Notes for BCM Institute's Course Participants: This is the template for completing the "Part 3: Impact Over Time of Business Functions."
In the realm of corporate governance and statutory compliance, time sensitivity plays a
For Bandtree, as a government-linked company (GLC) operating under Darussalam Assets, maintaining robust compliance and reporting functions is not only a regulatory necessity but also a pillar of public trust and organisational resilience.
This chapter presents a detailed assessment of how disruptions to the key sub-functions under CBF-5 —Compliance, Governance, and Reporting — impact the organisation over various time intervals.
The analysis is conducted using a structured Business Impact Analysis (BIA) approach, with impact levels scored on a scale from 1 (lowest) to 5 (highest).
The objective is to determine the criticality of each sub-process over specific periods of disruption, enabling the prioritisation of recovery actions and continuity planning.
Each sub-function—ranging from regulatory compliance to ESG reporting and business continuity governance—is evaluated against its time-sensitive dependencies, legal obligations, and stakeholder expectations.
This structured approach enables Bandtree to prioritise response efforts, allocate resources effectively, and enhance overall resilience in the face of unexpected disruptions.
This table outlines the CBF-5: Compliance, Governance & Reporting and its sub-processes (Sub-CBFs) for Bandtree, following the impact over time methodology from BCM Institute's guidance Notes and using a 1–5 severity scale.
|
|
|
|
Impact Over Time | ||||||||||
|
Sub-CBF |
Sub-CBF Code |
Highest-Impact Area |
8 Hour |
1 Day |
2 Day |
3 Day |
5 Day |
7 Day |
10 Day |
14 Day |
21 Day |
30 Day |
60 Day |
|
Regulatory & Legal Compliance |
5.1 |
Legal & Regulatory |
4 |
4 |
5 |
5 |
5 |
5 |
5 |
5 |
4 |
4 |
3 |
|
Internal Audit & Risk Oversight |
5.2 |
Operational & Financial |
3 |
4 |
4 |
5 |
5 |
5 |
5 |
4 |
4 |
3 |
2 |
|
Corporate Governance Monitoring |
5.3 |
Reputational & Strategic |
2 |
3 |
4 |
4 |
4 |
4 |
3 |
3 |
3 |
2 |
2 |
|
ESG Reporting |
5.4 |
Reputational & Regulatory |
2 |
3 |
3 |
3 |
4 |
4 |
4 |
3 |
2 |
2 |
1 |
|
Business Continuity Governance |
5.5 |
Operational & Compliance |
3 |
4 |
4 |
5 |
5 |
5 |
4 |
3 |
3 |
3 |
2 |
|
Strategic & Statutory Reporting |
5.6 |
Regulatory & Strategic |
3 |
4 |
5 |
5 |
5 |
4 |
4 |
3 |
3 |
2 |
2 |
|
Sub-CBF |
Sub-CBF Code |
RTO |
MTPD |
Vulnerable Period |
|
Regulatory & Legal Compliance |
5.1 |
1 Day |
14 Days |
Pre-audit, legal filings |
|
Internal Audit & Risk Oversight |
5.2 |
2 Days |
21 Days |
Quarterly review cycle |
|
Corporate Governance Monitoring |
5.3 |
3 Days |
30 Days |
AGM preparation, board review |
|
ESG Reporting |
5.4 |
5 Days |
30 Days |
Sustainability disclosures |
|
Business Continuity Governance |
5.5 |
2 Days |
21 Days |
Crisis season, BCP review |
|
Strategic & Statutory Reporting |
5.6 |
2 Days |
30 Days |
Year-end audit cycles |
The findings of this impact assessment underscore the high sensitivity and criticality of Bandtree compliance, governance, and reporting functions across both short-term and extended disruption periods.
Sub-CBFs, such as Regulatory & Legal Compliance and Strategic & Statutory Reporting, exhibit elevated impact ratings within the first 24 to 48 hours of interruption, emphasising their time-critical nature during legal filing periods and reporting cycles.
By identifying the Recovery Time Objectives (RTOs) and the Maximum Tolerable Periods of Disruption (MTPDs) for each sub-CBF, the organisation is better equipped to allocate resources, implement risk mitigation strategies, and align recovery priorities with regulatory mandates and corporate governance standards.
