How Mature Is Your Business Continuity Program? by: Scott Ream Pages: 26-30; January, 2002

Size: px
Start display at page:

Download "How Mature Is Your Business Continuity Program? by: Scott Ream Pages: 26-30; January, 2002"

Transcription

1 Source: Article Title. How Mature Is Your Business Continuity Program? January, 2002: pp Reprinted with permission from Witter Publishing Corp. Content contained on How Mature Is Your Business Continuity Program? by: Scott Ream Pages: 26-30; January, 2002 Be it under the banner of disaster recovery, contingency planning, or business continuity management, the discipline of business protection has been around for over 40 years. And yet today, the discipline still lacks many of the sophisticated tools that would allow business continuity professionals to objectively measure the maturity of a company's business continuity program. For instance, consider the following scenario: The business continuity manager for an international manufacturer is responsible for directing the company's business continuity management (BCM) program. While management talks about the importance of assuring business continuity, to date the company's program is not much more than an ad hoc effort by a few departments who willingly give the business continuity manager their time and attention. The manager knows that her company's BCM program is not as strong as it could be, and she has a good idea of where she would like the program to be. But how does she demonstrate to senior management that there is a deficiency in the current program and show them the "evolutionary path" she knows will lead to better recoverability across the enterprise? Several years ago, Jerry Klawitter, the manager of Investment Banking BCM Americas for JP Morgan Chase, faced just such a scenario. He needed a way to objectively benchmark his BCM program against other firms in the investment banking industry. While speaking with his consultants, he expressed an interest in researching what, if any, tools were available at the time. Several "capabilities maturity models" existed for various disciplines, including software development. However, for the business continuity field, nothing had yet been developed. The opportunity to build one appeared worth pursuing, and the idea for a Business Continuity Management Maturity Model was born. BCM as a Sustainable Business Process The first consideration was to determine what factors most significantly influence the development of a sustainable BCM program. It was determined that for a BCM program to be sustainable, it must be implemented as a business process. Other enterprisewide business processes can be highly sustainable when implemented effectively, e.g., budgeting and personnel performance evaluations. The common success factors of such implementations include: Enterprisewide commitment, driven from the top down, and the recognition that it is the responsibility of every manager to be knowledgeable and accountable for the implementation of these processes (budgeting and personnel) within his or her functional area The existence of a dedicated corporate department or group, staffed with professionals deeply knowledgeable in the business discipline, functioning as internal consultants, trainers, and facilitators who support the management team and their staff in the execution of their individual responsibilities

2 The development of a companywide infrastructure that reinforces the value and importance of the discipline, including the presence of well-articulated company policy, the integration of specific performance measurements in the company's management incentive and audit programs, the development of a skills competency baseline, a competency development program, and a variety of communications vehicles that keep the message in front of the management team on a consistent basis Applying these factors to the implementation of a sustainable BCM program, the following Program Basics emerged: The commitment of senior management to drive and fund the BCM program, grounded in the corporate recognition that responsibility for BCM rests with every manager in the organization The availability of professional business continuity personnel to manage, deliver, and administer a program that adheres to accepted best practices The application of prudent and practical business continuity governance supported by a properly implemented infrastructure Tracking a Program's Maturity With the basic ingredients for establishing a sustainable program identified, the evolutionary path for the emergence of this BCM program as it matures could now be characterized. It was determined that this path should articulate how the BCM program matures from simple participation to complex interactions between participants. Based on comparisons with a variety of successful enterprise BCM program implementations, the following milestones along this evolutionary path came to light: Milestone 1 All departments across the enterprise have been included in the BCM program. All the Program Basics described above are now in place and the enterprise has completed an appropriately scaled program launch that distributes BCM responsibility across all departments. Every critical business function is covered by a business continuity plan. Milestone 2 The participants have gained expertise with and confidence in BCM principles. They are able to develop, write, and test more complex plans. Risk assessment, business impact analysis, and mitigation activities have become familiar exercises. Critical multidepartmental aspects of the business are now being integrated into the business protection strategy. Milestone 3 The BCM program now encompasses the full scope of the business and keeps pace with change in the organization. Enterprise business processes are protected through appropriately structured cross-functional recovery plans and risk mitigation programs. Creative new continuity strategies are identified, evaluated, and utilized as appropriate. These milestones and program ingredients fit into a six-level maturity development sequence (Figure). Levels One through Three represent organizations that have not yet completed the necessary Program Basics needed to launch a sustainable enterprise BCM program. Levels Four through Six represent the evolutionary path of the maturing enterprise BCM program.

