Presentation is loading. Please wait.

Presentation is loading. Please wait.

2005 Montague Technology Management, Inc. All Rights Reserved. Business Continuity for Small and Medium-Size Enterprises: Issues and Answers...and a short.

Similar presentations


Presentation on theme: "2005 Montague Technology Management, Inc. All Rights Reserved. Business Continuity for Small and Medium-Size Enterprises: Issues and Answers...and a short."— Presentation transcript:

1 2005 Montague Technology Management, Inc. All Rights Reserved. Business Continuity for Small and Medium-Size Enterprises: Issues and Answers...and a short brief on Sarbanes-Oxley Kathleen A. Lucey tel:

2 2005 Montague Technology Management, Inc. All Rights Reserved. Sarbanes-Oxley, briefly Internal controls on financial reporting: Section 404 SOX pertains only to public companies, but... Oriented to results and objectives, not a checklist to follow. Reasonable Man theory PCAOB (Public Company Accounting Oversight Board) responsible for auditing the auditors Applicability: annual financial statements of public companies with fiscal years ending Nov. 15, 2004 or later.

3 2005 Montague Technology Management, Inc. All Rights Reserved. Sarbanes-Oxley, briefly Compliance with Section 404 reporting requirements: internal controls on financial reporting No one yet knows exactly what compliance means PCAOB clarification of Auditing Standard 2: Audit of Internal Controls over Financial Reporting Temporary Rule for #2 in effect though July 15, 2005 SEC Announcement of Roundtable for April 2005 SEC will also accept comments on 404 experience for posting on website

4 2005 Montague Technology Management, Inc. All Rights Reserved. Section 404 Objectives maintain effective internal control over financial reporting means that no material weaknesses exist... obtain reasonable assurance that no such material weaknesses exist... Significant deficiency or material weakness exists if there is: more than a remote likelihood that a financial statement misstatement more than inconsequential will NOT be prevented or detected. Remote is defined to mean chance of future event occurring is slight.

5 2005 Montague Technology Management, Inc. All Rights Reserved. Players Senior Executives and Board members Audit Committee, internal Auditors External Auditors Lawyers: Sections 307 and Gatekeepers First reported use of SOX Section 307 on Dec. 12, 2004: Law firm informs Board of TV/Azteca and does a noisy withdrawal. Stock drops 9%. Law firm loses client. NY Times article. General Counsel SEC prosecutions: »Stanley Silverstein, Warnaco »Jonathan Orlick, Gemstar-TV Guide »Leonard Goldner, Symbol Technologies

6 2005 Montague Technology Management, Inc. All Rights Reserved. Google Case January 13, 2005: SEC charges Google failed to register $80 million in stock options awarded over 2 years prior to IPO. SEC charges David Drummond, Google General Counsel: failed to properly advise Board of registration requirements. Attorneys who undertake action on behalf of their company are no less accountable than any other corporate officers. By deciding Google could escape its disclosure requirements, and failing to inform the Board of the legal risks of his determination, Drummond caused the company to run afoul of the federal securities laws. ---Helane Morrison, SEC District Administrator

7 2005 Montague Technology Management, Inc. All Rights Reserved. Outside Counsel Outside Counsel SEC prosecutions: »More than half of cases in last two years »As gatekeepers, lawyers are scrutinized. SEC is actively looking to enforce actions against lawyers who assist in cover-ups, fraud, and misleading disclosures, or obstruction of internal investigations. The SEC is very urgently looking for lawyers to make examples of. –William Sherma, Morrison & Foerster, Palo Alto, CA

8 2005 Montague Technology Management, Inc. All Rights Reserved. References SEC Roundtable: 13.htmwww.sec.gov/news/press/ htm PCAOB clarification on Auditing Standard No. 1: PCAOB clarification on Auditing Standard No. 2: Speech by Stephen M. Cutler, Director of SEC Division of Enforcement, September 20, 2004: The Themes of Sarbanes-Oxley as Reflected in the Commissions Enforcement Program. Bobelian, Michael: GCs in the Crosshairs, New York Law Journal,

9 2005 Montague Technology Management, Inc. All Rights Reserved. AND NOW FOR SOMETHING COMPLETELY DIFFERENT:

10 2005 Montague Technology Management, Inc. All Rights Reserved. BUSINESS CONTINUITY (BC) AT SMALL AND MEDIUM SIZE ENTERPRISES (SMES)

11 2005 Montague Technology Management, Inc. All Rights Reserved. the other kind of SME (subject matter expert)... Wally the consultant

12 2005 Montague Technology Management, Inc. All Rights Reserved. Status CONTINUITY AT SMALL AND MEDIUM-SIZE BUSINESSES IS CRITICAL SMEs are the job-generation engines of the economy SMEs represent more than half the value of the economy. Considerably greater awareness and concern...but not a lot of action. Why? Traditional techniques are designed for large, regulated corporations and government agencies. Need tools specifically designed for SMEs.

