Plan to Plan

 < Day Day Up > 



Learn to plan or plan to fail.

- Unknown

Assessment and Critical Incident Program Requirements

Take the time to scope the program. In short, this step means take the time to decide how large a view this project requires. Commit this scope to paper; too narrow a view and the project will not address enough critical issues, too wide of a view and the material will be too diluted. With restated emphasis, this is the point to make certain the project has passionate executive-level sponsorship, a dedicated owner, and assurance that its goals are aligned with current business plans. Many projects fail because they do not have a solid foundation. In broad terms, the risk management program will take steps to identify and prioritize critical assets, determine threats and their frequency, identify vulnerabilities, identify safeguards and their effectiveness, and execute postcritical incident processes to resume business operations.

Plan

Start the team formulation process by including people from relevant business units that will be impacted by the project, and whose actions will facilitate the project's efforts. Team members should feel like they have a stake in the project team possessing knowledge and creativity. Look for employees who have track records of successful team participation. Based on the size of your organization, there could be many units that will be affected. It is strongly recommended that you include input and participation from at least the following areas:

  • Executive committee member

  • Legal

  • Human Resources

  • Information and physical security

  • Senior systems administrators

  • Auditing managers

  • Finance/Budget

Assemble the team, develop the team's goals and motivate them. The more passionate the team members are, the more likely the project will succeed.

Formulate an outline for your plan using the collective abilities of your team. Ask for their comments and input. Disseminating clear, brief, direct, and concise ideas should be considered part of your team's "best practices." In all cases, be certain to document all your steps. You can direct e-mail and memo copies to a specially designated computer folder. Copies of paper memos, correspondence, work papers, notes, and meeting minutes should be archived. Documenting your efforts will save your proverbial bacon with auditors and the legal department.

Meetings are not forums for the same persons to propound their ideas constantly. If you do not need a meeting, do not schedule one. Taking notes during telephone calls and e-mailing them to participating employees for their review and adoption is a good idea. After they have been reviewed, amended, and adopted, direct them to a project file for retention. If there is a conference call or meeting, make certain there are designated start and end times, and an agenda with objectives. Do not allow meetings to fall into the abyss of uselessness.

Minutes of the meeting may seem like an unnecessary step, but remember you might be explaining the process to a group of stockholders from a witness chair in the future. Keeping accurate records of the team's efforts will demonstrate professional diligence and measure your leadership and dedication to this project.

A Word about Charting

This is a good time to invest in drafting a few charts documenting steps, assignments, and progress. There are many volumes available detailing the manner to complete impressive charts.

Experience Note 

The preferred method is KISS "Keep It Simple Simon." Frankly, the simpler the chart, the easier it is to follow.

Depending on the complexity of the task, Gantt charts are functional for the majority of projects. However, if you require many simultaneous steps, Critical Path Method charts accompanied by a detailed legend with completion deadlines might be a better alternative. Examples of these charting methods are found in Exhibit 2 and Exhibit 3. Remember these are only examples; create and modify your charts to fit your team's needs and goals.

Exhibit 2: Example of Simple Gantt Chart

start example

No.

Task Name

Duration (days)

Start

Finish

Communications

Complete (%)

1

Select Team Members

0

2/8/03

2/8/03

Personal discussion

0

2

Meet w/Team

1

2/8/03

2/8/03

Schedule meeting

0

3

Proposed Plan

4

2/18/03

2/21/03

E-mail

0

4

Deliver Draft Plan

0

2/22/03

2/22/03

E-mail

0

5

Plan Approval

1

2/26/03

2/26/03

Conference call

0

6

Decide Acquisition and Implementation Needs

2

3/12/03

3/13/03

E-mail

0

7

Decide Timetable for Implementation

0.5

3/13/03

3/13/03

E-mail

0

8

Resource Acquisition

10

3/13/03

3/23/03

Designated team members

0

9

Implementation

30

3/24/03

4/24/03

Designated team members

0

10

Monitoring and Testing

90

4/24/03

7/24/03

Designated team members

0

11

Revising Program

5

7/25/03

7/30/03

Entire team

0

end example

Exhibit 3: Example of Simple Critical Path Method Chart

start example

end example

In the Critical Path Method (CPM) chart, dots represent steps that must be taken. Letters identify actions, positions, persons, and completion deadlines. Using the CPM chart, you can address essentially the same type of information contained in the Gantt chart through careful explanation in the chart's legend. As an example, dot A is the team selection and notification, while dot B is the risk questionnaire development. Charts are merely tools and are not as important as the planning, accomplishment, implementation, and documentation of the risk program.

Acquire and Implement

After completing your plan of action, acquire the human resources and materials needed to implement the risk program and put it into place.

Monitor and Revise

Once the program is in place, prudent managers will step back, monitor its utility, and test its function. Any failings, real or perceived, should be addressed and the program should be revised to implement these changes. Remember, rather than address changes in a willy-nilly fashion, implement change controls in your planning process. Change controls follow the same process as planning. Assess the requirements of the proposed changes, determine their effects, obtain comments from affected persons and positions, pass these changes through the planning participants, and then implement them on a pilot basis, measuring their effect. If they are successful, implement them fully. Depending on your perspective, it is better to proceed cautiously than fix preventable blunders.



 < Day Day Up > 



Critical Incident Management
Critical Incident Management
ISBN: 084930010X
EAN: 2147483647
Year: 2004
Pages: 144

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net