3 Level 1: Self-Governed Business continuity management has not yet been recognized as strategically important by senior management. There is no enterprise governance or centrally coordinated support function. If the company has a BCM policy, it is not enforced. Individual business units and departments are "on their own" to organize, implement, and self-govern their business continuity efforts. The state of preparedness is generally low across the enterprise. Level 2: Supported Self-Governed At least one business unit or corporate function has recognized the strategic importance of business continuity and has begun efforts to increase executive and enterprisewide awareness. At least one internal or external BCM professional is available to support the business continuity efforts of the participating business units and departments. The state of preparedness may be moderate for participants but remains relatively low across the majority of the company. Senior management may see the value of a BCM program but they are unwilling to make it a priority at this time. Level 3: Centrally Governed Participating business units and departments have instituted a rudimentary governance program, mandating at least limited compliance to standardized BCM policy, practices, and processes to which they have commonly agreed. (Note: this is not necessarily an enterprise BCM policy.) A BCM program office or department has been established, which centrally delivers BCM governance and support services to the participating departments and/or business units. Audit findings from these participants are being used to reinforce competitive and strategic advantage for their groups. Senior management interest is being piqued. Interest in leveraging the work already done is being promoted as a business driver for launching a BCM program. Several business units and departments have achieved a high state of preparedness. However, as a whole, the enterprise is at best moderately prepared. Senior management, as a group, has not yet committed the enterprise to a BCM program, although they may have a project under way to assess the business case for it. Level 4: Enterprise Awakening Senior management understands and is committed to the strategic importance of an effective BCM program. An enforceable, practical BCM policy has been adopted. A BCM program office or department has been created to govern the program and support all enterprise participants. Each group has acquired its own and/or utilizes the central BCM professional resources. BCM policy, practices, and processes are being standardized across the enterprise. A BCM competency baseline was developed and a competency development program is under way. All critical business functions have been identified and continuity plans for their protection have been developed across the enterprise. Departments conduct "unit tests" of critical business continuity plan elements. All business continuity plans are updated routinely. Level 5: Planned Growth All business units and departments have completed tests on all elements of their business continuity plans, and their plan update methods have proven to be effective. Senior management has participated in crisis management exercises. A multiyear plan has been adopted to continuously "raise the bar" for planning sophistication and enterprisewide state of preparedness. An energetic communications and training program exists to sustain the high level of business continuity awareness following a structured BCM competency maturity program. Audit reports no longer highlight business continuity shortcomings. Examples of

4 strategic and competitive advantage achieved from the BCM program are highlighted in periodic enterprise communications. Business continuity plans and tests incorporate multidepartmental considerations of critical enterprise business processes. Level 6: Synergistic All business units have a measurably high degree of business continuity planning competency. Complex business protection strategies are formulated and tested successfully. Cross-functional coordination has led participants to develop and successfully test upstream and downstream integration of their business continuity plans. Tight integration with the company's change control methods and continuous process improvement keeps the organization at an appropriately high state of preparedness, even though the business environment continues to change radically and rapidly. Innovative policy, practices, processes, and technologies are piloted and incorporated into the BCM program. Note that at each level companies may progress to the next level or, if they lose momentum, fall back one or more levels. As with any business process, if the supporting infrastructure is removed or significantly diminished, the effectiveness of the BCM program will deteriorate and with it the company's state of preparedness. Why Should Management Buy In? The key to other maturity models is the fundamental business value derived by the organization as it progresses up the scale (e.g., reduced errors, faster delivery, and improved on-time, on-budget performance). Within the BCM Maturity Model, self-governing (Levels 1-2) can work, but without the infrastructure investment it will not be sustainable, and cross-functional recovery strategies will be more difficult to implement. Why would business management be interested in reaching Level 6 to become synergistic? Integrating BCM into existing business processes minimizes rework, mitigates risk by becoming part of normal business thinking, reduces the scale of the core BCM program function, and promotes interoperability across integrated business functions. Through wider acceptance, use, and refinement, this BCM Maturity Model can be of significant benefit to the business continuity profession at large. The model can be used by professionals to address some key questions raised by their managers, such as: Where are we now? What level of BCM program maturity do we currently possess? What is the target we are shooting for? What does a mature BCM program look like? What evolutionary path do we want to follow to get there? What level of BCM program maturity do we want to achieve next? The model can also be used in other ways, such as: 1. A concept tool helpful in persuading senior management to invest appropriate resources in establishing a sustainable BCM program 2. A benchmark measurement tool for any organization looking to evaluate how their efforts compare with others in their industry, geographic region, or other relevant classification 3. An evaluation tool that can be used by auditors and insurers to objectively assess the effectiveness of an organization's state of preparedness, leading to more accurate risk assessment and program direction As business continuity management continues to evolve over the next 40 years, many

