Business

continuity
and resilience
Business Continuity Management

March 2022

kpmg.com/ae
kpmg.com/om
Navigating
uncertainty
Business continuity management
(BCM) is the organization’s capability
to continue the delivery of products or
services at pre-defined acceptable levels
following a disruptive event.

KPMG’s BCM services in the UAE can

help build an organization that is prepared
for crises. Our effective risk and resilience
management program is built on leading
industry standards—ISO 22301:2019—and
the UAE’s national emergency crisis and
disaster management authority (NCEMA).

BCM can transform your organization and

empower you to tackle your business
continuity risks by proactively identifying,
analyzing and managing those risks.

KPMG’s primary focus is protecting

your people, reputation, assets and
operations in a compliant and value
enhancing manner.
Business continuity and
organizational resilience
– an integrated approach
In today’s rapidly evolving and dynamic business environment, an
integrated approach towards risk and resilience is key to effectively
managing threats to the business environment. This tailor-made
approach supports management to be risk ready at all times.

Risk management
Managing risks within an organization regardless of its size, activity
or sector. These include enterprise risk management, operational
risks, as well as other risk related disciplines within the organization.

Supply chain continuity

Supply chain continuity management considers issues faced
by organizations with respect to the continuity of the supply of
resources and their ability to deliver products and services.

Information communications and technology (ICT) continuity/

disaster recovery

Supports management to deal with the continuity of information

and communication infrastructure if the ICT is disrupted.

Crisis management and communication

Helps management in planning, establishing, operating, maintaining
and improving their organization’s crisis management capability.

Other pillars of resilience

Organizations may have other pillars of resilience which can be
considered for optimal business continuity planning. These include
legal and regulatory risk, health and safety environment (HSE) risks
and others.

Business continuity and resilience 3

The need for BCM
Cyber attacks
New security gaps, attacks and incidents are revealed daily. Due to the rise
of digitalization, information technology (IT) systems have played a key role
in the realization of corporate processes. It is estimated that up to 20% of
global value creation is lost through cybercrime such as fraud and espionage.
Faults in IT can lead to the failure of the entire process chain, as well as the
overall failure of operability.

Human error
Intentional or unintentional mistreatment of employees can also lead to
business failure. Manual error is one of the most common reason for failure
of IT systems. This is often undetected due to weak authorization concepts,
missing monitoring or inadequate escalation processes.

Terrorist attacks
Unexpected events such as terrorism can have a devastating impact on
businesses. These include damages to infrastructure and stocks, failure of
IT systems, and loss of suppliers. The aftermath of such attacks poses major
challenges to resume normalcy.

Natural disasters
Global disasters, exacerbated by climate change, hurricanes, floods and wildfires
continue to cause heavy financial losses and disruption to operations worldwide.
The interconnectedness of today’s business across geographies continues
to have a domino effect across companies, supply chain and partners.
Additionally, the impairment of communication networks, access to
workplace and employee availability results in the inability to operate a
business where sufficient mitigation measures do not exist.

Covid-19
The pandemic created unprecedented disruption in our lives and the global
economy. The speed at which events continue to evolve is unparalleled: the
public health crisis, government responses, changes in our daily lives and the
implications for the respective economies and businesses. Some of the key
effects on business include:
— Fraud risks
— Cyber crime
— Economic downturn
Benefits of BCM to your organization
Improve crisis and Reduce major surprises through business
business continuity readiness impact analysis (BIA) and risk assessment
— A robust framework to prepare, respond, manage — A ssess and evaluate key critical processes,
and recover from the crisis and manage critical operations, functions and assets of the business
business operations as per business impact analysis — Analyze and quantify the business impact due
— Adequate controls to mitigate damage and to disruption
respond to crises — Take interdependencies and resource
— Assessment of relevant crisis scenarios and ideal requirements into top management’s
response and mitigation mechanisms for each crisis consideration
— Identify, assess and mitigate critical risks

Enhance organizational resilience Enable Strategic Decision making

— A
 BCM policy and procedure to set the tone and — Make informed and monitored decisions
standards for ensuring organizational resilience based on risk assessment and business
— Embed a risk and resilience culture across continuity parameters
the organization

Management viewpoint

The CEO’s perspective The CFO’s perspective The CIO’s perspective

Competitive advantage Cost efficiency The contribution of IT
— C
 an we secure the operation — A
 re the damages caused by a — Is the role of IT within the
without a tested plan and process failure known? BCM clearly defined?
maintain our business even
— S
 hould the focus be on — Have recovery time objectives
with a process failure?
insurance or the independent for essential IT systems been
— W
 hat impact would this have treatment of incidents? defined and coordinated with
on our company value? Our the departments?
— A
 re the existing BCM
employees? Our reputation?
solutions appropriate for — A
 re we sure we can resist
the cost-benefit effect? or react appropriately to a
cyber-attack?

