#cbizmhmwebinar 1

CBIZ & MHM Executive Education Series™

Building an Actionable and Easy-to-Implement Business Continuity Plan Mark Madar March 31, 2016

#cbizmhmwebinar 2

About Us

• Together, CBIZ & MHM are a Top Ten accounting provider • Offices in most major markets • Tax, audit and attest* and advisory services • Over 2,900 professionals nationwide

A member of Kreston International A global network of independent accounting firms

*MHM is an independent CPA firm providing audit, review and attest services, and works closely with CBIZ, a business consulting, tax and financial services provider.

#cbizmhmwebinar 3

Before We Get Started…

• To view this webinar in full screen mode, click on view options in the upper right hand corner.

• Click the Support tab for technical assistance.

• If you have a question during the presentation, please use the Q&A feature at the bottom of your screen.

#cbizmhmwebinar 4

CPE Credit

This webinar is eligible for CPE credit. To receive credit, you will need to answer periodic participation markers throughout the webinar. External participants will receive their CPE certificate via email immediately following the webinar.

#cbizmhmwebinar 5

Disclaimer

The information in this Executive Education Series course is a brief summary and may not include all

the details relevant to your situation.

Please contact your service provider to further discuss the impact on your business.

#cbizmhmwebinar 6

Presenter

Mark has 22 years of experience in business continuity and disaster

planning with organizations of all sizes in the financial, manufacturing,

insurance, technology and professional services industries.

He is a member of CBIZ’s Risk & Advisory Services practice, providing

leading-edge consulting services to help organizations navigate the

complexities of controlling their business.

216.525.1956 • mmadar@cbiz.com

MARK MADAR National Director

#cbizmhmwebinar 7

Agenda

Why Create a Business Continuity Plan? 01

02 Different Types of Plans

03 The Business Continuity Plan Life Cycle

04 Looking Ahead

05 Questions?

#cbizmhmwebinar 8

WHY CREATE A BUSINESS CONTINUITY PLAN?

#cbizmhmwebinar 9

Planning to Meet Expectations

Clients, regulatory agencies and Board Committees are seeking to mitigate risk.

• Organizations are being asked to demonstrate their abilities in the following areas: • Develop plans that will address widespread events and

disruptions • Ensure personnel are trained on the plan • Store plans and critical files remotely for easy access • Communicate with clients and employees • Update plans regularly • Test regularly

#cbizmhmwebinar 10

How Would You React?

How do you RESPOND

to an incident?

How do you RECOVER from an

incident?

#cbizmhmwebinar 11

Having a Plan to Deal with the Unexpected…

A process whereby businesses can • Respond to an incident • Recover critical business

operations when confronted with adverse events such as natural disasters, technological failures, human error or other unplanned incidents.

#cbizmhmwebinar 12

Having a Plan to Deal with the Unexpected…

More simply described… It is a coordinated strategy involving plans that assures your business has the ability to continually meet your customers’ needs if faced with an unplanned business disruption.

#cbizmhmwebinar 13

Why Have a Plan?

• Reduce reliance on key personnel • Protect assets • Increase safety of all personnel • Minimize decision-making during

the recovery • Reduce delays during the recovery

process • Provide a sense of security • Limit potential exposure and

reduce legal liability • Provide organizational stability

#cbizmhmwebinar 14

Why Have a Plan?

• Maintain continuity of operations, stay in business!

• Maintain customer service • Relocate critical operations quickly • Minimize financial losses • Reduce disruptions to critical

operations • Achieve an orderly recovery • Comply with legal, contractual,

audits, and government regulations

#cbizmhmwebinar 15

DIFFERENT TYPES OF PLANS

#cbizmhmwebinar 16

Different Types of Plans

Incident Management

Plan Response &

Communication

Business Continuity Plan

Business Recovery

IT Disaster Recovery Plan

Technology Recovery

Evacuation Plan

Life and Safety

Procedures

#cbizmhmwebinar 17

Incident Management Plan

• Incident Management Team & Roles • Reference Life/Safety Procedures • Responding to an Incident-Tasks & Assignments • Damage Assessment Procedures • Declaring An Incident • Command Center/Alternate Work Site Location • Communication Planning- Notification Procedures • Initiate BCP Recovery Team

#cbizmhmwebinar 18

Business Impact Analysis (BIA)

• Interview key business process owners and leadership within the company to identify functions, risks and recovery objectives.

