Presentation on theme: "Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM."— Presentation transcript:
Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM
What is Business Continuity Management? Business Continuity Management is a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities. BSI PAS 056 Or Surviving a crisis …..
SMALL LOSSES -MANY INTERNAL -DATAPOINT S MEDIUM LOSSES -SOME INTERNAL -DATAPOINTS LARGE LOSSES - VERY FEW INTERNAL DATAPOINTS LARGE LOSSES - VERY FEW INTERNAL DATAPOINTS Size of loss Number of events External data is necessary here Business Continuity vs Loss Distribution: BCM starts here
Operational Risk Management ORM Process Operational Risk Manager EXECUTIVE BOARD Audit Committee Formal Reporting Escalation Information Security Business Impact Analysis Audit & Compliance Fraud & Investigations Programme Risk & Change Risk Assessment and Data Collection Internal and External Data Legal and Regulators Risk Assessment and Data Collection Internal and External Data Legal and Regulators Corporate Governance Process Business Continuity – Safety Net
8 3.5 million desktops 20 billion km data lines Operations: 7 x 24 hours Why EDS?
Why BCM? Sarbanes-Oxley Money Laundering Basel II – CAD III – Solvency 2 IAS 32/39 Accounting for Financial Instruments Ratings agencies Insurance … Governance ….
Why Operational Risk Management ?
What attracts the attention of Execs?
What lessons can my organisation learn? What questions do I need to ask to determine the robustness of my organisations BCM? Executive perspective :
Sequence of Unplanned Event Resumption Time Objective Minimum Acceptable Performance Requirement Recovery Output Time Event Repair/Replacement Time Resumption Response Plan Implemented
But don’t forget to ask about ….. Creep ……………..
Dependence on Suppliers ….….. Creep ……………..
Challenger ….. Lessons Communicate with Press and Media Understand and Communicate Risk
Ferries across to Manhattan were virtually the only form of transport still operating at normal levels The FirstEnergy operator said: "We have no clue. Our computer is giving us fits. We don't even know the status of some of the stuff around us." FirstEnergy's chief executive Peter Burg has denied wrongdoing.
1810 BST: An alarm indicates a fault on a transformer at the Hurst substation in Kent 1820 BST: Transformer switched off but power still able to flow into London through other circuits 7 minutes later: Another fault occurs stopping flows on a 275,000 Volt underground cable between the New Cross and Wimbledon substation. Power black-out follows 1900 BST: Problem fixed and full power restored
2000: Nuclear chief quits over safety scandal British Nuclear Fuels (BNFL) has confirmed its chief executive, John Taylor, has resigned over the safety scandal that has attracted severe criticism from watchdogs. A damning report published last week by the Nuclear Installations Inspectorate confirmed that some safety records relating to a shipment of uranium and plutonium mixed oxide fuel to Japan had been faked at BNFL's Sellafield in Cumbria. Honesty always pays ….
But right and wrong may be sometimes confused!
1988: Dozens feared dead in Piper Alpha oil blaze The worst ever accident in the North Sea oilfields has left up to 168 dead. Shortly before 2200 BST (2100 GMT) last night explosions were reported on the Piper Alpha drilling platform, 120 miles off the north-east coast of Scotland. Practice Test Stress test
Business is operating in a more uncertain world Today threats are become not only more serious but their profiles are changing rapidly Governments (laws),Investors regulators rating agencies are expecting executives to “learn the lessons” Conclusions:
Executive leadership, sponsorship and active participation in BCM is essential BCM needs to be part of an overall approach to Enterprise Risk Management Adopt Best Practice and ask the difficult questions Thank you …. Conclusions :