Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013

Similar documents
The Role of Internal Audit In Business Continuity Planning

Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet

The PNC Financial Services Group, Inc. Business Continuity Program

Business Resiliency Business Continuity Management - January 14, 2014

Auditing Enterprise Business Continuity Management (BCM) Jeffrey M. Dato, MBCP Senior Manager Risk Advisory Services KPMG, LLP

The PNC Financial Services Group, Inc. Business Continuity Program

Business Continuity and Disaster Recovery Planning

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

BCP and DR. P K Patel AGM, MoF

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

Cloud Computing and Disaster Recovery

Business Continuity Management

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Solihull Clinical Commissioning Group

Il nuovo standard ISO sulla Business Continuity Scenari ed opportunità

Proposal for Business Continuity Plan and Management Review 6 August 2008

Temple university. Auditing a business continuity management BCM. November, 2015

Enterprises are transforming, market place priorities are changing, Is your business ready?

Global Statement of Business Continuity

Driving Operational Risk Management Into the Customer/Product Value Chain

Using the Cloud for Business Resilience

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

INFOSEC.MY KNOWLEDGE SHARING SESSION

Supporting information technology risk management

How to stay competitive in a converging healthcare system kpmg.com

Risk Considerations for Internal Audit

Measuring Continuity Planning Program. Performance

Company Management System. Business Continuity in SIA

Business Continuity Management

BCM Data Research within a Business Intelligence Dashboard

The Business Continuity Maturity Continuum

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

Business Continuity Standards A Primer

Introduction to Business Continuity Planning

Sustainability through Business Continuity Management

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Business Continuity Management

BT Conferencing Business Continuity Management. Planning to stay in business

Western Intergovernmental Audit Forum

Continuity Insights & KPMG LLP Present The Global Business Continuity Management (BCM) Program Benchmarking Study.

The Pitfalls of DIY Approaches to Disaster Recovery

Business Continuity Planning

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect

Global Business Continuity Management (BCM) Program Benchmarking Study. Continuity Insights & KPMG LLP Present The

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Orchestrating the New Paradigm Cloud Assurance

Key Considerations of Regulatory Compliance in the Public Cloud

White Paper: ISO Business Continuity Management An Overview. ISO Business Continuity Management An Overview

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

The Role of Internal Audit in Risk Governance

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM

Coping with a major business disruption. Some practical advice

Disaster Recovery Journal Spring World 2014

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Global Headquarters: 5 Speen Street Framingham, MA USA P F

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

Principles for BCM requirements for the Dutch financial sector and its providers.

How To Transform It Risk Management

Drive to the top. The journey, lessons, and standards of global business services. kpmg.com

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31

How to ensure control and security when moving to SaaS/cloud applications

It s tough to make the right IT decisions...

Boost BCM Program Maturity: Arm Your Team with the Right Tools. Jason Zimmerman Vice President Operations

Endorsed by: Sponsored by:

Business Continuity Management Emerging Trends

Assessing Your Information Technology Organization

Moving Forward with IT Governance and COBIT

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

A Framework for Business Continuity to Provide High Availability in Floating LNG Operations

How to measure your business resiliency

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

EVEREST GROUP NEXT GENERATION IT CONSULTING SERVICES ENTERPRISE TRANSFORMATION

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

KPMG Powered Enterprise

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT

How To Improve Your Business

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Preparing for the Convergence of Risk Management & Business Continuity

ERP. Key Initiative Overview

WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT

Rethinking contingency planning for an integrated world

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009

service supply chain business continuity risk management

Building A Framework-based Compliance Program. Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.

Business Continuity Planning in Indian Perspective

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

MHA Consulting. Business Continuity Management 101

Transcription:

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP

Agenda Introduction Business Continuity / Disaster Recovery - A Brief Background Continuity / Recovery Risk Considerations KPMG / Continuity Insights 2011/2012 Global Benchmark Survey Highlights Closing Remarks and Q&A Throughout this document, KPMG [ we, our, and us ] refers to KPMG International Cooperative ( KPMG International ), a Swiss entity, and/or to any one or more of the member firms of the KPMG network of independent firms affiliated with KPMG International. KPMG International provides no client services.

