[PDF]

Calculating the ROI of Business Continuity Management: Digital strategies and software to get your money's worth PDF Free Download

1 / 6
2 views6 pages

Calculating the ROI of Business Continuity Management: Digital strategies and software to get your money's worth PDF Free Download

Calculating the ROI of Business Continuity Management: Digital strategies and software to get your money's worth PDF free Download. Think more deeply and widely.

Calculang the ROI of Business
Connuity Management:
Digital strategies and soware
to get your money’s worth
Business Connuity
Calculang the ROI of Business Connuity Management: Digital strategies and soware to get your money’s worth
2
Business connuity is in vogue now. But execuves have long
doubted whether they’re geng their money’s worth.
Right now, business connuity is in fashion. Organizaons,
having performed post-mortems on their COVID response,
reason that their preparaons were inadequate; that they
need to be more proacve in ensuring that mission-crical
operaons connue to work during unplanned disrupons.
It hasn’t always been like that. For a long me,
organizaons failed to resource business connuity
programs adequately, viewing those programs as pure
costs to the business.
Unfortunately, it’s not unlikely that this thinking will
remerge once the present crisis threat recedes.
When that happens, how will business connuity
praconers get funding and priorizaon for
their programs?
We argue that praconers will have to get comfortable
making ROI-based arguments for business connuity
management. Not sure how? This guide seeks to help
praconers deliver an execuve-targeted business
case for digital business connuity strategies and
soware plaorms.
Why business connuity management is a business benet
Let’s start at the beginning.
Outside of moments of crisis, execuves fail to priorize
business connuity, because benets derived from the
program tend to be less visible than those derived from
other mission-crical units.
Business connuity praconers, as such, will have to
push against this tendency to see business connuity as
an expense. Instead, they must demonstrate to higher ups
how their programs can be an asset.
This, of course, entails showing how the return will be
greater than the overall cost.
The easiest way to do so is calculate program ROI. The
business connuity ROI showed to execuves is the
esmated cost of the program (including associated
tools and resources) subtracted from projected revenue
loss risked a disrupve event occurring without proper
business connuity safeguards.
Top business risks to prepare for
But not just any disrupve event. Praconers, here, must determine which risks pertain to their business.
Those risks, likely to change over me, will be based on factors such as geography, industry, polical and regulatory
climate, customer base, etc.
Generic risk indicators are a good place to start. For instance, the most recent Allianz Risk Barometeri (2022) amassed a
list of the top global risks; threats include the following:
Cyber incidents
Business interrupon, including
supply-chain disrupon
Natural catastrophes
Pandemic outbreak
Changes in legislaon and regulaon
Climate change
Fire, explosion
Market developments
Shortage of skilled workforce
Macroeconomic developments, e.g., monetary
policies, austerity programs, commodity price
increase, deaon, inaon
3
Calculang the ROI of Business Connuity Management: Digital strategies and soware to get your money’s worth
Countries and regions face their own microeconomic developments, and so, risk oen varies in predictable paerns.
In many advanced European, North American, and APAC economies, for instance, Allianz concludes the top risk is
business interruponii. Meanwhile, cyber incidents are considered the most pressing risk in powerful emerging economies
like India and Braziliii.
The cost of unplanned downme
Of course, execuves don’t just want to know what’s likely
to happen. They’ll demand to know how much unplanned
downme from that disrupon is likely to cost them.
Costs, here, are likely to be higher than the C-suite thinks.
What’s more, unplanned downme is much likelier to
happen than the C-suite imagines.
How much more likely? According to industry data,
82 per cent of companies have experienced at least one
unplanned downme incident over the past three years;
most, in fact, have suered mulpleiv.
Meanwhile, the costs associated with these incidents,
calculated using a combinaon of direct and indirect costs,
keep geng higher (See below).
Direct costs Indirect costs
Labor Direct labor
Over me
Outside
contractors
Idled operators
Indirect labor
(back-oce)
Producon Wasted product
or materials
Reduced
capacity
Tesng and
quality control
Startup/restart
Parts and
materials
Shipping
Ulies
Finances Lost revenues
Tighter prot
margins
Lost sales
opportunies
Customer
service risks
Unplanned cost esmates will oen vary by industry;
unplanned interrupon in heavy industry, for example,
entails higher machine costs.
Cross-industry esmates, though, can provide reliable
data. Praconers, for their part, can feed some of that
data into ROI calculaons. For instance:
Server downme. The hourly cost of server
downme tops $1 million for 44 per cent
of enterprisesv.
Data breach. In 2021, the cost of a data breach
was $4.24 million, represenng a 10 per cent
