PLANNING FOR THE BIA - MHA ConsultingPLANNING FOR THE Michael Herrera CEO, MHA Consulting August 14, 2019 2 A 20-year proven track record of applying industry standards and best practices

BI A©2019 MHA CONSULTING. ALL RIGHTS RESERVED.

PLANNING FOR THE

Michael HerreraCEO, MHA Consulting August 14, 2019

2

A 20-year proven track record of

applying industry standards and

best practices across a diverse

pedigree of clients.

A simple mission: Ensure the

continuous operations of our

clients’ critical processes.

We seek to partner with clients who

have a commitment to BCM versus

a check the box mentality.

SaaS Tools: BIA On-Demand,

Compliance Confidence, Residual

Risk, and BCM One.

SAASCompliance

and risk tools.

CAPABLEComprehensive suite of services.

20Average years

industry experience.

Years inoperation.

GLOBALDiverse, global

client base.

20

Michael A. Herrera, CBCP Chief Executive OfficerPhoenix, Arizona www.mha-it.comhttps://bcmmetrics.com/

KEY FACTS

SENIOR LEADERSHIP

MHA Consulting’s senior team has an average of over 20 years of industry relevant experience in the areas of Business Continuity, Disaster Recovery, and Project Management.

COMPANY BACKGROUND

©2019 MHA CONSULTING. ALL RIGHTS RESERVED.

http://www.mha-it.com/

https://bcmmetrics.com/

3

HEALTHCARE EDUCATION FINANCIAL INSTITUTIONS

CONSUMER PRODUCTS INSURANCE TRAVEL & ENTERTAINMENT GOVERNMENT/UTILITY

SERVICES

UNIQUE OR COMPETITIVE ADVANTAGE


PLANNING PHASES

B I A P H A S E S

Identifying the audience

Gathering information

Analyzing the information

Documenting your findings—the BIA report

Meeting with senior management

Planning steps


B I A P L A N N I N G S T E P S

Objectives

Scope

Obtain management sponsorship

Organizing the project

Training requirements

Project kickoff

B I A


B I A P R O J E C T P L A N N I N G S T E P S

HOW TO OBTAIN MANAGEMENT COMMITMENT AND SPONSORSHIP

Make sure management clearly understandswhat a BIA is -and what it isn’t.

Get a commitment for the study’s budget and resource requirements.

Make management aware of the risks and costs of not understanding the criticality of the organization’s processes and the impacts if they are disrupted.

If management doesn’t understand the timing, deliverables, risks and costs, then they will not support the study.


B I A P R O J E C T P L A N N I N G S T E P S

OBJECTIVESDefinition: Something worked toward or striven for; a goal.*

01 02

03 04

What are the objectives

or goals of the BIA?

What are you trying to

accomplish by performing

the BIA?

What are management’s

expectations?

Make sure management

agrees with and signs off on

the stated objectives.

* Excerpted from The American Heritage® Dictionary of the English Language, Fifth Edition copyright ©2017 by Houghton Mifflin

Harcourt Publishing Company. All rights reserved.


W H A T A R E T H E O B J E C T I V E S O F T H E B I A ?

Identify the business

processes critical to

organizational survival and

mission.

Determine the impacts (dollar,

non-dollar) of a disruption to

critical processes.

Define criticality (RTO) of

business processes as related to

the operation of the organization

based on the impacts.

Identify critical dependencies

(e.g., application systems,

data, internal/external

dependencies, vital records).

Determine maximum

acceptable data loss (RPO)

for dependent computer

systems and applications.


W H A T A R E T H E O B J E C T I V E S O F T H E B I A ?

S A M P L E A S S U M P T I O N S

Business areas will provide knowledgeable SUBJECT

MATTER EXPERTS (SMEs) for the interviews.

SMEs will be available to

PARTICIPATE in all areas

of the study as required.

01

02

0304

05

Management WILL WEIGHT THE

IMPORTANCE of quantitative and

qualitative impact categories.

Senior Management will

validate and sign off on all

results WITHIN 30 DAYS of

completion.

Quantitative (dollar) impact scale

ranges will be completed by

FINANCE or similar function.


W H A T I S T H E S C O P E O F T H E B I A ?

SCOPEDefinition: The area covered by a given activity or subject.*

01 02 03

How much of the

organization are you

going to include in

the BIA? How

LITTLE?

A comprehensive

BIA requires a

significant

commitment of

resources - both

time and money.

If this is your first BIA, START SMALL and

then increase scope over time.

* Excerpted from The American Heritage® Dictionary of the English Language, Fifth Edition copyright ©2017 by Houghton Mifflin Harcourt

Publishing Company. All rights reserved.


O R G A N I Z I N G T H E B I AThe Interviews

T I M E L I N E

Set REALISTICdeadlines; add 20%

fluff.

Make sure management

APPROVES THE SCHEDULE and TIME COMMITMENTS for

participants.

Allow time for interview DELAYS

and RESCHEDULING.


O R G A N I Z I N G T H E B I A

Task5 BIAs 10 BIAs 15 BIAs 20 BIAs

Est Hours Est Hours Est Hours Est Hours

Setup 16 16 16 16

Pre-work 2.5 5 7.5 10

Interviews 10 20 30 40

Cleanup 2.5 5 7.5 10

Validation 8 8 8 8

Report 24 24 24 24

Estimated hours 64 80 90 110


T H E B I A T E A M

Who will answer questions about the questionnaire?

