Manage Risk: Building an Effective Business Continuity and Disaster Recovery Plan
-
Upload
kyriba-corporation -
Category
Business
-
view
536 -
download
0
Transcript of Manage Risk: Building an Effective Business Continuity and Disaster Recovery Plan
Presented byTom Hunt, AFPBob Stark, KyribaDr. Mark Zecca, Kyriba
Wednesday, April 20th, 2016
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Today’s Presenters
Mark Zecca, Ph.D.SVP, Cloud Services and EngineeringKyriba Corporation
Bob StarkVice President, StrategyKyriba Corporation
Tom Hunt, CTPDirector, Treasury ServicesAssociation of Financial Professionals
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 3
Today’s Discussion
Agenda
What is Business Continuity?
Planning for loss conditions in Treasury
Evaluating Technology to Support Business Continuity
BCP takeaways
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Importance of Business Continuity
• Latest Treasury in Practice (TIP) Guide: Business Continuity Plan
• Important addition to the TIP series as most Treasurers do not plan well enough to cover all loss conditions
• Based on member feedback• New areas to focus on
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity
Disaster Recovery is a component of a Business Continuity Plan (BCP)
Collaborative organization-wide exercise, often led by CIO / CTO / CISO
BCP (for treasury) must take into account unique treasury requirements1) Treasury must have seat at the planning table
2) Treasury must understand BCP vocabulary
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Emergency condition: a situation which creates a threat to the continued functioning of the company
Weather, fire, equipment failure, terrorist or hazardous conditions
Facilities no longer accessible or inhabitable, or business operations can not proceed as normal
Creates immediate need for action to begin to restore operations back to a normal condition
Emergency Condition
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity Defined
Emergency Response Action Plan (ERAP)
0 - 72 hours
Disaster Recovery Plan (DRP)3 - 30 days
Business Continuity Plan
Business Continuity Plans have multiple components, executed over initial days of an emergency condition
Business Continuity & Continuance (BCC)
30+ days
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity
Loss Condition Scenario
1) Loss of personnel Treasury team wins the lottery and tenders resignation from a beach
2) Loss of facilities Company offices unusable
3) Loss of services Company offices lose key services such as power or internet
4) Loss of access Unable to reach company offices if there is a snowstorm
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity
Loss of Personnel
Scenario Treasury team leaves
Goal Train new team quickly - minimize disruption to treasury
Required Solution Standardized templates, processes, workflows • Speeds up onboarding of new employees • Eliminates reliance on a single employee's expert
knowledge or custom spreadsheets• Ensures consistency of information • Single repository for data and documents
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity
Loss of Facilities
Scenario Company offices are disable and can’t be accessed
Goal Perform treasury from other company locations
Required Solution 1) The Cloud • Datacenters for Cloud TMS reside in different locations
than company offices, so treasury system still operates2) Standardized workflows• Same workflows can be run anywhere in the world by
authorized users• Visual workflow maps require less documentation for
colleagues taking on new roles, completing new tasks
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity
Loss of Services
Scenario Company offices lose key services e.g. power, internet
Goal Perform treasury from alternate locations e.g. Starbucks
Required Solution 1) The Cloud • Treasury system continues to run outside your offices
2) Mobile• Treasury system can be accessed via mobile device
and/or low speed web connection3) Security• Additional security can be implemented for access
outside of company office
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity
Loss of Access
Scenario Treasury cannot get to the office in a giant snowstorm
Goal Perform treasury activities from home
Required Solution 1) The Cloud • Treasury system continues to run outside your offices
2) Mobile• Treasury system can be accessed via mobile device,
really old desktop and/or low speed web connection3) Security• Additional security can be implemented for access
outside of company office
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Additional Scenarios
Fraud & Cybercrime
1) Organization hit by cybercrime
2) Organization discovers internal fraud
Business Continuity
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity
Fraud Organization hit by Cybercrime
Scenario Likely loss of services and access to company computers
Goal Perform treasury activities from alternate locations
Required Solution 1) The Cloud • Treasury system continues to run outside your offices
2) Mobile• Treasury system can be accessed via mobile device,
really old desktop and/or low speed web connection3) Security• Additional security can be implemented for access
outside of company office
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity
Fraud Organization discovers internal fraud
Scenario Unauthorized payment was caught by the bank
Goal Immediate update of treasury policies, workflows
Required Solution 1) Security• Immediate password change to treasury systems• Review audit trails• Disable suspicious users
2) Controls• Add additional approvals• Change segregation of duties
Evaluating Technology to Support BCP
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Treasury system providers plan to avoid service disruptions
Datacenter locations are in low risk areas
One datacenter will backup another, with full replication– “Full replication” = data, bank connections, ERP interfaces, login protocols, etc.
Evaluating Technology to Support Business Continuity
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Two key metrics in disaster recovery:
– Recovery Time Objective (RTO): how much time is lost
– Recovery Point Objective (RPO): how much data is lost
Evaluating Technology to Support Business Continuity
* Treasury’s RTO/RPO will be very different than rest of organization
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
When evaluating treasury technology, consider:
SLA – especially RTO/RPO/availability metrics
SOC2 Type II report (read it!)
What exactly is replicated – data, interfaces, security, URL?
Locations of primary and backup datacenters
In the cloud - Fully virtualized w/ no additional plug-ins
Security – flexibility based on where software is accessed
Costs to manage internally
Evaluating Technology to Support Business Continuity
Business Continuity in practice
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity Takeaways
Effective planning includes:
Determine Critical Assets
IT Calling Trees - Banks, Vendors, etc.
Who can put it in action
Weakest link (not just brick and mortar anymore)
Think security
Test your Plan!
22© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Business Continuity Takeaways
Treasury’s primary challenges
Collaborating with teams that don’t understand treasury’s requirements
Planning for all ‘treasury’ loss conditions
When processes are manual, difficult to replicate processes and reporting
Even though cloud technology can help avoid ‘disaster’, not always easy to quantify ROI
© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Additional Resources
AFP Treasury in Practice Guide: Business Continuity Planning: Why Treasury Needs a Plan B
Download the Report >>
24© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.
Thank You For Attending
facebook.com/kyribacorp
twitter.com/kyribacorp
linkedin.com/company/kyriba-corporation
youtube.com/kyribacorp
slideshare.com/kyriba
kyriba.com/blog