manage risk: building an effective business continuity and disaster recovery plan

Presented byTom Hunt, AFPBob Stark, KyribaDr. Mark Zecca, Kyriba

Wednesday, April 20th, 2016

© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.

Today’s Presenters

Mark Zecca, Ph.D.SVP, Cloud Services and EngineeringKyriba Corporation

Bob StarkVice President, StrategyKyriba Corporation

Tom Hunt, CTPDirector, Treasury ServicesAssociation of Financial Professionals

© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL. 3

Today’s Discussion

Agenda

What is Business Continuity?

Planning for loss conditions in Treasury

Evaluating Technology to Support Business Continuity

BCP takeaways


Importance of Business Continuity

• Latest Treasury in Practice (TIP) Guide: Business Continuity Plan

• Important addition to the TIP series as most Treasurers do not plan well enough to cover all loss conditions

• Based on member feedback• New areas to focus on


Business Continuity

Disaster Recovery is a component of a Business Continuity Plan (BCP)

Collaborative organization-wide exercise, often led by CIO / CTO / CISO

BCP (for treasury) must take into account unique treasury requirements1) Treasury must have seat at the planning table

2) Treasury must understand BCP vocabulary


Emergency condition: a situation which creates a threat to the continued functioning of the company

Weather, fire, equipment failure, terrorist or hazardous conditions

Facilities no longer accessible or inhabitable, or business operations can not proceed as normal

Creates immediate need for action to begin to restore operations back to a normal condition

Emergency Condition


Business Continuity Defined

Emergency Response Action Plan (ERAP)

0 - 72 hours

Disaster Recovery Plan (DRP)3 - 30 days

Business Continuity Plan

Business Continuity Plans have multiple components, executed over initial days of an emergency condition

Business Continuity & Continuance (BCC)

30+ days


Business Continuity

Loss Condition Scenario

1) Loss of personnel Treasury team wins the lottery and tenders resignation from a beach

2) Loss of facilities Company offices unusable

3) Loss of services Company offices lose key services such as power or internet

4) Loss of access Unable to reach company offices if there is a snowstorm


Business Continuity

Loss of Personnel

Scenario Treasury team leaves

Goal Train new team quickly - minimize disruption to treasury

Required Solution Standardized templates, processes, workflows • Speeds up onboarding of new employees • Eliminates reliance on a single employee's expert

knowledge or custom spreadsheets• Ensures consistency of information • Single repository for data and documents


Business Continuity

Loss of Facilities

Scenario Company offices are disable and can’t be accessed

Goal Perform treasury from other company locations

Required Solution 1) The Cloud • Datacenters for Cloud TMS reside in different locations

than company offices, so treasury system still operates2) Standardized workflows• Same workflows can be run anywhere in the world by

authorized users• Visual workflow maps require less documentation for

colleagues taking on new roles, completing new tasks


Business Continuity

Loss of Services

Scenario Company offices lose key services e.g. power, internet

Goal Perform treasury from alternate locations e.g. Starbucks

Required Solution 1) The Cloud • Treasury system continues to run outside your offices

2) Mobile• Treasury system can be accessed via mobile device

and/or low speed web connection3) Security• Additional security can be implemented for access

outside of company office


Business Continuity

Loss of Access

Scenario Treasury cannot get to the office in a giant snowstorm

Goal Perform treasury activities from home


2) Mobile• Treasury system can be accessed via mobile device,

really old desktop and/or low speed web connection3) Security• Additional security can be implemented for access



Additional Scenarios

Fraud & Cybercrime

1) Organization hit by cybercrime

2) Organization discovers internal fraud

Business Continuity


Business Continuity

Fraud Organization hit by Cybercrime

Scenario Likely loss of services and access to company computers

Goal Perform treasury activities from alternate locations


2) Mobile• Treasury system can be accessed via mobile device,

really old desktop and/or low speed web connection3) Security• Additional security can be implemented for access



Business Continuity

Fraud Organization discovers internal fraud

Scenario Unauthorized payment was caught by the bank

Goal Immediate update of treasury policies, workflows

Required Solution 1) Security• Immediate password change to treasury systems• Review audit trails• Disable suspicious users

2) Controls• Add additional approvals• Change segregation of duties

Evaluating Technology to Support BCP


Treasury system providers plan to avoid service disruptions

Datacenter locations are in low risk areas

One datacenter will backup another, with full replication– “Full replication” = data, bank connections, ERP interfaces, login protocols, etc.



Two key metrics in disaster recovery:

– Recovery Time Objective (RTO): how much time is lost

– Recovery Point Objective (RPO): how much data is lost


* Treasury’s RTO/RPO will be very different than rest of organization


When evaluating treasury technology, consider:

SLA – especially RTO/RPO/availability metrics

SOC2 Type II report (read it!)

What exactly is replicated – data, interfaces, security, URL?

Locations of primary and backup datacenters

In the cloud - Fully virtualized w/ no additional plug-ins

Security – flexibility based on where software is accessed

Costs to manage internally


Business Continuity in practice


Business Continuity Takeaways

Effective planning includes:

Determine Critical Assets

IT Calling Trees - Banks, Vendors, etc.

Who can put it in action

Weakest link (not just brick and mortar anymore)

Think security

Test your Plan!

22© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.

Business Continuity Takeaways

Treasury’s primary challenges

Collaborating with teams that don’t understand treasury’s requirements

Planning for all ‘treasury’ loss conditions

When processes are manual, difficult to replicate processes and reporting

Even though cloud technology can help avoid ‘disaster’, not always easy to quantify ROI


Additional Resources

AFP Treasury in Practice Guide: Business Continuity Planning: Why Treasury Needs a Plan B

Download the Report >>

http://info.kyriba.com/AFP-TIP-Guide-KDC?utm_source=SS&utm_medium=WBN&Utm_campaign=BCPwbnAFPguide

24© 2016 Kyriba Corp. All rights reserved. PROPRIETARY & CONFIDENTIAL.

Thank You For Attending

facebook.com/kyribacorp

twitter.com/kyribacorp

linkedin.com/company/kyriba-corporation

youtube.com/kyribacorp

slideshare.com/kyriba

kyriba.com/blog