Wipro Consulting Implementation Challenges in BCM Vinay N
Wipro Consulting Implementation Challenges in BCM Vinay N Disley
Index > Presentation Agenda > Components of BCM > Implementation Challenges in BCM > Conclusion separately
Presentation Agenda “To highlight key BCM Implementation Challenges that organizations face while drawing up a BCM framework and its subsequent Roll-out as part of their BCM Journey”
BCM Components 1 Understanding your Business 5 2 Exercising, Maintenance & Audit Building & Embedding BCM Culture 4 Source: Business Continuity Institute BCM Program Management Business Continuity Strategies Develop & Implement BCM Response 3
Challenges in BCM Implementation
1# Lack of Understanding • No references to Reputation Risk or failure of Suppliers • Telecom failures & backup of IT Systems also referred as BCM • 32% of respondents still perceive Disaster Recovery as BCM Source: Business Continuity Institute Only 42% of the respondents have correctly answered: “ BCM is protecting the core running of the business if an unexpected event occurs. ”
2# Expanding Threat List • Sharp rise in incidents due to extreme weather from 9% in 2006 to 28% in 2007 • Threats like utility outages and industrial actions which were 2005 -2007 Disruption not identified separately till 2004, occupy 28% share in 2007 table reflects, no threat • In 2007 alone, BCP was invoked for all the identified can bethreats ignored or discounted. Source: Chartered Management Institute BCM Research Report, 2007
3# Changing Risk Profile • Top three threats are external threats, where organizations have little control over the prevention and management • High reliance on governmental guidance and support to provide an effective response against these external threats • IT Failure is the first internal threat that tops the list • Telecom failure are perceived to be a low risk area Source: Business Continuity Institute 28% of respondents perceive terrorist threat as the biggest threat to the business in the forthcoming years.
4# Mapping of Right BCM Drivers • Regulatory compliance “PUSH” factor is the third most important factor identified by respondents • Protecting employees, retaining customers and maximizing productivity are the critical “PULL” factors identified by respondents Source: Business Continuity Institute Identifying “PUSH” and “PULL” factors for your organization is critical to the success of BCM Implementation.
5# Stakeholder Identification & participation • Human Resources function rose from fourth in 2005 to top of the table in 2006 • IT functions still plays greater role on BCP front in most of the organizations • External parties like critical vendors and suppliers are still to find a separate place in the creation phase of BCP Source: Chartered Management Institute BCM Research Report, 2006 Only 36% of respondents confirmed involvement of business functions in the creation of the BCP.
6# Having the Right Ownership • Overall, 60% of the organization have BCM ownership with Senior Management and Board Members • 27% of the organizations have personnel dedicated to BCM • Close to 30% of the organization have BCM ownership assigned to middle-level managers or operational staff Source: Business Continuity Institute Business Continuity Management is no longer seen as an extension of IT with only 28% of IT personnel taking responsibility for Business Continuity.
7# Capability Evaluation • Legislation and Regulations have come out to be strong drivers for BCM Capability evaluation • BCM Capability evaluation has been identified as critical activity by most of the respondents Source: Chartered Management Institute BCM Research Report, 2007 34% of respondents refer to some sort of best practice guidelines to align, validate and benchmark their BCM processes.
8# BCM Communication • BCPs continue to be primarily reported to senior management and board teams • Little communication to investing community on BCP front • 22% of the organization regularly communicate to Regulators on BCP front Source: Chartered Management Institute BCM Research Report, 2006 Only 1 in 10 organizations are communicating their BCPs to suppliers and just 19 per cent to customers.
9# Budgetary Support • Managing Directors are most likely to hold budget for BCM • Some organizations have also emerged with dedicated BCM Manager with budgetary powers Source: Chartered Management Institute BCM Research Report, 2007 23 per cent of respondents who have a BCP indicate that there is no budget to back it up.
10# Testing • % of Managers whose organization rehearse their BCP once or twice a year have not changed considerably in last few years • Customers who are the second biggest driver for BCM, have failed to demand strong evidence of BCP rehearsal from their suppliers • 80% of those who have rehearsed had come across shortcomings in their BCPs Source: Chartered Management Institute BCM Research Report, 2007 37% of respondents reported that they do not rehearse their BCPs at all. Thus There is a danger that many of these plans will not work when most needed.
Other Common Challenges > Changes in Business Environment (New Services/M&A/ People transition/New Operating Geographies etc) > Building BCM Culture (Value Add to my Business/People Element /Additional Roles & Responsibilities/Not part of Core Business/Low probability) > Continuous Review, Validation & Audits (Management effort & Commitment/ Updating Documents/ Communicating new changes/ Full time effort/ Budgetary constraint on dedicated resources) > Changing Regulatory Landscape (New Legislations & Regulatory Requirements [HIPAA/SOX/Basel II/Civil Contingencies Act]/ Dedicated and Skilled team to meet compliance requirements/ Strong and Continuous Audit Support) > Skilled Manpower (Shortage of Domain Experts/Budgetary Constraints)
Conclusion Process Change Mgt Education Testing Review Testing Design Procedures Risk Reduction Continuity Process One Time Create Planning Organisation BCM Framework Recovery Strategy Risk Assessment Business Impact Analysis Policy Organisation Resources Project Initiation Management Ownership & Support Scope Global Best Practices Corporate Governance On Going Strong BCM Culture
Thank You “An excellent strategy without execution will result in failure. And, perfect execution of a bad strategy will still result in failure. . "
Wipro’s Service Offerings Wipro’s Security Governance Offerings (Horizontal) Advisory ISO 27001 Information Risk Mgmnt BCP/ DRP Policy Framework Application Audits Assurance Implementation Services Awareness & Training Balanced Score Card Information Asset Profiling CISO Services Identity Management Single Sign On/ Directory Solns User Provisioning WSS & PKI Design Evaluate Implement Sustenance, Post Production Technical Risk Assessment Vulnerability Assessment Penetration Testing Forensic Services Application Testing Technology Security Solutions Compliance Basel II AML Sarbanes Oxley SSE-CMM ISO 15048 Data Protection/ Privacy 19
- Slides: 19