Upload
chrisggreen
View
205
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Measuring the value of business continuity programs. You can't manage what you can't measure. How to show value from your business continuity (BCM) program.
Citation preview
Managing To Measure
& Measuring To
Manage
Christopher Green FBCI
Today’s Session
- Why Measure?
What to measure? BIA Plan Development Testing BC Program
Why Measure?
Why Measure?
Why Measure?
Why Measure?
Future Events?
What to Measure?
•Plans ?•BIA ?•Callout ?•Exercises?•Crisis Capability ?
•Whole Program ?
•Reputation ?
BCM Lifecycle
1
2
34
5
6
7
8
10
9
PROBABILITY
SEVERITY
Risk Heatmap
Day 1 Day 3 Week 1 0
50
100
150
200
250
300
Loss of Income
Extra Expenses
Opportunity Costs
The Financial Cost
The Operational Cost
Critical Operations?
LEVEL OF HARM
A B C D E
NATURE OF HARM RELEVANTMEASURE
Extremely serious harm
Very serious harm
Serious harm Minor harm
No significant
harm
Financial Loss(loss of sales,
unforeseen costs, legal liabilities, fraud)
Total financial impact: Over £10m £1m to
£9.9m£100k to
£1m£10k to
£99k Under £10k
Degraded performance
(failure to achieve targets, loss of productivity)
Key targets under-
achieved by:Over 10% 6% to 10% 1% to 5% Less than
1% No Impact
Number of staff hours
wastedOver 10,000 Staff hours.
1001 to 10,000 Staff
hours501 to 1000 Staff hours
100 to 500 staff hours
0 to 100 staff hours
What’s The HARM – 1?
LEVEL OF HARM
A B C D E
NATURE OF HARM RELEVANTMEASURE
Extremely serious harm
Very serious harm
Serious harm Minor harm
No significant
harm
Performance Loss(Customers)
Customers not Served:
More than 20% 12-20% 10-12% 5-10% <5%
Reputation Loss
Bad Publicity in:
National and international
media
National media,
inside pages
Local media, front
Local media,
restricted
No coverage
What’s The HARM – 2?
What’s The HARM – 3?
LEVEL OF HARM
LOCATION Total HARM
A(*20)
B(*5)
C(*3)
D(*2)
E(*1)
Location 5 113 4 4 2 2 3
Location 7 100 5 0 0 0 0
Location 1 100 3 5 4 0 3Location 3 94 3 5 2 0 3Location 6 85 1 4 9 5 8
Measuring Plan Development
We can count… Number of Plans ? Number of Changes ? Regular Sign-off ? Content of Plan ?
Measuring Plan Development
But it’s easy to count the wrong data….
Plan Health Check
Measuring Exercises
2005
2006
2007
2008
2009
2010
2011
2012
05
1015202530
35404550
Power
Hardware
Terrorism
Communications
Flooding
Data Corruption
What to Test?
Orientation Briefing
Event
Offsite - Multiple BU
Full Simulation
Desktop - Timed / IT Technical Test
Plan Audit / Discussion
Offsite Exercise - Single BU
Desktop / Walkthrough / IT Technical Test
Measuring Exercises
System/Service RAGAdvantage Elite GREEN
ALEAXIS GREENAssistance GREEN
Auda Enterprise Archive Server REDAudatex (Home) GREENAudatex (Motor) GREEN
Bentley Motor Claims AMBERBIS Printing AMBER
Blue Bay AMBERBody Management System AMBER
Business Intelligence AMBERCEDAR-O GREEN
Cedar Financials (Rupert) REDChordiant (Host) GREENChordiant (Off Host) GREEN
Cicsfax GREENCOGNOS Powerplay RED
Complaints MI GREENDelphi RED
Direct Connect MIS REDDirect Connect Voice Recording GREEN
Direct Marketing Information System (Closed) REDDirect Connect – SAP-RG GREEN
DVLA GREENE Commerce Daily MI GREEN
E Financials (Closed) GREENeCRM GREEN
eCRM Payment Gateway GREENEquifax GREEN
Fax_web/Connect (Access to IS2000) GREENFIDOSCAN RED
Finsure GREENGentran GREEN
Goldmine GREENHibernate REDHALCO (Barrell) GREENHALCO (Guize) GREEN
IS2000 GREENITP Rating and Pricing RED
Landscape GREENLotus Notes GREEN
System/Service RAGMAM REDMicrostrategy GREEN
National Hunter Claims GREENNetConnect GREENNetConnect SAS GREENNET_Database REDNUCLEAR MEDICINE RED
Oracle Financials GREENOracle FM GREENPersonnel Lines GREEN
Probe REDPSF GREENPULSE GREEN
RAS (Closed) GREENRAS BASE STRATA REDRedman Reporter REDRedman Scheduler GREENRobotic manuals GREENSAS BAA-G GREENSAS MIA-L GREENSAS MIA-M GREENSolcase (Barrell) REDSolcase (Guize) RED
Special Risks Application REDStolen Vehicle Recovery System (TRACKER) GREEN
Teamsite AMBERToucan Lite GREENTARDIS (Tracker) AMBERUIS (Clement) AMBERUIS (Devolved) AMBERUK MI Data Warehouse GREENUK MI Seahorse GREENUK Overseas Data Feeds GREEN
ULTRA GREENVectus GREEN
Vehicle Asset Management (TRACKER) GREENVoice Recording (Family) GREEN
Web Channels (Household) GREENWeb Channels (Life) GREENWeb Channels (Motor) GREEN
Web Channels (UK Special Partnerships) GREEN
IT DR Status
For Every Recovery Test Every Business Every Year
.......... We measured up to 13 components
Could also apply it to crisis exercises, callout tests etc.
