This post will cover BCM maintenance which is a part of the Topic 4.6 Components of BCM Process
#30 YouTube
4.11.2 BCM Maintenance Maintenance tasks undertaken in Development of BCP
Question: Discuss the maintenance tasks undertaken in the development of a BCP in brief.
Answer:
Major maintenance tasks undertaken in development of a BCP are to:
Determine the ownership and responsibility for maintaining the various BCP strategies within the enterprise;
Identify the BCP maintenance triggers to ensure that any organizational, operational, and structural changes are communicatedto the personnel who are accountable for ensuring that the plan remains up-to-date;
Determine the maintenance regime to ensure the plan remains up-to-date;
Determine the maintenance processes to update the plan; and
Implement version controlprocedures to ensure that the plan is maintained up-to-date.
Mnemonics: Background:-
-->
[Motel/Hostel(for CA student) ke owner ne Baccho ko (Youth= Version Control) room rent pe diya tha, sari up-to-date facilities (a/c, food, etc) di hui hai aur bola k tumhe Maintain krke rakhna hai room.]
Mnemonic:
Motel के Owner ने Youth को Communicate करा था कि मेने तुम्हे सारी up-to-date facilities दी हुई है, ये तुम्हारी responsibility है कि तुम इसकी Maintenance करो। Youth = version control (for all mnemonics)
YouTube:
S H A R E
CA FINAL ISCA
CHAPTER-1 GMIS
MNEMONICS | MEMORY TECHNIQUE
#28 YouTube
1.12.5 Key Management practices for Assessing & evaluating the system of Internal Control
Module reference with Mnemonics
LINK: Mc Donalds vala i.e CA aur Article vala i.e CA aur Article McD ka Assess & evaluate krte hai system of Internal Control
CA Plan बनाता है और Scope बताता है Articles को कि कितना time & extent मे Audit करना है Articles उस Plan को Execute करते है। (1-3)
अब Articles Client (McD) का review करना start करते है, सबसे पहले BPC का review करते है, फिर Monitor करते है उनका internal Control (4-5)
अब articles को कुछ गलतियां मिली जो उन्होंने Principal को report करदी Principal (CA) ने McD के owner को बोला के तुम एक बार Self Assessment करलो varna मे रिपोर्ट qualify करदूंगा। Auditors independent होने चाहिए। (6-8)
Plan Assurance Initiatives: Plan assurance initiatives based on enterprise objectives and conformance objectives, assurance objectives and strategic priorities, inherent risk resource constraints, and sufficient knowledge of the enterprise.
Scope assurance initiatives: Define and agree with management on the scope of the assurance initiative, based on the assurance objectives.
Execute assurance initiatives: Execute the planned assurance initiative. Report on identified findings. Provide posit ve assurance opinions, where appropriate, and recommendations for improvement relating to identified operational performance, external compliance and internal control system residual risks.
Review Business Process Controls Effectiveness: Review the operation of controls, including a review of monitoring and test evidence to ensure that controls within business processes operate effectively.
Monitor Internal Controls: Continuously monitor, benchmark and improve the IT control environment and control framework to meet organizational objectives.
Identify and Report Control Deficiencies: Identify control deficiencies and analyze and identify their underlying root causes. Escalate control deficiencies and report to stakeholders.
Perform Control Self-assessments: Encourage management and process owners to take positive ownership of control improvement through a continuing program of self-assessment to evaluate the completeness and effectiveness of management's control over processes, policies and contracts.
Ensure that assurance providers are independent and qualified: Ensure that the entities performing assurance are independent from the function, groups or organizations in scope.
YouTube:
#31 YouTube (Practice Manual Question)
**Amendment**
What is the role of IT in enterprises? Explain the different levels of managerial activity in an enterprise.
Answer: Role of IT in Enterprises is as under:
Mnemonics:
Background: Murthal restaurant पुराना वाला है जो अब IT का use करने की सोच रहा है। IT का इस्तेमाल Murthal (enterprise) मे होने जा रहा है।
Story :
पहले Murthal रेस्टोरेंट हाथ से Billing करता था (Data processing) लेकिन अब IT को use करने से computerized होगया है। ये सिर्फ काम easy करने के लिए नहीं बल्कि इससे Competetive advantage भी है। [ Murthal और Haweli दोनो competition मे है ] अब IT के आने से काम तो change हुआ बल्कि उसे करने का तरीका भी change होगया e.g Vending Machines ; पहले खाना waiter लाते थे या जा के order करना पड़ता था, अब सिक्का डालो खाना निकालो (Transformed the way business processes are performed) ये Vending Machines से Internal control जैसे लगते थे वो तो change होगा ही बल्कि ये Innovation था strategic point of view से because (Staff कम लगेंगे इस काम मे तो salary भी बचेगी उनकी) अब इतनी Machines होंगी एक restaurant मे तो उसकी Value तो बढ़ेगी ही (जैसे Murthal का इतना नाम हो गया है, उसकी value increase होगयी है) ये सब करने लिए i.e Value increase करने के लिए Murthal को Extensive Organisation restructuring करनी पड़ेगी ( like: Construction, decoration etc.)