5 breakthroughs in technology, practices, and other business tools will undoubtedly occur. In these post September 11 times, business continuity is gaining broader support. Through recognition of BCM's value as a sustainable enterprise business process, continued diligence and forbearance on the part of business continuity practitioners, and an effort to further standardize terminology, methods, and practices by all those within the field, these gains will continue. About the Author Scott Ream is president and founder of Virtual Corporation. He can be reached at (800) 944-VIRT or via at BCM Maturity Model is a trademark of Virtual Corporation. The Maturity Model in Action In May 2000, Virtual Corporation hosted the opening morning breakfast at the CPM 2000 Conference & Exhibition. Over 250 attendees responded to an interactive questionnaire comprised of 21 targeted questions designed to uncover the essence of the respondents' BCM programs. Of course, as with any survey exercise the results are subject to deviation. However, the aggregate results were remarkable, and industry aggregates were the most telling. Looking at these statistics (Figure, below), one notices that the results reflect higher maturity levels in most industries than experience would suggest. For example, 66 percent of all respondents were at Level 4 and above, which seems unreasonably high. The banking and telecommunications industries have historically led other industries in BCM maturity for a variety of reasons, including the presence of government regulation mandating certain business continuity requirements. For these reasons, companies in the banking and telecommunications industries generally demonstrate BCM maturity levels of 3 and above. Most other industries, however, tend to score lower, at Level 3 and below. Why were the survey results so positive? Perhaps this is explained by the fact that the CPM conference attracts companies that have an active interest in business continuity. In fact, many attendees are certified business continuity professionals. This level of personal and corporate commitment is a key ingredient in building a sustainable BCM program.

6 Participate in Maturity Model Research Projects Three projects are currently under way, for which participants are being sought: 1. In preparation for an updated Baseline Study for 2002, a survey questionnaire is currently being tested via Virtual Corporation's Web site, To participate in the survey, go to the site and click on "BCM Maturity Model Survey." Your answers will be evaluated and a determination of where your organization is within the BCM Maturity Model will be calculated. You then will be asked to respond to a number of related questions to assess the accuracy of the calculation. The outcome of this research will greatly strengthen the quality of the survey used for the 2002 Baseline Study. 2. Virtual Corporation is mapping degrees of competency in each subject area of the complete DRI/BCI Professional Practices Guideline to corresponding levels in the BCM Maturity Model. Individuals interested in helping with this project are asked to e- mail Scott Ream at 3. Virtual Corporation recently established a live discussion database at (click on "BCM Maturity Model Discussion"). The primary objective of this discussion database is to explore how the BCM Maturity Model can be utilized and refined.

Business Continuity Maturity Model

Business Continuity Maturity Model Business Continuity Maturity Model Version 1.4 Last Updated: April 4, 2007 Contact Virtual Corporation for latest revision Prepared by Virtual Corporation, Inc. Village Green Annex 98 Route, Suite 12 Budd

More information

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM A WHITE PAPER CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM AUTHORS: Neil A. Smith, MBCP nsmith24@csc.com Sandra Riddell, MBCI sriddel4@csc.com CSC Papers 2013 ABSTRACT The auditors said

More information

Business Continuity in Healthcare

Business Continuity in Healthcare Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,

More information

Using the Business Continuity Maturity Model To Gain Executive Approval. June 20, 2006

Using the Business Continuity Maturity Model To Gain Executive Approval. June 20, 2006 Using the Business Continuity Maturity Model To Gain Executive Approval Margaret Langsett, Executive Vice President, Virtual Corporation Manfred Heinzlreiter, CBCP, Managing Partner, BR- i.com June 20,

More information

Adopting a Continuous Integration / Continuous Delivery Model to Improve Software Delivery

Adopting a Continuous Integration / Continuous Delivery Model to Improve Software Delivery Customer Success Stories TEKsystems Global Services Adopting a Continuous Integration / Continuous Delivery Model to Improve Software Delivery COMMUNICATIONS AGILE TRANSFORMATION SERVICES Executive Summary

More information

Business Continuity / Disaster Recovery Context

Business Continuity / Disaster Recovery Context Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal

More information

DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY

DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY DEVELOPING AN EFFECTIVE INTERNAL AUDIT TECHNOLOGY STRATEGY SEPTEMBER 2012 DISCLAIMER Copyright 2012 by The Institute of Internal Auditors (IIA) located at 247 Maitland Ave., Altamonte Springs, Fla., 32701,

