BS – Part 2 Business Continuity Management Specification Awareness Presentation Date: 28 Nov 2007 Mumbai
2 A turning point-but not the least
3 Disruptions that we are familiar with
4 Disruptions we almost forgot!!! Started as LLDDS in Clinton, Mississippi Merged with MCI in 1997 and called MCI WorldCom Was second largest communications company n the US Telecom industry entered a downturn in 1998 Starting 1999 to 2001 there was accounting fraud Underreporting ‘line costs’ (interconnection expenses with other telecommunication companies) by capitalizing these costs on the balance sheet rather than properly expensing them. Inflating revenues with bogus accounting entries from ‘corporate unallocated revenue accounts’. Internal fraud estimates was 3.8 Billion USD Final estimates 11 billion USD Post chapter 11 changed name to MCI which was acquired by Verizon in 2005
5 Enron irregular accounting procedures bordering on fraud throughout 1990’s. opacity of the company's financial disclosures Jeff Skilling joined Enron as CEO but left in six months, but feore he left he sold shares. Keneth Lay Chairman took over as CEO Media and analysts doubted the liquidity Enron's plunge occurred after it was revealed that much of its profits and revenue were the result of deals with special purpose entities (limited partnerships which it controlled).special purpose entitieslimited partnerships Oct 2001, Enron declare a 1 time charge of 1 billion Started to buy back commercial papers for 3.8 billion to give impression of good cash position, but consumed bank credit Credit ratings lowered by Moody’s and S&P Stocks tumbled Arthur Anderson vanished
6 Companies hit by Rajkumar riots April 2006 Riots in the Indian city of Bangalore following the death of leading film star Rajkumar cost businesses there millions of dollars, officials say. Eight people, including a policeman, were killed in violence on Thursday as tens of thousands of mourners attended the funeral of the screen legend. Unrest forced more than 1,000 IT firms and other businesses to shut before calm returned on Friday, reports say. Rajkumar dies at 77
7 Influenza
8
9 Reality Nearly 1 in 5 businesses suffer disruption every year Source BCI
10 Has your company been affected by any of the following interruptions in the past year?
11 How much would you estimate business disruptions have cost your company in the past twelve months?
12 What do you think is currently the weakest link in your continuity strategy, planning and recovery efforts?
13
14
15 What is Business Continuity Management ? holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities
16 Why BCMS ? Minimize business disruptions Quickly recover to normal business operations Protect an organization’s value and reputation To meet shareholder commitments national / legislative requirements IBA guidelines for banks legal, regulatory and contractual commitments moral and social responsibilities Demonstrate “best practice”. Reduce insurance liabilities.
17 What a BCMS achieves
18
19 Logical steps
20 Risk matrix Critical Less critical
21 Risk Impact versus control Strength of controls Priority focus should be on the aspects with high risk and those with the largest gap between risk and control
22 Typical Business Risks Failure or refusal to supply Bargaining power of suppliers Business model Processes Loss making orders Partners Investment Outsourcing
23 Typical Business risks Accounting practices Lines of credit Accounts receivables Cash flow Cost structure Ability to raise finance and Liquidity Overhead costs Economy of scale
24 Typical Business risks Services Channels Currency fluctuations Transfer pricing Equity portfolio Taxation Deductibles Availability of finance Interest rates Insurance claims/liabilities
25 Typical Business risks Migration of key people to competition Quality of workforce In-availability of workforce Unions Health of senior management/key employees Crime
26 Risks and Potential Threats
27 Where BCM is going? No longer just a fashion accessory, BCM is now an integral part of managing the business Integrated across all business functions; no longer seen as an IT speciality Now being accepted as a strategic business imperative Progress towards independent auditable processes BS Broader based agreement on what is best practice in the form of the a new standard, BS
28 Benefits of BCM The benefits of an effective BCM programme are that the organization: is able to proactively identify the impacts of an operational disruption has in place an effective response to disruptions which minimises the impact on the organization maintains an ability to manage risks encourages cross-team working is able to demonstrate a credible response through a process of exercising could enhance its reputation might gain a competitive advantage, conferred by the demonstrated ability to maintain delivery.
29 BS BS :2006 Code of practice for business continuity management Published 28 November 2006 BS :2007 Specifications Published 20 Nov
30 Organisations Represented on TC BCM/1 Association of British Insurers Association of Chief Police Officers Association of Insurance Risk Managers Business Continuity Institute Cabinet Office Chief Fire Officers' Association (CFOA) Continuity Forum Coventry University Department of Trade and Industry Emergency Planning Society Association of British Certification Bodies Federation of Small Businesses Financial Services Authority Independent International Organization for Certification Institute of Directors Institute of Emergency Management Institute of Internal Auditors Institute of Risk Management Intellect Metropolitan Police Securities Industry Business Continuity Management Group (SIBCMG) Society of Industrial Emergency Services Officers (SIESO) Survive
31 Standards An agreed, repeatable way of doing things A full consensus of all interested parties, so not imposed Voluntary Best practice not general practice, thus aspirational Back-up can be available through audit and certification Updated on a regular cycle
32 Standards: some benefits Promotes competition Attracts customers Demonstrates market leadership Creates competitive advantage Develops and maintains best practice Maximises compatibility
33 What have standards done to Indian Businesses ? Have given the opportunity for Indian companies to Leap-Frog the learning curve w.r.t. management systems and practices
34 BCMS – PDCA Cycle
35 Plan Establish business continuity policy, objectives, targets, controls processes and procedures relevant to managing risk and improving business continuity to deliver results in accordance with an organisation’s overall policies and objectives
36 Do Implement and operate the business continuity policy, controls, processes and procedures
37 Check Assess and, where applicable, measure process performance against business continuity policy, objectives and practical experience, and report the results to management for review
38 Act Take corrective and preventive actions, or other relevant information based on the results of the management review, to achieve continual improvement of the BCMS
39 The BCM Lifecycle Determining BCM Strategy Understanding the organization Exercising, maintaining and reviewing Developing and implementing BCM response Embedding BCM in the organizational culture
40 The fit
41 Definitions Disruption Event whether anticipated or unanticipated, which causes an unplanned negative deviation from the expected delivery of products or services according to the organisation’s objectives Risk something that might happen and its effect(s) on the achievement of objectives Risk management structured development and application of management culture, policy, procedures and practices to the tasks of identifying, analysing, evaluating, and controlling responding to risk
42 Thank you