• Document findings by functional areas-departments • Identify recovery strategies • Summarize approach into Business Continuity Plan

#cbizmhmwebinar 19

Business Continuity Plan

• Assigned BCP Recovery Team & Roles • Prioritized Critical Functions & Recovery Time Objectives • Critical Roles, Assignments, Backup Lead/Staff Resources • Critical IT Equipment, Systems & Data Files-Prioritized • Loss of Facility-Alternate Work Space Strategy • Loss of Vendor/Service Provider Dependencies Strategy • Loss of People Strategy • Loss of Technology Strategy

#cbizmhmwebinar 20

IT Disaster Recovery Plan

• IT Infrastructure Overview • Systems Overview • IT Recovery Strategies • Inventories • System Recovery Procedures • Tasks & Assignments • Technical Specifications • Vendor Dependencies

#cbizmhmwebinar 21

Usability

Is the implementation of the Plan easy-to-understand by everyone? • Can Executive Management & Crisis Team easily assess the

emergency? • Do Department heads understand their roles during an incident? • Does the Plan prioritizes the most critical business functions?

(Controls unnecessary documentation) • Are testing/training programs in place to review overall readiness? • Are /procedures developed for manual processing? (Is recoverability

dependent on systems availability?) • Can procedures be followed by someone outside the critical

function? (You cannot expect availability of all subject matter experts during an incident)

#cbizmhmwebinar 22

Recoverability

The most important recoverability requirements are often defined by your customers (internally and externally). What are their expectations?

• Addresses requirement needs of clients and prospects – Business Continuity Planning and program maintenance is not an option with customers

• Must be an ‘Actionable’ plan – continued availability of your services and support that is verifiable

• Distinguishes you from your competitors

#cbizmhmwebinar 23

THE BUSINESS CONTINUITY PLAN LIFE CYCLE

#cbizmhmwebinar 24

Business Continuity Planning Life Cycle

PROJECT INITIATION

DISCOVERY – FUNCTIONAL

REQUIREMENTS

STRATEGIES

PLANNING

CRISIS COMMUNICAITON

EXERCISE / TESTING

MAINTAINING / UPDATING

TRAINING / AWARENESS

• What is in place today? • Define the Business Continuity Plan project

objectives and requirements, scope and cost. • Executive support • Identify BCP Team assignments • Establish Business Continuity policies

#cbizmhmwebinar 25

Business Continuity Planning Life Cycle

PROJECT INITIATION

DISCOVERY – FUNCTIONAL

REQUIREMENTS

STRATEGIES

PLANNING

CRISIS COMMUNICAITON

EXERCISE / TESTING

MAINTAINING / UPDATING

TRAINING / AWARENESS

• Identify client servicing needs and current regulation requirements

• Site / Operational assessment and interviews (Business Impact Analysis)

• What are the hazards / threats / vulnerabilities? (Risk Assessment)

• Key personnel interviews

#cbizmhmwebinar 26

Business Continuity Planning Life Cycle

PROJECT INITIATION

DISCOVERY – FUNCTIONAL

REQUIREMENTS

STRATEGIES

PLANNING

CRISIS COMMUNICAITON

EXERCISE / TESTING

MAINTAINING / UPDATING

TRAINING / AWARENESS

• Where will we go? • How will we operate? • What will we do for our employees?

#cbizmhmwebinar 27

Business Continuity Planning Life Cycle

PROJECT INITIATION

DISCOVERY – FUNCTIONAL

REQUIREMENTS

STRATEGIES

PLANNING

CRISIS COMMUNICAITON

EXERCISE / TESTING

MAINTAINING / UPDATING

TRAINING / AWARENESS

Create Business Continuity Plans: • Crisis Management – Incident Response • Site / Operational Recovery • IT / Systems Recovery

#cbizmhmwebinar 28

Business Continuity Planning Life Cycle

PROJECT INITIATION

DISCOVERY – FUNCTIONAL

REQUIREMENTS

STRATEGIES

PLANNING

CRISIS COMMUNICAITON

EXERCISE / TESTING

MAINTAINING / UPDATING

TRAINING / AWARENESS

• Who approves the messages and when are they published?