Module Answer:
In an increasingly digitized world, enterprises are using IT not merely for data processing but more for strategic and competitive advantage too. IT deployment has progressed from data processing to MIS to Decision Support Systems to online transactions/services: Billing
IT has not only automated the business processes but also transformed the way business processes are performed. IT is used to perform business processes, activities and tasks and it is important to ensure that IT deployment is oriented towards achievement of business objectives: Vending Machines
The extent of technology deployment not only impacts the way internal controls are implemented in an enterprise but also provide better and innovative services fromstrategic perspective: ये Innovation था strategic point of view से
An IT strategy aligned with business strategy ensures the value creation and facilitates benefit realization from the IT investments: जैसे Murthal का इतना नाम हो गया है
Extensive organization restructuring or Business Process Re-Engineering may be facilitated through IT deployments: Construction, decoration etc.
Explain the different levels of managerial activity in an enterprise.
The disaster recovery planning document may include the following areas:
The conditions for activating the plans, which describe the process to be followed before each plan, are activated.
Emergency procedures, which describe the actions to be taken following an incident which jeopardizes business operations and/or human life. This should include arrangements for public relations management and for effective liaisoning with appropriate public authorities e.g. police, fire, services and local government.
Fallback procedures, which describe the actions to be taken to move essential business activities or support services to alternate temporary locations, to bring business process back into operation in the required time-scale.
Resumption procedures, which describe the actions to be taken to return to normal business operations.
A maintenance schedule, which specifies 'how and when the plan will be tested', and the process for maintaining the plan.
Awareness and education activities, which are designed to create an understanding of the business continuity, process and ensure that the business continues to be effective
The responsibilities of individuals describing who is responsible for executing which component of the plan. Alternatives should be nominated as required.
Contingency plan document distribution list.
Detailed description of the purpose and scope of the plan.
Contingency plan testing and recovery procedure.
List of vendors doing business with the organization, their contact numbers and address for emergency purposes.
Checklist for inventory taking and updating the contingency plan on a regu ar basis.
List of phone numbers of employees in the event of an emergency.
Emergency phone list for fire, police, hardware, software, suppl ers, customers, back-up location, etc.
Medical procedure to be followed in case of injury.
Student Accessing needs 3}BCM Training
Study Designing & delivering trainings
ISCA Measuring Results
YouTube:
S H A R E
CA FINAL ISCA
CHAPTER 3 | POIS
PROTECTION OF INFORMATION SYSTEMS
Classification of IS Controls
Mnemonics | Shortcuts | Stories
Topic: 3.6 Classification of Information Systems Controls
3.6.1 Classification on the basis of "Objective of Controls"
Preventive
Detective
Corrective
Compensatory
In this post we are going to learn Classification of control on the basis of Objective of control with the help of Mnemonics following with the stories linked with them to help you remember the topic easily. Video Class will also be provided at the end of this post for further explanation & better understanding of the Mnemonics.
Mnemonics:
Helmet डालना compulsory है : COMPENSATORY
इससे Accident Prevent होता है : PREVENTIVE
अगर ना डाला हो तो पुलिस Detect कर लेती है :DETECTIVE
फिर चालान काट के Correct करती है। : CORRECTIVE
Now the Bunch line which links Preventive, Detective & Corrective characteristics & examples
[compensatory doesn't have any].
CA PRAVEEN को मिलने के लिए SARDARJI और SARDARNI ने POLICE से TAJ MAHAL मे जाने की request की।
Background: CA Praveen Taj mai ghumne aye the vahan pe Police security thi, sardarji aur sardarni ji ko ca praveen se milna tha.