Opening Remarks and Introductions Chitra Gopalakrishnan, Advisory Director Over 15 years of IT, Security, Business Resiliency, PMO Advisory, Governance, Risk and Compliance consulting experience. Business Continuity / Disaster Recovery experience includes leading and establishing BCM program, business impact analysis, application recovery interdependency analysis and recovery strategy development, and audits and assessments of resiliency strategies. 2

Business Continuity Management A Brief Background

If we are not planning for Disasters, We d be in Trouble http://scienceblogs.com/startswithabang/ 4

Disasters Aren t Always Natural http://www.sharenator.com/more_pics_and_gifs/ 5

Major Business Continuity Program Components Business Continuity Management Emergency Response Crisis Management IT/Disaster Recovery Business Continuity Business Continuity Management Holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities. The management of recovery or continuity in the event of a disaster. Also the management of the overall program through training, rehearsals, and reviews, to ensure the program stays current and up to date. 6

BC/DR at Many Organizations http://www.cloudtweaks.com/category/blogs/ 7

A Brief History of BC/DR 8

Why Business Resiliency is More Important Than Ever The past twelve months have been awash with natural disasters. Earthquakes, tsunamis, flooding, volcanic eruptions, and uncharacteristic weather patterns have created large scale business impacts. Changes in technology, workforce expectations and unforeseen challenges are causing many companies to rethink their traditional approaches to Business Continuity and Disaster Recovery. The largest trends are less reliance on document-intensive plans and more attention to crisis management and effective communication. http://www.wired.com/dangerroom/2007/10/the-softer-side/ http://www.disasterrecoverywhitepaper.com/disaster-recovery-exercises/ Leading organizations are evaluating legacy approaches to Business Continuity and Disaster Recovery to find the right balance between effective risk management and efficient response. 9

Continuity / Recovery Risk Considerations

Risk Considerations 11

Risk Type and Treatment Overview At the highest level, there are four things that can be done with Risk: Mitigate Transfer Plan Accept Types of risk to be considered: Compliance Financial Operational Strategic Technical Contractual Lost/Deferred Revenue People Market Share Cybercrime Regulatory Opportunity Production Partnerships E-Business Service Level Agreements Shareholder Equity Supply Chain Reputational Infrastructure Failure 12

Emerging IT Risks The pace of technology change and innovation continues to gain momentum, with profound implications for how organizations operate whether it s increased adoption of mobile devices, cloud computing, or the increasing amounts and varieties of data to which organizations have access. Capabilities Business Imperatives Growth/strategy Efficiency Compliance Risk and Governance Game-changing Technology Mobile computing Big data /analytics Cloud computing Knowledge & Data 13

Enterprise Risk Coordination Business Continuity and Disaster Recovery Planning, Testing and Execution don t function in a vacuum. Information Technology Information Security Compliance Privacy Legal Risk Mgmt. Records Mgmt. BCM Physical Security / Facilities 14

Regulations, Standards, and Guidelines (Global and North America) Regulations: Federal Financial Institutions Examination Council (FFIEC) Financial Industry Regulatory Authority - FINRA Federal Energy Regulatory Commission (FERC)/ North American Electric Reliability Corporation (NERC) Common Standards/Guidelines: NFPA 1600 BS 25999 / ISO 22301 ASIS BCM.1/ASIS SPC.1 NIST SP 800 DRII/BCI COBIT ITIL ISO 27002 Australia HB 221:2004 Business Continuity Management India RBI BC Circulars Singapore MAS Business Continuity Management Guidelines UK Financial Services Authority Handbook. Commonalities Oversight Board/Reporting Program Structure Assessments Recovery Plans Training Exercising Maintenance 15

Developing a Plan: Top 5 Reasons BCP and DRP Are Not Successful Failure to Adequately / Realistically Capture Availability Needs (BIA) (and Reconcile to Associated Costs!) Lack of Understanding of Application / System Interdependencies Failure to Define and Track Metrics and Critical Success Factors Lack of Integration with Other ERM Focus Areas Failure to Obtain Top Level Support (Funding and Resources) for Business Resiliency as an Ongoing Strategic Priority / Enabler 16

KPMG / Continuity Insights 2011/2012 Global Benchmark Survey Highlights

Benchmark Highlights Key Industries Represented: Financial Services 53% Technology/Telecom 18% Professional Services 18% Insurance 11% Geographic Breakdown: US 67% Canada 8% Europe 8% South America 6% Rest of World 13% Some Other Key Statistics: 40% are Public Companies 45% are Global, Multi-Site Companies 25% have more than 20,000 Employees 17% are greater than $10B in Revenue 18

Benchmark Highlights (continued) Comparison 2006 vs. 2011/12 - Types of Events Resulting in Plan Activation 2006: 2012: Power Outage 59% 46.9% Hardware Failure 51% 30.5% Natural Disaster 46.8% 50.4% Telecom / Network Failure 41% 31% Software Failure 39.97% 30.5% KEY TAKEAWAY Companies are getting better at managing known risks, at least the risks *THEY* control! 19