Who will answer questions about the

process?

Whose help do you need to get the study

completed by the approved deadline?

Who needs to be at each interview to ensure its success?

01

02

03

04



B I A T E A M

O R G A N I Z I N G T H E B I AResources

Who should be on the BIA Team?

• You as the BIA coordinator.

• BIA Sponsor for management

oversight.

• Finance to develop dollar impact

scales.

• Management to weight importance

of impact categories.

• IT to review systems, applications,

and RPOs.

• All Team members will participate

in the validation of study results.

Who should go to each BIA interview?

• BIA interview facilitator.

• BIA interview scribe.

• Information Technology liaison.

• Business Unit Subject Matter

Experts (SMEs) – Keep to a Small

Number



T R A I N I N G R E Q U I R E M E N T S

01 02

03 04

Good instructions are mandatory!

If you use a software product or electronic

forms, training is a necessity.

Consider electronic forums for training and

instructions.

Schedule enough sessions to ensure that

participants have opportunities to attend.

HTML help files

Web help sites



Be sure the BIA participants know that MANAGEMENT IS COMMITTED to the project.

Produce a COMMUNICATION that is signed by the senior management sponsor.

Send communication to participants 3 TO 4 WEEKS PRIOR to start of study.

Send pre-work materials at least 2 WEEKS PRIOR to

start of the study.

01 03

02

S T U D Y K I C K O F F


IDENTIFYING THE AUDIENCE

T H E H I G H , M I D D L E A N D L O W O F I T !

HIGH

LEVEL

MID

LEVEL

LOW

LEVEL

Executive management

Senior management

Group level management

Division level management or lower


T H E H I G H , M I D D L E A N D L O W O F I T !

SENIOR LEVEL MANAGEMENT

XYZ CORPORATION

CEO/PRESIDENT

COO/OPERATIONSCFO/FINANCE SVP/AUDIT

Collections

Credit Card Services

Credit Department

Returns

Information Services

Manufacturing

TelecomServices

Client/Server Operations

Product Administration

H I G H L E V E L


HIGH LEVEL

T H E B A D

The detail may not be as fine.

The BIA may have a limited view point.

T H E G O O D

T A R G E T I N G T H E H I G H L E V E L A U D I E N C E

It may be faster to get the big picture

(e.g., functions).

There may be a smaller target

population to train or interview.

It should be easier to summarize data.

Less time to complete.


W H A T I S T H E M I D D L E L E V E L ?

MIDDLE LEVEL MANAGEMENT

XYZ CORPORATION

CEO/PRESIDENT


Collections


Credit Department

Returns

Information Services

Manufacturing

Telecom Services




M I D L E V E L

MID LEVEL

T H E B A D

The detail still may not be as fine.

It will be slower to distribute

questionnaires.

It will be slower to consolidate data.

You will have a larger population to

train or interview.

T H E G O O D

T A R G E T I N G T H E M I D D L E L E V E L A U D I E N C E

It will provide an expanded viewpoint.


W H A T I S T H E L O W L E V E L ?

LINE/BUSINESS UNIT LEVEL MANAGEMENT

XYZ CORPORATION

CEO/PRESIDENT


Collections


Credit Department

Returns

Information services

Manufacturing




Telecom Services

LOW LEVEL

You may have significant numbers of

questionnaires to distribute.

Data will be harder to summarize.

You will have a larger population to train

or interview.

Much slower.

It will provide a greatly expanded view

point.

Data will be very detailed.

T A R G E T I N G T H E L O W L E V E L A U D I E N C E


T H E B A D T H E G O O D

Is this your first BIA?

What are the objectives and scope of the BIA?

How soon must it be completed??

What are senior management’s expectations?

D E T E R M I N E A U D I E N C E L E V E L T H A T M E E T S T H E N E E D S O F T H E B I A B E I N G C O N D U C T E D


01

02

03

04

I D E N T I F Y T H E B U S I N E S S U N I T S T O B E I N C L U D E D

• Initial scope is typically smaller

• Integration with IT Configuration DB

• Single point of failure risk assessment

• One on one still yielding best data

• Management wants BIA done quickly

• Need for Pre-BIA Training and Awareness

Talk to senior management

Look at organizational charts

What units are key to the mission

C U R R E N T T R E N D S


D A T A G A T H E R I N G P R E P A R A T I O N


Industry best practice components are critical to appropriately measuring impacts.

Impact categories (quantitative and qualitative) should be consistent with organizational structure.

Impact category weightings should be consistent with the organizational mission.

RTOs and RPOs should be in line with what the business does and the needs of the customers it supports.

BIA team is in agreement with data, scales and weighting used to determine and measure impacts before the interviews.

01

02

03

04

05

T H A N K Y O U

www.mha-it.com

[email protected]

Office: (888) 689-2290

Mobile: (602) 708-1718

MHA CONSULTING, INC.

Michael HerreraCEO, MHA Consulting


Documents

PLANNING FOR THE BIA - MHA ConsultingPLANNING FOR THE Michael Herrera CEO, MHA Consulting August 14, 2019 2 A 20-year proven track record of applying industry standards and best practices