More information

Where is Your Print Strategy? An IDC interactive document, sponsored by HP

Where is Your Print Strategy? An IDC interactive document, sponsored by HP Where is Your Print Strategy? An IDC interactive document, sponsored by HP Where is Your Print Strategy? Organizations have the opportunity to reduce costs, increase productivity, increase security and

More information

DATA QUALITY MATURITY

DATA QUALITY MATURITY 3 DATA QUALITY MATURITY CHAPTER OUTLINE 3.1 The Data Quality Strategy 35 3.2 A Data Quality Framework 38 3.3 A Data Quality Capability/Maturity Model 42 3.4 Mapping Framework Components to the Maturity

More information

The Business Continuity Maturity Continuum

The Business Continuity Maturity Continuum The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity

More information

Make Global Recruiting a Winning Strategy

Make Global Recruiting a Winning Strategy Make Global Recruiting a Winning Strategy A ManpowerGroup TM Solutions White Paper Make Global Recruiting a Winning Strategy Today s global workforce is on the move like never before. Macro-economic forces,

More information

Making the Transition to MSP 2.0

Making the Transition to MSP 2.0 PERSPECTIVE ARTICLE Making the Transition to MSP 2.0 From Implementation Impressario to Innovation Incubator Is Your MSP a Strategic Partner or a Tactical Solutions Provider? A discussion on the changing

More information

Supply Chain Maturity and Business Performance: Assessment and Impact

Supply Chain Maturity and Business Performance: Assessment and Impact Supply Chain Maturity and Business Performance: Assessment and Impact Abstract When evaluating your supply chain, no gap should exist between where your suppliers capabilities end and your capabilities

More information

Finding, Fixing and Preventing Data Quality Issues in Financial Institutions Today

Finding, Fixing and Preventing Data Quality Issues in Financial Institutions Today Finding, Fixing and Preventing Data Quality Issues in Financial Institutions Today FIS Consulting Services 800.822.6758 Introduction Without consistent and reliable data, accurate reporting and sound decision-making

More information

Is Business Continuity Certification Right for Your Organization?

Is Business Continuity Certification Right for Your Organization? 2008-2013 AVALUTION CONSULTING, LLC ALL RIGHTS RESERVED i This white paper analyzes the business case for pursuing organizational business continuity certification, including what it takes to complete

More information

The Resilient IT Infrastructure

The Resilient IT Infrastructure The Resilient IT Infrastructure Jeremy Wong Senior Vice President BCM Institute Republic Polytechnic, Block W4, Level 1, LR-W4B 25 November 2013 Jeremy Wong Senior Vice President Business Continuity Management

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Making A Case For Project Management

Making A Case For Project Management AN INTERTHINK CONSULTING WHITE PAPER Making A Case For Project Management An Overview Of Interthink Consulting's Project Management Business Case Approach Contents: Introduction Defining Organizational

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Business Analyst to Business Architect

Business Analyst to Business Architect Business Analyst to Business Architect To Infinity... and Beyond! White Paper March 2010 Authors: Jack Hilty Cathy Brunsting Editor: Janice Koerber Copyright 2010 SentientPoint, Inc. All Rights Reserved

More information

Introduction to Strategic Supply Chain Network Design Perspectives and Methodologies to Tackle the Most Challenging Supply Chain Network Dilemmas

Introduction to Strategic Supply Chain Network Design Perspectives and Methodologies to Tackle the Most Challenging Supply Chain Network Dilemmas Introduction to Strategic Supply Chain Network Design Perspectives and Methodologies to Tackle the Most Challenging Supply Chain Network Dilemmas D E L I V E R I N G S U P P L Y C H A I N E X C E L L E

More information

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Fortune 500 Medical Devices Company Addresses Unique Device Identification Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit

More information

Project Management in Software Development

Project Management in Software Development Project Management in Software Development Taking the Complexity Out of June 2012 Nick Castellina, Nuris Ismail Project Management in Software Development: Taking the Complexity Out of In a survey conducted

More information

Successfully identifying, assessing and managing risks for stakeholders

Successfully identifying, assessing and managing risks for stakeholders Introduction Names like Enron, Worldcom, Barings Bank and Menu Foods are household names but unfortunately as examples of what can go wrong. With these recent high profile business failures, people have

More information

Start Anywhere and Go Everywhere with Cloud Services for HR

Start Anywhere and Go Everywhere with Cloud Services for HR SAP Brief SAP Services Cloud Services for Human Capital Management Objectives Start Anywhere and Go Everywhere with Cloud Services for HR Propel your business to success Propel your business to success

