Upload
elvin-chan-jd-cpa-ceng-mbcp
View
28
Download
2
Tags:
Embed Size (px)
Citation preview
Reconciling Budgetary Restrictions within Your
Organization in Order to Successfully Manage Your
Business Continuity and Disaster Recovery Plan
ByElvin Chan JD MBCP CPA Ceng
DISASTER MANAGEMENT 2015 REGIONAL CONFERENCE
10 February 2015
Hotel Istana, Kuala Lumpur, Malaysia
Elvin CHAN 10 Feb 2015 2
Reconciling Budgetary Restrictions
• Why are there budgetary restrictions on BC/DR programs• Why is the understanding business strategic priorities so important• Rationalizing the requirements is the key• Speaking Excom’s language (correctly) can make a huge difference• How to use existing risk management governance structure to your
advantage• Why do we need to embed BC/DR into project management cycle
Elvin CHAN 10 Feb 2015 6
Budgetary restrictions on BC/DR programs• Typical scenarios:• New premises, systems or
processes do not have BC/DR capabilities planned• Existing premises, systems
or processes do not have BC/DR built-in
Elvin CHAN 10 Feb 2015 7
Budgetary restrictions on BC/DR programs
•New premises, systems or processes:• Short time-to-market• Not enough financial
budget• Not realize the
importance of BC/DR
Elvin CHAN 10 Feb 2015 8
Budgetary restrictions on BC/DR programs• Existing premises,
systems or processes:• Pre-occupied by daily
operations or initiatives• Cost pressure• Departmental silos
Elvin CHAN 10 Feb 2015 9
Budgetary restrictions on BC/DR programs• But they are NOT the root cause,
just excuses
The root cause that BC/DR requirement is ranked behind other business priorities
Elvin CHAN 10 Feb 2015 11
Understanding business strategic priorities
• Starting with business’s vision• Example: “Our goal is to become the
preferred company for all our stakeholders” – AXA Group• Who are the stakeholders?• Shareholders• Customers• Employees• Suppliers• Community as a whole
Elvin CHAN 10 Feb 2015 12
Understanding business strategic priorities
• Shareholders prefer a company which satisfies their expected return on their invested capital
• Customers prefer a company which provides services and products that satisfies their needs
• Employees prefer a company which satisfies their career preferences
• Suppliers prefer a company which offers business opportunities to them that are matched with their business objectives
• Community prefers a company which is socially responsible
Elvin CHAN 10 Feb 2015 13
Understanding business strategic priorities • BC/DR requirements align with business
strategic priorities when:• It enhances the probability to achieve
shareholders’ expected return on investment• It ensures the products and services are
available to customers to satisfy their needs• It helps building an environment that align
with employees’ career preferences• It protects the business opportunities
offered to suppliers that are matched with their interests
• It enables the company to be a socially responsible to the community
Elvin CHAN 10 Feb 2015 15
Rationalizing the requirements
• Competing BIA results e.g. RTO, recovery seat requirement• Impact-over-time assessments can be
very subjective• Difficult to reconcile across
departments and processes• Validate using Service Level
Agreements may be more objective
Elvin CHAN 10 Feb 2015 16
Rationalizing the requirements
• Starts with overall SLA e.g. commitment to customers, contract obligations• Analyze the critical path in the
overall value chain to ascertain the cycle time (or internal SLA) and interdependencies of each critical activities
Elvin CHAN 10 Feb 2015 17
Rationalizing the requirements
• Another perspective: MBCO or “Minimum Operating Level”• It is a risk appetite parameter• Quantitatively, we can define it from
cashflow needs over a specified period• “In order to meet the cash outflow
obligations of $XXXXX in a month, we will need to deliver XXX units of product X to get paid”
19
Speaking Excom’s Language
• Common language is always important in all kinds of communications to minimize noise• If your audience does not understand your requirement or cannot
compare your requirement with other priorities, it can never be approved• Speaking Excom’s language correctly is the most important factor in
securing BC/DR budget
Elvin CHAN 10 Feb 2015 20
Speaking Excom’s Language
• Balanced Scorecard (BSC) often contains Excom’s the short term target / plan• Example:• Financial: 15% improvement on Net Income• Customer: Reduce the churn by 25%• Internal Process: Implement online self-service
system to improve service request lead-time by 20%• Learning and growth: All non-sales training to be
conducted on e-learning platform
Elvin CHAN 10 Feb 2015 21
Speaking Excom’s Language
• Improvement on NI may come from:• Growth in revenue• Reduction of costs
• How much growth in revenue can be protected from BI• How much costs can be avoided
from BI
Elvin CHAN 10 Feb 2015 22
Speaking Excom’s Language
• Loss of customers may be result of:• Dissatisfied about the products/services• Dissatisfied about the pricing• Dissatisfied about the company (e.g.