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
MNEMONICS | MEMORY TECHNIQUE
#22 YouTube
Topic: Eight Phases of Business Continuity Methodology
Pre-planning activities (Business Continuity plan Initiation)
Vulnerability Assessment and General Definition of Requirements
Business Impact Analysis
Detailed Definition of Requirement
Plan Development
Testing Program
Maintenance Program
Initial Plan Testing & Plan Implementation
Mnemonics:
#1 Method :-
Laden Vala i.e. Laden के Face के America ने 8 टुकड़े कर दिए।
Laden ने अमेरिका पे attack करने के लिए सोचा Pre-Planning Activities करी।
उसने America की Vulnerability Assessment करी (देखा की ये time सही ह हमला करने क लिए)
वो ये चाहता था की उसका दुनिया पे Impact हो (अपना नाम करना चाहता था)
उसने detailed definition बताई requirements की (क्या क्या चाहिए था उसे e.g. Planes)
अब उसने Plan develop किया की क्या करना है और कैसे ( फुल fledged blueprint )
अब उसने उस Plan को test किया
देखा कुछ खराबी आयी है उसकी Maintenance की
अब सब सही था तो finally Implement कर दिया plan
S H A R E
CA FINAL
ISCA
CHAPTER 7: Information Technology Regulatory Issues
Topic: ITIL (Information Technology Infrastructure Library)
This is an important topic w.r.t Chapter 7 as a 4mark question can be seen in the exam very often.
Information Technology Infrastructure Library: v3s Library वाला
Bunch Line: Honda कंपनी का मालिक v3s Library से FM सुनता हुआ Pind balluchi के Event मे जा रहा था।
ITIL has 5 parts which are segregated as under:
SERVICE STRATEGY: FM वाला (FM vale service dene k liye Strategy banate hai) SERVICE DESIGN: Pind Balluchi वाला (Pind Balluchi ka alag design hai) SERVICE TRANSITION: Honda Co. vala (Honda co. ka Manual se Automatic mai transition hua) SERVICE OPERATION: Event management वाला (Event Mgmt vale thik se operation nhi kar paye isliye function k bad unka operation hogya) CONTINUAL SERVICE IMPROVEMENT: This doesn't have any points Take a look at the chart
SERVICE STRATEGY: FM वाला
पहले लोग FM नहीं सुनते थे क्योकि Business था और Relationship(सिर्फ काम करते थे और बीवी को संभालते थे)थी पर अब लोग IT Service Generation(technology बहुत use करते है)के है वो FM (FM पे ads ati है) सुनकर Demand (Management) करते है और Service Portfolio Management(ये भी लेना है वो भी लेना है)करते है। (Order if different)
Business Relationship Management
IT Service generation
Financial Management (FM)
Demand Management
Service Portfolio Management
SERVICE DESIGN: Pind Balluchi vala
Pind Balluchi वाले Service Continue करने के लिए (Restaurant चलता रहे)
Level की service देते है (Service quality अच्छी थी)
इसके लिए Service Catalogue (Menu) बनाते है
जिसमे सब available होता है (सब Items होती है उसमे)
सब अपनी capacity के according order करते है (जितनी भूख हो उतना order करो)
Waiter को Information security मिलती है (जो खाना है उसकी information (order) दो उसे।
वो ordered food की Supply करता है। (finally खाना की supply हुई)
Linkage:
IT Service Continuity Management
Service Level Management
Service Catalogue Management
Availability Management
Capacity Management
Information Security Management
Supplier Management
SERVICE TRANSITION: Honda Co. वाला
LINE: Honda Co. ने Manual से Automatic मे Transition किया।
STORY:
Honda company का CEO Mgmt का हिस्सा है बहुत Knowledge होती है उसे,
Company अब management को change करने की सोच रही थी (since Manual से auto हो रही थी)
जो चेंज होगा फिर उसे Evaluate करेंगे ,
अब Car service स्टेशन मे जाती है वहां कार Test होती है
ठीक होने क बाद validate क्र देते है के गाड़ी ठीक होगयी है,
अब customer गाड़ी चलता है उसे Manual पसंद नहीं आती वो automatic मे transition करने की planning कर रहा है ,
अब गाड़ी Automatic होगई तो उसके लिए ये Asset बन गयी बस अब उसकी Configuration को mange कैसे करे वो सीखना है।
At last गाड़ी ko release किया गया Road पे Deploy कर दिया।
Diagram:
KNOWLEDGE MANAGEMENT
CHANGE MANAGEMENT & EVALUATION
SERVICE VALIDATION & TESTING
SERVICE TRANSITION PLANNING & SUPPORT
SERVICE ASSET & CONFIGURATION MANAGEMENT
RELEASE & DEPLOYMENT MANAGEMENT
SERVICE OPERATION: Event mgmt vala
Event Management वाला Function मे Request fulfill नहीं कर पाया और अब उसके साथ Incident होगया
Function के बाद Hospital के Service Desk पे Application दी IT Operation के लिए ताकि उसे IT Technical Support मिल सके।
LINKAGE:
1. EVENT MANAGEMENT
2. FUNCTIONS
Service Desk
Application management
IT Operation
IT Technical support
3. REQUEST FULFILLMENT
4. INCIDENT MANAGEMENT
CONTINUAL SERVICE MANAGEMENT: DIY
VIDEO: part 1
part 2: Guys don't forget to like the video if you find it helpful.
