We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJadyn Burkett
Modified about 1 year ago
© 2010 IBM Corporation Key Trends Driving Global Business Resilience and Risk Patrick Corcoran, Global Business Development Executive Business Continuity & Resiliency Services (BCRS)
© 2011 IBM Corporation2 Agenda What is Resiliency? Resiliency: The CIO perspective Moving forward: Building a comprehensive business resilience strategy Regional Event Learnings
© 2011 IBM Corporation3 Business resilience refers to the ability of enterprises to adapt to a continuously changing business environment. Business resilience helps organizations maintain continuous operations and protect their market share in the face of disruptions such as natural or man-made disasters. It requires the engagement of everyone in the organization and often means a change in corporate culture to instill awareness of risk. Business resilience planning is distinguished from enterprise risk management (ERM) in that it is more likely to build capacity to seize opportunities created by unexpected events.
© 2011 IBM Corporation Impact of coping with the financial turmoil Loss of critical personnel Loss of key knowledge Reduction in attention to significance of risk Reduction in testing recovery plans 4 As budgets shrink and service level requirements increase, our business becomes even more vulnerable to data loss. Disaster recovery and business continuity is one of the top IT spending priorities for many businesses. Heightened impact of business disruption Greater financial implications of downtime Brand vulnerabilities Data integrity requirements Changing environment Expanding risk exposures Increased global and regional interdependencies Supply chain disruption More complex regulations Changing industry and regulatory standards Geographic dispersal requirements Varying regulations per country Impact of coping with the financial turmoil Loss of critical personnel Loss of key knowledge Reduction in attention to significance of risk Reduction in testing recovery plans
© 2011 IBM Corporation 5 The continuous flow of information is inseparable from the operational performance of the business. Information technology is often at the epicenter of how a firm interacts with its clients Information technology is always a lever to produce highly efficient supply chains, operations and workflows In combination, these two dynamics generate an explosive growth of managed data The Facts Business resilience and information risk management are commonly on the agenda of the board of directors Firms must assess: Are we compliant? Are we reliable? Can we be trusted? Firms must decide how resilient they wish to be – contextualized in the availability, security and recoverability of their business operations Firms must evaluate the extent to which competitive advantage or disadvantage is influenced by their chosen resilience standing The Implications
© 2011 IBM Corporation6 We see both risks and opportunities affecting firms business resilience needs Frequency of occurrences per year 1, /10 1/100 1/1,000 1/10,000 1/100,000 US$1,000US$10,000 US$100,000 US$1,000,000 US$10,000,000 US$100,000,000 Frequent Infrequent Consequences (single occurrence loss) in dollars per occurrence Low High Viruses Worms Disk failures System availability failures Pandemics Natural disasters Application outages Data corruption Network problems Building fires Terrorism/civil unrest Data driven Event driven Business driven Regulatory compliance Workplace inaccessibility Failure to meet industry standards Regional power failures Governance Source: IBM Data growth Long term preservation Mergers and acquisitions New products Marketing campaigns Audits
© 2011 IBM Corporation A/C Failure Acid Leak Asbestos Bomb Threat Bomb Blast Brown Out Burst Pipe Cable Cut Chemical Spill CO Fire Coffee Machine Condensation Construction Coolant Leak Cooling Tower Leak Corrupted Data Diesel Generator Earthquake Electrical Short Epidemic Evacuation Explosion Fire Flood Fraud Frozen Pipes Hacker Hail Storm Halon Discharge Human Error Humidity Hurricane HVAC Failure H/W Error Ice Storm Insects Lightning Logic Bomb Lost Data Low Voltage Microwave Fade Network Failure Pandemic PCB Contamination Plane Crash Power Grid Outage Power Outage Power Spike Power Surge Programmer Error Raw Sewage Relocation Delay Rodents Roof Cave In Sabotage Shotgun Blast Shredded Data Sick building Smoke Damage Smoke from Restaurant Snow Strom Sprinkler Discharge Static Electricity Strike Action Swimming Pool Leak S/W Error S/W Ransom Terrorism Theft Toilet Overflow Tornado Train Derailment Transformer Fire UPS Failure Vandalism Vehicle Crash Virus Water (Various) Wind Storm Volcano / Volcano Ash Source: Contingency Planning Research, Inc. and IBM But there are many other events that have caused business disruptions/outages that don’t make headlines, but can be just as costly.