reputation)
• How many customers may be retained as a result of reduced frequency/length of interruption• How many customers may be retained as
a result of better preservation of reputation
Elvin CHAN 10 Feb 2015 23
Speaking Excom’s Language
• Improve service request lead-time by online self-service may be the result of:• Availability of online self-service portal• User-friendliness of the portal
• How much portal availability can be saved from interruption• How much lead-time can be eliminated as a
result of avoided interruption
Elvin CHAN 10 Feb 2015 24
Speaking Excom’s Language
• Achievement of the objective on conducting all non-sales training through e-learning may be affected by:• Availability of e-learning platform
• How much platform availability can be saved from interruption
Elvin CHAN 10 Feb 2015 26
Speaking Excom’s Language
• The best common language must be financials• So many types of financial ratios, which
on is the best?• “The best” is a myth• Should follow the business’s financial
appraisal practices• Common practices are Return on
Investment, Net Present Value and Internal Rate of Return
Elvin CHAN 10 Feb 2015 27
How to use existing risk management governance structure to your advantage
Elvin CHAN 10 Feb 2015 28
Risk Management Governance Structure• Insufficient BC/DR protection leads to
higher probability and/or severity of risks that may lead to interruption• Whole landscape of risks is altered and
thus risk management governance structure e.g. risk committee shall be informed• BCM shall participate in corporate
overall risk assessment instead of conducting our own one
Elvin CHAN 10 Feb 2015 29
Risk Management Governance Structure• E.g. Single critical supplier may
• Increase the probability of failure of the supplier chain
• Lead more severe impact of non-delivery or late delivery:
• Financial: Cashflow impacts, additional costs to patchwork the issue
• Operational: Normal production schedule interrupted and management intervention on the planning would be increase significantly
• Reputational: Customers may lose confidence, and rumours of bigger problems (e.g. bankruptcy)
• Legal: May breach contracts or legislations/regulations
Elvin CHAN 10 Feb 2015 30
Risk Management Governance Structure
• Win-win situation: Risk committee realizes the true landscape of risks that the business is facing and deficiencies in BC/DR may be addressed in risk management action plans• Even if management decided to
monitor and accept the BC/DR risk, as it is formally accepted by management, it’s your business’ risk appetite
Elvin CHAN 10 Feb 2015 32
Embed BC/DR into PM Cycle
• Not every project manager realizes the importance of BC/DR when his project is put into production• Sometimes even if the PM
understands, he cannot allocate resources for BC/DR as it is not mandated in project governance process• Best practice is to embed BC/DR
tollgate in PM cycle
Elvin CHAN 10 Feb 2015 33
Embed BC/DR into PM Cycle
• Question #1: Why not add BC/DR controls later when in production?• Answer #1: Overall cost will be higher as it
involves change management• Question #2: How many BC/DR measures
should I put into the project?• Answer #2: Easy – BIA • Question #3: It is not yet in production, how to
estimate impacts of outage?• Answer #3: Easy – SLA
Elvin CHAN 10 Feb 2015 34
Conclusion
Budgetary Constraints on
BC / DR Initiatives
ALIGNMENT WITH STRATEGIC BUSINESS PRIORITIES
RATIONALIZING THE REQUIREMENTS
SPEAKING EXCOM’S LANGUAGE
EXISTING
INTEGRATE BC/DR ISSUES
INTO ENTERPRISE RISK
ASSESSMENT
NEW
MANDATE BC/DR TOLLGATE
IN ALL NEW PROJECTS