Business continuity and resilience 5

 KPMG Business
Continuity
Management
(BCM) Framework
KPMG’s BCM framework offers a structured approach
towards conducting risk assessments and business
impact analysis. This is achieved through a detailed
BCM maturity assessment exercise based on the ISO
22301 standards and the UAE’s NCEMA guidelines.

KPMG adopts a synergized approach that includes

industry benchmarking for critical processes, and
statistics enabled derivation of business impact. This
supports in developing one of the best emergency
responses, business continuity and crisis
management plans.

Risk Response Optimization scope of

emergency response plan

Situation Risk High risk

investigation assessment threat events Emergency response
Business RTO\RPO strategy

Gap Business recovery

Minimum operating level strategy
analysis

Maturity Resource construction

evaluation Business Important Key resources strategy
impact business
analysis processes
Scope of business
Businesses relationships continuity plan

Risk management and

Structure and regulations Business continuity plan and emergency response
resource construction
How KPMG can help

Our industry-specific BCM The 4Di crisis simulator:

capabilities include: — A
 n innovative and versatile solution that enriches
1. B
 CM maturity assessment training environments to deliver immersive, challenging
and realistic crisis management simulations
2. B
 CMS development
— D evelopment of BCMS policy, — T
 he mobile platform operates on smart phones,
procedures and framework tablets and laptops and can be used globally with
— B usiness impact analysis an internet connection, whether at the same site or
— R isk assessment multiple locations
— B usiness continuity and crisis management — T
 he tool is used to deliver injects, record all action
plans with recovery strategies taken and facilitate communication between teams
— P lans development for business
continuity, emergency preparedness — Participants should record all decisions and courses
and crisis management of action in the tool to ensure their responses to the
— Assistance in testing and simulations to simulation can be thoroughly assessed
evaluate robustness of BCMS
Identify
3. ISO22301 readiness assessment and
— Key stakeholders
certification assistance
— Key risks
4. BCM audits/reviews

5. Disaster recovery management development Design

— Severe but plausible scenario
6. BCM training
— Master events/injects lists (MEL/MIL)
7. BCMS automation and technology adoption
Deliver
— Key findings and lessons learnt
— Recommendations

Report
— Interactive exercise depending on maturity

Business continuity and resilience 7

KPMG’s key
differentiators
Industry focus and experience
A vast experience of working across several industries.
KPMG’s BCM teams in the UAE have assisted large
multinational businesses and public sector organizations to
implement sustainable BCM initiatives.

Benchmarking and industry insight

KPMG member firms are connected by a global BCM
centre of excellence (CoE) which pioneers initiatives such
as facilitating thought leadership, developing content for
mobile applications for crisis management. It also enables
the sharing of leading practices and learnings.

Credentials and capabilities

KPMG BCM teams in the UAE comprise of 20+ certified
British Certification Inc. (BCI), ISO22301, BS25999 and
disaster recovery institute (DRI) professionals who have
assisted multiple organizations in developing an enterprise-
wide business continuity. We have also helped numerous
clients get their ISO 22301 certification.

Leading methodology and tools

KPMG enjoys long standing partnerships with leading
governance, risk and compliance (GRC) service providers.
We assist clients with the automation and broad
implementation of GRC-related technology tools tailored to
their organization’s requirements.
Business continuity and resilience 9
Contact us

Siddharth Behal Nagaraj Uchil

Partner Director
Governance, Risk and Compliance services Governance, Risk and Compliance services
KPMG Lower Gulf Limited KPMG Lower Gulf Limited
E: siddharthbehal@kpmg.com E: nagarajuchil1@kpmg.com

Ishan Rangwani
Associate Director
Governance, Risk and Compliance services
KPMG Lower Gulf Limited
E: irangwani@kpmg.com

www.kpmg.com/ae
www.kpmg.com/om

Follow us on:

@kpmg_lowergulf

The information contained herein is of a general nature and is not intended to address the
circumstances of any particular individual or entity. Although we endeavor to provide accurate
and timely information, there can be no guarantee that such information is accurate as of the
date it is received or that it will continue to be accurate in the future. No one should act on
such information without appropriate professional advice after a thorough examination of the
particular situation.
© 2022 KPMG Lower Gulf Limited, licensed in the United Arab Emirates, and a member
firm of the KPMG global organization of independent member firms affiliated with KPMG
International Limited, a private English company limited by guarantee. All rights reserved.
Designed by Creative UAE
Publication name: Business continuity and resilience
Publication number: 3938
Publication date: March 2022