Disaster Management Asia Conference Elvin Chan

Reconciling Budgetary Restrictions within Your

Organization in Order to Successfully Manage Your

Business Continuity and Disaster Recovery Plan

ByElvin Chan JD MBCP CPA Ceng

DISASTER MANAGEMENT 2015 REGIONAL CONFERENCE

10 February 2015

Hotel Istana, Kuala Lumpur, Malaysia

Elvin CHAN 10 Feb 2015 2

Reconciling Budgetary Restrictions

• Why are there budgetary restrictions on BC/DR programs• Why is the understanding business strategic priorities so important• Rationalizing the requirements is the key• Speaking Excom’s language (correctly) can make a huge difference• How to use existing risk management governance structure to your

advantage• Why do we need to embed BC/DR into project management cycle


Why are there budgetary restrictions on BC/DR programs


Budgetary restrictions on BC/DR programs




Budgetary restrictions on BC/DR programs• Typical scenarios:• New premises, systems or

processes do not have BC/DR capabilities planned• Existing premises, systems

or processes do not have BC/DR built-in



•New premises, systems or processes:• Short time-to-market• Not enough financial

budget• Not realize the

importance of BC/DR


Budgetary restrictions on BC/DR programs• Existing premises,

systems or processes:• Pre-occupied by daily

operations or initiatives• Cost pressure• Departmental silos


Budgetary restrictions on BC/DR programs• But they are NOT the root cause,

just excuses

The root cause that BC/DR requirement is ranked behind other business priorities


This is why understanding business strategic priorities is so important


Understanding business strategic priorities

• Starting with business’s vision• Example: “Our goal is to become the

preferred company for all our stakeholders” – AXA Group• Who are the stakeholders?• Shareholders• Customers• Employees• Suppliers• Community as a whole


Understanding business strategic priorities

• Shareholders prefer a company which satisfies their expected return on their invested capital

• Customers prefer a company which provides services and products that satisfies their needs

• Employees prefer a company which satisfies their career preferences

• Suppliers prefer a company which offers business opportunities to them that are matched with their business objectives

• Community prefers a company which is socially responsible


Understanding business strategic priorities • BC/DR requirements align with business

strategic priorities when:• It enhances the probability to achieve

shareholders’ expected return on investment• It ensures the products and services are

available to customers to satisfy their needs• It helps building an environment that align

with employees’ career preferences• It protects the business opportunities

offered to suppliers that are matched with their interests

• It enables the company to be a socially responsible to the community


Rationalizing the requirements is the key


Rationalizing the requirements

• Competing BIA results e.g. RTO, recovery seat requirement• Impact-over-time assessments can be

very subjective• Difficult to reconcile across

departments and processes• Validate using Service Level

Agreements may be more objective



• Starts with overall SLA e.g. commitment to customers, contract obligations• Analyze the critical path in the

overall value chain to ascertain the cycle time (or internal SLA) and interdependencies of each critical activities



• Another perspective: MBCO or “Minimum Operating Level”• It is a risk appetite parameter• Quantitatively, we can define it from

cashflow needs over a specified period• “In order to meet the cash outflow

obligations of $XXXXX in a month, we will need to deliver XXX units of product X to get paid”


Speaking Excom’s language (correctly) can make a huge difference

19

Speaking Excom’s Language

• Common language is always important in all kinds of communications to minimize noise• If your audience does not understand your requirement or cannot

compare your requirement with other priorities, it can never be approved• Speaking Excom’s language correctly is the most important factor in

securing BC/DR budget



• Balanced Scorecard (BSC) often contains Excom’s the short term target / plan• Example:• Financial: 15% improvement on Net Income• Customer: Reduce the churn by 25%• Internal Process: Implement online self-service

system to improve service request lead-time by 20%• Learning and growth: All non-sales training to be

conducted on e-learning platform



• Improvement on NI may come from:• Growth in revenue• Reduction of costs

• How much growth in revenue can be protected from BI• How much costs can be avoided

from BI



• Loss of customers may be result of:• Dissatisfied about the products/services• Dissatisfied about the pricing• Dissatisfied about the company (e.g.

reputation)

• How many customers may be retained as a result of reduced frequency/length of interruption• How many customers may be retained as

a result of better preservation of reputation



• Improve service request lead-time by online self-service may be the result of:• Availability of online self-service portal• User-friendliness of the portal

• How much portal availability can be saved from interruption• How much lead-time can be eliminated as a

result of avoided interruption



• Achievement of the objective on conducting all non-sales training through e-learning may be affected by:• Availability of e-learning platform

• How much platform availability can be saved from interruption



• Is it good enough?The Key i

s to

QUANTIFY



• The best common language must be financials• So many types of financial ratios, which

on is the best?• “The best” is a myth• Should follow the business’s financial

appraisal practices• Common practices are Return on

Investment, Net Present Value and Internal Rate of Return


How to use existing risk management governance structure to your advantage


Risk Management Governance Structure• Insufficient BC/DR protection leads to

higher probability and/or severity of risks that may lead to interruption• Whole landscape of risks is altered and

thus risk management governance structure e.g. risk committee shall be informed• BCM shall participate in corporate

overall risk assessment instead of conducting our own one


Risk Management Governance Structure• E.g. Single critical supplier may

• Increase the probability of failure of the supplier chain

• Lead more severe impact of non-delivery or late delivery:

• Financial: Cashflow impacts, additional costs to patchwork the issue

• Operational: Normal production schedule interrupted and management intervention on the planning would be increase significantly

• Reputational: Customers may lose confidence, and rumours of bigger problems (e.g. bankruptcy)

• Legal: May breach contracts or legislations/regulations


Risk Management Governance Structure

• Win-win situation: Risk committee realizes the true landscape of risks that the business is facing and deficiencies in BC/DR may be addressed in risk management action plans• Even if management decided to

monitor and accept the BC/DR risk, as it is formally accepted by management, it’s your business’ risk appetite


Why do we need to embed BC/DR into project management cycle


Embed BC/DR into PM Cycle

• Not every project manager realizes the importance of BC/DR when his project is put into production• Sometimes even if the PM

understands, he cannot allocate resources for BC/DR as it is not mandated in project governance process• Best practice is to embed BC/DR

tollgate in PM cycle


Embed BC/DR into PM Cycle

• Question #1: Why not add BC/DR controls later when in production?• Answer #1: Overall cost will be higher as it

involves change management• Question #2: How many BC/DR measures

should I put into the project?• Answer #2: Easy – BIA • Question #3: It is not yet in production, how to

estimate impacts of outage?• Answer #3: Easy – SLA


Conclusion

Budgetary Constraints on

BC / DR Initiatives

ALIGNMENT WITH STRATEGIC BUSINESS PRIORITIES

RATIONALIZING THE REQUIREMENTS

SPEAKING EXCOM’S LANGUAGE

EXISTING

INTEGRATE BC/DR ISSUES

INTO ENTERPRISE RISK

ASSESSMENT

NEW

MANDATE BC/DR TOLLGATE

IN ALL NEW PROJECTS


Questions?

Documents

Disaster Management Asia Conference Elvin Chan