wipro consulting vinay n disley implementation challenges in bcm
TRANSCRIPT
Wipro ConsultingWipro Consulting
Vinay N Disley
Implementation Challenges in BCM
Index
Presentation Agenda
Components of BCM
Implementation Challenges in BCM
Conclusion separately
Presentation Agenda
“To highlight key BCM Implementation Challenges that organizations face while
drawing up a BCM framework and its subsequent Roll-out as part of their
BCM Journey”
BCM Components
Exercising, Maintenance &
Audit
Understandingyour
Business
Building &EmbeddingBCM Culture
BCMProgram
Management
Develop &Implement
BCM Response
BusinessContinuityStrategies
1
2
34
5
Source: Business Continuity Institute
Challenges in BCM Implementation
1# Lack of Understanding
Source: Business Continuity Institute
Only 42% of the respondents have correctly answered: “ BCM is protecting the core running of the business if an unexpected
event occurs.”
•No references to Reputation Risk or failure of Suppliers
•Telecom failures & backup of IT Systems also referred as BCM
•32% of respondents still perceive Disaster Recovery as BCM
2# Expanding Threat List
Source: Chartered Management Institute BCM Research Report, 2007
2005-2007 Disruption table reflects, no threat
can be ignored or discounted.
•Sharp rise in incidents due to extreme weather from 9% in 2006 to 28% in 2007
•Threats like utility outages and industrial actions which were not identified separately till 2004, occupy 28% share in 2007
•In 2007 alone, BCP was invoked for all the identified threats
3# Changing Risk Profile
Source: Business Continuity Institute
28% of respondents perceive terrorist threat as the biggest threat to the business in the forthcoming years.
•Top three threats are external threats, where organizations have little control over the prevention and management
•High reliance on governmental guidance and support to provide an effective response against these external threats
•IT Failure is the first internal threat that tops the list
•Telecom failure are perceived to be a low risk area
4# Mapping of Right BCM Drivers
Source: Business Continuity Institute
Identifying “PUSH” and “PULL” factors for your organization is critical to the success of BCM Implementation.
•Regulatory compliance “PUSH” factor is the third most important factor identified by respondents
•Protecting employees, retaining customers and maximizing productivity are the critical “PULL” factors identified by respondents
5# Stakeholder Identification & participation
Source: Chartered Management Institute BCM Research Report, 2006
Only 36% of respondents confirmed involvement of business functions in the creation of the BCP.
•Human Resources function rose from fourth in 2005 to top of the table in 2006
•IT functions still plays greater role on BCP front in most of the organizations
•External parties like critical vendors and suppliers are still to find a separate place in the creation phase of BCP
6# Having the Right Ownership
Source: Business Continuity Institute
Business Continuity Management is no longer seen as an extension of IT with only 28% of IT personnel taking
responsibility for Business Continuity.
•Overall, 60% of the organization have BCM ownership with Senior Management and Board Members
•27% of the organizations have personnel dedicated to BCM
• Close to 30% of the organization have BCM ownership assigned to middle-level managers or operational staff
7# Capability Evaluation
Source: Chartered Management Institute BCM Research Report, 2007
34% of respondents refer to some sort of best practice guidelines to align, validate and benchmark their BCM
processes.
•Legislation and Regulations have come out to be strong drivers for BCM Capability evaluation
•BCM Capability evaluation has been identified as critical activity by most of the respondents
8# BCM Communication
Source: Chartered Management Institute BCM Research Report, 2006
Only 1 in 10 organizations are communicating their BCPs to suppliers and just 19 per cent to customers.
•BCPs continue to be primarily reported to senior management and board teams
•Little communication to investing community on BCP front
•22% of the organization regularly communicate to Regulators on BCP front
9# Budgetary Support
Source: Chartered Management Institute BCM Research Report, 2007
23 per cent of respondents who have a BCP indicate that there is no budget to back it up.
•Managing Directors are most likely to hold budget for BCM
•Some organizations have also emerged with dedicated BCM Manager with budgetary powers
10# Testing
Source: Chartered Management Institute BCM Research Report, 2007
37% of respondents reported that they do not rehearse their BCPs at all. Thus There is a danger that many of these plans will
not work when most needed.
•% of Managers whose organization rehearse their BCP once or twice a year have not changed considerably in last few years
•Customers who are the second biggest driver for BCM, have failed to demand strong evidence of BCP rehearsal from their suppliers
•80% of those who have rehearsed had come across shortcomings in their BCPs
Other Common Challenges
Changes in Business Environment (New Services/M&A/ People
transition/New Operating Geographies etc)
Building BCM Culture (Value Add to my Business/People Element /Additional Roles & Responsibilities/Not part of Core Business/Low probability)
Continuous Review, Validation & Audits (Management effort & Commitment/ Updating Documents/ Communicating new changes/ Full time effort/ Budgetary constraint on dedicated resources)
Changing Regulatory Landscape (New Legislations & Regulatory Requirements [HIPAA/SOX/Basel II/Civil Contingencies Act]/ Dedicated and Skilled team to meet compliance requirements/ Strong and Continuous Audit Support)
Skilled Manpower (Shortage of Domain Experts/Budgetary Constraints)
Conclusion
Project Initiation
Policy Organisation Resources Scope
Business Impact Analysis
Risk Assessment
Recovery Strategy
Create Planning Organisation
Continuity ProcessRisk ReductionDesign Procedures
Testing
Change Mgt Education Testing Review
Process
On
e
Tim
eO
n
Goin
g
BCM Framework
Management Ownership & Support
Corp
ora
te G
overn
an
ce G
lob
al B
est P
ractic
es
Strong BCM Culture
“An excellent strategy without execution will result in failure. And, perfect execution of a bad strategy will still result in failure.."
Thank You
19
AdvisoryAdvisoryInformation Risk Mgmnt BCP/ DRP
PolicyFramework
ApplicationAudits
ISO 27001
AssuranceAssuranceImplementatio
n ServicesAwareness &
TrainingBalanced Score
CardInformation
Asset ProfilingCISO Services
Identity Management
Identity Management
Single Sign On/ Directory Solns
User Provisioning
WSS & PKIDesign
Evaluate Implement
Sustenance, Post Production
TechnicalRisk
Assessment
TechnicalRisk
AssessmentVulnerability Assessment
Penetration Testing
Forensic Services
Application Testing
Technology Security Solutions
Compliance Compliance Basel II
AMLSarbanes
OxleySSE-CMM ISO 15048
Data Protection/ Privacy
Wipro’s Security Governance Offerings (Horizontal)
Wipro’s Service Offerings