© 2011 IBM Corporation What is Resiliency? Resiliency: The CIO perspective Moving forward: Building a comprehensive business resilience strategy Regional Events Learnings 8 Agenda
© 2011 IBM Corporation9 71 % of CIOs are concerned about risk management and compliance Impact of coping with the financial turmoil Loss of critical personnel Loss of key knowledge Reduction in attention to significance of risk Reduction in testing recovery plans Technology users expect 100% availability of their applications and their information It takes 18 months for data generated to double in size Who cares about resiliency? Source: Enterprise Strategy Group, April % of organizations would experience significant revenue loss or other adverse business impact after 1 hour of downtime
© 2011 IBM Corporation 10 IT plays a critical role in developing resilience strategy IT plays a major part in building resilience Senior IT execs expected to play strong role in developing strategy Business resilience is joint responsibility of all C-level executives CIO collaborates with top IT strategists more frequently Risk contingency planning assigned to separate specialists IT function engaged in most decisions involving business risk CIO has overall responsibility for business resiliency strategy Business continuity seen as primarily IT issue Business resilience not seen as role of senior executives “IT is a big part of our risk management because nothing can be done without it these days.” Kris Wiluan, CEO, KS Energy Services Limited Source:2011 Q7. Do you agree or disagree with the following statements regarding the roles of different players in your organization's risk management strategy? (Agree only.)
© 2011 IBM Corporation11 To date, companies have focused heavily on creating their resilience and risk plans — and putting supporting technologies and processes in place. Create a business continuity plan Invest in new risk-related IT solutions Establish company-wide risk management team Discuss issues with supply-chain partners Assign overall responsibility to a single executive Develop communications or training program Respond to recent natural disasters by rethinking strategies Develop integrated business resilience strategy Engage external advisors “What we’re trying to do here is preserve our culture and make money at the same time, and managing risk is what that’s all about.” Lee Garvin, Director, Risk Management, JetBlue
© 2011 IBM Corporation12 Risk concerns for IT leaders span a range of issues 12 In 2010 and 2011, IBM surveyed 560 IT managers and CIOs about how IT continuity was evolving. In the past 12 months, what kinds of risk issues has your company dealt with? Source:2010 IBM Global IT Risk Study: The evolving role of IT managers and CIOs Matches survey results from Forrester Research. IT security 78% 63% Power failure 50% Physical security 40% Theft 28% Product quality issues 25% 22% Natural disaster 17% E-discovery requests 13% Supply chain breakdown 11% Terrorism activity 6% Hardware and system malfunction Federal compliance issues
© 2011 IBM Corporation 13 More companies are embracing the need for a well-crafted business resilience plan - and a risk management function. Well-crafted and communicated plan DisagreeNeitherAgree No formal plan, but plan to develop one DisagreeNeitherAgree No formal risk management function DisagreeNeitherAgree Study comparison: Only 30% of respondents in this year’s study indicated they had no formal risk management function, compared to 42% in the 2010 study Source:Q1. Do you agree or disagree with the following statements regarding your organization’s IT risk management? Study comparison: 2010 IBM Global IT Risk Study “ What we’re trying to do here is preserve our culture and make money at the same time, and managing risk is what that’s all about.” Lee Garvin, Director, Risk Management, JetBlue
© 2011 IBM Corporation 14 Compared to their competitors, respondents viewed themselves as better able to handle predictable resilience and risk events. SameWeakerStronger Don’t know Maintain business operations in physical disaster Prevent unauthorized access to proprietary data Maintain operations during a pandemic Adapt rapidly to crisis Align contingency plans with changing risks Reliably retrieve archived data to meet legal requirements Seize unexpected opportunities Minimize losses from unexpected events Because of its impact on the business as a whole, a crucial area for improvement is the ability to seize unexpected opportunities An effective business resilience plan will provide a robust foundation on which to build a long-lived competitive position supported by end-to-end risk management. Source: Q4. In your opinion, how does your organization compare with its closest competitors in the following areas?
© 2011 IBM Corporation15 Study results revealed an opportunity for companies to further hone their competitive edge by integrating business continuity and risk management. Stronger Same Weaker Don’t know IT infrastructure supports business growth Sees value of business continuity as part of risk mgmt Profitability Market share Revenue growth Even though organizations have strategies for business resilience and risk management, they may not be integrating and leveraging those strategies for business advantage “Companies with a robust ERM program have lower losses, fewer embarrassing events and a better reputation.” Yousef Valine, Chief Risk Officer, First Horizon National Corporation Source: Q9. How does your organization compare to its closest competitors in the following areas?
