SlideShare une entreprise Scribd logo

Kuwait BCM Conference measuring organizational resilience

Télécharger en tant que PPTX, PDF
C
chrisggreen

Measuring the value of business continuity programs. You can't manage what you can't measure. How to show value from your business continuity (BCM) program.

Business
1  sur  46
Managing To Measure & Measuring To Manage Christopher Green FBCI
Today’s Session - Why Measure? What to measure?  BIA  Plan Development  Testing  BC Program
Why Measure?
Why Measure?
Why Measure?
Why Measure?
Future Events?
What to Measure? •Plans ? •BIA ? •Callout ? •Exercises? •Crisis Capability ? •Whole Program ? •Reputation ?
BCM Lifecycle
1 2 34 5 6 7 8 10 9 PROBABILITY SEVERITY Risk Heatmap
0 50 100 150 200 250 300 Day 1 Day 3 Week 1 Loss of Income Extra Expenses Opportunity Costs The Financial Cost
The Operational Cost
Critical Operations?
LEVEL OF HARM A B C D E NATURE OF HARM RELEVANT MEASURE Extremely serious harm Very serious harm Serious harm Minor harm No significant harm Financial Loss (loss of sales, unforeseen costs, legal liabilities, fraud) Total financial impact: Over £10m £1m to £9.9m £100k to £1m £10k to £99k Under £10k Degraded performance (failure to achieve targets, loss of productivity) Key targets under- achieved by: Over 10% 6% to 10% 1% to 5% Less than 1% No Impact Number of staff hours wasted Over 10,000 Staff hours. 1001 to 10,000 Staff hours 501 to 1000 Staff hours 100 to 500 staff hours 0 to 100 staff hours What’s The HARM – 1?
LEVEL OF HARM A B C D E NATURE OF HARM RELEVANT MEASURE Extremely serious harm Very serious harm Serious harm Minor harm No significant harm Performance Loss (Customers) Customers not Served: More than 20% 12-20% 10-12% 5-10% <5% Reputation Loss Bad Publicity in: National and international media National media, inside pages Local media, front Local media, restricted No coverage What’s The HARM – 2?
What’s The HARM – 3? LEVEL OF HARM LOCATION Total HARM A (*20) B (*5) C (*3) D (*2) E (*1) Location 5 113 4 4 2 2 3 Location 7 100 5 0 0 0 0 Location 1 100 3 5 4 0 3 Location 3 94 3 5 2 0 3 Location 6 85 1 4 9 5 8
Measuring Plan Development
We can count…  Number of Plans ?  Number of Changes ?  Regular Sign-off ?  Content of Plan ? Measuring Plan Development But it’s easy to count the wrong data….
Plan Health Check
Measuring Exercises
0 5 10 15 20 25 30 35 40 45 50 2005 2006 2007 2008 2009 2010 2011 2012 Power Hardware Terrorism Communications Flooding Data Corruption What to Test?
Orientation Briefing Event Offsite - Multiple BU Full Simulation Desktop - Timed / IT Technical Test Plan Audit / Discussion Offsite Exercise - Single BU Desktop / Walkthrough / IT Technical Test Measuring ExercisesComplexityCost Time& Resources Assurance
System/Service RAG Advantage Elite GREEN ALEAXIS GREEN Assistance GREEN Auda Enterprise Archive Server RED Audatex (Home) GREEN Audatex (Motor) GREEN Bentley Motor Claims AMBER BIS Printing AMBER Blue Bay AMBER Body Management System AMBER Business Intelligence AMBER CEDAR-O GREEN Cedar Financials (Rupert) RED Chordiant (Host) GREEN Chordiant (Off Host) GREEN Cicsfax GREEN COGNOS Powerplay RED Complaints MI GREEN Delphi RED Direct Connect MIS RED Direct Connect Voice Recording GREEN Direct Marketing Information System (Closed) RED Direct Connect – SAP-RG GREEN DVLA GREEN E Commerce Daily MI GREEN E Financials (Closed) GREEN eCRM GREEN eCRM Payment Gateway GREEN Equifax GREEN Fax_web/Connect (Access to IS2000) GREEN FIDOSCAN RED Finsure GREEN Gentran GREEN Goldmine GREEN Hibernate RED HALCO (Barrell) GREEN HALCO (Guize) GREEN IS2000 GREEN ITP Rating and Pricing RED Landscape GREEN Lotus Notes GREEN System/Service RAG MAM RED Microstrategy GREEN National Hunter Claims GREEN NetConnect GREEN NetConnect SAS GREEN NET_Database RED NUCLEAR MEDICINE RED Oracle Financials GREEN Oracle FM GREEN Personnel Lines GREEN Probe RED PSF GREEN PULSE GREEN RAS (Closed) GREEN RAS BASE STRATA RED Redman Reporter RED Redman Scheduler GREEN Robotic manuals GREEN SAS BAA-G GREEN SAS MIA-L GREEN SAS MIA-M GREEN Solcase (Barrell) RED Solcase (Guize) RED Special Risks Application RED Stolen Vehicle Recovery System (TRACKER) GREEN Teamsite AMBER Toucan Lite GREEN TARDIS (Tracker) AMBER UIS (Clement) AMBER UIS (Devolved) AMBER UK MI Data Warehouse GREEN UK MI Seahorse GREEN UK Overseas Data Feeds GREEN ULTRA GREEN Vectus GREEN Vehicle Asset Management (TRACKER) GREEN Voice Recording (Family) GREEN Web Channels (Household) GREEN Web Channels (Life) GREEN Web Channels (Motor) GREEN Web Channels (UK Special Partnerships) GREEN IT DR Status
For  Every Recovery Test  Every Business  Every Year .......... We measured up to 13 components Could also apply it to crisis exercises, callout tests etc. Measuring Exercise Components
Measuring an Exercise - 1 Q1: How many STAFF will take part in the exercise compared with full recovery requirements? 10 9 8 7 6 5 4 3 2 1 Criticality (1 to 10)
Q2: How much HARDWARE is in scope compared with full recovery requirements? 10 9 8 7 6 5 4 3 2 1 Not part of plan Criticality (1 to 10) Measuring an Exercise - 2
Q3: How many APPLICATIONS are being tested compared with full recovery requirements? 10 9 8 7 6 5 4 3 2 1 Not part of plan Criticality (1 to 10) Measuring an Exercise - 3
Scale and Score
Division Target Actual KRI RAG Div A 68 76.58 58 Green Div B 68 74.45 58 Green Div C 68 78.91 58 Green Div D 68 69.26 58 Green Div E 68 50.71 58 Red Div F 68 56.18 58 Red Div G 68 63.43 58 Amber Div H 68 61.30 58 Amber Div J 68 76.99 58 Green Div K 68 50.41 58 Red Average 68 67.88 58 Amber Key Risk Indicators – 1
20 30 40 50 60 70 80 Div A Div B Div C Div D Div E Div F Div G Div H Div J Div K Score Division BCM Testing KRI - Score Target Actual KRI Key Risk Indicators – 2
Division Target Actual KRI RAG Div A 68.0 69.21 58 Green Div B 72.2 74.45 64 Green Div C 72.2 78.91 64 Green Div D 75.8 77.26 66 Green Div E 56.5 42.12 50 Red Div F 56.0 48.20 50 Red Div G 56.0 53.56 50 Amber Div H 80.0 75.60 72 Amber Div J 85.5 85.88 75 Green Div K 85.5 74.33 75 Red Average 73.0 72.41 62.4 Amber Key Risk Indicators – 3
Key Risk Indicators – 4 20 30 40 50 60 70 80 90 100 Div A Div B Div C Div D Div E Div F Div G Div H Div J Div K Score Division BCM Testing KRI - Score Target Actual KRI
Programme Measurement
Programme Measurement
Variable Targets
Detailed Statements
Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Location Risk Wheels
1. Quality Scores Below are the agreed quality scores for the contract which reflect the level of compliance with Policy and the overall effectiveness of the controls in place. QUALITY SCORE FOR EACH REVIEW SECTION TotalQualityRating Supplier Performance Relationship Management BCM Performance FinancialReview ValueImprovement Contract Management Change Management RiskManagement ExitArrangements BusinessContinuity Mgt. 2012 Review Score 2 3 2 3 3 3 2 3 21 Green 2011 Review Score 2 3 0 0 2 2 0 2 11 Red Supplier Reviews
Supplier Reviews
0 10 20 30 40 50 60 70 80 90 100 0 5 10 15 20 25 30 ContractValue Review Score Contract Value vs Review Score Contract Value (£m) In the main, higher value contracts have a better score = better managed. However, some large value contracts have poor scores Supplier Reviews
Trend Analysis 0 10 20 30 40 50 60 70 80 90 100 Div A Div B Div C Div D Div E Div F 2009 2010 2011 2012
Summary  Why Measure?  What to Measure?  BIA  Testing  BC Programme
Is BCM an Expense......? Common views by senior management?  “BC costs us money”  “It’s a necessary evil”  “It doesn’t increase the bottom line”
.....or an Investment? Benefits  Easier bid / tender qualification  Differentiates our proposition – offers quality and reliable service  Reduces risk in supply or value chain network  ISO 22301?
Measurement Adds Value  Measurement provides level playing field  Applicable to public, private and voluntary sectors: size doesn’t matter  Measurement provides roadmap  Can be used to enhance current BCM  Incentive for senior management to take it more seriously  Helps target investment
Thanks

