BCM is a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities. BIA is a process designed to prioritize business functions by assessing the potential quantitative (financial) and qualitative (non-financial) impact that may result if an organization was to experience a disruption from a disaster event. A simpler definition, BIA is a survey that shows how soon you need to have something and do something in order to not ruin your reputation, not lose a lot of money, and not go out of business.

1. CXO Advisor
Advise – Innovate – Change
Business Continuity Management Fundamentals

2. We do 3 things : -
Advise
 Deeply experienced team
 Backed by Ovum in Africa – IT Finance strength
 Business – IT Transformation Model
Innovate
 Return on Business Agility
 Rapid Innovation with Outsystems
 Business Model Innovation – Saas-it.net
Change
 Liberate legacy - Adaptivity
 Business Process as a Service – Procurement, IT Finance, Portfolio
 Governance as a Service

3. What is Buiness Continuity?
A holistic management process
that identifies potential impacts that
threaten an organisation
and provides a framework for building
resilience with the capability for an
effective response
that safeguards the interests of its key
stakeholders, reputation, brand and
value creating activities.
It’s a business problem, technology just makes it easier…
Source: The BCI Org

4. Risk Management life-cycle
• Business Impact Analysis
• Risk Assessment and Control
• Discovery, intelligence gathering
• Improve continuity of operations • Risk mapping & indicators
Identification
• Improve green operations • Organisation
• Triple bottom line accounting • Process
• Business resilience Continuous Business • Resource
• Root cause analysis Improvement continuity • Security
• Loss management & sustainability strategies • policy & workflow
• Recovery management Assess (audit) • Planning function
and monitor • Plans, scenarios
• limits & processes
• early warning • External bodies
Develop and • Incident & crisis
Exercise and
implement a Management
maintain BCM
BCM response • Sourcing & supply
• Exercise plans • Emergency response
• Rehearse staff & teams Building & & operations
• Test technology & business systems embedding a • Communications, PR
• Maintain business systems BCM culture & media
• Remedies, preventative & • Ongoing Education
contingent actions • Awareness
• Training
CXO Advisor © Client distribution only
Adapted from The BCI Org

5. Governance & Risk Support To Board & CIO
How Deliverable
• Business Continuity Management • Integrate DRP with BCM
• Compliance with governance
• Business continuity plan and readiness
• Risk management • Risk assessment
• Risk mitigation plans
• Risk monitoring
• Governance review • IT governance plans and procedures aligned
with organisational governance
It must have executive participation and buy-in…

6. A holistic management process
Business Continuity life cycle that identifies potential impacts that threaten an
organisation
and provides a framework for building resilience
with the capability for an effective response
that safeguards the interests of its key
Understanding your stakeholders, reputation, brand and value
business creating activities.
- BIA
- Risk Assess & controls
Determining Continuity
Embed BCM Culture
Strategies
- Training & Awareness
- Resources
- Monitoring
- Posture
- Change Management
Programme Management - Options
Develop / Implement
Response
Exercise / Maintain /
Review - Incident & Continuity
Response Plans
- Test
- Business Unit Plan
- Improve
- resumption
It’s a business programme, not an IT project…

7. Business Continuity Scope
BCM Programme:
Unified Management of Business Risk
• Board commitment &
proactive participation
• Organisation
Points of presence / facilities
• BCM Strategy
Knowledge Management
Crisis communications
• BCM policy &
Market & competitor risk
Emergency Management
framework
Operational Risk
Public Relations
Health & Safety
•
Financial Risk
Brand Risk
Supply Risk
Security
Quality
Roles, Accountability, res
ponsibility & Authority
• Finance & Resources
• Assurance & Insurance
• Audit
• MIS
• Compliance
• Change Management
Continuity of operations BCP
Disaster Recovery DRP
CXO Advisor © Client distribution only
Adapted from The BCI Org

8. Co-development model
Communication
Message Level of Ownership
Approach
Tell You will! Very Low
Sell This will be really good! Low
Look what you’ll get out of
Buy Average
this
Consult What do you really need? High
What should we build
Co-Development Very High
together?
It needs participation and buy-in at all levels with a proper budget…

9. Business Continuity Roles
Organisation wide touch points and dependencies
Demand Supply
Facilitation Facilitate activities Accept / call for facilitation
Integration Provide the framework with which Integrate with the framework provided
others will integrate
Standards Set standards Conform to standards
Decide Require others to perform according to Operate autonomously
specific criteria
• Individual RASCI
• Responsible: that is the person who is owner of the problem/project
• Accountable: that is the person to whom "R" is Accountable and is the authority who
approves to sign off on work before it is effective
• Supportive: that is a person who provides resources or plays a supporting role in
implementation
• Consulted: that is a person who provides information and/or expertise necessary to
complete the project
• Informed: that is a person who needs to be notified of results but need not
necessarily be consulted
MarketWorks Advisory © Client distribution only

10. What is business impact analysis (BIA)?
BIA is a process designed to prioritize business functions by
assessing the potential quantitative (financial) and qualitative
(non-financial) impact that may result if an organization was to
experience a disruption from a disaster event.
A simpler definition, BIA is a survey that shows how soon you
need to have something and do something in order to not ruin
your reputation, not lose a lot of money, and not go out of
business.

11. Business Impact Analysis template
ID Business Process Dependency Failure Mode Impact Timeframe Comments
Primary Sub Enabling Enablers Hard- System Critical Location Financia Customer MAO Critical Recovery
Function Business Function (Applica- ware Unavail- Personnel Unavail- l Impact Services Min/hrs time Time
Process (depende tions) able Unavailable able R (Reputation frames Objective
Functions ncy) million ) (dates) (RTO)
1-5
Key:
MAO = Maximum Acceptable Outage
impact:
1 = lowest impact; 2 = lower impact;
3 = low impact; 4 = high impact
5 = highest impact

12. BIA considerations for your organisation / business unit
Understand your key risks per function…

13. Recoverability & Strategy
ID A. Existing Plans ID B. Manual Workarounds ID C. Backups ID D: Off site Storage
A1 Existing current plan – B1 Manual workaround – C1 Full backups – every D1 Backup tapes and
off-site solution already documented day, fully tested hardcopies removed
everyday off site
A2 Existing outdated plan – B2 Manual workaround – not C2 Full backups – D2 Backup tapes and
off site solution documented rotational – tested on hardcopies removed off
rotation site on a weekly basis
A3 Existing current plan – B3 Possible manual C3 Incremental backups D3 Backup tape removed of
on campus solution workaround – not yet only – fully tested site, no hardcopies
identified removed
A4 Existing outdated plan – B4 No possible manual C4 Incremental backups D4 No backups nor
on campus solution workaround with rotation – tested hardcopies removed off
on rotation site
ID Type ID Type ID Type ID Type ID Type ID Type
BCP1 Full BCP’s: BCP2 Full BCP’s BCP3 Contact List BCP4 Use BCP5 Manual BCP6 No Plan
Off site on Campus only Existing work-
(3rd Party) Off-site arounds
Facility

14. How dependent is each function on continuity of operations?

15. What contingent & preventative actions will ensure continuity of
operartions?

16. QUESTIONS
craigt@cxo-advisor.co.za