© 2011 IBM Corporation What is Resiliency? Resiliency: The CIO perspective Moving forward: Building a comprehensive business resilience strategy Regional Events Learnings 16 Agenda
© 2011 IBM Corporation17 Organizations expect their business resilience and risk management spending will continue to increase on a par with previous increases. Next 3 years Up to now Increase significantly 14% Increase 47% 51% Stay the same 33% 31% Decrease 4% Decrease significantly 1% 65% of organizations expect their business resilience and risk management spending to increase in the next three years “My selling pitch to them (CEO and the board) is that a robust risk management capability is a competitive advantage.” Yousef Valine, Chief Risk Officer, First Horizon National Corporation Source: Q3. How has your organization changed its degree of spending on initiatives to improve business resilience?
© 2011 IBM Corporation18 A projected increase in the role played by non-IT functions may be related to the increase in emphasis on strategy integration and training. Next 3 years Up to now CIO IT professionals Other C-level execs Legal Board members Employees Partners Source:Q6a. Over the next three years, what is the expected level of involvement for the following people in your organization's risk management or business resilience strategy? (Very involved or involved.) Study comparison: 2010 IBM Global IT Risk Study “Detecting risk has to happen at the point where the behavior is occurring.” Dr. Barbara Reynolds, Senior Advisor, Risk Communication, Centers for Disease Control and Prevention (CDC)
© 2011 IBM Corporation19 Identifying the roadblocks: Silos and budgets can impede the adoption of a holistic approach to business resilience Silos within the organization — 28% Budget limitations — 20% Inability to predict ROI from improvements — 17% Lack of C-level vision and commitment — 14% Lack of understanding about best practices — 9% Lack of understanding about emerging technologies — 8% Lack of buy-in from employees — 4% Study comparison: 2010 top challenges Implementing necessary procedures Securing budget Obtaining full risk picture from depts Source: Q10. What is the biggest single barrier to implementing a holistic approach to business resilience planning?
© 2011 IBM Corporation20 Leverage the findings of the IBM Global Business Resilience and Risk Study in your organization Recommendations An integrated approach to business resilience and risk management offers a significant business opportunity for organizations of all sizes Appointing a single individual with overall business resilience and risk management responsibility is essential to integration success Input should be sought from throughout the enterprise — including employees and partners Focus should be on the business impact and business opportunity. Recovery is a subset of the resiliency plan Cloud technologies have matured significantly and now have the potential to deliver significant business resilience benefits The newly integrated business resilience and risk management strategy can be levered to seize unexpected opportunities and deliver measurable business value “An effective business resilience plan will provide a robust foundation on which to build a long-lived competitive position supported by end-to-end risk management.” 2011 IBM Global Business Resilience and Risk Study report
© 2011 IBM Corporation21 A resilient framework helps identify areas of risks and vulnerabilities, and allows a company or organization to develop a enterprise resiliency roadmap. Risk mitigation strategies Business drivenData drivenEvent driven Strategy Organization Processes Applications and Data Technology Facilities Business resilience
© 2011 IBM Corporation 22 The evolution of business resilience leads to new models and integration of emerging technologies Centralized Computing IT: reactive Business: none Recovery Time: days/weeks Distributed Computing IT: reactive Business: reactive Recovery Time: minutes/hours Cloud Computing IT: proactive Business: proactive Recovery Time: seconds/always up Disaster Recovery Mainframe model Business Continuity Hybrid model Business Resiliency Virtualized model It’s a question of when new technology will come into the organization, not if
© 2011 IBM Corporation What is Resiliency? Resiliency: The CIO perspective Moving forward: Building a comprehensive business resilience strategy Regional Events Learnings 23 Agenda
© 2011 IBM Corporation24 Headline events often mobilize our clients to pause and reflect on their current IT resilience standing...
© 2011 IBM Corporation25 Lessons Learned from Regional Events Events create other events … domino effect –Japan: earthquake => tsunami => nuclear plant damage => power problems => supply chain problems …… –Hurricanes => Flooding => Mud/Landslides => Power Outages …… To learn more about lessons learned from regional disasters, listen to the following webinar: Human issues –Will people be available? How about their families? Financial assistance? Communications issues –Communicating with, supporting and mobilizing employees, customers and suppliers, the press and the public at large Community issues –Fulfilling responsibilities to host communities Infrastructure issues –Anticipating how roads, travel and power supplies might be affected –Vulnerability of sites Business issues –Keeping business processes running –Managing insurance claims Disaster plan currency –Keeping plans up to date and well tested –Availability of data and hardware
© 2011 IBM Corporation26 IBM delivers unsurpassed geographic scope, combined with expertise of local, regional, and global needs/regulations. 26 Over 160 data centers globally 100 percent recovery for IBM clients who have declared a disaster (over 800) More than 1,875 professionals dedicated to business continuity and resiliency More than 9,000 disaster recovery clients More than 10,000 client rehearsals per year More than 50 years experience helping clients with their backup and disaster recovery needs Over 800 client declarations supported since 1989 Scalable, end-to-end, cloud-based data backup and recovery solutions Five million square feet of floor space for disaster recovery, with 40,000 seats
© 2011 IBM Corporation27 Protecting your enterprise Mitigating business and support issues Increasing your competitive advantage Protecting brand reputation Enabling seamless, continuous business transactions Exploiting market opportunities Business continuity and resiliency is about…
© 2011 IBM Corporation Questions? Jay Shah
From Disaster Recovery to Business Resilience Chris Connelly IBM Risk and Resilience COE.