Recommandé

Motor vehicle emission checker danu-lap
Motor vehicle emission checker danu-lapMotor vehicle emission checker danu-lap
Motor vehicle emission checker danu-lapaidsdatahub
 
Discurso_LHK_convocatoria_eleccciones_21_08_2012.pdf
Discurso_LHK_convocatoria_eleccciones_21_08_2012.pdfDiscurso_LHK_convocatoria_eleccciones_21_08_2012.pdf
Discurso_LHK_convocatoria_eleccciones_21_08_2012.pdfIrekia - EJGV
 
Inducción economia de fichas
Inducción economia de fichasInducción economia de fichas
Inducción economia de fichassociologicus
 
Blue Phoenix: Content Empowering Energy Brands
Blue Phoenix: Content Empowering Energy BrandsBlue Phoenix: Content Empowering Energy Brands
Blue Phoenix: Content Empowering Energy Brandsbluephoenixinc
 
Data sheet bancada
Data sheet bancadaData sheet bancada
Data sheet bancadaSecure Technical Rooms
 
CREACIONES DANGO
CREACIONES DANGOCREACIONES DANGO
CREACIONES DANGOalex zavala
 
S a n t a m i s a 8 diciembre
S a n t a m i s a 8 diciembreS a n t a m i s a 8 diciembre
S a n t a m i s a 8 diciembreCarlos Gabriel Bolelli Serra
 
RMPressFitbrochure
RMPressFitbrochureRMPressFitbrochure
RMPressFitbrochureAndrew Cairns
 

Recommandé

Motor vehicle emission checker danu-lap
Motor vehicle emission checker danu-lapMotor vehicle emission checker danu-lap
Motor vehicle emission checker danu-lapaidsdatahub
 
Discurso_LHK_convocatoria_eleccciones_21_08_2012.pdf
Discurso_LHK_convocatoria_eleccciones_21_08_2012.pdfDiscurso_LHK_convocatoria_eleccciones_21_08_2012.pdf
Discurso_LHK_convocatoria_eleccciones_21_08_2012.pdfIrekia - EJGV
 
Inducción economia de fichas
Inducción economia de fichasInducción economia de fichas
Inducción economia de fichassociologicus
 
Blue Phoenix: Content Empowering Energy Brands
Blue Phoenix: Content Empowering Energy BrandsBlue Phoenix: Content Empowering Energy Brands
Blue Phoenix: Content Empowering Energy Brandsbluephoenixinc
 
Data sheet bancada
Data sheet bancadaData sheet bancada
Data sheet bancadaSecure Technical Rooms
 
CREACIONES DANGO
CREACIONES DANGOCREACIONES DANGO
CREACIONES DANGOalex zavala
 
S a n t a m i s a 8 diciembre
S a n t a m i s a 8 diciembreS a n t a m i s a 8 diciembre
S a n t a m i s a 8 diciembreCarlos Gabriel Bolelli Serra
 
RMPressFitbrochure
RMPressFitbrochureRMPressFitbrochure
RMPressFitbrochureAndrew Cairns
 
Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...
Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...
Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...genycaloisi
 
Gratis aprende programacion1
Gratis aprende programacion1Gratis aprende programacion1
Gratis aprende programacion1jackson nieto
 