Benchmark Highlights (continued) Comparison 2006 vs. 2011 - Estimate Business Disruptions have Cost Company in Past 12 Months: 2006: 2012: < $100,000 58.59% 31.7% $100,000 to $499,999 22.63% 11.7% $500,000 to $999,999 6.74% 4.9% $1 million to $5 million 7.22% 2.1% > $5 million 4.82% 2.6% Approximately 47% of the respondents that answered the question responded they Do Not Know. NOTE: Do Not Know was not an option on the 2006 Benchmark Survey. KEY TAKEAWAY Ability to measure impact of a disruption and the cost basis is improving but still a large percentage aren t comfortable in tracking/estimated these impacts. 20

Benchmark Highlights (continued) Comparison 2006 versus 2011 - Primary Reason Why Company is Using BC Program: 2006: 2012: Continuity of business operation and timely recovery when business is interrupted 72.23% 84.2% Unique competitive advantage 1.77% 14.7% Customer request or requirement 5.62% 22.0% Industry standard 8.51% 33.5% Reputation * 39.7% Address Audit Findings * 31.6% * Not part of the Benchmark Survey for a particular year KEY TAKEAWAY BCM impacts are evolving from back office to front office concerns with an increased understanding of BCM value to customers and business partners. 21

Benchmark Highlights (continued) Comparison 2006 versus 2011 Allocation of Funds for BC Initiatives 2006: 2012: Case-by Case Basis 46.87% 28.4% % of IT Budget 14.77% 10.6% % of Risk Management Budget 9.15% 7.8% % of Individual Functional 2.41% 6.0% Importance of Data & Systems at Risk 18.30% * Other 8.51% 6.8% Hybrid Chargeback Basis with Base Fee and Usage Charge * 4.2% Do Not Know * 23.0% * Not part of the Benchmark Survey for a particular year KEY TAKEAWAY BCM/DR funding is still inconsistent across organizations with a trend toward more strategic focus and less project oriented focus. 22

Benchmark Highlights (continued) Newer technologies currently implemented within your organization: 90% All Respondents 80% 60% 54% 30% 34% 0% Cloud Applications Mobile Applications Social Media KEY TAKEAWAY For these new approaches, BCM is less mature. 42% have BCM plans for Mobile Apps, 28% have BCM plans for Cloud, and 18% have plans for Social Media. 23

Impact of Cloud on Business Operations Adopting cloud has a big impact on IT, but it doesn t stop there. Critical business operations are also affected. Organizations need an enterprise-wide approach that takes in the crossfunctional effects of cloud The approach may vary, depending on the chosen cloud service model, deployment model, and the maturity of existing business and IT processes Lessons learned from outsourcing apply in the cloud As Cloud Service Providers (CSPs) practices evolve and mature, enterprise processes need to keep pace with the changing landscape. Business Operations Financial Management and Tax Security and Privacy Operational Data & Technology Regulatory and Compliance Vendor Management 24

Trends in Leveraging Cloud for Business Resiliency Cloud for Disaster Recovery (DR) continues to be a discussion for many of our clients. Cloudbased recovery services offer a way to achieve the recovery capabilities of advanced DR services at a more affordable, subscription-based price. There are concerns over security of the cloud but over time it will be a key component of disaster recovery program. The use of data replication technology continues to increase and Recovery Point Objectives (RPO) continue to lessen as end users tolerance for data loss diminishes Companies are reevaluating their DR plans for the virtual and cloud environments to address recovery complexity of applications and data spanning multiple architectures Organizations are starting to use cloud computing services to manage disaster recovery Cloud services promise to save organizations money and accelerate the recovery time 25

Leveraging Mobile for Crisis Management http://www.emc.com/collateral/data-sheet/rsa-archer-business-continunity-mgmt-mobile-app-ds.pdf http://www.microsoft.com/about/corporatecitizenship/en-us/nonprofits/helpbridge.aspx http://teamstudio.com/continuity.aspx https://play.google.com/store/apps/details?id=gov.fema.mobile.android 26

Leveraging Social Media for Crisis Management 27

Closing Remarks

Closing Remarks We see BCM remaining an organizational top priority for the next several years. The unexpected impact of natural disasters, geo-political instability, and continued interconnectivity of value chains will drive needs for BCM to evolve and improve. Embedding Business Continuity culture in the form of Operational Resiliency Customer facing processes are being prioritized Vendor resiliency continues to be an area of focus Business Continuity integration with other disciplines Cloud transformation of Disaster Recovery 29

Thank You! Chitra Gopalakrishnan Director KPMG Advisory Services chitragopalakrishnan@kpmg.com 425-533-3431

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information