Professional Documents
Culture Documents
•How can you use KPIs and KRIs to present a defensible case for the
value and effectiveness of BCM to an executive audience?
•How can you use KPIs and KRIs to present a defensible case for the
value and effectiveness of BCM to an executive audience?
1 2 3
Source: The Real Business of IT: How CIOs Create and Communicate Value
Richard Hunter and George Westerman, October, 2009, Harvard Business School Press
Yes: "How will slightly longer response times affect the value proposition
as the paying customer perceives it?"
The board wants the most cost-effective level of resilience that the
enterprise requires to fulfill its mission.
Source: The Real Business of IT: How CIOs Create and Communicate Value
Richard Hunter and George Westerman, October, 2009, Harvard Business School Press
6 © 2018 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
•How can you use KPIs and KRIs to present a defensible case for the
value and effectiveness of BCM to an executive audience?
• Finance
• Purchasing Materials/Supplies Customers Business
• Sales • Legal • Facilities
• Finance • Business Processes
• Finance • Compliance • Supplier/Vendor Risk
Interest Rates • Business Continuity/Recovery
• Marketing Disciplines
Exposures
• Marketing
• Product Management Competition Specialties
• Purchasing Suppliers IT
• Sales
• Finance • Enterprise Architecture
Economy • Compliance • Project Management
• AppDev
• Finance • Privacy
• IT Disaster Recovery
Currency • Cybersecurity
• Sourcing
• Finance • Compliance
Compliance
Liquidity • AML
• Know Your Customer
• Finance
8 © 2018 Gartner, Inc. and/or its affiliates. All rights reserved.
Example 1: Supplier Outage
Manufacturing
Key supplier Inventory for Supplier On-
slows after
has a fire five days only Time Delivery
three days
•How can you use KPIs and KRIs to present a defensible case for the
value and effectiveness of BCM to an executive audience?
The Sales Opportunity Index shows how successfully the organization can cultivate prospects
for its products and services.
Definition
Sales Opportunity Index is a leading indicator of the level of demand for the company’s
Application products and services, and is typically updated monthly. The income statement account most
affected by the Sales Opportunity Index is revenue.
Potentially Market Share Index, Product Portfolio Index, Sales Cycle Index, Sales Close Index, Sales
Affected Primes Price Index and Forecast Accuracy
BIA update variance measures the number of BIAs that have been updated within a
predefined period of time; for example, 12 months. An updated BIA means a higher
Definition likelihood that business and IT recovery plans associated with the business unit will be up-
to-date with current business practices.
BIA update variance = Total number of BIAs updated within the prior 12 months
Calculation
Total number of BIAs for the business
In a 12-month period, ABC corporation had 110 BIAs updated based on 150 total BIAs for
Example the business.
BIA update variance = 110/150 = 73%
Potentially
Affected System performance, IT support performance, Service-level effectiveness
KPIs
R&D Success Index Product Design Less than 25% growth rate year over year in new products being
delivered with no single-source component
Systems Mission-Critical A 15% turnover rate every six months in identified key positions
Performance Personnel Turnover impacts mission-critical system stability and efficiency leads to
failure to meet internal or external SLAs and delays in recovery
from disaster
Agreement Mission-Critical Products/services that represent 30% or more of revenue that
Effectiveness System Downtime have not exercised their recovery plans within the last six months
leads to delays in meeting contractual obligations, SLAs and
recovery from disaster
Risk Management Related to bad management decisions % of critical business processes that
(All Industries) have had a risk assessment in the last
24 months
Business Continuity Bed mortality rates (risk of IT % of DR plans tested in the last 12
Management (Healthcare) automation in clinical operations) months
Vendor/Sourcing Risk Sales index (for prospects that have % of suppliers with approved security
(All Industries) data security requirements) controls frameworks
Integrity (All Industries) Financial integrity, partnership Defect rate attributable to integrity
effectiveness, engineering failures
effectiveness
Supplier on-time delivery measures the ability of the organization to select suppliers that can
meet its expectations regarding the time it takes to satisfy a specific order or service request.
Definition The metric is based on the organization's request date, not a negotiated date.
During the past seven days, ABC Computers received 200 supplier shipments, of which 150
met their requested delivery date.
Example
Supplier On-Time Delivery = 181 ÷ 200 = 90.5%
Potentially Time-to-Market Index, On-Time Delivery, Order Fill Rate, Cash-to-Cash Cycle Time,
Affected Conversion Cost and Asset Utilization
Primes
Single-source supplier availability measures the level of continuity available from mission-
critical, single-source suppliers. A stable and controlled supply chain reduces risk of
Definition manufacturing delays and outages, which can lead to breach of contractual obligations.
Out of 37 single-source suppliers, 11 have no BCM program, or one that requires more than 12
Example weeks to recover (12 weeks being your organization’s RTO).
Single-Source Supplier Availability = 17 / 37 = 46%
Potentially
On-Time Delivery, Supplier On-Time Delivery, Customer Retention Index, Order Fill Rate,
Affected
Service Performance
KPIs
Today 90.5%
Supplier On-Time Delivery KPI
2018 Goal 90%
90%
181 on-time suppliers / 200 total suppliers = 90.5% Risk-Adjusted KPI 87.5%
KPI Target = 90%
The company has visibility into negative factors and can act before revenue is lost, in this case, by identifying
single-source suppliers in their supply chain and making the corrections in the design process.
24 © 2018 Gartner, Inc. and/or its affiliates. All rights reserved.
Seven Guiding Principles for KRI Development
1 • KRIs should be quantifiable
Gartner’s Business
Risk Model can be
found here:
Program
Governance Program Scope Budgeting/Investing
Management
Business
Availability
Continuity Planning Organization
Framework
Architecture
Management
Communications/
Processes/Controls Exercising Execution
Awareness
Hype Cycle for Business Continuity Management and IT Resilience, 2017 (G00315161)
Prepare for and Respond to a Business Disruption After an Aggressive Cyberattack (G00275607)