Libro introducción a ajax
Libro introducción a ajaxLibro introducción a ajax
Libro introducción a ajaxHector Cruz cortes
 
Phillip Kingston - The Social Technology Mindset
Phillip Kingston - The Social Technology MindsetPhillip Kingston - The Social Technology Mindset
Phillip Kingston - The Social Technology MindsetPhillip Kingston
 
JORNADA EMPRENEDOR
JORNADA EMPRENEDORJORNADA EMPRENEDOR
JORNADA EMPRENEDORRamon Gené Coma
 
Informe UPTA proyecto de Ley de apoyo a los emprendedores
Informe UPTA proyecto de Ley de apoyo a los emprendedoresInforme UPTA proyecto de Ley de apoyo a los emprendedores
Informe UPTA proyecto de Ley de apoyo a los emprendedoreseconred
 
INFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTES
INFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTESINFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTES
INFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTESyolanegritauf
 
OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)Michael Bleigh
 
Lista-Definitiva
Lista-DefinitivaLista-Definitiva
Lista-Definitivaceiplopedevegaalmeria
 
Email Professional: sincronizzazione e condivisione in ogni momento
Email Professional: sincronizzazione e condivisione in ogni momentoEmail Professional: sincronizzazione e condivisione in ogni momento
Email Professional: sincronizzazione e condivisione in ogni momentoRegister.it
 
Reconocimiento malezas primavero estival
Reconocimiento malezas primavero estivalReconocimiento malezas primavero estival
Reconocimiento malezas primavero estivalRealidadagropecuaria
 
Cmos testing
Cmos testingCmos testing
Cmos testingRajani Kumar Reddy
 
Baldor
BaldorBaldor
BaldorKarla Santos
 
Inspiria knowledge-campus-e-brochure
Inspiria knowledge-campus-e-brochureInspiria knowledge-campus-e-brochure
Inspiria knowledge-campus-e-brochureInspiria
 
HIGH PARK TOWER 2 - QUEZON CITY
HIGH PARK TOWER 2 - QUEZON CITYHIGH PARK TOWER 2 - QUEZON CITY
HIGH PARK TOWER 2 - QUEZON CITYRomeo Madrid II , Broker
 
bebidas refrescantes
bebidas refrescantesbebidas refrescantes
bebidas refrescantespollagrande69
 
Simulado - Terceiro Ano (2)
Simulado - Terceiro Ano (2)Simulado - Terceiro Ano (2)
Simulado - Terceiro Ano (2)Paulo Alexandre
 
Knowledge based asset integrity for wind farms
Knowledge based asset integrity for wind farmsKnowledge based asset integrity for wind farms
Knowledge based asset integrity for wind farmsLloyd's Register Energy
 
Tennelli_Cost of Quality
Tennelli_Cost of QualityTennelli_Cost of Quality
Tennelli_Cost of QualityTennelli Industries (Pty) Ltd
 
ABN AMRO_SLP Consulting
ABN AMRO_SLP ConsultingABN AMRO_SLP Consulting
ABN AMRO_SLP ConsultingSem de Moel
 
PIIMA & GRESB: Performance Component [English]
PIIMA & GRESB: Performance Component [English]PIIMA & GRESB: Performance Component [English]
PIIMA & GRESB: Performance Component [English]GRESB
 
Six sigma project (chihaoshen)
Six sigma project (chihaoshen)Six sigma project (chihaoshen)
Six sigma project (chihaoshen)CH §Shen
 

Contenu connexe

En vedette

Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...
Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...
Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...genycaloisi
 
Gratis aprende programacion1
Gratis aprende programacion1Gratis aprende programacion1
Gratis aprende programacion1jackson nieto
 
Phillip Kingston - The Social Technology Mindset
Phillip Kingston - The Social Technology MindsetPhillip Kingston - The Social Technology Mindset
Phillip Kingston - The Social Technology MindsetPhillip Kingston
 
Informe UPTA proyecto de Ley de apoyo a los emprendedores
Informe UPTA proyecto de Ley de apoyo a los emprendedoresInforme UPTA proyecto de Ley de apoyo a los emprendedores
Informe UPTA proyecto de Ley de apoyo a los emprendedoreseconred
 
INFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTES
INFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTESINFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTES
INFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTESyolanegritauf
 
OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)Michael Bleigh
 
Email Professional: sincronizzazione e condivisione in ogni momento
Email Professional: sincronizzazione e condivisione in ogni momentoEmail Professional: sincronizzazione e condivisione in ogni momento
Email Professional: sincronizzazione e condivisione in ogni momentoRegister.it
 
Reconocimiento malezas primavero estival
Reconocimiento malezas primavero estivalReconocimiento malezas primavero estival
Reconocimiento malezas primavero estivalRealidadagropecuaria
 
Inspiria knowledge-campus-e-brochure
Inspiria knowledge-campus-e-brochureInspiria knowledge-campus-e-brochure
Inspiria knowledge-campus-e-brochureInspiria
 
bebidas refrescantes
bebidas refrescantesbebidas refrescantes
bebidas refrescantespollagrande69
 
Simulado - Terceiro Ano (2)
Simulado - Terceiro Ano (2)Simulado - Terceiro Ano (2)
Simulado - Terceiro Ano (2)Paulo Alexandre
 

En vedette (17)

Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...
Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...
Riding the creative storm with Ruckus _ Top Interactive Agencies _ Best Digit...
 
Gratis aprende programacion1
Gratis aprende programacion1Gratis aprende programacion1
Gratis aprende programacion1
 
Libro introducción a ajax
Libro introducción a ajaxLibro introducción a ajax
Libro introducción a ajax
 
Phillip Kingston - The Social Technology Mindset
Phillip Kingston - The Social Technology MindsetPhillip Kingston - The Social Technology Mindset
Phillip Kingston - The Social Technology Mindset
 
JORNADA EMPRENEDOR
JORNADA EMPRENEDORJORNADA EMPRENEDOR
JORNADA EMPRENEDOR
 
Informe UPTA proyecto de Ley de apoyo a los emprendedores
Informe UPTA proyecto de Ley de apoyo a los emprendedoresInforme UPTA proyecto de Ley de apoyo a los emprendedores
Informe UPTA proyecto de Ley de apoyo a los emprendedores
 
INFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTES
INFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTESINFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTES
INFORME FINAL DEL PROYECTO YO SOY AMBIENTE, YO SOY CULTURA DE LOS ESTUDIANTES
 
OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)OmniAuth: From the Ground Up (RailsConf 2011)
OmniAuth: From the Ground Up (RailsConf 2011)
 
Lista-Definitiva
Lista-DefinitivaLista-Definitiva
Lista-Definitiva
 
Email Professional: sincronizzazione e condivisione in ogni momento
Email Professional: sincronizzazione e condivisione in ogni momentoEmail Professional: sincronizzazione e condivisione in ogni momento
Email Professional: sincronizzazione e condivisione in ogni momento
 
Reconocimiento malezas primavero estival
Reconocimiento malezas primavero estivalReconocimiento malezas primavero estival
Reconocimiento malezas primavero estival
 
Cmos testing
Cmos testingCmos testing
Cmos testing
 
Baldor
BaldorBaldor
Baldor
 
Inspiria knowledge-campus-e-brochure
Inspiria knowledge-campus-e-brochureInspiria knowledge-campus-e-brochure
Inspiria knowledge-campus-e-brochure
 
HIGH PARK TOWER 2 - QUEZON CITY
HIGH PARK TOWER 2 - QUEZON CITYHIGH PARK TOWER 2 - QUEZON CITY
HIGH PARK TOWER 2 - QUEZON CITY
 
bebidas refrescantes
bebidas refrescantesbebidas refrescantes
bebidas refrescantes
 
Simulado - Terceiro Ano (2)
Simulado - Terceiro Ano (2)Simulado - Terceiro Ano (2)
Simulado - Terceiro Ano (2)
 

Similaire à Kuwait BCM Conference measuring organizational resilience

Knowledge based asset integrity for wind farms
Knowledge based asset integrity for wind farmsKnowledge based asset integrity for wind farms
Knowledge based asset integrity for wind farmsLloyd's Register Energy
 
ABN AMRO_SLP Consulting
ABN AMRO_SLP ConsultingABN AMRO_SLP Consulting
ABN AMRO_SLP ConsultingSem de Moel
 
PIIMA & GRESB: Performance Component [English]
PIIMA & GRESB: Performance Component [English]PIIMA & GRESB: Performance Component [English]
PIIMA & GRESB: Performance Component [English]GRESB
 
Six sigma project (chihaoshen)
Six sigma project (chihaoshen)Six sigma project (chihaoshen)
Six sigma project (chihaoshen)CH §Shen
 
SMaRT Certified Building Products - Jim Lord, EcoVert
SMaRT Certified Building Products - Jim Lord, EcoVertSMaRT Certified Building Products - Jim Lord, EcoVert
SMaRT Certified Building Products - Jim Lord, EcoVertToronto 2030 District
 
SPLC 2019 Summit: Can Your Purchases Reverse Global Warming?
SPLC 2019 Summit: Can Your Purchases Reverse Global Warming?SPLC 2019 Summit: Can Your Purchases Reverse Global Warming?
SPLC 2019 Summit: Can Your Purchases Reverse Global Warming?SPLCouncil
 
Erci mar2015 webinar fair value measurement
Erci mar2015 webinar fair value measurementErci mar2015 webinar fair value measurement
Erci mar2015 webinar fair value measurementjohnrosengard
 
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip LewWhen Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip LewXBOSoft
 
Six sigma for beginner
Six sigma for beginnerSix sigma for beginner
Six sigma for beginnerYusar Cahyadi
 
Decarbonizing the oil & gas supply chain.pdf
Decarbonizing the oil & gas supply chain.pdfDecarbonizing the oil & gas supply chain.pdf
Decarbonizing the oil & gas supply chain.pdfSi Chen
 
ZED Awareness PPT_27052022.pptx
ZED Awareness PPT_27052022.pptxZED Awareness PPT_27052022.pptx
ZED Awareness PPT_27052022.pptxGOPALSINHA8
 
Michelle Redfield, Schneider Electric, Global Management Systems for Enterpri...
Michelle Redfield, Schneider Electric, Global Management Systems for Enterpri...Michelle Redfield, Schneider Electric, Global Management Systems for Enterpri...
Michelle Redfield, Schneider Electric, Global Management Systems for Enterpri...Kevin Perry
 
The Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for ManufacturersThe Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for ManufacturersWithum
 
Top at risk drg s in the post icd 10 era and how to proactively address codin...
Top at risk drg s in the post icd 10 era and how to proactively address codin...Top at risk drg s in the post icd 10 era and how to proactively address codin...
Top at risk drg s in the post icd 10 era and how to proactively address codin...Phil C. Solomon
 
Lean six sigma executive overview (case study) templates
Lean six sigma executive overview (case study) templatesLean six sigma executive overview (case study) templates
Lean six sigma executive overview (case study) templatesSteven Bonacorsi
 

Similaire à Kuwait BCM Conference measuring organizational resilience (20)

Knowledge based asset integrity for wind farms
Knowledge based asset integrity for wind farmsKnowledge based asset integrity for wind farms
Knowledge based asset integrity for wind farms
 
Tennelli_Cost of Quality
Tennelli_Cost of QualityTennelli_Cost of Quality
Tennelli_Cost of Quality
 
ABN AMRO_SLP Consulting
ABN AMRO_SLP ConsultingABN AMRO_SLP Consulting
ABN AMRO_SLP Consulting
 
PIIMA & GRESB: Performance Component [English]
PIIMA & GRESB: Performance Component [English]PIIMA & GRESB: Performance Component [English]
PIIMA & GRESB: Performance Component [English]
 
Six sigma project (chihaoshen)
Six sigma project (chihaoshen)Six sigma project (chihaoshen)
Six sigma project (chihaoshen)
 
PPM presentation
PPM presentation PPM presentation
PPM presentation
 
SMaRT Certified Building Products - Jim Lord, EcoVert
SMaRT Certified Building Products - Jim Lord, EcoVertSMaRT Certified Building Products - Jim Lord, EcoVert
SMaRT Certified Building Products - Jim Lord, EcoVert
 
SPLC 2019 Summit: Can Your Purchases Reverse Global Warming?
SPLC 2019 Summit: Can Your Purchases Reverse Global Warming?SPLC 2019 Summit: Can Your Purchases Reverse Global Warming?
SPLC 2019 Summit: Can Your Purchases Reverse Global Warming?
 