More information

CFA Institute Contingency Reserves Investment Policy Effective 8 February 2012

CFA Institute Contingency Reserves Investment Policy Effective 8 February 2012 CFA Institute Contingency Reserves Investment Policy Effective 8 February 2012 Purpose This policy statement provides guidance to CFA Institute management and Board regarding the CFA Institute Reserves

More information

Cost of Poor Quality:

Cost of Poor Quality: Cost of Poor Quality: Analysis for IT Service Management Software Software Concurrent Session: ISE 09 Wed. May 23, 8:00 AM 9:00 AM Presenter: Daniel Zrymiak Key Points: Use the Cost of Poor Quality: Failure

More information

State of Maine Public Utilities Commission Emergency Services Communication Bureau

State of Maine Public Utilities Commission Emergency Services Communication Bureau Recommendations for Establishing and Maintaining a Quality Assurance Program Related to PSAP Quality Assurance Executive Summary Submitted March 2011 to: State of Maine Public Utilities Commission Emergency

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Strategic Plan for the Enterprise Portfolio Project Management Office Governors Office of Information Technology... Ron Huston Director

Strategic Plan for the Enterprise Portfolio Project Management Office Governors Office of Information Technology... Ron Huston Director Strategic Plan for the Enterprise Portfolio Project Management Office Governors Office of Information Technology.......... June 2010 Ron Huston Director Message from the State Enterprise Portfolio Project

More information

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R L a c k o f O p e r a t i o n a l R e s i l i e n c e W i l l U n d e r m i n e E n t e r p r i s e C o m p e t i t i v e n e s s : A S t r a t e g y f o r A v a i l a b i l i t y Sponsored

More information

4G LTE Wireless Local Loop:

4G LTE Wireless Local Loop: 4G LTE Wireless Local Loop: Meeting the Challenges of a Changing Rural Marketplace NetAmerica Alliance Background Remarkable changes are taking place throughout the rural telecommunications industry. A

More information

Scheduling Process Maturity Level Self Assessment Questionnaire

Scheduling Process Maturity Level Self Assessment Questionnaire Scheduling Process Maturity Level Self Assessment Questionnaire Process improvement usually begins with an analysis of the current state. The purpose of this document is to provide a means to undertake

More information

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management

More information

Survey of more than 1,500 Auditors Concludes that Audit Professionals are Not Maximizing Use of Available Audit Technology

Survey of more than 1,500 Auditors Concludes that Audit Professionals are Not Maximizing Use of Available Audit Technology Survey of more than 1,500 Auditors Concludes that Audit Professionals are Not Maximizing Use of Available Audit Technology Key findings from the survey include: while audit software tools have been available

More information

AICPA Discussion Paper - Enhancing Audit Quality, Plans and Perspectives for the U.S. CPA Profession

AICPA Discussion Paper - Enhancing Audit Quality, Plans and Perspectives for the U.S. CPA Profession November 7, 2014 VIA E-MAIL EAQ@aicpa.org Re: AICPA Discussion Paper - Enhancing Audit Quality, Plans and Perspectives for the U.S. CPA Profession To the Members of the AICPA Discussion Paper Initiative:

More information

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

The IBM Data Governance Council Maturity Model: Building a roadmap for effective data governance

The IBM Data Governance Council Maturity Model: Building a roadmap for effective data governance October 2007 The IBM Data Governance Council Maturity Model: Building a roadmap for effective data governance Page 2 Introduction It s been said that IT is the engine for growth and business innovation

More information

Auditing the Unthinkable: Business Continuity and Disaster Recovery. Agenda

Auditing the Unthinkable: Business Continuity and Disaster Recovery. Agenda Auditing the Unthinkable: Business Continuity and Disaster Recovery The Institute of Internal Auditors Moderator: Paul J. Sobel, CIA, CPA Vice President, Internal Audit Mirant Corporation Agenda Introduction

More information

ABA Homeland Security Law Institute Panel. Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability

ABA Homeland Security Law Institute Panel. Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability ABA Homeland Security Law Institute Panel Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability March 23, 2012 Remarks of Stephen Amitay, Counsel to ASIS International

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

Elevating Your Career in Business Continuity

Elevating Your Career in Business Continuity Elevating Your Career in Business Continuity ~ Assess Your Marketability & Formulate a Career Path Cheyene Haase BC Management, Inc. Topics of Presentation Progression to Today s BC Professional Career

More information

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES Cost-Effective, Legally Defensible Records Management Does This Sound Familiar? A data breach could send our share price tumbling. I need to minimise our

More information

IT Risk & Security Specialist Position Description

IT Risk & Security Specialist Position Description Specialist Position Description February 9, 2015 Specialist Position Description February 9, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 2 Explanation of Proficiency Level

