Jane Holmes, CPP Director, US Payroll

Meggitt USA

2

TitleAgenda

Disaster Recovery vs. Business Continuity Key Components to Disaster Recovery &

Business Continuity Comprehensive

Business Continuity Business Continuity Planning CycleBusiness Continuity Recovery PlanPayroll Business Continuity Recovery Plan

2

3

TitleDisaster Recovery vs. Business Continuity

Disaster Recovery focuses on the plan to reestablish operations by protecting the “Tools” of the business…

• Systems and Hardware • Data integrity and back-

up• Facilities and security• Data Flow• People resources and

documentation3

4

TitleDisaster Recovery vs. Business Continuity

Business Continuity keeps the business running during a disaster…

• Provides the location to perform work• Enables staff to resume work or provide for

substitutes• Enables systems and hardware to be

deployed or interim solutions placed in operation

• Completes the functions of the payroll department

4

5

TitleTypes of Disasters

Catastrophic climate or geological events

PandemicsFires, including arsonTerrorist attacks or

instances involving significant destruction of property

Labor walkouts or strikesSecurity breaches and

computer attacksSystem failures

5

6

TitleDisasters in the News

Australia/New Zealand Chile Japan East Coast Whiteout Mid-west Tornadoes &

Flooding Egypt Other political challenges

throughout Middle East and Africa

6

7

Title2011 Federal Disaster/Emergency Declarations

Winter Storms, Flooding, and Debris and Mud Flows CA, OR, UT, WA

Severe Winter Storm and Snowstorm CT, IL, MA, MO (2), NJ, NM, NY, ND, OK (2), WI

Severe Storms And Flooding IL, ME, MN, MT, NH, OH, OK, PA, VT (2)

Tsunami Wave Surge CA, HI, OR

Severe Storms, Tornadoes, and Flooding AR (2), KY (2), MN, MO, NC, TN

Severe Storms, Tornadoes, Straight-line Winds, & FloodingAL, GA, IN, KS, MS, NY, OK, TN (4)

Severe Storms, Tornadoes, and Straight-line Winds AL, IA, MA, MN, OK

Flooding IA, KS, LA, MS (2), MO, NE, ND (2), SD, TN

Flooding, Landsides, and Mudslides ID, PR, WY

Ice Jam and Flooding AK

Wildfires TX

Total Declared Disasters & Emergencies 69 (38 states & Puerto Rico)

http://www.fema.gov/news/disasters.fema?year=2011

Fire Management Assistance Declarations (85)AK, AZ (3), CO (3), FL, GA (4), KS, NE, NC, NM (8), OK (17), TX (43), VA (2)

7

Federal Disaster/Emergency Declarations thru July 2011

8

TitlePandemics - H1N1

April 2009 – Start of the H1N1 virus

Over 67 million cases reported thru 12/09

6/23/10 – CDC declares virus expired

8/10/10 – WHO declares global concern over

CDC & other health organizations believe there will be instances of flu for years to come

Survey of Fortune 200 companies report most have taken some action to prepare

8

9

TitleWhy It Is Important

to PlanDisruptions, even minor ones, can have

serious impactMissed or late payrolls• Potential federal, state, and local violations• Contractual breach – unions• Employee morale and productivity

Late third party paymentsLate tax and regulatory filingLate posting of General ledger data

9

10

TitleKey Components toDisaster Recovery

Create Comprehensive Recovery Plans

Identify communication vehicles and how they will be utilized

Involve Senior Leadership immediately

Establish government, civil authority, and private sector contacts before an event occurs

Ensure plan is communicated to team

10

11

TitleKey Components toDisaster Recovery

11

Emergency Management: Able to continue critical business processes within a predetermined period following a disaster or other business interruption

Continuity Planning: Able to resume normal business processes within a predetermined period following a disaster or other business interruption

12

TitleComprehensive

Business Continuity

12

Lead the enterprise in all aspects of emergency management as well as developing a comprehensive plan to respond to a crisis

INITIATE THEPROJECT

ANALYZE BUSINESS FUNCTIONS

DEVELOP STRATEGY AND MITIGATION

BUILD PLAN

TEST, EDUCATE, & MAINTAIN

Disaster Recovery Planning

Emergency Management

PREVENT____________

RESPOND____________

RECOVER____________

RESTORE____________

RESUME

13

TitlePayroll BusinessContinuity Team

13

Include functional subject matter experts and project management resources

BCT should include representatives from:

• Business Continuity (Lead)• Human Resources / Payroll• Benefits / Compensation• Legal / Public Affairs• Finance / Treasury• Communications• Operations

14

TitleRTO/RPO in Business Continuity

Planning

14

RTO (Recovery Time Objective) – Amount of time it takes to recover from a disaster event

• Payroll application failure recovery time drives solution and back up

• Be conservative - assume system is down the day before payroll runs – what do you need?

• Alternatives – file for check printing, paper check manual process, etc.