• How will we communicate to the media? • How will we communicate with employees? • How will we communicate with customers?

#cbizmhmwebinar 29

Business Continuity Planning Life Cycle

PROJECT INITIATION

DISCOVERY – FUNCTIONAL

REQUIREMENTS

STRATEGIES

PLANNING

CRISIS COMMUNICAITON

EXERCISE / TESTING

MAINTAINING / UPDATING

TRAINING / AWARENESS

• How often do we test? • Who will be involved? • What are the objectives? • Follow-up and lessons learned • Tabletop Exercise for developed Plans

#cbizmhmwebinar 30

Business Continuity Planning Life Cycle

PROJECT INITIATION

DISCOVERY – FUNCTIONAL

REQUIREMENTS

STRATEGIES

PLANNING

CRISIS COMMUNICAITON

EXERCISE / TESTING

MAINTAINING / UPDATING

TRAINING / AWARENESS

• Who is responsible? • How often should it be updated? • How do we communicate changes to the Plan?

#cbizmhmwebinar 31

Business Continuity Planning Life Cycle

PROJECT INITIATION

DISCOVERY – FUNCTIONAL

REQUIREMENTS

STRATEGIES

PLANNING

CRISIS COMMUNICAITON

EXERCISE / TESTING

MAINTAINING / UPDATING

TRAINING / AWARENESS

• Training people for preparedness: • Home • Work

• Understand their roles in recovery • Understand the business commitment to

employees and clients

#cbizmhmwebinar 32

LOOKING AHEAD

#cbizmhmwebinar 33

Elements of an Actionable BCP Program

• Risk Evaluation Results and Controls • Business Continuity Defined

Strategies • Emergency Response and Operational

Procedures • Business Continuity Plans (Site

/Dept), IT DR Plans • Testing and Exercises • Awareness & Training Program • Public Relations & Crisis

Communication Procedures • Coordination with Public Authorities

#cbizmhmwebinar 34

An Ongoing Approach

This is a process, not just a project. • Annual risk assessment/BIA, plus plan reviews • Efforts for next year identified before your budget cycle • Annual testing of at least some aspect of the plan • Ongoing BCP coordination

#cbizmhmwebinar 35

Summary: Today (Year 1)

Focus on: • Assessing impacts and risks. • Establish crisis management-response

protocols to react to disruption. • Developing business recovery strategies

that respond to assessed risks and impacts.

• Testing strategies for viability, effectiveness, and to ensure solutions meet requirements.

#cbizmhmwebinar 36

Summary: Business Continuity Tomorrow

Evolve the Business Continuity Program to: • Utilize program as a way to establish risk control • Incorporate the program as part of business-as-usual and an

extension of normal operations rather than reactive project.

#cbizmhmwebinar 37

? QUESTIONS

#cbizmhmwebinar 38

If You Enjoyed This Webinar…

Upcoming Courses: • 4/13 & 4/20: First Quarter Accounting & Financial Reporting Issues Update

• 4/28 & 5/3: Eye on Washington – Quarterly Business Tax Update

Recent Publications: • Cyber Risk - Now, It IS the Daily News

• Invest in Specialty Skills and Other Tips for Internal Audit Planning

• Prepare for Anything: How to Build an Actionable Incident Response and Recovery Strategy

#cbizmhmwebinar 39

Connect with Us

linkedin.com/company/ mayer-hoffman-mccann-p.c.

@mhm_pc

youtube.com/ mayerhoffmanmccann

slideshare.net/mhmpc

linkedin.com/company/ cbiz-mhm-llc

@cbizmhm

youtube.com/ BizTipsVideos

slideshare.net/CBIZInc

MHM CBIZ

#cbizmhmwebinar 40

THANK YOU CBIZ & Mayer Hoffman McCann P.C. cbizmhmwebinars@cbiz.com