Ensuring Enterprise Resilience - The changing profile of operational risk and methods to ensure enterprise-wide resilience - assets.kpmg
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Ensuring Enterprise Resilience The changing profile of operational risk and methods to ensure enterprise-wide resilience — May 2020
Ensuring Enterprise KPMG Enterprise Resilience Framework
Resilience Operational resilience Financial resilience
Operational crisis Financial stress testing
Even organisations with an existing focus on resilience can management and forecasting
be impacted when a Black Swan event occurs. The effects People Financial crisis
of major disruption are felt throughout the organisation, and response and
technology estates can be put under new and pronounced Supply chain contingency planning
strain. Liquidity and
Technology and data
Maintaining resilience in these circumstances means taking financing
Premises and property
an organisation-wide view across three pillars –financial,
operational and commercial. Cyber and fraud risk
Turbulent situations call for a rapid response, frequently
requiring the introduction of critical IT change. This is Commercial resilience
particularly true of the quality and operational (a.k.a. non- Markets, products
functional) aspects of technology which, when delivered and services
correctly, will ensure operational “stable states” persist,
even in volatile times. Customer experience
and behaviours
Testing can and should play a prominent role in ensuring
these non-functional aspects are validated.
© 2020 KPMG
© 2020
LLP,KPMG
a UK limited
LLP, a liability
UK limited
partnership
liability partnership
and a memberandfirm
a member
of the firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG network of independent member firms affiliated with KPMG International
2
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Public Document Classification: KPMG Public Click here for our guide to maintaining enterprise resilience
Enterprise Resilience - Testing Considerations
As organisations respond to the challenges of the current situation, new imperatives drive the focus of activities.
The graphic below considers the short and medium term focus for testing.
Business Focus Testing Focus
Short Term Medium Term
― Non-functional testing practices must align to ― Implementation of Continuous Testing pipelines
New Development and delivery of time critical change for:-
― Extend automation across all elements of NFT to
Agile/DevOps ways of working
change ― existing critical systems ― Accurate modelling and testing of new workload increase efficiency, coverage and level of test insight
― newly critical systems patterns ― Use operational intelligence analytics to maintain an
Tactical acquisition and integration of SaaS products ― Increased automated test coverage for new change and accurate view of platform usage patterns and reflect
new systems brought online into test scenarios
Architectural ― Build and execute test scenarios to inform capacity ― Implement infrastructure monitoring, logging and
Carrying out capacity reviews and infrastructure scaling for:-
management and scalability decisions alerting solution to inform capacity reviews
Resilience ― increases (and decreases) in traffic volumes ― Testing new architectural redundancy for fault tolerance ― Regular capacity management reviews to allow cost
― increased use of remote working technologies ― Regression testing for segregation of co-hosted efficiencies from accurate platform scaling and to
― network traffic and routing / prioritisation applications support future traffic growth
― Review 3rd party service quality assurance plan
Production Responding to production incidents:- ― Analysis of production monitoring data for new change ― Implement failure testing and use learnings to
Incidents ― first line service call volumes ― Dev, Test and Operations collaboration working groups enhance DR playbooks to allow rapid recovery of
― tactical service recovery activities ― Fix verification testing business critical processes
― Review, test and refine recovery procedures ― Implement solution monitoring and alerting solution to
― Project-led remediation expedite issue identification and resolution
© 2020 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
3
Document Classification: KPMG Public
Non-functional testing focus in the current climate
Performance Reliability Security Usability
Evaluate impacts in the following areas:- The following are the considerations for failure Increased and sustained levels of remote The focus on rapid deployment of new
and recovery:- working, potentially increases attack surfaces functionality must also ensure delivery of:-
— New functionality exposed on essential
— Understanding the impact to a solution’s and can affect an organisation’s overall security — Usable change - familiar, intuitive and
systems
uptime requirement of planned and posture. Amongst the increased risks that must engaging experiences
— Critical 3rd party integrations be tested are:
unplanned activity e.g. system failure and
— Application configuration changes — Accessible change to ensure the CX is
recovery, lead time for deployment, failed — Increased volume of password resets and protected
— Increased system traffic and user deployment remediation and BAU house- account creation / reactivation
concurrency keeping tasks Testing practices must support verifications for
— Ability to share documents and sensitive the quality of new change, from the customer
— Geographic locations — Implement additional architectural data offline
redundancy to increase fault resilience perspective, at pace.
