wipro consulting vinay n disley implementation challenges in bcm

Wipro ConsultingWipro Consulting

Vinay N Disley

Implementation Challenges in BCM

Index

Presentation Agenda

Components of BCM

Implementation Challenges in BCM

Conclusion separately

Presentation Agenda

“To highlight key BCM Implementation Challenges that organizations face while

drawing up a BCM framework and its subsequent Roll-out as part of their

BCM Journey”

BCM Components

Exercising, Maintenance &

Audit

Understandingyour

Business

Building &EmbeddingBCM Culture

BCMProgram

Management

Develop &Implement

BCM Response

BusinessContinuityStrategies

1

2

34

5

Source: Business Continuity Institute

Challenges in BCM Implementation

1# Lack of Understanding


Only 42% of the respondents have correctly answered: “ BCM is protecting the core running of the business if an unexpected

event occurs.”

•No references to Reputation Risk or failure of Suppliers

•Telecom failures & backup of IT Systems also referred as BCM

•32% of respondents still perceive Disaster Recovery as BCM

2# Expanding Threat List

Source: Chartered Management Institute BCM Research Report, 2007

2005-2007 Disruption table reflects, no threat

can be ignored or discounted.

•Sharp rise in incidents due to extreme weather from 9% in 2006 to 28% in 2007

•Threats like utility outages and industrial actions which were not identified separately till 2004, occupy 28% share in 2007

•In 2007 alone, BCP was invoked for all the identified threats

3# Changing Risk Profile


28% of respondents perceive terrorist threat as the biggest threat to the business in the forthcoming years.

•Top three threats are external threats, where organizations have little control over the prevention and management

•High reliance on governmental guidance and support to provide an effective response against these external threats

•IT Failure is the first internal threat that tops the list

•Telecom failure are perceived to be a low risk area

4# Mapping of Right BCM Drivers


Identifying “PUSH” and “PULL” factors for your organization is critical to the success of BCM Implementation.

•Regulatory compliance “PUSH” factor is the third most important factor identified by respondents

•Protecting employees, retaining customers and maximizing productivity are the critical “PULL” factors identified by respondents

5# Stakeholder Identification & participation


Only 36% of respondents confirmed involvement of business functions in the creation of the BCP.

•Human Resources function rose from fourth in 2005 to top of the table in 2006

•IT functions still plays greater role on BCP front in most of the organizations

•External parties like critical vendors and suppliers are still to find a separate place in the creation phase of BCP

6# Having the Right Ownership


Business Continuity Management is no longer seen as an extension of IT with only 28% of IT personnel taking

responsibility for Business Continuity.

•Overall, 60% of the organization have BCM ownership with Senior Management and Board Members

•27% of the organizations have personnel dedicated to BCM

• Close to 30% of the organization have BCM ownership assigned to middle-level managers or operational staff

7# Capability Evaluation


34% of respondents refer to some sort of best practice guidelines to align, validate and benchmark their BCM

processes.

•Legislation and Regulations have come out to be strong drivers for BCM Capability evaluation

•BCM Capability evaluation has been identified as critical activity by most of the respondents

8# BCM Communication


Only 1 in 10 organizations are communicating their BCPs to suppliers and just 19 per cent to customers.

•BCPs continue to be primarily reported to senior management and board teams

•Little communication to investing community on BCP front

•22% of the organization regularly communicate to Regulators on BCP front

9# Budgetary Support


23 per cent of respondents who have a BCP indicate that there is no budget to back it up.

•Managing Directors are most likely to hold budget for BCM

•Some organizations have also emerged with dedicated BCM Manager with budgetary powers

10# Testing


37% of respondents reported that they do not rehearse their BCPs at all. Thus There is a danger that many of these plans will

not work when most needed.

•% of Managers whose organization rehearse their BCP once or twice a year have not changed considerably in last few years

•Customers who are the second biggest driver for BCM, have failed to demand strong evidence of BCP rehearsal from their suppliers

•80% of those who have rehearsed had come across shortcomings in their BCPs

Other Common Challenges

Changes in Business Environment (New Services/M&A/ People

transition/New Operating Geographies etc)

Building BCM Culture (Value Add to my Business/People Element /Additional Roles & Responsibilities/Not part of Core Business/Low probability)

Continuous Review, Validation & Audits (Management effort & Commitment/ Updating Documents/ Communicating new changes/ Full time effort/ Budgetary constraint on dedicated resources)

Changing Regulatory Landscape (New Legislations & Regulatory Requirements [HIPAA/SOX/Basel II/Civil Contingencies Act]/ Dedicated and Skilled team to meet compliance requirements/ Strong and Continuous Audit Support)

Skilled Manpower (Shortage of Domain Experts/Budgetary Constraints)

Conclusion

Project Initiation

Policy Organisation Resources Scope

Business Impact Analysis

Risk Assessment

Recovery Strategy

Create Planning Organisation

Continuity ProcessRisk ReductionDesign Procedures

Testing

Change Mgt Education Testing Review

Process

On

e

Tim

eO

n

Goin

g

BCM Framework

Management Ownership & Support

Corp

ora

te G

overn

an

ce G

lob

al B

est P

ractic

es

Strong BCM Culture

“An excellent strategy without execution will result in failure. And, perfect execution of a bad strategy will still result in failure.."

Thank You

19

AdvisoryAdvisoryInformation Risk Mgmnt BCP/ DRP

PolicyFramework

ApplicationAudits

ISO 27001

AssuranceAssuranceImplementatio

n ServicesAwareness &

TrainingBalanced Score

CardInformation

Asset ProfilingCISO Services

Identity Management

Identity Management

Single Sign On/ Directory Solns

User Provisioning

WSS & PKIDesign

Evaluate Implement

Sustenance, Post Production

TechnicalRisk

Assessment

TechnicalRisk

AssessmentVulnerability Assessment

Penetration Testing

Forensic Services

Application Testing

Technology Security Solutions

Compliance Compliance Basel II

AMLSarbanes

OxleySSE-CMM ISO 15048

Data Protection/ Privacy

Wipro’s Security Governance Offerings (Horizontal)

Wipro’s Service Offerings

wipro consulting vinay n disley implementation challenges in bcm

Documents

bcm ownership

bcm implementation1

bcm close

bcm framework

bcm processes

success of bcm implementation

senior management

threat listsource