Why BCM ?

Why Business Continuity Management?

Business Continuity Management (BCM) is a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation and value creating activities.


External Drivers

  • Pressure from Audit Committees
  • Pressure from Financial Institutions
  • Pandemic Concern
  • New Threats & Risks since 9/11
  • Demands from Customers
  • Cost of Insurance
  • Perceived as Competitive Edge
  • Reliance on Third Parties (Supply Chain)
  • Increased Regulator and Self-Regulated Requirements
  • Any many more

Effects

  • Loss of Customers or Inability to Attract New Customers
  • Loss of Revenue / Market Share
  • Decrease In Stock Value
  • Increase of Insurance Premiums contributions
  • Loss of Assets and Employees
  • Regulatory Sanctions
  • Downgrading of debt securities or corporate ratings
  • Loss of confidence by foreign investors and potential investors
  • Default on financial commitments and contracts
  • Any many more

Professional Practice Subject Area Overview

01Program Initiation and Management

Establish the need for a Business Continuity Management Program within the entity and identify the program components from understanding the entity’s risks and vulnerabilities through development of resilience strategies and response, restoration and recovery plans. The objectives of this professional practice are to obtain the entity’s support and funding and to build the organizational framework to develop the BCM program.

02Risk Assessment

The objective of this professional practice is to identify the risks/threats and vulnerabilities that are both inherent and acquired which can adversely affect the entity and its resources, or impact the entity’s image. Once identified, threats and vulnerabilities will be assessed as to the likelihood that they would occur and the potential level of impact that would result. The entity can then focus on high probability and high impact events to identify where controls, mitigations or management processes are non-existent, weak or ineffective. This evaluation results in recommendations from the BCM Program for additional controls, mitigations or processes to be implemented to increase the entity’s resiliency from the most commonly occurring and/or highest impact events.

03Business Impact Analysis

During the activities of this professional practice, the entity identifies the likely and potential impacts from events on the entity or its processes and the criteria that will be used to quantify and qualify such impacts. The criteria to measure and assess the financial, customer, regulatory and/or reputation impacts must defined and accepted and then used consistently throughout the entity to define the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for each of the entity’s processes. The result of this analysis is to identify time sensitive processes and the requirements to recover them in the timeframe that is acceptable to the entity.

04Developing BC Strategies

During this strategies, attendees will be able to learn about alternative strategies, assess their strengths and weaknesses, and identify methods for presentation to senior management. Besides that, able to learn the process steps involved in analysis and strategy determination, supported by the risk assessment and BIA. In Workshop Exercise, they can build on previous exercises to identify recovery strategies, including a brief description, the advantages and disadvantages, a subjective cost estimate of each strategy and discuss how you would present recommendations for management approval.

05Incident Response

This professional practice defines the requirements to develop and implement the entity’s plan for response to emergency situations that may impact safety of the entity’s employees, visitors or other assets. The emergency response plan documents how the entity will respond to emergencies in a coordinated, timely and effective manner to address life safety and stabilization of emergency situations until the arrival of trained or external first respondents.

06BC Plan Development and Implementation

The Business Continuity Plan is a set of documented processes and procedures which will enable the entity to continue or recover time sensitive processes to the minimum acceptable level within the timeframe acceptable to the entity. In this phase of the Business Continuity Management Program, the relevant teams design, develop, and implement the continuity strategies approved by the entity and document the recovery plans to be used in response to an incident or event.

07Awareness and Training Programs

In this professional practice, a program is developed and implemented to establish and maintain corporate awareness about Business Continuity Management (BCM) and to train the entity’s staff so that they are prepared to respond during an event.

08Business Continuity Plan Exercise, Assessment and Maintenance

The goal of this professional practice is to establish an exercise, testing, maintenance and audit program. To continue to be effective, a BCM Program must implement a regular exercise schedule to establish confidence in a predictable and repeatable performance of recovery activities throughout the organization. As part of the change management program, the tracking and documentation of these activities provides an evaluation of the on-going state of readiness and allows for continuous improvement of recovery capabilities and ensures that plans remain current and relevant. Establishing an audit process will validate the plans are complete, accurate and in compliance with organizational goals and industry standards as appropriate.

09Crisis Communications

This professional practice provides the framework to identify, develop, communicate, and exercise a crisis communications plan. A Crisis Communications plan addresses the need for effective and timely communication between the entity and all the stakeholders impacted or involved during the response and recovery efforts.

10Coordination with External Agencies

This professional practice defines the need to establish policies and procedures to coordinate response, continuity and recovery activities with external agencies at the local, regional and national levels while ensuring compliance with applicable statutes and regulations.