This impact analysis not only reinforces the need for timely and uninterrupted execution of compliance functions but also contributes directly to the development of effective Business Continuity Plans (BCPs) and risk oversight frameworks.
Through this structured understanding, Bandtree strengthens its resilience, safeguards stakeholder confidence, and ensures uninterrupted compliance with Brunei’s legal and governance requirements.
Notes for BCM Institute's Course Participants: This is the template for completing the "Part 4: Supporting IT Systems and Applications."
In today's data-driven and compliance-centric environment, the integrity and continuity of supporting IT systems play a pivotal role in sustaining the effectiveness of Bandtree Sdn Bhd’s compliance, governance, and reporting functions.
CBF-5 encompasses critical sub-processes, including Regulatory and Legal Compliance, Internal Audit, Corporate Governance Monitoring, ESG Reporting, Business Continuity Governance, and Strategic and Statutory Reporting.
Each of these areas relies on a suite of IT systems and applications to manage information flow, ensure regulatory alignment, generate reports, and support strategic decision-making.
This chapter identifies the key IT systems and applications supporting each sub-function under CBF-5. It outlines their associated Recovery Point Objectives (RPOs), Recovery Time Objectives (RTOs), and any special equipment or infrastructure dependencies.
The objective is to establish a comprehensive understanding of the technological backbone that enables continuity, accountability, and resilience in Bandtree’s governance and compliance ecosystem.
Here is a detailed table for CBF-5: Compliance, Governance & Reporting and its Sub-CBFs, designed for Bandtree with the specified headers:
|
|
|
Supporting IT Systems | ||
|
Sub-Critical Business Function |
Sub-CBF Code |
IT Systems and Applications |
RPO |
System RTO |
|
Regulatory & Legal Compliance |
5.1 |
Document Management System (DMS), Email |
24 hrs |
8 hrs |
|
Internal Audit & Risk Oversight |
5.2 |
Audit Software, Risk Register Platform |
24 hrs |
12 hrs |
|
Corporate Governance Monitoring |
5.3 |
Governance Dashboard, MS SharePoint |
48 hrs |
12 hrs |
|
ESG Reporting |
5.4 |
ESG Reporting Software, Data Analytics Tool |
72 hrs |
24 hrs |
|
Business Continuity Governance |
5.5 |
BCP Management Platform, Email |
24 hrs |
8 hrs |
|
Strategic & Statutory Reporting |
5.6 |
Financial Reporting System, Excel |
24 hrs |
12 hrs |
|
|
|
|
|
|
Sub-Critical Business Function |
Sub-CBF Code |
Supporting Special Equipment or Resources |
Remarks |
|
Regulatory & Legal Compliance |
5.1 |
Legal reference databases, compliance registers |
Essential for avoiding legal breaches |
|
Internal Audit & Risk Oversight
|
5.2 |
Secure access to audit trails, risk reports |
Supports internal controls and transparency |
|
Corporate Governance Monitoring |
5.3 |
Board reporting tools, governance checklists |
Required for executive-level oversight |
|
ESG Reporting |
5.4 |
Access to ESG metrics sources, data templates |
Supports stakeholder trust and sustainability |
|
Business Continuity Governance |
5.5 |
BIA & BCP documentation repository |
Ensures BC planning and coordination |
|
Strategic & Statutory Reporting |
5.6 |
Regulatory filing templates, secure archives |
For compliance with regulatory deadlines |
The effectiveness of CBF-5 Compliance, Governance & Reporting is inextricably linked to the availability and resilience of its supporting IT systems.
As demonstrated, each sub-function depends on purpose-built applications, from audit software and compliance databases to governance dashboards and ESG analytics platforms.
Ensuring that these systems meet the defined RPOs and RTOs is not merely an operational requirement—it is essential for maintaining Bandtree Sdn Bhd’s regulatory standing, internal control framework, and stakeholder trust.
As we advance, the organisation must continuously assess, update, and test the performance and recovery capability of these systems to align with evolving regulatory requirements and business priorities.
This proactive approach reinforces Bandtree’s commitment to robust governance and operational continuity.
Implementing Business Continuity Management for Bandtree: A Practical Guide |
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
| CBF 5: Compliance, Governance & Reporting | ||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions. |
||