Natural Gas Benchmarking
Natural Gas BenchmarkingNatural Gas Benchmarking
Natural Gas Benchmarking
 
Erci mar2015 webinar fair value measurement
Erci mar2015 webinar fair value measurementErci mar2015 webinar fair value measurement
Erci mar2015 webinar fair value measurement
 
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip LewWhen Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
 
Six sigma for beginner
Six sigma for beginnerSix sigma for beginner
Six sigma for beginner
 
Arndt PPT Draft 8 (May 25)-Draft 25
Arndt PPT Draft 8 (May 25)-Draft 25Arndt PPT Draft 8 (May 25)-Draft 25
Arndt PPT Draft 8 (May 25)-Draft 25
 
Decarbonizing the oil & gas supply chain.pdf
Decarbonizing the oil & gas supply chain.pdfDecarbonizing the oil & gas supply chain.pdf
Decarbonizing the oil & gas supply chain.pdf
 
ZED Awareness PPT_27052022.pptx
ZED Awareness PPT_27052022.pptxZED Awareness PPT_27052022.pptx
ZED Awareness PPT_27052022.pptx
 
PPT.pptx
PPT.pptxPPT.pptx
PPT.pptx
 
Michelle Redfield, Schneider Electric, Global Management Systems for Enterpri...
Michelle Redfield, Schneider Electric, Global Management Systems for Enterpri...Michelle Redfield, Schneider Electric, Global Management Systems for Enterpri...
Michelle Redfield, Schneider Electric, Global Management Systems for Enterpri...
 
The Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for ManufacturersThe Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for Manufacturers
 
Top at risk drg s in the post icd 10 era and how to proactively address codin...
Top at risk drg s in the post icd 10 era and how to proactively address codin...Top at risk drg s in the post icd 10 era and how to proactively address codin...
Top at risk drg s in the post icd 10 era and how to proactively address codin...
 
Lean six sigma executive overview (case study) templates
Lean six sigma executive overview (case study) templatesLean six sigma executive overview (case study) templates
Lean six sigma executive overview (case study) templates
 

Dernier

It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 

Dernier (20)

