management score cards and m… · other considerations • education, educate, educate ... review...
TRANSCRIPT
Management Score Cards and Metrics
Presented by: Ray Mach
1
Ray Mach, CBCP
• Business Continuity Program Management• ProgramManagement and Governance – BCP and DRProgram Management and Governance BCP and DR• Experience with Financial Services, Retail, Manufacturing, Logistics
• Specialty in BC Planning, Testing/Exercises, Training, Pandemic Plans, Crisis Management, BIA, Program Controls and Management
• Experienced IT Manager• Project and Program Management• Application Development, Support and DR
2
Agenda
• Level Setting Expectations
• Purpose of Measurements
• Aligning Objectives and Audiences
• Data Sources and Presentation Formats
• Other Considerations
• Samples
• Recap/Adjourn
3
Why Are You Here?
Why did I i fsign up for
thissession?
What do I want to get out of
this?
What information do I want to take away?
• Who uses a good set of metrics already?
4
y
My Goals for Today
• Share ideas establish effective management ti th t i t b dreporting that is measurement based
• Present key considerations
• Offer examples
• Provide a sample project plan Groupthink
• Leverage audience input
5
Why Measure and Report?
Cost Benefit
• Where are we at?
Wh d t t ?• Where do we want to go?
• What will it take to get there?
• How are we progressing?
6 6
Accuracy and Quality
• Quality – “goodness of fit for intended purpose”• What is the purpose focus on the desired• What is the purpose – focus on the desired outcome
• What action are you looking for?– Provide Status – Compel ActionEducate– Educate
– Other?
• Tell a story with clarity
7
Target Audience ‐ Intended vs. Actual
• Business Area Management
• Executive Management
• BCP/DR Coordinators
• Steering Committee
• Your Managementg
• Audit
8
Potential Objectives
• Status of ongoing activities– Gaps/Risks
– Program enhancements
• Set Annual objectives and status
• Obtain/maintain program sponsorship and commitmentcommitment
• Obtain funding and support
• Get direction or buy in
9
Align Objectives to AudienceAudience Objective Data Source Frequency
Steering Committee
Communicate Program Status
What’s complete vs
Program Plan
Quarterly Committee Program Status complete vs.
PlannedPlan
Business Unit Management
Address late activities
What’s outstanding and who is responsible
BCP System
Monthly
BCP Coordinators Address late activities
What’s outstanding
BCP System
Monthly
10
who’s responsible
Executives Communicate key risks
Recovery GapsActivity
Tracking Data base
Quarterly
Steering Committee
Funding and support
Cost/Benefits Ad‐hoc
Data Sources
• Leverage Existing Controls
• Reliable
• Easy Accessed
• Timely (frequency)
• Appropriate
11
Method of Presentment
• Don’t overdo it ‐ Keep it Simple• Appropriate for the intent• Appropriate for the intent• Graphical
– Simple Tables– Charts– Cultural Fit – Graphs, colors, bars, pie, lists
• Red / Yellow / Green for simplicity and understanding• Ability to provide notes for clarity (i.e. status/actions)• Static data vs. comparative – Discerning progress
12
Tools – Source Data and Presentation
• Excel – supports tables, notes, graphs
• Access – Can help manage lots of data
– Can feed Excel
• BCP System/Database
Oth E t bli h d S t• Other Established Systems – Linkage of data to improve accuracy and timeliness
13
Other Considerations
• Education, Educate, Educate
• Consistency of terms – promotes understanding
• Establish baselines early
• Tell a story
• Be clear on intended action
• Be prepared with supporting details
• Marketing of accomplishments
14
Management Reporting Byproduct
• Gaining and sustaining management support dand resources
– Keep the message in the forefront
– Utilize dashboards and metrics
– Communicate gaps and needs
– EducateEducate
15
Some Samples
• Format• Format
• Content• Tools
16
Tracking Program Progress
RiskBusiness Unit Prty
Risk Assmt BIA BCP Pand Training Testing
Accounting A 100% 100% 100% 100% 100% 100%Corporate Communications B 80% 80% 80% 100% 40% 80%Information Technology A 90% 80% 80% 100% 90% 70%Human Resources B 100% 100% 100% 100% 100% 100%Marketing B 100% 100% 100% 100% 100% 100%Operations A 100% 86% 86% 57% 95% 60%Product Development B 90% 70% 90% 70% 90% 50%Procurement C 20% 40% 60% 80% 20% 60%Protection Services B 100% 100% 100% 100% 100% 100%
17
Protection Services B 100% 100% 100% 100% 100% 100%Data Security B 100% 100% 75% 75% 100% 75%Transportation A 40% 80% 100% 80% 40% 90%Legal C 60% 100% 60% 0% 60% 70%
Activity Based ‐ % Completion
Multi‐Year Improvement PlanRisk Assessment
Review and refresh data based on valuePrepare executive summary of risksRefresh risk assessment annually
Business Impact AnalysisEnhance data collection and review processShare recovery requirements with ITCapture critical vendor dependencies
Business Continuity PlanningInclude loss of vendor services in recovery strategiesDefine improved alternate space planning processIdentify all areas not covered by a BCP
BCP Testing
18
gEstablish standard test types and templates for tabletops
IT Disaster Recovery PlanningAddress Identify critical end user computing systemsEnhance navigators to improve planning
Crisis ManagementDetermine participation in national test
Measuring and Tracking Program MaturityBIA 4 Determine RTO, RPO and quantify impacts of severe interruption.