jump in two years. Lost business (including
increased customer turnover, lost revenue due
to system downme and the increasing cost
of acquiring new business due to diminished
reputaon) constuted 38 per cent of the total,
or $1.59 million.
Among other business interrupon incidents,
Allianz esmates that:
The average value of a re/explosion-related
insurance claim comes in around $6.7 million.
The average value of a storm-related
insurance claim comes in around $4.4 million.
The average value of an earthquake-related
insurance claim comes in around $1.6 million.
The average value of a machinery
breakdown-related insurance claim comes in
around $.62 million
The average value of a water damage-related
insurance claim comes in around $.55 million
Calculang the ROI of Business Connuity Management: Digital strategies and soware to get your money’s worth
4
Factors to consider when building your own ROI calculator for business connuity
strategies and soware
Labor costs. Labor costs equal the sum of direct, incidental, and recovery costs associated with employees
during unplanned incidents.
Direct costs are the total costs for employees impacted by a disrupon
Incidental costs equal idle me that employees are not working during a disrupon
Recovery costs constute the me needed for employees to recover from an incident; recovery me oen
involves overme.
Technology recovery costs. Similarly, idled technology that must be rebooted also costs the business. These
recovery costs oen include overme, out-of-warranty acquision costs, outside-vendor and consulng costs.
Costs associated with system restoraon also come into play.
Loss of business costs. Typically calculated as gross revenue divided by total minutes in a work year, these
costs represent lost gross revenue from disrupon. For instance, CNBC calculated that Apple made over $690
thousand per minute. An interrupon of one hour would cost the business over $41 million.
Cost of customer condence/service value. An intangible cost, loss of customer condence and service value
oen results from unplanned disrupon.
Best-pracce business connuity strategies
Indeed, the costs of disrupons are increasing. Invesng
in digital business connuity strategies and soware is
meant to lower costs to the business – oen even to put
money back into the business when business connuity
intervenons idenfy expensive deciencies before
disrupons occur.
Of course, not all policy intervenons will have the
necessary ROI. Which ones will?
From the best-pracce literature, we conclude that
praconers must coax senior leadership to demonstrate
commitment to resourcing the following business
connuity management acvies:
Ensuring that the business connuity policy and
business connuity objecves are established and
are compable with the strategic direcon of the
organizaon.
The business connuity policy should be:
Be available as documented informaon
Be communicated within the organizaon
Be available to interested pares, as appropriate.
Ensure that the responsibilies and authories for
relevant roles are assigned and communicated within
the organizaon, with emphasis on the responsibility
and authority for:
Ensuring that the BCMS conforms to the
requirements of the document
Reporng on the performance of the BCMS
The business impact analysis (BIA) will also be the
cornerstone of any risk management program liable to
prepare for, respond to, and recover from disrupons
this year. Here, organizaons should use this process for
analyzing business impacts to determine their priories
and requirements.
According to best-pracce standard, ISO 22301, that
process should involve the following:
Dene the impact types and criteria relevant to the
organizaon’s context
Idenfy the acvies that support the provision of
products and services
Use the impact types and criteria for assessing the
impacts over me resulng from the disrupon of
these acvies.
Idenfy the me frame within which the impacts of
not resuming acvies would become unacceptable to
the organizaon
Set priorized me frames within the me idened in
For resuming disrupted acvies at a specied
minimum acceptable capacity
Use this analysis to idenfy priorized acvies
Determine which resources are needed to support
priorized acvies
Determine the dependencies, including partners and
suppliers, and interdependencies of
priorized acvies.
5
Calculang the ROI of Business Connuity Management: Digital strategies and soware to get your money’s worth
These measures feed into the business connuity plan
(BCP). The BCP provides guidance and informaon to
assist teams to respond to a disrupon and to assist the
organizaon with response and recovery. Again, according
to best-pracce guidance, that plan should include the
following components:
The purpose, scope, and objecves
The roles and responsibilies of the team that will
implement the plan
Acons to implement the soluons
Supporng informaon needed to acvate (including
acvaon criteria), operate, coordinate, and
communicate the team’s acons
Internal and external interdependencies
The resource requirements
The reporng requirements
A process for standing down
It’s not enough, however, to simply develop a BCP.
Reviewing and tesng the plan is crucial, too, to evaluate
suitability, adequacy, and eecveness of its business
impact analysis, risk assessment, strategies, soluons,
plans, and procedures.