Module Topic 4.4 Objectives and Goals of Business Continuity Planning
Brief:
The primary objective of a Business Continuity Plan is to minimize loss by minimizing the cost associated with disruptions and enable an organization to survive a disaster and to re-establish normal business operations. In order to survive, the organization must assure that critical operations can resume normal processing within a reasonable time frame. The key objectives of the contingency plan should be to:
MNEMONICS IN हिन्दी
LINE: BANK MANAGER वाला i.e Bank Manager ने बच्चो को बचा कर अपना Objective change कर लिया।
STORY:
[एक Bank है जिसमे आग लग गयी है]
सबसे पहले बच्चो को बचाएंगे,
[अब आग बुझ चुकी है = fire brigade ने भुझा दी आग]
अब काम शुरू करने के लिए Identify करेंगे Critical operations,
अब identify हो गए है तो उन्हें Resume करेंगे,
Bank Manager ने एक team बनाई ये ensure करने के लिए कि Effective Coordination हो recovery task मे,
Coordination होने से Complexities कम होंगी,
और जिस्से कोई भी काम करने मई Time कम लगेगा,
बच्चे को बचाते बचाते Bank manager की death होगई i.e Loss होगया,
अब new manager appoint होगा i.e Management का succession होगा और नई person (Mgr ) emergency power मई आएगा।
Now linkage:
Provide the safety and well-being of people on the premises at the time of disaster: सबसे पहले बच्चो को बचाएंगे
Continue critical business operations: अब identify हो गए है तो उन्हें Resume करेंगे
Minimize the duration of a serious disruption to operations and resources (both information processing and other resources): और जिस्से कोई भी काम करने मई Time कम लगेगा
Minimize immediate damage and losses: बच्चे को बचाते बचाते Bank manager की death होगई i.e Loss होगया
Establish management succession and emergency powers: अब new manager appoint होगा i.e Management का succession होगा और नई person (Mgr ) emergency power मई आएगा।
Facilitate effective co-ordination of recovery tasks: team बनाई ये ensure करने के लिए कि Effective Coordination हो recovery task मे
Reduce the complexity of the recovery effort: Coordination होने से Complexities कम होंगी
Identify critical lines of business and supporting functions: अब काम शुरू करने के लिए Identify करेंगे Critical operations
YouTube Video:
#21 YouTube
Topic: 4.5 Developing a Business Continuity Plan
Mnemonics:
link:- Larki vala i.e Larki ne lala Co. mai BCP bnane ki methodology batayi
Story:
Larki सबसे पहले Develop करेगी Plan
फिर select करेगी BCP Team जो उसकी help करेगी
Management को proper understanding देगी कि ये Plan है ढंग से समझा देगी
फिर लाला से commitment लेगी to support the plan
अब वो तीन काम करेगी: (*recovery के लिए जो requirements है वो भी लाला को बताएगी* [NOT INCLUDED IN VIDEO])
पहला काम: Disaster को prevent करने की कोशिश करेगी , होगया तो damage minimum हो जिससे timely recovery हो
दूसरा काम: integration BCP into BPP i.e अब BCP को integrate करेगी processes मे BPP (Business Planning Process)
Providing management with a comprehensive understanding of the total efforts required to develop and maintain an effective recovery plan: Management को proper understanding देगी कि ये Plan है ढंग से समझा देगी
Obtaining commitment from appropriate management to support and participate in the effort: फिर लाला से commitment लेगी to support the plan
Defining recovery requirements from the perspective of business functions;
Documenting the impact of an extended loss to operations and key business functions: Document करेगी सब कुछ
Focusing appropriately on disaster prevention and impact minimization, as well as orderly recovery: Disaster को prevent करने की कोशिश करेगी, damage minimum हो जिससे timely recovery हो
Selecting business continuity teams that ensure the proper balance required for plan development: फिर select करेगी BCP Team जो उसकी help करेगी
Developing a business continuity plan that is understandable, easy to use and maintain: Larki सबसे पहले Develop करेगी Plan
Defining how business continuity considerations must be integrated into ongoing business planning and system development processes in order that the plan remains viable over time: integration BCP into BPP