15

TitleRTO/RPO in Business Continuity

Planning

15

RPO (Recovery Point Objective) – The amount of data, measured in time, that can be lost in a disaster

• Consider if there is a means to reconstruct the lost data

• Need to look at what risks you will bear for the costs

16

TitleBusiness Impact

Analysis

16

Foundation for business continuity planning programs

• Identify departmental business processes and potential impacts due to an interruption

• Identify external resources that may impact your business

• Link these processes to the key functions necessary to support organization

17

TitleBusiness Impact

Analysis

17

Foundation for business continuity planning programs

• Determine Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) based on their corresponding functions

• Realize the current state of recovery preparedness and established workarounds

• Evaluate recovery resource requirements

18

TitleRisk Assessment

Process

18

Interview senior management about enterprise risks and vulnerabilities

Conduct formal risk assessment survey with key employees

Score risk scenarios on probability and severity

Consider options for each scenario – mitigate, plan and accept

19

TitleBusiness Recovery

Strategy

19

Identify Business Functions, RTOs, & RPOs

Determine IT Network and System Requirements for current and future years

Design a Displacement StrategyEducate Business Units on roles and

responsibilities to build plansMaintain & Exercise Business Recovery

Plans

20

TitleBusiness ContinuityRecovery Scenarios

20

Disaster – Event which renders company’s facility unusable or inaccessible for a period of time estimated to exceed “xx” calendar days

Worst-Case Interruption – Company’s facilities are totally unusable or inaccessible and there is no salvageable equipment, data, documentation, etc.

21

TitleBusiness ContinuityRecovery Scenarios

21

Less-Severe Interruption – Ability to resume operations because of the plan identification structure for each time-sensitive operation, information system & support area

Localized Emergency – Equipment vendors & local utility companies able to replace computer & communications hardware & telephone circuits in “xx” calendar days

22

TitleBusiness Continuity

Recovery Components

22

Documentation Files – Business documentation and necessary files for resumption/recovery purposes are backed up and stored or located off-site and/or electronically imaged

Computer Files – Required to implement resumption of Mainframe, WAN & PC/LAN operating environments, and/or support time-sensitive business operations are backed up, & rotated & retained off-site for a pre-determined period of time

23

TitleBusiness Continuity

Recovery Components

23

Backup Storage Locations – Backup items for resumption/recovery stored on/off-site or quickly obtained or created from other identified sources

Internal and External Contacts – Information necessary to quickly complete internal/external contacts required during resumption is documented and maintained in plan

24

TitleBusiness Continuity

Recovery Components

24

Cloud Computing - Applications hosted by vendor in the “cloud” are accessed through the internet along with data files

25

TitleBusiness Continuity

Recovery Components

25

Resumption Time Frames – Time frame in which time-sensitive business operation and computer and application systems must be made current and available set by company at a maximum of “xx” calendar days

26

TitleBusiness Continuity RecoveryExternal Stakeholders

26

Bank for ACH filesTax authorities – federal, state, localBenefit providers – health, 401(k), etc.Third-party vendors – outsource

providersDistribution vendors – printing and

distributionUnion organizations

27

TitleBusiness Continuity RecoverySystem Interfaces

27

Time and attendance applicationPayroll application / ERPBenefits applicationAccounting systemBanking applicationTax applicationESS/MSS applicationData repository

28

TitleBusiness Continuity

Recovery Components

28

Communication devices to feed various forms of communications receipt

• Home/Cell Phone – off-duty and emergency response personnel (include “text” messaging)

• Work Phone – emergency response on duty• Pager – (alphanumeric/digital/voice) on-call personnel• Fax Machine – transmit forms/reports to remote

locations• Printer – document notification responses/reports

29

TitlePayroll Business ContinuityRecovery – In Action

29

Step 1 – Senior Payroll Mgmt meet at disaster recovery site to identify:

• Known impacts of disaster & determine action plan

• Expected timeline of displacement of employees & system outages

• Projected impacts to payroll processing

30

TitlePayroll Business ContinuityRecovery – In Action

30

Step 1 (cont.) – Senior Payroll Mgmt meet at disaster recovery site to identify:

• Availability of internal and external resources

• Establish communication channels & communicate plan to supervisors & activate phone tree

• Confirm available equipment and supplies

31

TitlePayroll Business ContinuityRecovery – In Action

31

Step 2 – Senior Payroll Mgmt and key payroll personnel establish alternate work area(s)

• Setup work spaces, resolve issues with equipment

• Create shift schedules and confirm staffing roles

• Set initial plan for following 2 weeks• Evaluate employee “assistance plan” needs• Confirm sufficient resources for those who will

work from home or alternate location

32

TitlePayroll Business ContinuityRecovery – In Action

32

Step 2 (cont.) – Senior Payroll Mgmt and key payroll personnel establish alternate work area(s)

• Prepare communication to employees and plan for updates

• Establish ongoing communication with employees and system support

Step 3 – Continue deployment as per plan

33

TitlePayroll Business ContinuityRecovery Planning

33

Building the plan• Create a Disaster Recovery Plan binder• Establish approval process to initiate all

security access to senior payroll operations• Include system support analysts on phone

tree • Define the risks and plan for mitigation and

response• Store off-site supplies critical to complete

payroll processing

34

TitlePayroll Business ContinuityRecovery Planning

34

Building the plan• Inventory and identify critical supplies and

equipment for payroll processing • Ensure your plan includes third-party

vendors and suppliers with points of contact

• Identify the three components of your operations – input, process, and output

35

TitleInput, Process, and Output

35

Input•Setting up employee income and deduction records

•Pay adjustments

•Time data

•Tax records

Process•Process data in application

•Validate payroll data

•Bank transfer processing

•Validate general ledger data

•Calculate gross to net

•Generate tax deposits and filing

Output•Checks/advices

•Third party payments

•Tax returns and payments

•Files for internal organizations

•Files for external organizations

•Reconciliations

•Reports (internal and external)

36

TitleWhat Makes an Effective Disaster Recovery Plan

36

Involve All the Pertinent GroupsMake an Assessment of Needs and

ResourcesPlan, Test and PlanCommunicate, Communicate and

CommunicateReview on a Regular Basis