It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 

Kuwait BCM Conference measuring organizational resilience

  • 1. Managing To Measure & Measuring To Manage Christopher Green FBCI
  • 2. Today’s Session - Why Measure? What to measure?  BIA  Plan Development  Testing  BC Program
  • 8. What to Measure? •Plans ? •BIA ? •Callout ? •Exercises? •Crisis Capability ? •Whole Program ? •Reputation ?
  • 11. 0 50 100 150 200 250 300 Day 1 Day 3 Week 1 Loss of Income Extra Expenses Opportunity Costs The Financial Cost
  • 14. LEVEL OF HARM A B C D E NATURE OF HARM RELEVANT MEASURE Extremely serious harm Very serious harm Serious harm Minor harm No significant harm Financial Loss (loss of sales, unforeseen costs, legal liabilities, fraud) Total financial impact: Over £10m £1m to £9.9m £100k to £1m £10k to £99k Under £10k Degraded performance (failure to achieve targets, loss of productivity) Key targets under- achieved by: Over 10% 6% to 10% 1% to 5% Less than 1% No Impact Number of staff hours wasted Over 10,000 Staff hours. 1001 to 10,000 Staff hours 501 to 1000 Staff hours 100 to 500 staff hours 0 to 100 staff hours What’s The HARM – 1?
  • 15. LEVEL OF HARM A B C D E NATURE OF HARM RELEVANT MEASURE Extremely serious harm Very serious harm Serious harm Minor harm No significant harm Performance Loss (Customers) Customers not Served: More than 20% 12-20% 10-12% 5-10% <5% Reputation Loss Bad Publicity in: National and international media National media, inside pages Local media, front Local media, restricted No coverage What’s The HARM – 2?
  • 16. What’s The HARM – 3? LEVEL OF HARM LOCATION Total HARM A (*20) B (*5) C (*3) D (*2) E (*1) Location 5 113 4 4 2 2 3 Location 7 100 5 0 0 0 0 Location 1 100 3 5 4 0 3 Location 3 94 3 5 2 0 3 Location 6 85 1 4 9 5 8
  • 18. We can count…  Number of Plans ?  Number of Changes ?  Regular Sign-off ?  Content of Plan ? Measuring Plan Development But it’s easy to count the wrong data….
  • 22. Orientation Briefing Event Offsite - Multiple BU Full Simulation Desktop - Timed / IT Technical Test Plan Audit / Discussion Offsite Exercise - Single BU Desktop / Walkthrough / IT Technical Test Measuring ExercisesComplexityCost Time& Resources Assurance
  • 23. System/Service RAG Advantage Elite GREEN ALEAXIS GREEN Assistance GREEN Auda Enterprise Archive Server RED Audatex (Home) GREEN Audatex (Motor) GREEN Bentley Motor Claims AMBER BIS Printing AMBER Blue Bay AMBER Body Management System AMBER Business Intelligence AMBER CEDAR-O GREEN Cedar Financials (Rupert) RED Chordiant (Host) GREEN Chordiant (Off Host) GREEN Cicsfax GREEN COGNOS Powerplay RED Complaints MI GREEN Delphi RED Direct Connect MIS RED Direct Connect Voice Recording GREEN Direct Marketing Information System (Closed) RED Direct Connect – SAP-RG GREEN DVLA GREEN E Commerce Daily MI GREEN E Financials (Closed) GREEN eCRM GREEN eCRM Payment Gateway GREEN Equifax GREEN Fax_web/Connect (Access to IS2000) GREEN FIDOSCAN RED Finsure GREEN Gentran GREEN Goldmine GREEN Hibernate RED HALCO (Barrell) GREEN HALCO (Guize) GREEN IS2000 GREEN ITP Rating and Pricing RED Landscape GREEN Lotus Notes GREEN System/Service RAG MAM RED Microstrategy GREEN National Hunter Claims GREEN NetConnect GREEN NetConnect SAS GREEN NET_Database RED NUCLEAR MEDICINE RED Oracle Financials GREEN Oracle FM GREEN Personnel Lines GREEN Probe RED PSF GREEN PULSE GREEN RAS (Closed) GREEN RAS BASE STRATA RED Redman Reporter RED Redman Scheduler GREEN Robotic manuals GREEN SAS BAA-G GREEN SAS MIA-L GREEN SAS MIA-M GREEN Solcase (Barrell) RED Solcase (Guize) RED Special Risks Application RED Stolen Vehicle Recovery System (TRACKER) GREEN Teamsite AMBER Toucan Lite GREEN TARDIS (Tracker) AMBER UIS (Clement) AMBER UIS (Devolved) AMBER UK MI Data Warehouse GREEN UK MI Seahorse GREEN UK Overseas Data Feeds GREEN ULTRA GREEN Vectus GREEN Vehicle Asset Management (TRACKER) GREEN Voice Recording (Family) GREEN Web Channels (Household) GREEN Web Channels (Life) GREEN Web Channels (Motor) GREEN Web Channels (UK Special Partnerships) GREEN IT DR Status
  • 24. For  Every Recovery Test  Every Business  Every Year .......... We measured up to 13 components Could also apply it to crisis exercises, callout tests etc. Measuring Exercise Components
  • 25. Measuring an Exercise - 1 Q1: How many STAFF will take part in the exercise compared with full recovery requirements? 10 9 8 7 6 5 4 3 2 1 Criticality (1 to 10)
  • 26. Q2: How much HARDWARE is in scope compared with full recovery requirements? 10 9 8 7 6 5 4 3 2 1 Not part of plan Criticality (1 to 10) Measuring an Exercise - 2
  • 27. Q3: How many APPLICATIONS are being tested compared with full recovery requirements? 10 9 8 7 6 5 4 3 2 1 Not part of plan Criticality (1 to 10) Measuring an Exercise - 3
  • 29. Division Target Actual KRI RAG Div A 68 76.58 58 Green Div B 68 74.45 58 Green Div C 68 78.91 58 Green Div D 68 69.26 58 Green Div E 68 50.71 58 Red Div F 68 56.18 58 Red Div G 68 63.43 58 Amber Div H 68 61.30 58 Amber Div J 68 76.99 58 Green Div K 68 50.41 58 Red Average 68 67.88 58 Amber Key Risk Indicators – 1
  • 30. 20 30 40 50 60 70 80 Div A Div B Div C Div D Div E Div F Div G Div H Div J Div K Score Division BCM Testing KRI - Score Target Actual KRI Key Risk Indicators – 2
  • 31. Division Target Actual KRI RAG Div A 68.0 69.21 58 Green Div B 72.2 74.45 64 Green Div C 72.2 78.91 64 Green Div D 75.8 77.26 66 Green Div E 56.5 42.12 50 Red Div F 56.0 48.20 50 Red Div G 56.0 53.56 50 Amber Div H 80.0 75.60 72 Amber Div J 85.5 85.88 75 Green Div K 85.5 74.33 75 Red Average 73.0 72.41 62.4 Amber Key Risk Indicators – 3
  • 32. Key Risk Indicators – 4 20 30 40 50 60 70 80 90 100 Div A Div B Div C Div D Div E Div F Div G Div H Div J Div K Score Division BCM Testing KRI - Score Target Actual KRI
  • 37. Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Mains Generator UPS Comms UPS Desk Run Time Cooling Water Location Risk Wheels
  • 38. 1. Quality Scores Below are the agreed quality scores for the contract which reflect the level of compliance with Policy and the overall effectiveness of the controls in place. QUALITY SCORE FOR EACH REVIEW SECTION TotalQualityRating Supplier Performance Relationship Management BCM Performance FinancialReview ValueImprovement Contract Management Change Management RiskManagement ExitArrangements BusinessContinuity Mgt. 2012 Review Score 2 3 2 3 3 3 2 3 21 Green 2011 Review Score 2 3 0 0 2 2 0 2 11 Red Supplier Reviews
  • 40. 0 10 20 30 40 50 60 70 80 90 100 0 5 10 15 20 25 30 ContractValue Review Score Contract Value vs Review Score Contract Value (£m) In the main, higher value contracts have a better score = better managed. However, some large value contracts have poor scores Supplier Reviews
  • 41. Trend Analysis 0 10 20 30 40 50 60 70 80 90 100 Div A Div B Div C Div D Div E Div F 2009 2010 2011 2012
  • 42. Summary  Why Measure?  What to Measure?  BIA  Testing  BC Programme
  • 43. Is BCM an Expense......? Common views by senior management?  “BC costs us money”  “It’s a necessary evil”  “It doesn’t increase the bottom line”
  • 44. .....or an Investment? Benefits  Easier bid / tender qualification  Differentiates our proposition – offers quality and reliable service  Reduces risk in supply or value chain network  ISO 22301?
  • 45. Measurement Adds Value  Measurement provides level playing field  Applicable to public, private and voluntary sectors: size doesn’t matter  Measurement provides roadmap  Can be used to enhance current BCM  Incentive for senior management to take it more seriously  Helps target investment