— Performance during component failure
— Review and refine existing disaster — Impact to functionality and performance of
— Data Centre ‘Edges’ software / hardware security patching
recovery processes and ensure new
— Infrastructure Capacity and Scalability — Use of personal devices
change is reflected in recovery playbooks
Maintainability Portability Compatibility
The following items consider the extent to which
Increased reliance on the availability and New change introduced must not affect the
solutions can be observed and maintained:-
stability of solutions requires that, in the event of congruent nature of the technology estate
— Observability:- an outage:-
— As previously non-core systems now
- Solution should allow deviations from — Solutions should be proven to be able to become essential, assessments are
“stable states” to be tracked and alerted on be transferred to alternative platforms required against architectural design
- Ensure monitoring covers all new change quickly decisions relating to system co-hosting
- Testing routines must evaluate accuracy of
— Maintenance of standard operating — Carry out assessments of the business
operational dashboards
procedures and the extent to which impacts of failure and need for segregation
— Maintainability:-
validated IaC (infrastructure as code) is in of co-hosted systems to protect the
- To enable digital channels to support new place should be assessed integrity of the altered live operation
operations, design and development
principles must be evaluated and improved
© 2020 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
4
Document Classification: KPMG PublicSummary Agility is key: to respond to
the dynamic nature of the
situation, Testing Practises
must evolve quickly to
support the safe
The following details the operational areas introduction of change
that should be validated to ensure and to provide effective
To build a consolidated support for production Review maximum
Enterprise Resilience during the current view of resilience across incidents concurrent licences
crisis the operation, 3rd party for business critical
resilience must be systems and ensure
evidenced to ensure the new peak
integrity of critical system Place specific emphasis on requirements can be
Understanding and
integrations testing the remote working supported
protecting the critical
business processes “technology-set” (e.g.
and the technologies VPN, communication,
that support them, will document management and
ensure business cloud compute) has the size
Recovery continuity during Testing the “edges” of and scale to support the
procedures must be failure scenarios the data centre (VPNs uplift in traffic and maintain
tested, refined and and end points) is productivity
maintained to keep particularly important to
them in line with the ensure they have the
functional and scale to support new and
Monitoring is key to
architectural changes increased stresses on Capacity Management
understanding the
applied entry points must be a primary area of
current health of
the service & to focus to ensure
allow accurate headroom exists for
projections for new systems that are now
operational modes required to support
significantly altered
usage patterns
© 2020 KPMG
© 2020
LLP,KPMG
a UK limited
LLP, a liability
UK limited
partnership
liability partnership
and a memberandfirm
a member
of the firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG network of independent member firms affiliated with KPMG International
5
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Document Classification: KPMG Public Document Classification: KPMG PublicKPMG Non-Functional Testing Services
KPMG Non-Functional Testing Services enable our customers to achieve operational resilience by assuring the
accessibility, performance, security and rapid recovery of their IT change.
NFT Strategy Services — Non-Functional — Performance Engineering Performance Assurance Services
Requirements Advisory
— Performance Testing
Provides guidance to our customers when navigating Spans the entire lifecycle of IT change – we analyse
— Delivery Assurance
the significant challenges of defining and evaluating a — Capacity Planning designs, help to define solution requirements and
solution’s non-functional requirements. The service — Service Quality extensively measure and optimise performance from
offers periodic service quality assessments and Assessment the component level across the entire solution
independent delivery assurance throughout architecture.
programmes of change.
Operational
Resilience
Customer Experience Services Resilience Services
Combine testing expertise and analytics solutions. Deliver testing expertise to accelerate the speed of
We use high-value customer insight to inform and recovery by evaluating and enhancing application
scope customer-centric testing; this drives security, failure and disaster recovery procedures.
inclusion, retention and growth to ensure the — Customer Intelligence — Recovery Testing
delivery of intuitive, personalised and accessible Analytics
customer experiences. — Failure Testing
— Accessibility Assessment
— Application
— Usability Testing Security Testing
© 2020 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
6
Document Classification: KPMG PublicKPMG Testing Services
What do we do? How do we do it?
We can help improve your QA and testing capability, to enable Our key services lines enable us to:
successful business outcomes
We can reduce the delivery risk of complex transformation Assess the effectiveness of
programmes by managing or delivering the testing components your testing
Optimise your testing
Why use KPMG Testing Services? capability, including
application of our Accelerated
Our cross-sector expertise – we bring the whole of KPMG to an
Testing automation framework
engagement, leveraging deep industry expertise across multiple
sectors to enhance the technical skills of our testing specialists
Manage your testing projects,
Our investment in innovation – we believe in the value of to help successful delivery
innovation over large off-shore body shops. As a result, we
have created a series of high value propositions that help our
clients to accelerate business change Deliver test services directly,
including test design and
Our award winning team – named Leading Software Testing execution
Vendor in 2019 and winners of the 2018 Test Management Team
of the Year at the European Software Test Awards
Daryl Elfield Xavier McGlynn
Testing Partner Senior Manager
daryl.elfield@kpmg.co.uk xavier.mcglynn@kpmg.co.uk
+44(0)20 731 6330 +44 (0)7786 125755You can also read
