hi
For purposes of this survey, please consider the following definitions:
Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats—if realized—might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities. Source: Business Continuity Institute (a global BC Practitioner organization) glossary.
GRC Capability refers to an entity's capability of people, process and technology to address the governance, management and assurance of performance, risk and compliance in an integrated fashion. GRC Capability supports the achievement of Principled Performance, defined by OCEG as the reliable achievement of objectives while addressing uncertainty and acting with integrity.
1. Does your organization have a defined business continuity management (BCM) program today? *This question is required.
- Yes
- No
- I don't know
2. Do you consider BCM a GRC related discipline? *This question is required.
- Yes
- No
- I don't know
3. Do you think there is value in BCM and GRC integration? *This question is required.
- Yes, alot
- Yes, some
- No
- I don't know
4. Is BCM integrated or involved with your organization's GRC capability? *This question is required.
- Yes, extensively
- Yes, but only partially
- No and we have no plans to do so
- No but we plan to do so within 2 years
- No but we probably will do so eventually
Select all that apply
5. Which BCM program activities should integrate with GRC? *This question is required.
- BCM risk assessment
- Business Impact Analysis (BIA)
- BCM plan management
- BCM program compliance
- Reporting to stakeholders on BCM program performance
- BCM policy management
- Vendor BCM qualification and management
- Tracking BCM Program corrective actions
- Operational/department process knowledge
- Mapping BCM program to strategic objectives
- BCM involvement in strategic planning
- I don't know
- Other Please enter an 'other' value for this selection.
Select all that apply
6. How can GRC support BCM (what value can BCM derive from integration with GRC)? *This question is required.
- Improve executive level support and visibility
- Expand understanding of risk management
- Identify risk correlations/concentrations and quantify risk exposure
- Improve BCM program governance/oversight
- Improve alignment to organizational objectives
- Demonstrate value of BCM in achieving objectives
- Motivate greater compliance to BCM policies
- Provide compliance services
- Provide integrated technology for GRC-related activities
- I don't know
- other Please enter an 'other' value for this selection.
Select all that apply
7. How can the organization benefit from BCM and GRC integration? *This question is required.
- Improved alignment of business activities to organization's strategic objectives
- Improved reliability of achievement of objectives
- Improved management of uncertainty
- More standardized and integrated risk management
- More effective identification of threats, requirements and opportunities
- Improved sharing and transparency of information
- Reduction in redundant activities and cost
- Improved assurance and value to stakeholders
- Improved organizational resilience and agility
- I don't know
- other Please enter an 'other' value for this selection.
Select all that apply
8. What framework/standard might you use (for internal alignment and/or external certification) for BCM and GRC integration? *This question is required.
- OCEG GRC Capability Model (Red Book)
- ISO 22301 (Business Continuity)
- ISO 27001 (Information Security)
- ISO 31000 (Enterprise Risk Management)
- COSO ERM
- Industry specific standards and guidance
- None
- I don't know
- Other Please enter an 'other' value for this selection.
9. What are barriers to leveraging more value from/integrating BCM and GRC? *This question is required.
Select all that apply
- Lack of common framework/methodology/terminology
- Lack of executive sponsorship or directive
- Lack of common/shared data and applications
- Lack of incentives or penalties
- Lack of awareness of what BCM does
- Lack of awareness of what GRC does
- Lack of knowledge of how to integrate BCM and GRC
- Lack of of perceived value
- Lack of resources to execute
- A siloed/defensive mentality
- I don't know
- Other Please enter an 'other' value for this selection.
10. What type of technology or software does your organization most commonly use for BCM? *This question is required.
- BCM software as a service model
- BCM software installed at organization
- Word processing, generic spreadsheets and document management tools
- None of the above
- I don't know
- Other or Combination as noted Please enter an 'other' value for this selection.
11. Does your organization use one BCM technology or software or multiple versions (meaning from more than one vendor or multiple versions purchased from the same vendor by different parts of the organization)? *This question is required.
- One unified across the entity
- Multiple types but only one version of each across the entity
- Multiple versions of multiple types
- I don't know and there is no easy way to know
- I don't know
12. Does the technology or software your organization use for BCM integrate with what the organization uses for GRC needs? *This question is required.
- Yes, fully
- Yes, partially
- No
- I don't know
No hay comentarios:
Publicar un comentario