Notes de l'éditeur

  1. In order to manage a BCM program, I believe that it is necessary to develop metrics that showProgressSuccessBarriersAreas for InvestmentBy using quantitative data rather than just saying “I think”, it is easier to demonstrate that the BCM program supports corporate goals, and that the BC Manager has a strategic focus.What can we measure? I think that we can measure various components of our programs
  2. To start, let’s review why we need to know how good our program isWe are all subject to external and internal eventsPolitical events such as Arab Spring and terrorist threatsNatural hazards such as volcano, tsunamiWe can all see increasing occurrences of bad weather – be that snow, or flooding, or dust storms…and is Bird Flu on the rise? The current Chinese outbreak has no human-to-human aspect yet, but we should re-evaluate our plans for loss of staffOther things arise from time to time. A month ago, I wouldn’t have been particularly worried about earthquakes here in the Gulf region – but you all know that we’ve had two tremors in two weeks, in a region where buildings and structures are not designed as earthquake-proof
  3. To start, let’s review why we need to know how good our program isWe are all subject to external and internal eventsPolitical events such as Arab Spring and terrorist threatsNatural hazards such as volcano, tsunamiWe can all see increasing occurrences of bad weather – be that snow, or flooding, or dust storms…and is Bird Flu on the rise? The current Chinese outbreak has no human-to-human aspect yet, but we should re-evaluate our plans for loss of staffOther things arise from time to time. A month ago, I wouldn’t have been particularly worried about earthquakes here in the Gulf region – but you all know that we’ve had two tremors in two weeks, in a region where buildings and structures are not designed as earthquake-proof
  4. To start, let’s review why we need to know how good our program isWe are all subject to external and internal eventsPolitical events such as Arab Spring and terrorist threatsNatural hazards such as volcano, tsunamiWe can all see increasing occurrences of bad weather – be that snow, or flooding, or dust storms…and is Bird Flu on the rise? The current Chinese outbreak has no human-to-human aspect yet, but we should re-evaluate our plans for loss of staffOther things arise from time to time. A month ago, I wouldn’t have been particularly worried about earthquakes here in the Gulf region – but you all know that we’ve had two tremors in two weeks, in a region where buildings and structures are not designed as earthquake-proof
  5. To start, let’s review why we need to know how good our program isWe are all subject to external and internal eventsPolitical events such as Arab Spring and terrorist threatsNatural hazards such as volcano, tsunamiWe can all see increasing occurrences of bad weather – be that snow, or flooding, or dust storms…and is Bird Flu on the rise? The current Chinese outbreak has no human-to-human aspect yet, but we should re-evaluate our plans for loss of staffOther things arise from time to time. A month ago, I wouldn’t have been particularly worried about earthquakes here in the Gulf region – but you all know that we’ve had two tremors in two weeks, in a region where buildings and structures are not designed as earthquake-proof
  6. What about future developments?Dirty bombsIncreasing “lone wolf” attacks such as Ricin or Anthrax attacks on individuals in the USASuch contamination would increase the complexity and the length of our response
  7. So what can be measured?I suggest we can measure many aspects of our program – but let’s be cautiousThe number of plans is easy to measure – but is “31 plans” better than “30 plans”. Not necessarily - it’s a number but not a value-addWhat about the number of BIAs, or the number of critical applications identified – is one number better than another?
  8. If we look at the standard BCM lifecycle, I’ll take us through examples at each stage
  9. Understanding the Organization….We all have (Or we should have? Or we plan to have?) a risk identification and assessment process, that leads to:Risks registersRisk mitigationRisk treatmentsRisk appetiteIn this phase, what is important to me is being able to show that risks are being assessed, mitigated and/or treated. Over time, we can show that we reduced the number of risks and their potential impact to the organization. We can put operational and financial values on this…subject to the normal caveats about probability
  10. For the BIA Phase, it’s easy enough to add together the cumulative financial impacts, to show what an interruption might cost us. The cost inevitably increases over timeBut you have to be careful about the figures that “the business” provides. A good BC Manager will – where necessary – strongly challenge the BIA returns to ensure that the data is valid.One example I came across in an insurance company was a figure of “a 3-day outage will cost us $30 billion”. Now that seemed ridiculous for a Division that contributed to an organization-wide profit of $20mWhat the manager had counted was the total liability across all insurance policies – but these weren’t at risk in a 3-day interruption. The value quoted in BIA was easy to calculate, but was entirely wrong.Opportunity cost is an interesting parameter – what market opportunities do we lose by being out-of-work due to a disruption? Did we lose the chance to seal a deal? Did we miss selling a product because the customer needed it THAT DAY. Did we miss the chance to bid for a future deal?
  11. Many managers find it easier to calculate the operational cost, using a relative scaleIn this example, we asked each department to assess (over time) the outage on a 1-10 scale….but is my “6 out of 10” the same as your “6 out of 10”…it can be subjective
  12. And we also need to recognize that not all questions can be framed to satisfy every department. Perhaps this is a “black swan” momentHere is Murrayfield Stadium in Scotland, the home of Scottish Rugby Union, 3 days before an international rugby match.All the staff are at work, all the buildings are accessible, all the IT is working, all the suppliers are available….and yet we have a cessation of our single-most critical function…the ability to play a game Disruption to this one function resulted in losing nearly all the revenue expected by that organization in that month.
  13. In one organization I worked in, we looked at this from a different perspectiveUsing around a dozen types of measurement (just a few are shown here), we asked each function/process/activity (whatever level you choose to conduct your BIA) to rank the “harm to the organization”The concept here is that financial loss causes harm, but so does not answering the phones in the contact centres. Idle staff time harms the organization, as we are paying people to do nothing (and then probably pay them extra to work overtime to catch up the backlog).The parameters you use will be different, and the A to E values will be different, but I think you see the concept
  14. Here are some less tangible parameters – we all know how hard (impossible) it is to measure reputation, until after it’s gone!Other examples are:Regulatory impacts (do we get fined/punished for being late?)Staff welfare affectedCritical records not kept up-to-date, leading to privacy or data protection issuesThe parameters you choose will vary – what matters is the ability for your functional managers to rate the “harm” on a scale
  15. You can then – if you want – summate the functions to give a view of the most critical locations (the weighting is subjective and you might want to vary it)In this example, Location 5 appears to be the most critical location (the sum is 4x20 plus 4x5 plus 2x3 plus 2x2 plus 3x1 = 113).Caution – location 7 scores fewer points overall, but has more (5) harm-A functions, so you need to interpret this with intelligence.This is intended to be a guide, not an absolute measure – but it may help when deciding where to invest resources for testing, or resilience measures
  16. I don’t measure strategy, as I believe that all strategies are relevant if you align them to the impact/risk, so let’s skip to development
  17. Any of the above can be counted – but what do they tell us?The only one that has any meaning for me is plan content. This is easier with a software tool – and I strongly favour using software to help manage your program. You can, of course, write plans using MS-Office, but you have little ability to summate across documents, or to have audit trails, or to discover inconsistencies between parts of the organizationThere are many good tools. In the past I have used LDRPS and MyCOOP, but I presently use ORBIT from Italy.