More information

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value BC / DR Implementation Tying Disaster Investment to Measurable Business Value Continuity Insights Conference May 16-18, 2005 Agenda Purpose Discuss best practice process and tools that might be leveraged

More information

IBM index reveals key indicators of business continuity exposure and maturity

IBM index reveals key indicators of business continuity exposure and maturity IBM Global Technology Services Business Continuity and Resiliency Services IBM index reveals key indicators of business continuity exposure and maturity Will a more holistic approach to business continuity

More information

Three proven methods to achieve a higher ROI from data mining

Three proven methods to achieve a higher ROI from data mining IBM SPSS Modeler Three proven methods to achieve a higher ROI from data mining Take your business results to the next level Highlights: Incorporate additional types of data in your predictive models By

More information

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute

More information

September 2015. IFAC Member Compliance Program Strategy, 2016 2018

September 2015. IFAC Member Compliance Program Strategy, 2016 2018 September 2015 IFAC Member Compliance Program Strategy, 2016 2018 This Strategy is issued by the International Federation of Accountants (IFAC ) with the advice and oversight of the Compliance Advisory

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

The Role of Internal Audit In Business Continuity Planning

The Role of Internal Audit In Business Continuity Planning The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information

More information

4 Testing General and Automated Controls

4 Testing General and Automated Controls 4 Testing General and Automated Controls Learning Objectives To understand the reasons for testing; To have an idea about Audit Planning and Testing; To discuss testing critical control points; To learn

More information

A Capability Model for Business Analytics: Part 2 Assessing Analytic Capabilities

A Capability Model for Business Analytics: Part 2 Assessing Analytic Capabilities A Capability Model for Business Analytics: Part 2 Assessing Analytic Capabilities The first article of this series presented the capability model for business analytics that is illustrated in Figure One.

More information

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52

More information

Contingency Plan 32 Success Secrets. Copyright by Philip Downs

Contingency Plan 32 Success Secrets. Copyright by Philip Downs Contingency Plan 32 Success Secrets Copyright by Philip Downs Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical,

More information

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. OPTIMUS SBR CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. Optimizing Results with Business Intelligence Governance This paper investigates the importance of establishing a robust Business Intelligence (BI)

More information

TO CREDIT UNIONS DATE: June 10, 1998

TO CREDIT UNIONS DATE: June 10, 1998 NATIONAL CREDIT UNION ADMINISTRATION NATIONAL CREDIT UNION SHARE INSURANCE FUND LETTER LETTER NO.: 98-CU-12 TO CREDIT UNIONS DATE: June 10, 1998 SUBJECT: Business Resumption Contingency Planning Letter

More information

Project Services. How do we do it?

Project Services. How do we do it? Project Services Many organisations struggle with inconsistent or poor project management performance across their business. Sometimes the failure to deliver on time and on budget (or at all!) is simply

More information

SAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance.

SAP Overview Brochure. Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. SAP Overview Brochure Confidence Powers Success. SAP Solutions for Governance, Risk, and Compliance. Table of Contents 3) Build trust to achieve business results Introduction 4-5) Gain clarity from greater

More information

Armchair Quarterbacking in Sales Organizations

Armchair Quarterbacking in Sales Organizations Armchair Quarterbacking in Sales Organizations A fresh look at optimizing the sales force Michael T. Spellecy, Corporate Vice President and Managing Consultant, Maritz 2012 Maritz All rights reserved Abstract

More information

BIM Pilot Getting Started Guide. For Construction Professionals. next

BIM Pilot Getting Started Guide. For Construction Professionals. next BIM Pilot Getting Started Guide For Construction Professionals Moving to BIM can seem like a daunting task. This guide provides a simple framework that helps you get started putting BIM into practice in

More information

Much attention has been focused recently on enterprise risk management (ERM),

Much attention has been focused recently on enterprise risk management (ERM), By S. Michael McLaughlin and Karen DeToro Much attention has been focused recently on enterprise risk management (ERM), not just in the insurance industry but in other industries as well. Across all industries,

More information

Global and US Trends in Management Consulting A Kennedy Information Perspective

Global and US Trends in Management Consulting A Kennedy Information Perspective Global and US Trends in Management Consulting A Kennedy Information Perspective Summary There is firm evidence of significant growth in the management consulting industry in 2005 and 2006. In some markets,

More information

Business Continuity Standards A Primer

Business Continuity Standards A Primer INTELLIGENT NOTIFICATION Alphabet Soup: Making Sense of BC/DR Standards Part 1: Business Continuity Standards A Primer Why all the attention now? One of the hottest topics in BC/DR these days is standards.

