business continuity management: only an elusive goal for ... · management •corporate governance...
TRANSCRIPT
Business Continuity Management: Only an
Elusive Goal for Companies or Reality in
Making?
Corrado Zana CBCP MBCI
BCManager
Consiglio Direttivo:
Corrado Zana
(Presidente)
Lucio Silvio Casati
(Segretario)
Luca Laghi
(Consigliere)
Corradino Corradi
(Consigliere)
Francesco Lambiase
(Tesoriere)
Marco Lombardi
(Consigliere)
Fondatori (2005):
Corrado Zana
Lucio Silvio Casati
Luca Laghi
Corradino Corradi
Giuseppe Femia
Francesco Lambiase
Alberto Viano
Luca Ruini
L’associazione BCManager è finalizzata alla promozione della conoscenza della disciplina del Business
Continuity Management e delle discipline a questa collegate quali Crisis Management e Risk Management.
BCManager si prefigge:
• Di divenire interlocutore privilegiato del mondo economico, stabilendo rapporti con le sue realtà più
rappresentative, quali associazioni di categoria, camere di commercio, enti pubblici, organismi di vigilanza;
• Lo sviluppo e consolidamento di rapporti con Associazioni italiane aventi come scopo la diffusione della cultura
della Sicurezza & Prevenzione Rischi e del Risk Management;
• Lo sviluppo e consolidamento di rapporti con Associazioni analoghe all’estero, in particolare nel mondo
anglosassone;
• Incoraggiare lo sviluppo delle relazioni personali allo scopo di favorire lo scambio delle esperienze professionali
tra i Soci;
• L'incremento della conoscenza delle caratteristiche e finalità del Business Continuity Management presso le
Istituzioni, i media, le Aziende, la Scuola, l’Università ed il mondo accademico in generale attraverso scambi
culturali, visite, manifestazioni congiunte ed incontri di approfondimento;
• L'organizzazione di convegni, tavole rotonde, corsi di formazione ed aggiornamento destinati a soci e affiliati;
• La raccolta e la redazione ex-novo di principi, regole, standard nazionali ed internazionali, letteratura nonché la
costituzione di un centro di documentazione inerente la disciplina del Business Continuità Management;
• L’edizione su carta, CD o altri supporti informatici, attraverso Internet e su altri media, di testi riportanti esperienze
internazionali, "loss lessons", nuove metodologie ed approcci significativi, osservazioni, contributi ed
approfondimenti individuati dall'Associazione quali meritevoli di diffusione;
• L'organizzazione di borse di studio
Comunità di circa 100 professionisti
Sito www.bcmanager.it
BCM is ”..an Holistic management
process that identifies potential threats
to an organisation and the impacts to
business operations that those threats,
if realized, might cause, and which
provides a framework for building
organizational resilience with the
capability for an effective response that
safeguards the interests of its key
stakeholders, reputation, brand and
value-creating activities”
British Standard Institute BS25999-2
Business Continuity Management at a glance
Objectives and International Standards
BCM program key objectives:
• Mitigate consequences of serious accidents
• Secure cash-flow
• Protect market share and brand value
• Comply with external requirements
Why Business Continuity Management ?
Because things happen…
•Legal/Compliance Risks arising from violations of compliance with laws and regulations
(i.e. data retention). Loss or destruction of customer information (i.e. personal data) can also raise potential
risks from third party claims. Failure to meet SLAs requirements with customers regarding service
availability may result to significant lawsuits.
• Financial Stability Risks arise through unavailability of delivered products & services
towards the organization’s customers. Such risks may lead to major financial losses having impact directly
or indirectly on the financial stability of the organization, causing thus a failure to achieve stated goals and
financial objectives.
• Reputation and Loss of Customer Confidence are the most
important risks to quantify and mitigate. Such risks lead to the damage to the organization’s reputation, an
intangible but important asset. Will customers and / or other companies cooperate with a company once
they read in the paper that a company’s service quality is low or service delivery is regularly interrupted?
Will top employees remain at a company so reputably damaged? And, what will be the reaction of the
company’s shareholders? What is the expected loss of future business revenue? What is the expected
loss of market capitalization?
Why Business Continuity Management ?Top 3 drivers
Management
•Corporate Governance (transparency and social responsibility)
•Giving evidence of a proper risk control and sustainable growth
•Duty of care in protecting physical assets and operations
•Competitive Advantage: we are reliable in any circumstance!
•Enables a clearer understanding of how your entire organization works
which can identify opportunities for improvement
•Compliance with applicable national/international laws and codes
Stakeholders
•Employees: protecting health and safety; assuring their earnings
•Customers: quality and reliability of service offering
•Media: assure proper media management and communication flow
•Communities: providing support during national or international
emergencies
•Authorities having jurisdiction: compliance with requirements
Shareholders
•Protecting the enterprise value and investor confidence
•Protecting brand and corporate image
•Protecting market presence
•Cash flow and share price protection
•Reduce Total Cost of Risk (Insurance transfer)
Why Business Continuity Management?
Benefits and Drivers from different angles
Why Business Continuity Management?
Loss experiences
Shareholder value in the 6
months following a severe loss (Source: D Pretty – Oxford Metrica)
8% survive
12% fail within 5 years
40% never re-open
40% fail within 18 months
Companies hit by a major
crisis but not provided
with a reliable BCM
System:
Develop a set of credible, discrete business performance
measures (KPIs) and availability risk indicators that directly
impact those business performance measures
• Mapping availability key
performance indicators
(KPIs) to key risk indicators
(KRIs) provides business
managers with the
availability risk information
they need in order to make
the needed investments,
financial and workforce, for
building effective BCM and
BRM programs
Business Continuity Management value argumentation
Get Management Commitment through KPI and KRI
UnderstandBusiness
Define KPI Define KRI
KPI KRI
Customer
Experience
Customer
Experience
Customer
Experience
Customers
impacted
by outages
Actual Planned DesiredGap
Business Continuity Management
IT BC/DR ‘comfort zone’ as starting point
DR/BC as key Technology priority
in 2010 at Global level
More than 60 % of business
processes to be recovered within 24
hours (RTO)
Business Continuity Management : Market Trends (Gartner)BCM Manager role to be extended and reinforced
Resiliency Index
SCR process started
from identification of
Few Products bringing
the highest margin
Supply Chain Reliability & BCM – Best Practice
Supply chain risk management (SCRM) is a critical discipline within business
continuity management (BCM) that many companies, particularly manufacturing
firms, fail to perform well.
Cisco's value chain risk management
program is built around four major
functional disciplines:
•BCP
•Crisis management
•Product resiliency
•Supply chain resiliency
Defined for each key
product and supplier
Supply Chain Risk Management: Case Study
March 2000, Philips fire…and Nokia reaction: a textbook case
Business Continuity Manager
…a key resource in CFO area. May I disagree?
BC Manager profile:
• Certified Professional by
DRII, BCI or ISEB
• PM back-ground
• IT/Infosec competence
• Facilitator not owner
Thank [email protected]