Chapter 15 (Lesson 11) Flashcards
Why is it important to include legal representatives on your BCP team?
Many federal, state, and local laws or regulations require businesses to implement BCP provisions. Including legal representation on your BCP team helps ensure that you remain compliant with laws, regulations, and contractual obligations.
What is wrong with the “seat-of-the-pants” approach to BCP?
The “seat-of-the-pants” approach is an excuse used by individuals who do not want to invest time and money in the proper creation of a BCP. This can lead to catastrophe when a firmly laid plan isn’t in place to guide the response during a stressful emergency situation.
What is the difference between quantitative and qualitative risk assessment?
Quantitative risk assessment involves using numbers and formulas to make a decision. Qualitative risk assessment includes nonnumeric factors, such as emotions, investor/consumer confidence, and workforce stability.
What critical components should be included in your BCP training plan?
The BCP training plan should include a
plan overview briefing for all employees
and specific training for individuals with direct or indirect involvement.
In addition, backup personnel should be trained for each key BCP role.
What are the four main steps of the BCP process?
The four steps of the BCP process are
- project scope and planning,
- business impact assessment,
- continuity planning,
- approval/implementation.
What is the first step that individuals responsible for the development of a business continuity plan should perform?
A. BCP team selection
B. Business organization analysis
C. Resource requirements analysis
D. Legal and regulatory assessment
B. The business organization analysis helps the initial planners select appropriate BCP team members and then guides the overall BCP process.
Once the BCP team is selected, what should be the first item placed on the team’s agenda?
A. Business impact assessment
B. Business organization analysis
C. Resource requirements analysis
D. Legal and regulatory assessment
B. The first task of the BCP team should be the review and validation of the business organization analysis initially performed by those individuals responsible for spearheading the BCP effort. This ensures that the initial effort, undertaken by a small group of individuals, reflects the beliefs of the entire BCP team.
What is the term used to describe the responsibility of a firm’s officers and directors to ensure that adequate measures are in place to minimize the effect of a disaster on the organization’s continued viability?
A. Corporate responsibility
B. Disaster requirement
C. Due diligence
D. Going concern responsibility
C. A firm’s officers and directors are legally bound to exercise due diligence in conducting their activities. This concept creates a fiduciary responsibility on their part to ensure that adequate business continuity plans are in place.
What will be the major resource consumed by the BCP process during the BCP phase?
A. Hardware
B. Software
C. Processing time
D. Personnel
D. During the planning phase, the most significant resource utilization will be the time dedicated by members of the BCP team to the planning process itself. This represents a significant use of business resources and is another reason that buy-in from senior management is essential.
What unit of measurement should be used to assign quantitative values to assets in the priority identification phase of the business impact assessment?
A. Monetary
B. Utility
C. Importance
D. Time
A. The quantitative portion of the priority identification should assign asset values in monetary units.
Which one of the following BIA terms identifies the amount of money a business expects to lose to a given risk each year?
A. ARO
B. SLE
C. ALE
D. EF
C. The annualized loss expectancy (ALE) represents the amount of money a business expects to lose to a given risk each year. This figure is quite useful when performing a quantitative prioritization of business continuity resource allocation.
What BIA metric can be used to express the longest time a business function can be unavailable without causing irreparable harm to the organization?
A. SLE
B. EF
C. MTD
D. ARO
C. The maximum tolerable downtime (MTD) represents the longest period a business function can be unavailable before causing irreparable harm to the business. This figure is useful when determining the level of business continuity resources to assign to a particular function.
You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches?
A. $3,000,000
B. $2,700,000
C. $270,000
D. $135,000
B. The SLE is the product of the AV and the EF. From the scenario, you know that the AV is $3,000,000 and the EF is 90 percent, based on that the same land can be used to rebuild the facility. This yields an SLE of $2,700,000.
Referring to the scenario in question 8, what is the annualized loss expectancy?
A. $3,000,000
B. $2,700,000
C. $270,000
D. $135,000
(8. ou are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches?)
D. This problem requires you to compute the ALE, which is the product of the SLE and the ARO. From the scenario, you know that the ARO is 0.05 (or 5 percent). From question 8, you know that the SLE is $2,700,000. This yields an SLE of $135,000.
You are concerned about the risk that a hurricane poses to your corporate headquarters in South Florida. The building itself is valued at $15 million. After consulting with the National Weather Service, you determine that there is a 10 percent likelihood that a hurricane will strike over the course of a year. You hired a team of architects and engineers who determined that the average hurricane would destroy approximately 50 percent of the building. What is the annualized loss expectancy (ALE)?
A. $750,000
B. $1.5 million
C. $7.5 million
D. $15 million
A. This problem requires you to compute the ALE, which is the product of the SLE and ARO. From the scenario, you know that the ARO is 0.10 (or 10 percent). From the scenario presented, you know that the SLE is $7.5 million. This yields an SLE of $750,000.