Presenter:
Ali Bin Mohammed AlMuwaijei
Chief Risk Manager, Municipality & Planning Dept-Ajman
Risk and Business Continuity Management
Enterprise Risk Management
Call Girls In indirapuram Ghaziabad ¶ 9667422720 ⎷ Delhi Escorts All Star
Risk and Business Continuity Management
1. Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by our partners and
extended team of industry experts
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: neha@continuityandresilience.com
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: info@continuityandresilience.com
2. Risk and Business Continuity
Management
The Perfect Combination
09th February 2014 By : Ali Bin Mohammed AlMuwaijei
3. Disasters like 9/11, recent financial crisis and Hurricane Katrina have arguably
changed the worst case scenario paradigm for Risk Management and Business
Continuity Management
4. Business continuity management
Some questions for you……
1. Does your organization have a fully tested and robust
business continuity plan in place today?
2. If you arrived at your normal place of work after this
summit and it was inaccessible – would you know what to
do?
3. If you were evacuated because of a fire and found yourself
in charge, would you be comfortable in dealing with the
situation?
5. The Ericsson Story
Background
– Booming mobile phone industry
– Philips semiconductor plant in
Albuquerque (USA)
– Produced mobile phone chips,
crucial components
– 40% of output to:
Nokia, Finland
Ericsson, Sweden
The incident
– Furnace fire caused by lightning
bolt
– Brought under control in minutes
– Smoke and water damage
The impact
– Flow of chips suddenly stopped
– Weeks to get plant up to capacity
Nokia
•Monitored supply chain
•Took immediate action to secure supply
•Reconfigured manufacturing to accommodate different
specification
Ericsson
• Took supplier word that not a major problem
• Delayed taking remedial action (2 weeks)
Results
•Nokia supply chain unaffected
•Ericsson lost $400m in potential revenue and suffered a
14% drop in share price. Forced to exit phone
manufacturing – bought by Sony soon thereafter
Crisis for mobile phone giants
6. Business Continuity Management
The Anatomy of An Incident
Business
asusual
A process that establishes a secure and resilient business environment capable of mounting
an immediate and effective response to a major incident.
7. Emergence Response
• First point of contact 24x7
• Contact with Emergency Services
• Safety of staff
• Protection of assets
• Initial assessment
• Liaison and escalation to crisis
management
8. Crisis Management
• Protect the business & reputation
• Make critical decisions regarding
response and recovery
• Deal with stakeholders, the
authorities and the media
• Internal & external communications
• Invoke business recovery
9. Business Continuity
• Continue most critical activities
• Workarounds
• Most critical customers
• Alternative locations
• Alternative methods
• Get back to normal
10. Confusion
ERM & BCM
ERM and BCM responsibility feel conflicted
BCM
Plan for high level
catastrophe
ERM
Plan for more frequent
operational and
organizational risks
Worst case scenario planning
e.g. Hurricane Katrina, Black
Out, Credit crisis and etc.
Risks like privacy, liquidity,
fraud, inaccurate data and etc.
11. Confusion
ERM & BCM
BCM
ERM
A holistic management process that identifies potential
threats to an organization and the impacts to business
operations that those threats—if realized—might cause,
and which provides a framework for building
organizational resilience with the capability for an
effective response that safeguards the interests of its
key stakeholders, reputation, brand, and value-
creating Activities. Source: BCI
ERM is a process, effected by an entity’s board of
directors, management and other personnel, applied in
strategy setting and across the enterprise, designed to
identify potential events that may affect the entity, and
manage risk to be within its risk appetite, to provide
reasonable assurance regarding the achievement of entity
objectives. – COSO ERM:
12. Risk Management
Historical view
No role in
helping the
organization
to manage
market,
reputation or
outsourcing
risks.
Risk
management
professionals
were consigned
to paperwork
and number
crunching behind
closed doors
Most people
associate
traditional risk
management
with the guy
that buys the
insurance
13. Risk Management
Today
evaluate risks
from the
boardroom to
the mailroom
from power
outages to
hurricanes to
data
management
or threats to
brand value.
• Is a business
capability
• requires the
organization to look
at risk from a
completely different
perspective
• source of
opportunity for the
business
Considers risk
management
from a more
comprehensive
and pro-active
view of
operational risk
14. BCM Integrated With ERM
Risk
Assessment
Identification
Analysis
Evaluation
Treatment
Monitoring
Terminate
Treat
Transfer
Tolerate
BC Planning
Business
Impact
Analysis
Recovery
Strategies
Plan
Development
Testing
Existing
Programed
Management
Treatment
for risks
that could
potentially
interrupt
business
operations
Process
Risk
Treatment
Strategies
16. Questions
Brief background
What are the business interruption risks your
business is facing?
Did you identify critical areas of business that is
most exposed to such risks?
What are the impacts to your organization due to this
events?
What are the actions you are employing to manage
these?
How effective are these risk management actions?
Did you consider your supply chain when designing
these actions?
17. Business Continuity Management
BIA v/s Risk Assessment
Business
Impact
Analysis
Risk
Assessment
A process that
identifies and evaluates
the potential effects
(financial, life/safety,
regulatory,
legal/contractual,
reputation and so forth)
of natural and man-
made events on
business operations.
Risk Assessment can
be defined as the
identification,
evaluation, and
estimation of the
levels of risks
involved in a
situation.
18. Joining ERM and BCM
ERM
ERM
Organization
Business
Continuity
Planning
• Embedding with ERM Program
• Aligned with organizational strategy
Achieve Organizational Objectives
20. Best case
Why Integrate?
Integrating BCM as part of a
comprehensive ERM program
More reasoned and less
emotional understanding of the
universe of business risks faced
by the organization
Produces effectiveness with
regards to how organizations
react to catastrophic risk
21. Benefits of ERM
On business continuity and crisis management
Provide an understanding of the relationship of risks
Opportunity for business continuity professionals to come out of
their silo to observe how business interruption risk relates to the
other enterprise level risks
Elevates BCM to a higher level with Boardroom and c-suite
attention
Better decisions about the allocation of limited capital
Helps forward looking and not backward (using historical events
as benchmark)
22. CEO
‘it’s a one in a million chance…’
Chief Risk Manager
‘so it could happen tomorrow..?’