Business Continuity Management With a zoom in on the health crisis response plan - Deloitte
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Business Continuity Management With a zoom in on the health crisis response plan
Business Continuity Management | Setup, updates and management
Business Continuity
Management
Setup, updates
and management
An effective Business Continuity How to build or improve business
Management (BCM) program is a critical continuity plans? Deloitte’s methodology
component of successful business allows the development and update
management. Experience shows that of an effective BCM, with the following
typically over 50 percent of businesses phases:
without an effective business continuity
plan will ultimately fail following a major
disruption.
01 Analyze 02 Develop or update
Before an in-depth analysis or updating Develop or update the strategies for
the recovery strategies, plans and attaining the organization’s continuity goals
procedures, a depth analyze phase should and for anticipating outages and failures
be performed on: (disasters, scandals, pandemics, etc.).
• The organization’s current state of
The strategies should be defined based
preparedness
on the “Analyze” phase outputs and
• The risk of continuity of operations should consider people protection, brand
(concrete scenarios) and values protection, profit protection,
but also the legal and regulatory
• The impact on business, including the
constraints. The strategies should be
time it would take for adverse impact, the
built using a cost–effective approach
level of services and products acceptable
and must pragmatically consider key
to achieve the business objectives, etc.
resources to critical activities: people,
ICT, suppliers, facilities.
Experience shows that typically Without a proper documentation ensuring
over 50 percent of businesses a common language in case of a crisis, the
recovery cannot be effective. Incident/crisis
without an effective business management, business continuity and
continuity plan will ultimately fail recovery management processes and plans
must be documented in each organization.
following a major disruption.
02Business Continuity Management | Setup, updates and management
03 Implement
The strategies developed in the previous and training are critical components of
phase often require acquisition of any Business Continuity Management
resources, implementation of technical program. An effective BCM can be run
solutions and security measures, and only if the people involved in the recovery
negotiation of contracts. The efforts activities understand it and if the exercises
related to the implementation should not demonstrate its effectiveness.
be underestimated. Exercises, testing
04 Maintain & improve
Because of the continuous evolvement review and update the BCM through a
of risks and the evolution of the crisis continuous improvement/quality assurance
situations, it is important to regularly program.
ANALYZE DEVELOP IMPLEMENT
CURRENT STATE GOVERNANCE RESOURCE ACQUISITION
ASSESSMENT & IMPLEMENTATION
RISK AVAILABILITY & TRAINING
ASSESSMENT RECOVERY STRATEGIES
BUSINESS IMPACT BUSINESS CONTINUITY TESTING
ANALYSIS PLANS & PROCEDURES
CONTINIOUS IMPROVEMENT & QUALITY ASSURANCE
03Business Continuity Management |An organization preparedness guide
Crisis response plan
An organization
preparedness guide
Disruptive events can be:
Natural disasters Cyber attacks Terrorism
(e.g. fire, flood, earthquake)
Geopolitical events Health risks
(e.g. destabilised market) (e.g. pandemics, virus)
Here are some specific topics related to crisis management due to health risks:
01 What is the organizational impact?
• Mass absenteeism: e.g. employees who • Affected suppliers or business
fear they may have contracted a disease partners: e.g. the inability to procure
may refrain from coming to the office, critical resources, outsourced services or
which results in a halt of critical business any supply-chain disruption could bring
processes daily operations and processes to a halt
• Loss of key personnel: e.g. as a result of • Significant decline in market
casualties, we may lose personnel in key demand: e.g. key markets, if affected,
positions, which could result in strategic could see a demand slump in the
uncertainty, reduced confidence and short-to-medium-term, resulting in
impact on business processes unsold inventory
04Business Continuity Management | An organization preparedness guide
02 How to respond to a crisis?
• Documented information: having also incident/crisis management, • Monitoring capabilities: a crisis
documented information, such as business continuity plans and recovery response plan must have strong
employee contact details, a crisis management monitoring capabilities. Efficient
playbook and clear communication monitoring should include the monitoring
• Communication: the ability to
plan and templates, is crucial to respond of the external environment, of the
efficiently communicate with employees,
to a crisis. The other BCM documents updates on the recovery efforts (global
shareholders, customers through alerts
should also be present and local), but also intelligence sharing
and updates is an essential part of a crisis
with peers
• Response capabilities: having the response plan. Managing communication
capability to respond to a crisis is another with the different stakeholders, media
crucial part of the crisis response plan. and regulators is also a critical part of the
This includes not only on-site medical crisis response plan
assistance and preventive aids, but
Key components of a crisis response plan
A crisis such as a pandemic outbreak can escalate quickly, crippling an organization's
business operations and threatening the life and safety of its employees. It is, therefore,
imperative to have an effective crisis response plan, integrated in the Business Continuity
Management, which includes:
DOCUMENTED INFORMATION MONITORING CAPABILITIES
• Updated employee contact details • External environment monitoring
• Crisis playbooks • Updates on recovery efforts (local & global)
• Communication templates • Intelligence sharing with peers
RESPONSE CAPABILITIES COMMUNICATION
• On-site medical assistance • Staff advisories, alerts, updates
• Business continuity plans • Shareholder and customer updates
• Preventive aid like masks, • Media management (social & print)
anti-bacterial wipes, etc.
03 Examples of key actions to be taken immediately
within the crisis management due to health risks
Immediate actions: Activate Crisis contractors, initiate awareness campaigns,
Command Centre (CCC) and set-up review the Business Impact Assessments
periodic status update calls with the focused on mass absenteeism of
Crisis Management Team, gauge the employees and suppliers, invoke
extent of exposure the crisis poses to business continuity plans and recovery
the organization, notify employees and management, etc.
05Contacts Business Continuity Management Cheryl Khor Indochina Function Leader Southeast Asia Risk Advisory ckhor@deloitte.com +60 3 7610 8871 Anthony Tai Partner, Operational Risk and Assurance Southeast Asia Risk Advisory yktai@deloitte.com +60 3 7610 8853 Rui Figueiredo Director, Strategic and Operational Risk Southeast Asia Risk Advisory rfigrdo@deloitte.com +60 3 7650 6479 Aaron Jay Dason Manager, Strategic & Operational Risk Myanmar Risk Advisory adason@deloitte.com +95 9967770908 Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organisation”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more. Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax & legal and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organisation”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com. Deloitte Asia Pacific Limited is a company limited by guarantee and a member firm of DTTL. Members of Deloitte Asia Pacific Limited and their related entities, each of which are separate and independent legal entities, provide services from more than 100 cities across the region, including Auckland, Bangkok, Beijing, Hanoi, Ho Chi Minh City, Hong Kong, Jakarta, Kuala Lumpur, Manila, Melbourne, Osaka, Shanghai, Singapore, Sydney, Taipei, Tokyo and Yangon. About Deloitte Myanmar In Myanmar, services are provided by Deloitte Touche Myanmar Vigour Advisory Limited and its affiliates. © 2020 Deloitte Touche Myanmar Vigour Advisory Limited
You can also read
