Treasury Board of Canada Secretariat
www.tbs-sct.gc.ca
Common menu bar links
Breadcrumb Trail
Institutional links
Chief Information Officer Branch
IT Project Review and Oversight
Enhanced Management Framework
ARCHIVED - A Guide to Effective Business Continuity in Support of the Year 2000 Challenge
This page has been archived.
Archived Content
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
3.0 Identify
In order to initiate and feed the business continuity process with essential information, departments must identify those risks that may impact the achievements of the technical (compliance) and functional (business continuity) objectives. The absence of clear risk identification will lead to an unfocused business continuity process and the possible inability of departments to respond to crises.
3.1 Process
Note: This risk identification activity is based on the
SEI
"Identify" process [CRM Guidebook,
Chapter 4, Page 27].
The objective of the risk identification step is to locate risks that may impact the ability of the department to convert their Year 2000 susceptible assets before they become problems and to ensure business continuity. The step includes the identification of risks through the use of a taxonomy questionnaire and the documentation of these risks in Risk Identification Sheets. That information will then be fed into the analysis phase where risk attributes will be defined and documented.
3.2 Data Flow
Figure 4 – Identify Data Flow
The following data inputs are required (shaded boxes is not included):
Input
| Data Input | Description |
|---|---|
| Year 2000 Taxonomy | The Year 2000 taxonomy is the main tool used to support risk identification. It consists of a series of questions that highlight important aspects of a Year 2000 project. |
| Prioritized Business Functions | A functional decomposition is primarily conducted to help identify risks by allowing participants to relate them to specific business functions (unless the risk is high level, affecting all aspects of the project). A prioritized list of business functions will assist in analyzing and ranking the risks or related business continuity activities. |
| Asset Mapping | Asset mapping is essentially a list of assets (susceptible or not) that support a specific business function. The asset mapping will help the risk identification activity by allowing participants to relate risks to specific assets (unless the risk is high level, affecting all aspects of the project). |
Output/Deliverable
The deliverables for this task include:
- A set of risk information sheet(s) that can be used to document each risk;
- A function prioritization and asset mapping document; and
- Business continuity artifacts, such as contingency plans, crisis response plans and business resumption plans.
3.3 Techniques and Tools
Table 4 provides a summary of the techniques and tools used for this step. Details of the techniques and tools can be found in the appendices or in the referenced documents.
| Activity | Techniques and Tools |
|---|---|
| Business Function Prioritization |
|
| Asset Mapping |
|
| Identify |
|
| Identify Business Continuity Artifacts |
|
3.4 Guidelines and Tips
The following are guidelines and tips that can facilitate the performance of this step.
- Involve all stakeholders in the risk identification step;
- Involve the governance structure quickly because most organizations have not been adept at cross-functional business function prioritization and decisions will be required;
- State risks in objective terms, making sure that there is a potential negative impact on the Year 2000 Project and/or business continuity objectives of the department;
- Conduct periodic risk identification at the end of major milestones, phases or activities;
- Identify owners for functions and assets. Function owners are responsible for the continuity of their functions. Assets owners are often those individuals that will be tasked to oversee/perform the conversion of these assets.
- Ask business function owners to score their respective business functions against the TBS criticality criteria and obtain initial list. Use groups and pair-wise comparison techniques to finalize ranking;
- Ensure that the risk statement and context information are clearly and objectively stated;
- Use existing business models within the department as a starting point to developing a business model in support of this process;
- Stay focused on the Year 2000 mission. The need is not for a perfect business model but for a list of business functions that can be associated to assets and can be assigned to specific individuals;
- Coverage (i.e. all business functions) is more important than details (depth of the decomposition);
- Let business function owners do the first asset mapping; use groups, including technical individuals, to validate the asset mapping;
- Focus on asset mapping coverage first (identify as many assets as possible), refine as conversion progresses; and
- Involve legal personnel to determine department's liabilities.