Risk Assessment 3 Identify internal and external events that are threats to the continuity of the business. Used to prioritize risks for remediation.
Gap Analysis 2 Identifying where BC requirements are not being met
BC Testing 3 Review/execution plans to validate usability and preparedness
DR Testing 3 Review/execution plans to validate usability and preparedness
Crisis Response Testing 4 Review/execution plans to validate usability and preparedness
Business Continuity 5 Procedures to ensure the recovery of business functions
Disaster Recovery 2 Procedures to ensure the recovery of technology
Crisis Response 4 Procedures that guide companywide coordination during a crisis
Pandemic 4 Procedures to guide the recovery of business during a severe loss of people
19
Governance 3 Methods for exercising authority, accountability, controls and performance.
Education/Training 3 Material to promote awareness, understanding and the ability to execute BC responsibilities.
Supporting Tools 2 Technology used to support the BC program.
Metrics ‐ Dashboard 1 Key tactical and performance indicators to manage the BC program.
Pandemic Testing 2 Review/execution plans to validate usability and preparedness
Graphic and Tabular
Metric Grade Weight Weighted Avg Scoring Guidance
Roles and responsibilities 3 20% 20%
3= Roles are defined, backups are assigned, and primary/backups have received necessary training and tools2= Primary roles are defined with necessary training, but backups have not been assigned or received necessary training1= Roles have not been adequately assigned or the necessary trainings have not taken place
3 R l t t d t iTesting 2 20% 13%
3= Recovery plans are tested twice per year2= Recovery plans are tested once per year1= Recovery plans are not tested during the year
Maintenance 2 40% 27%
3= Recovery plans are reviewed and issues are addressed quarterly2=Recovery plans are reviewed and issues are addressed twice per year1= Recovery plans are reviewed and issues are addressed once per year0= Recovery plans are not reviewed during the year
Audit 3 20% 20%
3= An independent review of compliance with testing and maintenance requirements is conducted once every two years1= An independent review of compliance with testing and maintenance requirements is not conducted at least once every two years
Recovery Score 80%
20
DashboardSUMMARY SCORE
21
Disaster Recovery Status% with DR
Plans % TestedHigh Availability - 0 to 4 Hours
Total Distributed 93% 91%Mainframe 100% 100%Total Business 98% 96%
Tier A - 4 to 12 HoursTotal Distributed 69% 44%Mainframe 100% 100%Total Business 89% 81%
Tier B – 12 to 24 HoursTotal Distributed 34% 34%Mainframe 100% 100%T t l B i 63% 63%
22
Total Business 63% 63%
Tier C – Over 24 HoursTotal Distributed 11% 11%Mainframe 100% 78%Total Business 89% 69%
Activity Progress ‐ Graph
100%15%
20%
40%
60%
80%
20%10%
50% 55%25% 40%
30%30%55% 50%
20% 15%
Needed
Active
Complete
23
0%
General Office Supermarket Divisions
Logistics Manufacturing
10%
Operations Retail Accounting Plants
Project Plan
1. Define Objectives2 Determine Audiences2. Determine Audiences3. Match Objectives to Audience4. Determine needs and desired actions5. Determine available data and sources6. Validate data accuracy and change frequency7. Draft metrics and gain feedback8. Educate Audience9. Rollout
24
Audience Input
RAY MACH
Management Scorecards and Metrics
25