More information

The IBM data governance blueprint: Leveraging best practices and proven technologies

The IBM data governance blueprint: Leveraging best practices and proven technologies May 2007 The IBM data governance blueprint: Leveraging best practices and proven technologies Page 2 Introduction In the past few years, dozens of high-profile incidents involving process failures and

More information

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview

More information

Health Data Analytics. Data to Value For Small and Medium Healthcare organizations

Health Data Analytics. Data to Value For Small and Medium Healthcare organizations Health Data Analytics Data to Value For Small and Medium Healthcare organizations HEALTH DATA ANALYTICS WHITE PAPER JULY 2013 GREENCASTLE CONSULTING Abstract This paper is targeted toward small and medium

More information

HB 292 2006 A Practitioners Guide to Business Continuity Management

HB 292 2006 A Practitioners Guide to Business Continuity Management HB 292 2006 A Practitioners Guide to Business Continuity Management HB HB 292 2006 Handbook A practitioners guide to business continuity management First published as HB 292 2006. COPYRIGHT Standards Australia

More information

Our focus on audit quality

Our focus on audit quality August 2011 Our focus on audit quality Contents To capital market stakeholders 1 Executive summary 3 The elements of a foundation that promotes audit quality 6 Independence and integrity 6 Core behaviors

More information

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts GOVERNANCE DEFINED Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts Governance over the use of technology assets can be seen

More information

Introduction to Business Continuity Planning

Introduction to Business Continuity Planning Introduction to Business Continuity Planning Business Continuity and Disaster Resilience Forum May 10, 2012 Rizal Ballroom A, Makati Shangri-la Manila, Philippines Dr Goh Moh Heng President BCM Institute

More information

Supplier Relationships Lecture 7. Briony Boydell Managing Business Relationships

Supplier Relationships Lecture 7. Briony Boydell Managing Business Relationships Supplier Relationships Lecture 7 Briony Boydell Managing Business Relationships Objectives of lecture Identify the types of relationships within the supply chain Discuss the benefits of improved relations

More information

RESEARCH PAPERS FACULTY OF MATERIALS SCIENCE AND TECHNOLOGY IN TRNAVA SLOVAK UNIVERSITY OF TECHNOLOGY IN BRATISLAVA

RESEARCH PAPERS FACULTY OF MATERIALS SCIENCE AND TECHNOLOGY IN TRNAVA SLOVAK UNIVERSITY OF TECHNOLOGY IN BRATISLAVA RESEARCH PAPERS FACULTY OF MATERIALS SCIENCE AND TECHNOLOGY IN TRNAVA SLOVAK UNIVERSITY OF TECHNOLOGY IN BRATISLAVA 2012 Special Number QUALITY IN SERVICE MANAGEMENT SYSTEM ACCORDING TO ISO 20000 Ružena

More information

Reaching CMM Levels 2 and 3 with the Rational Unified Process

Reaching CMM Levels 2 and 3 with the Rational Unified Process Reaching CMM Levels 2 and 3 with the Rational Unified Process Rational Software White Paper TP174 Table of Contents INTRODUCTION... 1 LEVEL-2, REPEATABLE... 3 Requirements Management... 3 Software Project

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

Implementing the value chain of the future

Implementing the value chain of the future Implementing the value chain of the future KPMG s Operations Advisory Practice Our mission Our vision is to help member firms clients create breakthrough competitive advantage by designing and implementing

More information

BUSINESS PLAN. 2012/13 to 2014/15 LAND TITLE AND SURVEY AUTHORITY OF BC

BUSINESS PLAN. 2012/13 to 2014/15 LAND TITLE AND SURVEY AUTHORITY OF BC BUSINESS PLAN 2012/13 to 2014/15 LAND TITLE AND SURVEY AUTHORITY OF BC TABLE OF CONTENTS Message from the Chair of the Board of Directors and the President and Chief Executive Officer 01 Business Priorities

More information

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES June 2003 TABLE OF CONTENTS 1.0 INTRODUCTION... 1 1.1 READINESS IS YOUR ONLY PROTECTION... 1 1.2 APPLICATION OF THE GUIDELINES...