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
Business Continuity Management For Project Managers.
Principles of Information Systems, Seventh Edition2 The use of information systems to add value to the organization is strongly influenced by organizational.
© Grant Thornton Risk Management for Small & Medium Sized Enterprises Grant Thornton LLP Doug Steele, CA, CISA Partner, Technology Risk Management.
© 2008 IBM Corporation Challenges for Infrastructure Outsourcing July 29, 2011 Atul Gupta Vice President, Strategic Outsourcing, IBM.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants.
Protect critical information with a smart information-based-risk management strategy. Prepared by: Firas Mohamed Taher.
Global Dialogue on Customs Capacity Building 04 April 2007 © 2007 IBM Corporation Benefits of Supply Chain Security and Trade Facilitation: The IBM Experience.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Business Continuity Training & Awareness by Sulia Toutai (ANZ)
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
1 Continuity Planning for transportation agencies.
© 2014 IBM Corporation Smarter Workforce Services Business Process Innovation.
© 2009 IBM Corporation Smarter Decisions for Optimized Performance IBM Global Executive Forum Panel Discussion Business Analytics and Optimization Fred.
Saving Your Business from a Data Loss Randy Clark.
Museum Presentation Intermuseum Conservation Association.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Enabling traceability and transparency with standards-based regulatory reporting Dr. Said Tabet Senior Technologist and Industry Standards Strategist Office.
C ONNECTING FOR A R ESILIENT A MERICA Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP) Skip Breeden.
Practical IT Research that Drives Measurable Results Establish an Effective IT Steering Committee.
Smart Buildings Srirangarajan Kadaba National Manager – Energy Edge Buildings Business Schneider Electric 21June 2010.
“Contact Centers with Nine Lives” Topics 1. Business Continuity Definitions 2. Mission Criticality –Essential constants for mission criticality 3. Business.
Tools used by Entrepreneurs for Venture Planning Entrepreneurship B.
Business Continuity The Business of Keeping A Business Running John Dooly Senior Analyst CEMA Region Prague, Czech Republic.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
Chapter 8: Disaster Management Guide to Computer Network Security.
“The Resilient Economy: Integrating Competitiveness and Security” Council on Competiveness.
1 IBM TIVOLI Business Continuance Seminar Training Document.
@idcCLOUD microsite: August 26, 2015 Robert Mahowald VP, Cloud Software, IDC.
Care Home Forum 19 th May 2015 Sarah Chittock – Merton Civil Contingencies Officer Taryn Milton – Emergency Planning Manager – Epsom St. Helier.
International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.
Together we will accomplish great things! Merrill Legal Solutions Acquisition Update Confidential—Not For Distribution World-class service. Local commitment.
Balance Between Audit/Compliance and Risk Management- Best Practices FIRMA 21 st National Training Conference Julia Fredricks, U.S. Chief Compliance Officer.
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Principles of Information Systems, Sixth Edition Information Systems in Organizations Chapter 2.
ISACA Accra, Kumasi Workshop September 2013 Business Continuity Management Compiled and presented by: Eric Magnusen ( BCM Consultant) BCM-Consult, Al Faslu.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Institute of Crisis and Risk Management Ver 1 Fred Lee TODAY’S OBJECTIVES Provide a practical, business-focused crisis management program Identify.
CONSTRUCTION & THE FOOD INDUSTRY The Insurance Industry View Steve Exwood & Jon Miller.
Turning the change of Globalisation into an Opportunity Understand reality then make reality better.
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
© 2005 IBM Corporation IBM Business-Centric SOA Event SOA on your terms and our expertise Operational Efficiency Achieved through People and SOA Martin.
© 2017 SlidePlayer.com Inc. All rights reserved.