13 2005 Montague Technology Management, Inc. All Rights Reserved. Corporate Methodology vs. SME Needs Corporate / Government BIA – Business Impact Analysis. Planning target: Worst-case generic scenario Continuity Plan used only in case of very severe events (fire, bombing, etc.) Still is heavily oriented to Information Technology Recovery. Expensive to develop and to maintain

14 2005 Montague Technology Management, Inc. All Rights Reserved. Corporate Methodology vs. SME Needs Corporate / Government BIA – Business Impact Analysis. Planning target: Worst-case generic scenario Continuity Plan used only in case of very severe events (fire, bombing, etc.) Still is heavily oriented to Information Technology Recovery. Expensive to develop and to maintain SMEs across all Sectors Informal identification of all activities and their risks. Planning target: scenario classes for all interruptions. Continuity capability used for ALL interruptions. Incorporates avoidance as well as recovery. focuses on business priorities. Provides visible benefits throughout gradual development.

15 2005 Montague Technology Management, Inc. All Rights Reserved. START WITH THE PROPER EVENT D N A Definition, Notification, Action START WITH THE PROPER EVENT D N A Definition, Notification, Action

16 2005 Montague Technology Management, Inc. All Rights Reserved. Where are MOST of the Continuity Challenges ?? CONTINUITY ISSUES Catastrophic Interruptions Minor Interruptions Everyday Blips Process Dysfunctions SOLUTIONS Continuity Availability Reliability Engineering Core Business Value Chain Processes

17 2005 Montague Technology Management, Inc. All Rights Reserved. What is DNA? Definition of all interruptions into scenario classes. Notification Notification and communication activities required for various kinds of scenario classes. Actions and Programs for avoidance, mitigation, and recovery.

18 2005 Montague Technology Management, Inc. All Rights Reserved. Lack of Correct Definition can cause emergency response tragedies: Regional Blackout of August 14, 2003 Three Mile Island 9/11

19 2005 Montague Technology Management, Inc. All Rights Reserved. Notification and Communication tools and strategies must be: Carefully designed for feasibility Understood and rehearsed Cover both initial interruption logistics management and continuing communications needs.

20 2005 Montague Technology Management, Inc. All Rights Reserved. Actions and Programs Implemented Additive: chosen to cover the least severe (most probable) scenarios first. Include avoidance and mitigation programs to lower the number of interruptions. Provide measurable and visible benefits during all phases of development.

21 2005 Montague Technology Management, Inc. All Rights Reserved. Jump-starting the Process for SMEs FIRST STEPS: 1 Define Interruption Scenario Classes: Internal and External

22 2005 Montague Technology Management, Inc. All Rights Reserved. Interruption Scenario Classes EXTERNAL SCENARIOS Classes: 1 - minor (a and b) to 5 - catastrophic External scenario characteristics: Day / time (workday hours, non-working hours) Geographic scope Length of time Premises infrastructure services impact Firm premises damage Injuries to firm personnel Effect on workplace

23 2005 Montague Technology Management, Inc. All Rights Reserved. External Scenario Classes DURATION OF INTERRUPTION BY CLASS ClassLength of Interruption 1: Minor less than 1 day 2: Significant 1-3 days 3: Serious 3-5 days 4: Very serious 5-10 days 5: Catastrophic 10 or more days

24 2005 Montague Technology Management, Inc. All Rights Reserved. Internal Scenario Classes Specific to each firm and each site. For example: ClassDescription ALocal equipment failure BLocal Access Control System failure CLocal network outage DWorkplace violence ESupplier outage FCentral site network outage GKey staff succession planning HNegative PR incident

25 2005 Montague Technology Management, Inc. All Rights Reserved. Jump-starting the Process FIRST STEPS: 2 Design Strategies and Tools by Scenario Class: Additive continuity components and interruption avoidance / mitigation measures.

26 2005 Montague Technology Management, Inc. All Rights Reserved. Jump-starting the Process FIRST STEPS: 3 Gap Analysis: The firms current capability vs. the recommended set of continuity components and avoidance / mitigation measures, by scenario class. = list of projects

27 2005 Montague Technology Management, Inc. All Rights Reserved. Jump-starting the Process FIRST STEPS: 4. Project Plan: Timeline and cost estimates to move forward using reasonable criteria: Probability of event. Impact of event on people and operations. Support baseline interruption logistics. Business process priority. Cost and ease of implementation.

28 2005 Montague Technology Management, Inc. All Rights Reserved. Spotlight Benefits Spread development costs over time by beginning first with the baseline strategies and tools necessary for all interruption scenarios. covering minor interruptions first and building to catastrophic scenarios step-by-step as warranted. Demonstrate clearly the benefits of each tool as it is implemented: avoid analysis paralysis and the eternal perfection of development. Move to implement the avoidance and mitigation measures for those scenarios with the greatest probability and greatest impact.

29 2005 Montague Technology Management, Inc. All Rights Reserved. Make It Visible Ensure that the benefits from each continuity tool or strategy are clearly understood by the firms partners or owners: visible measurable present-able. If the owners dont see the benefits, there arent any!

30 2005 Montague Technology Management, Inc. All Rights Reserved. Kathleen Lucey President, Montague Technology Management , Questions???


Download ppt "2005 Montague Technology Management, Inc. All Rights Reserved. Business Continuity for Small and Medium-Size Enterprises: Issues and Answers...and a short."

Similar presentations


Ads by Google