How to do it? Organizaons will need to undertake
evaluaons through reviews, analysis, exercises, tests,
post-incident reports, and performance evaluaons.
From there, rm should also conduct evaluaons of the
business connuity capabilies of relevant partners and
suppliers. Other measures include:
Evaluang compliance with applicable legal and
regulatory requirements, industry best pracces, and
conformity with its own business connuity policy
and objecves
Updang documentaon and procedures in a mely
manner, e.g., at planned intervals, aer an incident or
acvaon, and when signicant changes occur
ROI-enhancing digital soware investments to help run every
aspect of business connuity eortlessly
Best-pracce strategies are only one part of the ROI
calculus. Digital business connuity management soware
is the other.
Not all such plaorms enhance ROI. Instead, praconers
will have to do due diligence to scout plaorms that
automate key business connuity management funcons,
to make business connuity planning and management
easy by applying industry standards drawn from the latest
versions of ISO 22301, ISO 22313, and ISO 22317.
The aim, here, should be to increase ROI with a plaorm
that helps managers and execuves determine disrupon
impacts and develop plans and recovery strategies to
address risks. ROI is also derived from plaorms that scale
up to any incident and back down to business as usual.
When it comes to enhancing ROI, what other soware
capabilies maer? We suggest the following:
Business impact analysis. Built-in BIA tools
provide a step-by-step process to idenfy
crical acvies, determine maximum
periods of disrupon, assess the risk and
impact of disrupons, collect and document
recommendaons, and report across the
business.
Find gaps easily. Collecng and aggregang
data to highlight any crical acvies, processes,
assets, and resources lacking recovery strategies
as well as untested recovery strategies that put
the business at risk.
Monitor crical dependencies. Quickly idenfy
dependencies between business acvies and
supporng assets or vendors and stay informed
when one is at risk.
A central locaon for all plans. Business
connuity plans, recovery strategies, and crisis
response plans can all be developed, tracked,
and reviewed to ensure opmal coverage.
Bale-test your recovery strategies.
Supports tests and exercises to help business
connuity and crisis teams rene and improve
their response.
Integrated crisis and incident management.
Built with crisis management principles to
include response teams and embedded
nocaons workows.
Acvies, process registers, and dependency
dashboards. Get a consolidated view of all
business acvies, crical dependencies, or the
status of BIAs to stay up to date and make beer
informed decisions.
Contact, asset, and vendor management.
Manage key details of sta, contractors,
customers, suppliers, regulators, and external
pares. See reliant acvies and related recovery
strategies at-a-glance, to know which ones are
potenal risks to the business.
Monitoring dashboards. Display key informaon
where (and when) it’s needed using exible
dashboards, analycs, and reporng that caters
to stakeholders.
6
Meet the next-generaon tool for corporate crisis and
business connuity management teams to collaborate, plan,
track their response, and share informaon. Built on the
Noggin Core plaorm, Noggin Business Connuity gives
response teams and decision makers the tools to know what’s
happening, collaborate quickly and eecvely, make beer
decisions, and enact the right plans to take acon when it
counts the most.
The Noggin Business Connuity soluon pack is backed by
the Noggin Library with hundreds of plans and best-pracce
workows, out of the box, and installed in minutes.
for Business Connuity
To learn more,
visit: www.noggin.io
or contact: sales@noggin.io
MAR-231
Sources
i. Allianz Global Corporate & Specialty: Allianz Risk Barometer 2022. Available at hps://www.agcs.allianz.com/content/dam/onemarkeng/agcs/agcs/
reports/Allianz-Risk-Barometer-2022.pdf.
ii. Ibid.
iii. Ibid.
iv. Sundeep Ravande, Forbes: Unplanned Downme Costs More Than You Think. Available at hps://www.forbes.com/sites/
forbestechcouncil/2022/02/22/unplanned-downme-costs-more-than-you-think/?sh=d60c93636f7e.
v. Laura DiDio, Tech Channel: The Cost of Enterprise Downme. Available at hps://techchannel.com/IT-Strategy/09/2021/cost-enterprise-downme.
Like what you read? Follow Noggin on social media
@teamnoggin facebook.com/teamnoggin linkedin.com/company/noggin-it
Finally, business connuity is in vogue now. But
execuves have long doubted whether they’re geng
their money’s worth.
Further, there’s reason to believe that this thinking will
return as the acute crisis phase of the pandemic recedes
and recessionary storm clouds come into view.
Business connuity praconers, in their turn, will have
to get comfortable speaking the language of ROI, geng
acquainted with how much unplanned disrupon will cost
the business.
From there, praconers can make execuve-targeted
arguments for business connuity ROI.
wROI, here, won’t just come from strategies but also from
business connuity management soware soluons, like
Noggin, that help companies get the best bang for their
buck by running every aspect of the program eortlessly
as well as ramp up during moments of crisis and back
down to business as usual.