Process Improvement on Business Continuity Management (BCM) in a Commercial Bank
Introduction to Business Continuity Management (BCM)
Business continuity management (BCM) are plans developed by an organization that specifies the ability to effectively respond to disruption or threats in order to minimize the impact to the business. Among the plans are:
Disaster Recovery – this emphasis on recovering of the organization’s information technology system.
Business Continuity/Recovery – focus on business operation recovery that is affected due to incident or disaster.
Crisis Management – It's an immediate response after the declaration of a disaster, such as dealing with casualties, deaths, injuries, potentially adverse media reporting and loss of confidence among employees and stakeholders.
Emergency response - Addressing the immediate reactions and responses that are prescribed during emergency situations. Example of such responses: Escalation Process, Evacuation Guidelines and the Roles and Responsibilities of Floor Monitors. E.g. Fire – what to do, who to call, where to run?
In simple terms, we can say that BCM is a comprehensive process to ensure the continuation of business regardless of whatever challenges an organization may encounter.
Figure 1
Automated Process in developing the BCP
Figure 2
Business Continuity/Recovery – focus on business operation recovery that is affected due to incident or disaster.
Crisis Management – It's an immediate response after the declaration of a disaster, such as dealing with casualties, deaths, injuries, potentially adverse media reporting and loss of confidence among employees and stakeholders.
Emergency response - Addressing the immediate reactions and responses that are prescribed during emergency situations. Example of such responses: Escalation Process, Evacuation Guidelines and the Roles and Responsibilities of Floor Monitors. E.g. Fire – what to do, who to call, where to run?
In simple terms, we can say that BCM is a comprehensive process to ensure the continuation of business regardless of whatever challenges an organization may encounter.
BCM requirement for Financial Institution (FI) in Malaysia
Bank Negara Malaysia (BNM) issued guidelines that it is a requirement for all FIs to establish the BCM for all identified Critical Business Function (CBF) in ensuring continuity of business operations in the event of disruption or disaster. In line with the requirement, the Bank that I’m currently attached with have implemented its BCM program in 2004 where the bank have developed the plans focusing on 4 elements as below. Each plan complement to the overall effectiveness of BCM.
Business Continuity Plan (BCP) - a documented collection of procedures and information that is developed, compiled, and maintained in readiness for use in incidents to enable the Bank to continue to deliver its critical products and services at an acceptable predefined level.
Emergency Response Plan (ERP) - addressing the immediate reactions and responses that are prescribed during emergency situations. Examples are Escalation Process, Evacuation Guidelines and the Roles and Responsibilities of Floor Monitors. E.g.: Fire – what to do, who to call, where to run?
Crisis Management Plan (CMP) - It is an immediate response that describes the immediate response after the declaration of a disaster, covering areas such as dealing with casualties, death and injuries, potentially adverse media reporting and loss of confidence among employees and stakeholders.
Disaster Recovery Plan (DRP) - Basically look at IT matters. Prior to any disaster, plans must be drawn to prepare for any eventualities.
The overall processes for developing the above plans were done via manual basis, time consuming and requires a lot of resources to complete all of the process in developing the above mentioned plans. For purpose of this entry, I’m sharing with you the detailed and tedious process in developing the BCP as per Figure 1 below.
Manual Process in developing the BCP
Figure 1
In April 2014, the Bank that I’m attached with have automated the development of the BCM process where the pilot automation was focused to the process of developing the Business Continuity Plan (BCP). The development of BCP consists of 8 processes namely Project Planning, Risk Assessment and Review (RA), Business Impact Analysis (BIA), Recovery Strategy, Plan Development, Training, Testing and Maintenance.
Figure 2 below describes the processes that have been automated via the BCM System where with the automation it has tremendously reduced the overall time line to developed the BCP to 50% of the time taken to develop the BCP manually
Automated Process in developing the BCP
Figure 2
Process Improvement Gained and Benefits in Automating the BCP Processes
The improvements are segregated into 3 main categories namely the Planning Stage, Disaster Stage and Risk Monitoring stage.
a) Planning Stage
This stage is where all the identified Critical Business Functions (CBFs) to complete the 8 processes in developing new or reviewing existing BCP during ‘peace time’. With the automation, it has managed to shorten the time taken for the documentation, improve control and minimize the risk element of human error for manual documentation.
b) Disaster stage
Business Recovery Team (BRT) would be able to provide timely updates directly via their mobile devices to the Dashboard that facilitate the Crisis Management Team (CMT) members in command centre to view real-time dashboard updates on the recovery status of BRTs. Figure 3 below illustrates the real time update to the dashboard.
Figure 3
c) Risk Monitoring
Thru BCM System, the Bank is also able to enhanced risk monitoring for potential risks and exposures where it allows the flexibility for the Bank to customize report extraction according its requirements (e.g. trend analysis by incident types based on location).
Apart from the above improvements, it also benefited the Bank with following improvement which include on the Return on Investment (ROI).
- This is an efficient improvements, risk mitigation as well as compliance driven project to enable a consistent approach in managing BCM effectively with automation to meet Bank Negara Malaysia’s (BNM) Guidelines on Business Continuity Management in ensuring the continuity of critical business functions and essential services within a specified timeframe in the event of a major disruption.
- Effective management of disasters and business interruptions will allow the bank to manage its recovery processes with minimal disruption to critical business functions and essential business services. This will enhance the public’s confidence and mitigate reputational risk.
- With the implementation of the system, the bank will be able to meet BNM’s Guidelines for an effective BCM procedures and practices by improving its resilience, preparedness for any eventualities with coverage for support to the critical business functions and non-time critical services being increased to 100%. In addition to this, the use of the system will enable a consistent approach in managing BCM effectively, thereby minimizing operational risks.
- Implementation of a BCM system also provides a competitive advantages over the bank’s competitors as it would be the first bank in Malaysia to implement a BCM System fully automated BCM processes.
Conclusion
My personal opinion that the BCM systems is a very critical and important tool that is a must have item in a big organisations where there are large number of CBFs. The system would enable the organisations to ensure that all identified CBF have developed its BCP and most importantly it helps the Management of the organisation to obtained real-time recovery status of the CBFs in the event of real incident/disaster .
No comments:
Post a Comment