More information

The Cybersecurity Journey How to Begin an Integrated Cybersecurity Program. Version 1.0 March 2005

The Cybersecurity Journey How to Begin an Integrated Cybersecurity Program. Version 1.0 March 2005 The Cybersecurity Journey How to Begin an Integrated Cybersecurity Program March 2005 Legal and Copyright Notice The Chemical Industry Data Exchange (CIDX) is a nonprofit corporation, incorporated in the

More information

Project Portfolio Management Assessment

Project Portfolio Management Assessment Management Assessment PREPARED FOR: DIAGNOSTIC PROGRAM POWERED BY INFO-TECH RESEARCH GROUP MAY 11TH, 201 Powered by: Data is comprised of feedback from 2 respondents, including: James Joyce, Virginia Woolf

More information

Process Assessment and Improvement Approach

Process Assessment and Improvement Approach Process Assessment and Improvement Approach June 2008 The information contained in this document represents the current view of Virtify on the issues discussed as of the date of publication. Virtify cannot

More information

5 STEPS TO ISO 14001:2015

5 STEPS TO ISO 14001:2015 CONTENTS 5 STEPS TO ISO 14001:2015 3 GETTING STARTED 7 NEXT STEPS 13 Ramboll Environ 5 STEPS TO ISO 14001:2015 Summary New version of ISO 14001 now available Ramboll Environ has produced this five step

More information

SAP BUSINESSOBJECTS SUPPLY CHAIN PERFORMANCE MANAGEMENT IMPROVING SUPPLY CHAIN EFFECTIVENESS

SAP BUSINESSOBJECTS SUPPLY CHAIN PERFORMANCE MANAGEMENT IMPROVING SUPPLY CHAIN EFFECTIVENESS SAP Solution in Detail SAP BusinessObjects Enterprise Performance Management Solutions SAP BUSINESSOBJECTS SUPPLY CHAIN PERFORMANCE MANAGEMENT IMPROVING SUPPLY CHAIN EFFECTIVENESS The SAP BusinessObjects

More information

Serena Dimensions CM. Develop your enterprise applications collaboratively securely and efficiently SOLUTION BRIEF

Serena Dimensions CM. Develop your enterprise applications collaboratively securely and efficiently SOLUTION BRIEF Serena Dimensions CM Develop your enterprise applications collaboratively securely and efficiently SOLUTION BRIEF Move Fast Without Breaking Things With Dimensions CM 14, I am able to integrate continuously

More information

How Technology Supports Project, Program and Portfolio Management

How Technology Supports Project, Program and Portfolio Management WHITE PAPER: HOW TECHNOLOGY SUPPORTS PROJECT, PROGRAM AND PORTFOLIO MANAGEMENT SERIES 4 OF 4 How Technology Supports Project, Program and Portfolio Management SEPTEMBER 2007 Enrico Boverino CA CLARITY

More information

Measuring your most important Asset: Human Capital

Measuring your most important Asset: Human Capital Measuring your most important Asset: Human Capital Workforce Analytics Training We are all familiar with the conventional HR metrics that are frequently used in organizations today Turnover rate, time

More information

SENIOR SYSTEMS ANALYST

SENIOR SYSTEMS ANALYST CITY OF MONTEBELLO 109 DEFINITION Under general administrative direction of the City Administrator, provides advanced professional support to departments with very complex computer systems, programs and

More information

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

Victorian Government Risk Management Framework. March 2015

Victorian Government Risk Management Framework. March 2015 Victorian Government Risk Management Framework March 2015 This document reproduces parts of the AS/NZS ISO 31000:2099 Risk Management Principles and Guidelines. Permission has been granted by SAI Global

More information

CREATING A LEAN BUSINESS SYSTEM

CREATING A LEAN BUSINESS SYSTEM CREATING A LEAN BUSINESS SYSTEM This white paper provides an overview of The Lean Business Model how it was developed and how it can be used by enterprises that have decided to embark on a journey to create

More information

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES 20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal

More information

Leveraging CMMI framework for Engineering Services

Leveraging CMMI framework for Engineering Services Leveraging CMMI framework for Engineering Services Regu Ayyaswamy, Mala Murugappan Tata Consultancy Services Ltd. Introduction In response to Global market demand, several OEMs adopt Global Engineering

More information

The optimization maturity model

The optimization maturity model The optimization maturity model Know where you are so you can move forward Table of contents 1 Digital optimization 2 Optimization maturity model 2 Five levels of optimization maturity 5 Benefits of becoming

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT Through CGIAR Financial Guideline No 3 Auditing Guidelines Manual the CGIAR has adopted the IIA Definition of internal auditing

More information

Becoming Reactively Proactive Rethinking compliance risk management in today's environment

Becoming Reactively Proactive Rethinking compliance risk management in today's environment Becoming Reactively Proactive Rethinking compliance risk management in today's environment J.H. Caldwell Partner Regulatory & Risk Strategies John Graetz Principal Governance, Regulatory & Risk Strategies

More information