to figure out what to do • 80% of downtime typically through human error • 70% of recovery time typically thinking time • Properly trained people do the right thing before during and after an impact • A small well trained team can make the difference • If everyone is trained they can act independently •100 confused people = disaster •100 people working together = business resilience 25 In Confidence
  26. 26. Data - the new currency • Businesses no longer trade cash – it is data • Data flows not only facilitate business they are business • Business critical data are the second most valuable asset after people. • The loss of data can cause serious implications even total failure of business. • Data loss can happen due to hardware, software errors and human intervention, but most likely - ignorance ► The number of businesses relying on technology and internet is increasing exponentially. •How long can you survive data starvation? •Do you know what your data is worth? 26 In Confidence
  27. 27. The new world • Two things happening in the IT field: ►The number of potential risks is growing, and ► The impact of some risks is increasing rapidly • Given these two challenges: ► Understanding the value of data is critical ► Data management is not an option ► Data back up is most likely critical •You need to do this now but it costs money •How do you maximise return on this investment? 27 In Confidence
  28. 28. Putting the data to work • Data flows represent critical activities in the business: ► Invoicing, procurement, inventory, processing etc. • Map the data flows to the critical business activities • Prioritise the data flows and you have prioritised risk against bottom line criteria • Optimise the value of the data flows e.g. • Synchronisation of billing and invoice payment • Consolidation and reconciliation of data • Develop new critical data flows • Plan to protect the critical data flows and you have mitigated major risks to the bottom line But………… • Optimisation of data flows is Process Re-engineering (BPR) BPR - leads to process and business efficiencies & reduced costs • Reduced costs & higher efficiencies hit the bottom line 28 In Confidence
  29. 29. Optimising data flows • How much is manual? • How much is redundant/duplicate? • Where are the bottlenecks? • Where is he waste? • Efficient storage and retrieval needs integrated data flows • Integrated data flows can be automated • Minimum points of failure • Protection is more effective BCM can create as well as protect bottom line value 29 In Confidence
  30. 30. Other areas of bottom line gains • Reduced insurance premiums • Favourable interest rates on cash drawdown • Sales closure rates • Reduced inventory • Shared facilities • Improved marketability • Higher stock price 30 In Confidence
  31. 31. Bringing it to together BCM imperatives Strategic approaches • Identify & prioritise risks • Bottom line focus – (gets attention) • Generate strategy & plan • Protect data & • Data-centric focus – (creates value – embeds in culture) communications • Classical – (detailed theory for • Train people for BCM analysis and implementation) A good starting target is to make BCM pay for itself in bottom line gains 31 In Confidence
  32. 32. Thank you Any questions…………….
  33. 33. Summary & Review Followed by Q&A
  34. 34. What we have covered BCM Training practical groundwork and advice Data management on getting started & protection BCM planning Risk analysis Ways of looking at BCM strategy Span & reach Underpinning theory of BCM & techniques Why we need BCM 34 In Confidence
  35. 35. What you take away • A comprehension of the importance of BCM • An understanding of BCM in practice for SMEs • Membership of the BCI ► Access to all BCI on line resources ► Access to BCI help desk and resources We trust this has helped you on your BCM journey 35 In Confidence