  18. (At this point the audience examined a handout)Whether you use software or a manual process, you can interrogate content:Are the roles in the management team populated?Is the callout tree fully populated?Do the telephone numbers appear to be correct – right number of digits etc?Does the supplier list appear to be correct – service, SLA details, contract details, contact points?Does the plan show the critical applications and equipment for recovery?Are resource levels listed?And so on…..By giving these (and other) items a score, you can then rate an individual plan. You can compare plans from one Division against another, and so onUsing a software tool, we used to interrogate 400 plans every month (the routine took about an hour to run) and could then give very valuable feedback to each business. It helped us decide where to offer extra training, and highlighted possible flaws in our planning approach…very useful metrics indeed.
  19. But now to exercises. I think this is the most relevant and important thing to measureExercising is the absolute key to a BCM capability. If you don’t exercise, you simply have bits of paper – you don’t have a capability.
  20. If we start by deciding WHAT to test, we might want to look at historical data. This data is from SunGard in the UK, and shows the most common reasons for invoking work area recoveryConsistently over the past years, hardware failures, power failures and communications (networks/phone systems) failures have been the most common causes of business disruption – so maybe your testing program should use these as starting scenarios?(Note that for simplicity I am using test/exercise inter-changeably. I know there are various distinctions between test/drill/exercise/rehearsal, but I don’t want that to cloud the discussion today.
  21. A simple way of measuring exercises is to use this pyramid. This is adapted from IP owned by Barclaycard in the UKAt the simplest level, orientation briefings are a type of exercise. Discussing and auditing plans (i.e. more interactive) gives another level of confidence.As we move up the pyramid, the level of assurance that the exercise gives us also goes up. The scale, cost and complexity of the exercise also rises.The best possible exercise is a genuine invocation – a real event – but I’m sure we would all rather plan our exercises that move straight to a full-scale fire or earthquake!Note also that as you move up the pyramid, the risk to day-to-day business also increases. Somewhere, you will find a trade-off between risk appetite, risk assurance and cost, that is appropriate for your organization
  22. If you take one layer of the pyramid, it’s fairly easy to get some data about IT components – hardware and softwareHere’s a simple matrix that shows whether the application (in this case) has been PROVEN to have recovery that meets the RTO as defined BY THE BIA. Not “defined by the IT department” – but defined by the business process/function owner.The detail here isn’t important, but you can easily see that there are a number of red cells, and this is where testing resource (money and effort) should be focussed in the next period. This is an example of metrics aiding our planning and budgeting activitiesIf you have completed BIA for your organization, you could construct this matrix next week with the support of your IT colleagues. This one is quite easy….
  23. Moving up the pyramid further, here’s a way of measuring business exercises.In one company I know, we used to measure various components of every exercise every time
  24. For example, we measured how many staff took part in the exercise compared with how many staff would be invoked in the BC planSimplistically, if 100 staff would be invoked in the plan, and 20 were part of the exercise, we gave that 2/10
  25. Similarly, we measured how much hardware and equipment was being exercised compared with the full planNote here that it is possible that no hardware was recovered (if you work in a virtual or cloud environment perhaps). Unlikely, but possible
  26. Again, for applications, what’s the scope of the exercise compared with full plan invocationOther components covered:TelephonyDataVital recordsEtcetc
  27. What this gave us was this marvellous graph.Summated over many exercises over many months, I get two linesThe blue line is the “scale” of the exercise – how close to full invocation (how clase to reality) was itThe success (the “score”) of the exercise – how successful was it compared to business objectivesWhat you can see at a glance is that the far left (staff resources) had low scale (not many took part) but that element was successful.What you can also see is that telephony-simple (by which I mean desktop phones/faxes) and telephony-complex (by which I mean contact centres) were both low scope and low score. This company didn’t test much telephony, and what it tested was not very successfulNow, we have more metrics than immediately tells a story to top management. HERE (telephony) is where we need to spend time and effort next period to enhance our capability. This is no longer “Chris thinks” – this is real data
  28. This organization then turned historical data into forward-looking targets and Key Risk Indicators. The data is set at Divisional level, averaged across multiple exercisesFor clarity, the target is a KPI (Key Performance Indicator) – this is what I expect you to achieve.The KRI (Key Risk Indicator) is the level at which I am flagging a problem; a risk to the business caused by inappropriate capability In the first year, all targets were the same, at 68. You can see that some Divisions are above KPI (are green), some are below KRI (are red) and some are in between (amber/yellow)
  29. Graphically, it’s easier to see
  30. After a couple of years, the data enabled the organization to get more sophisticated, and set targets based on business criticalityDivisions J&amp;K were the most critical, so had the highest KPIs.What you see here is still a red-amber-green (which still allows targeting of resource and effort). But, a ‘green’ score for Division A (69.21 against target of 68) is a ‘red’ score for Division K (anything below 85.5 was ‘red’ for Division K).The data has thus allowed us to reflect business realities.
  31. Graphically, it’s easier to see this distinction
  32. Finally, let’s spend some time looking at the program as a whole, exploring different components
  33. This organization measured the whole program at a Divisional level. Again, we started by setting variable targets, according to perceived business criticalityIn this example, the Division was rated as ‘high’ criticality, with a 1-3 day recovery time. Giving this the scale that you see on the graph, this Division has a numeric criticality value of 10(I know that business criticality and recovery are effectively parallels of each other – I’m suggesting this as one method, not a perfect methods)
  34. The maximum possible criticality score was 15. We assigned target scores in bands. The Divisions which scored 9, 10 or 11 had the targets aboveNote the 725 target score for top criticality Divisions
  35. So how was the 725 set?Well, we took the organization’s BCMS (business continuity management system) and assigned a points value against each and every clause.In the first iteration, we simply had a yes/no response, but soon realized this wasn’t fair. For some clauses, the Division might have done 50% of what was required, but that wasn’t the same as “yes, we have done this”. So, we chose the sliding scale aboveAgain, I recognize that this is subjective, and your organization would choose different points-values and different scales….but as a way of starting metrication, it may be an approach worth thinking about.This is quite a time-consuming task – firstly to assign the right relative values to each clause, and then to mark the organizational units, but I think it Is worthwhile
  36. Another feature of a resilience or recovery capability relates to infrastructureHere, we rated different buildings against different infrastructure components. Without knowing anything about the methodology, you can instantly see that the building bottom-right is more resilient than the building top-left. Which building would you rather work in? Which building should be targeted for investment? The graphs are simple, but compelling.The ones you choose might be different, but here we chose: (Starting at 12:00) – Mains power, dual-feed or single-feed (and we set dual as ‘green’ and single as ‘red’Generator – can the generator run the building on full load for a day (‘red’ was no; ‘green’ was ‘yes’; ‘amber’ was either not-full-load or not-full-dayUPS Comms Room – is there UPS to all comms rooms (server rooms) n the building (‘yes’ is ‘green’ and no is ‘red’)And so onYou can choose different components, and set the width of the pie-slice, according to your preferences.
  37. Another key component of a resilience/continuity capability is the supply chain. The next few slides will talk through this.For each critical supplier, one organization conducted face-to-face interviews/workshops with the supplier relationship team (comprising supplier representative and organization representative)