Risk and Business Continuity Management
•
9 likes•3,477 views
Presenter: Ali Bin Mohammed AlMuwaijei Chief Risk Manager, Municipality & Planning Dept-Ajman Risk and Business Continuity Management Enterprise Risk Management
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (15)
Similar to Risk and Business Continuity Management
Similar to Risk and Business Continuity Management (20)
More from Continuity and Resilience
More from Continuity and Resilience (20)
Recently uploaded
Recently uploaded (20)
Risk and Business Continuity Management
- 1. Continuity and Resilience (CORE) ISO 22301 BCM Consulting Firm Presentations by our partners and extended team of industry experts Our Contact Details: INDIA UAE Continuity and Resilience Level 15,Eros Corporate Tower Nehru Place ,New Delhi-110019 Tel: +91 11 41055534/ +91 11 41613033 Fax: ++91 11 41055535 Email: neha@continuityandresilience.com Continuity and Resilience P. O. Box 127557 Abu Dhabi, United Arab Emirates Mobile:+971 50 8460530 Tel: +971 2 8152831 Fax: +971 2 8152888 Email: info@continuityandresilience.com
- 2. Risk and Business Continuity Management The Perfect Combination 09th February 2014 By : Ali Bin Mohammed AlMuwaijei
- 3. Disasters like 9/11, recent financial crisis and Hurricane Katrina have arguably changed the worst case scenario paradigm for Risk Management and Business Continuity Management
- 4. Business continuity management Some questions for you…… 1. Does your organization have a fully tested and robust business continuity plan in place today? 2. If you arrived at your normal place of work after this summit and it was inaccessible – would you know what to do? 3. If you were evacuated because of a fire and found yourself in charge, would you be comfortable in dealing with the situation?
- 5. The Ericsson Story Background – Booming mobile phone industry – Philips semiconductor plant in Albuquerque (USA) – Produced mobile phone chips, crucial components – 40% of output to: Nokia, Finland Ericsson, Sweden The incident – Furnace fire caused by lightning bolt – Brought under control in minutes – Smoke and water damage The impact – Flow of chips suddenly stopped – Weeks to get plant up to capacity Nokia •Monitored supply chain •Took immediate action to secure supply •Reconfigured manufacturing to accommodate different specification Ericsson • Took supplier word that not a major problem • Delayed taking remedial action (2 weeks) Results •Nokia supply chain unaffected •Ericsson lost $400m in potential revenue and suffered a 14% drop in share price. Forced to exit phone manufacturing – bought by Sony soon thereafter Crisis for mobile phone giants
- 6. Business Continuity Management The Anatomy of An Incident Business asusual A process that establishes a secure and resilient business environment capable of mounting an immediate and effective response to a major incident.
- 7. Emergence Response • First point of contact 24x7 • Contact with Emergency Services • Safety of staff • Protection of assets • Initial assessment • Liaison and escalation to crisis management
- 8. Crisis Management • Protect the business & reputation • Make critical decisions regarding response and recovery • Deal with stakeholders, the authorities and the media • Internal & external communications • Invoke business recovery
- 9. Business Continuity • Continue most critical activities • Workarounds • Most critical customers • Alternative locations • Alternative methods • Get back to normal
- 10. Confusion ERM & BCM ERM and BCM responsibility feel conflicted BCM Plan for high level catastrophe ERM Plan for more frequent operational and organizational risks Worst case scenario planning e.g. Hurricane Katrina, Black Out, Credit crisis and etc. Risks like privacy, liquidity, fraud, inaccurate data and etc.
- 11. Confusion ERM & BCM BCM ERM A holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats—if realized—might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value- creating Activities. Source: BCI ERM is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. – COSO ERM:
- 12. Risk Management Historical view No role in helping the organization to manage market, reputation or outsourcing risks. Risk management professionals were consigned to paperwork and number crunching behind closed doors Most people associate traditional risk management with the guy that buys the insurance
- 13. Risk Management Today evaluate risks from the boardroom to the mailroom from power outages to hurricanes to data management or threats to brand value. • Is a business capability • requires the organization to look at risk from a completely different perspective • source of opportunity for the business Considers risk management from a more comprehensive and pro-active view of operational risk
- 14. BCM Integrated With ERM Risk Assessment Identification Analysis Evaluation Treatment Monitoring Terminate Treat Transfer Tolerate BC Planning Business Impact Analysis Recovery Strategies Plan Development Testing Existing Programed Management Treatment for risks that could potentially interrupt business operations Process Risk Treatment Strategies
- 15. Business Continuity Management Process Risk Assessme nt Business Impact Analysis Develop Strategy Develop Plan Exercise & maintain the plan BCM Continues cycle
- 16. Questions Brief background What are the business interruption risks your business is facing? Did you identify critical areas of business that is most exposed to such risks? What are the impacts to your organization due to this events? What are the actions you are employing to manage these? How effective are these risk management actions? Did you consider your supply chain when designing these actions?
- 17. Business Continuity Management BIA v/s Risk Assessment Business Impact Analysis Risk Assessment A process that identifies and evaluates the potential effects (financial, life/safety, regulatory, legal/contractual, reputation and so forth) of natural and man- made events on business operations. Risk Assessment can be defined as the identification, evaluation, and estimation of the levels of risks involved in a situation.
- 18. Joining ERM and BCM ERM ERM Organization Business Continuity Planning • Embedding with ERM Program • Aligned with organizational strategy Achieve Organizational Objectives
- 19. 3 Models ERM and BCM relation models CentralizedERM BCM ERM BCM ERM BCM 1 2 3
- 20. Best case Why Integrate? Integrating BCM as part of a comprehensive ERM program More reasoned and less emotional understanding of the universe of business risks faced by the organization Produces effectiveness with regards to how organizations react to catastrophic risk
- 21. Benefits of ERM On business continuity and crisis management Provide an understanding of the relationship of risks Opportunity for business continuity professionals to come out of their silo to observe how business interruption risk relates to the other enterprise level risks Elevates BCM to a higher level with Boardroom and c-suite attention Better decisions about the allocation of limited capital Helps forward looking and not backward (using historical events as benchmark)
- 22. CEO ‘it’s a one in a million chance…’ Chief Risk Manager ‘so it could happen tomorrow..?’
- 23. Thank you Enterprise Risk Management