Measuring Exercise Components
Measuring an Exercise - 1
Q1: How many STAFF will take part in the exercise compared with full recovery requirements?
10 9 8 7 6 5 4 3 2 1 Criticality(1 to 10)
Q2: How much HARDWARE is in scope compared with full recovery requirements?
10 9 8 7 6 5 4 3 2 1 Not part of plan
Criticality(1 to 10)
Measuring an Exercise - 2
Q3: How many APPLICATIONS are being tested compared with full recovery requirements?
10 9 8 7 6 5 4 3 2 1 Not part of plan
Criticality(1 to 10)
Measuring an Exercise - 3
Scale and Score
Division Target Actual KRI RAG
Div A 68 76.58 58 Green
Div B 68 74.45 58 Green
Div C 68 78.91 58 Green
Div D 68 69.26 58 Green
Div E 68 50.71 58 Red
Div F 68 56.18 58 Red
Div G 68 63.43 58 Amber
Div H 68 61.30 58 Amber
Div J 68 76.99 58 Green
Div K 68 50.41 58 Red
Average 68 67.88 58 Amber
Key Risk Indicators – 1
Div A Div B Div C Div D Div E Div F Div G Div H Div J Div K20
30
40
50
60
70
80
BCM Testing KRI - Score
Target
Actual
KRI
Division
Sco
re
Key Risk Indicators – 2
Division Target Actual KRI RAG
Div A 68.0 69.21 58 Green
Div B 72.2 74.45 64 Green
Div C 72.2 78.91 64 Green
Div D 75.8 77.26 66 Green
Div E 56.5 42.12 50 Red
Div F 56.0 48.20 50 Red
Div G 56.0 53.56 50 Amber
Div H 80.0 75.60 72 Amber
Div J 85.5 85.88 75 Green
Div K 85.5 74.33 75 Red
Average 73.0 72.41 62.4 Amber
Key Risk Indicators – 3
Key Risk Indicators – 4
Div A Div B Div C Div D Div E Div F Div G Div H Div J Div K20
30
40
50
60
70
80
90
100
BCM Testing KRI - Score
Target
Actual
KRI
Division
Sco
re
Programme Measurement
Programme Measurement
Variable Targets
Detailed Statements
Mains
Generator
UPS CommsUPS Desk
Run Time
Cooling
Water Mains
Generator
UPS CommsUPS Desk
Run Time
Cooling Water
Mains
Generator
UPS CommsUPS Desk
Run Time
Cooling Water
Mains
Generator
UPS CommsUPS Desk
Run Time
Cooling WaterMains
Generator
UPS CommsUPS Desk
Run Time
Cooling WaterMains
Generator
UPS CommsUPS Desk
Run Time
Cooling Water
Location Risk Wheels
1. Quality Scores Below are the agreed quality scores for the contract which reflect the level of compliance with Policy and the overall effectiveness of the controls in place.
QUALITY SCORE FOR EACH REVIEW SECTION
Total Quality Rating
Supplier Performance Relationship Management BCM
Performance
Financial Review
Value Improvement
Contract Management
Change Management
Risk Management
Exit Arrangements
Business Continuity Mgt.
2012 Review Score 2 3 2 3 3 3 2 3 21 Green
2011 Review Score 2 3 0 0 2 2 0 2 11 Red
Supplier Reviews
Supplier Reviews
8 10 12 14 16 18 20 22 24 260
10
20
30
40
50
60
70
80
90
100
Contract Value vs Review Score
Contract Value (£m)
Review Score
Co
ntr
act
Val
ue
In the main, higher value contracts have a better score = better managed.
However, some large value contracts have poor scores
Supplier Reviews
Trend Analysis
Div A Div B Div C Div D Div E Div F0
10
20
30
40
50
60
70
80
90
100
2009201020112012
Summary
Why Measure? What to Measure? BIA Testing BC Programme
Is BCM an Expense......?
Common views by senior management?
“BC costs us money”
“It’s a necessary evil”
“It doesn’t increase the bottom line”
.....or an Investment?
Benefits Easier bid / tender
qualification Differentiates our
proposition – offers quality and reliable service
Reduces risk in supply or value chain network
ISO 22301?
Measurement Adds Value
Measurement provides level playing field
Applicable to public, private and voluntary sectors: size doesn’t matter
Measurement provides roadmap
Can be used to enhance current BCM
Incentive for senior management to take it more seriously
Helps target investment
Thanks