Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Risk Management Approach to Business Continuity

Published byHuguette Corbeil Modified over 5 years ago

Similar presentations

Presentation on theme: "A Risk Management Approach to Business Continuity"— Presentation transcript:

1 A Risk Management Approach to Business Continuity
The Business Continuity Management Cycle

2 The Business Continuity Cycle
Objectives: Getting started Engaging and maintaining the interest of the Board The business continuity management program and projects Scoping the framework and policy Managing the program The business continuity cycle The risk management process

3 Getting Started To achieve sustainable buy-in from the Board requires more than stories of the organization’s last disaster The Board requires a demonstration of the risks that the organization is faced with including: audit reports regulatory compliance or legal requirements industry best practice competitor activity relevant industry or trade activity consulting recommendations – the power of the third party opinion The organization’s own experience and lessons learned are important – they are just not the only factor

4 Competence Criteria for Business Continuity Audit Teams
Based on the 10 Certification Standards required by the Business Continuity Institute (BCI), the DRII draft guidance on competence criteria for business continuity audit teams includes: Establish and communicate the need for the Business Continuity Management Process Establish stakeholders needs Establish planning / steering committee Develop budget identify teams and responsibilities Develop and co-ordinate action plans to develop and implement the BCM process Develop the on-going management and documentation requirements for the BCM Process Report to senior management and obtain senior management approval/commitment

5 Board Responsibilities
Good Board practices include: Establish the vision, mission and values Set strategy and structure Delegate management: but responsibility cannot be delegated Exercise accountability to shareholders and stakeholders: with evidence if you cannot provide evidence you are not (in the eyes of many stakeholders) managing

6 Roles and Responsibilities
For effective embedding of business continuity, it is key to understand respective roles and responsibilities – especially between directors and managers Directors (or their equivalent in partnerships, public sector or not-for-profit entities): determine the future of the organization and protect its assets, liabilities and reputation have the ultimate responsibility for the long-term prosperity of the organization are accountable to shareholders provide leadership and direction determine the ethical position face certain personal liabilities which vary from country to country and state to state but can involve serious personal consequences if not delivered diligently

7 The Organization’s Environment or Context
Governance environments vary: Anglo-American Continental Europe/developed Asia Emerging markets Transition economies Maturity of a governance environment is not necessarily a sign of good risk management: some of the largest losses have occurred in the most sophisticated markets (e.g. Enron)

8 Understanding the Organization – What and Who
What is the: business? vision, mission and strategic aims? geographic scope – including suppliers? customer base and promises for business continuity? the ownership structure – private or public? style of management – controlled or delegated? legal, regulatory, political and social environments? scope and style of the governance framework? risk strategy and structure? current approach to business continuity and the experience of response? style of business – just in time or slow moving? Who could be the business continuity champion at Board level?

9 The Boardroom Champion – Who Will Open the Doors?
A “CV” might include: authority to and act - and people listen to them interest - preferably a volunteer not a victim knowledge of the subject - sufficient for practical engagement relevance - some logic to involvement willing to give of their time - to manage bravery - willing to be counted on when needed

10 The Way We Do Things Here
Business continuity should form part of the organization’s overall management process: Business continuity should be an embedded process, not detached from the business Tailored according to the following features of the organization: nature scale complexity culture geography

11 Business Continuity – A Definition
Business continuity is: “strategic and tactical capability, pre-approved by management, of an organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level” proactively improves an organization’s resilience against the disruption of its ability to achieve its key objectives provides a rehearsed method of restoring an organization’s ability to supply its critical products and services to an agreed level within an agreed time after a disruption delivers a proven capability to manage a business disruption and protect the organization’s reputation and brand.

12 Business Continuity – A Definition
Every organization is different and every organization should take this definition and make it its own, considering: benchmarks legal and regulatory requirements wider infrastructures and language – for example, governmental language industry-specific issues – for example, time-sensitivity may place emphasis on resilience specific dependence on suppliers and / or outsource / offshore providers

13 Policy Policy ensures:
all business continuity management activities are conducted and implemented in an agreed and controlled manner a business continuity capability is achieved that meets changing business needs and is appropriate to the size, complexity and nature of the organization a clearly defined framework for the ongoing business continuity management capability is put in place

14 Policy and Policy Statement
Policy provides the direction The policy statement provides the written commitment and may contain: aims and scope of the policy definitions and key principles of the approach risk appetite and tolerance management framework roles and responsibilities assessment, reporting and performance process management commitment and currency

15 The Business Continuity Management Life Cycle
BS25999 the British Standards Institution business continuity standard applies the “PDCA” model: Plan: establish Do: implement and operate Check: assess, measure and report Act: take corrective / preventative actions This approach aligns with other British and International standards – e.g. ISO 9001

16 The Business Continuity Management Life Cycle
The business continuity management system comprises six elements: program management understanding the organization determining business continuity strategies developing and implementing a response exercising, maintaining and reviewing embedding in the organization’s culture Content may vary from one organization to another but these steps should consistent

17 The Business Continuity Management Life Cycle

18 Program Management is at the Heart the Business Continuity Management Process
Effective program management establishes the organization’s approach to business continuity: assigning responsibilities implementing business continuity in the organization the ongoing management of business continuity The program will provide the route map for program implementation and should involve: design, build, and implementation

19 A Program will comprise a Number of Projects
Typical content of a project definition report (PDR) include: heading table of contents introduction goals, objectives and deliverables organization and responsibilities chunking (discrete phases) milestones success and completion criteria management control risks, issues and assumptions sign-off appendices

20 A Program will comprise a Number of Projects
Business continuity program outcomes will include: risk recognition and importance – appetite, tolerance and controls defined a defined program agreed by senior management a clear and documented strategy with policy and standards of performance fit for purpose business continuity plans an overview of the organization’s resilience and recovery solutions education, training and communication plan business continuity as part of the organization’s system for performance management metrics, indicators, exercising, assurance and audit ongoing management commitment – and evidence of this

21 Effective Project Management
Examples of successful project management: what works and what does not

22 Risk and Business Continuity Management
Risk management and business continuity management are complementary disciplines: business continuity management focuses on the impact of disruption

23 BS content BS31100 is the draft British Standard for risk management and comprises: Scope Principles Model Framework Process Implementation Annex- Risk Management Tools Glossary

24 BS31100 – Framework Culture Review Governance Reporting Strategy
Training Appetite Tools Policy Roles and responsibilities Categorisation and measurement

25 ISO 31000 – Process (draft international risk standard)
Establishing the Context Communication and Consultation Risk Identification Monitoring and Review Risk Analysis Risk Evaluation Risk Treatment

Download ppt "A Risk Management Approach to Business Continuity"

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Environmental Management System Implementation

Environmental Management System Implementation
[Organisation’s Title] Environmental Management System

[Organisation’s Title] Environmental Management System
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
The ISO 9002 Quality Assurance Management System

The ISO 9002 Quality Assurance Management System
Program Management Overview (An Introduction)

Program Management Overview (An Introduction)
IS Audit Function Knowledge

IS Audit Function Knowledge
TEMPUS ME-TEMPUS-JPHES

TEMPUS ME-TEMPUS-JPHES
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
How can projects be controlled?

How can projects be controlled?
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects
GOOD GOVERNANCE PRINCIPLES AND GUIDANCE for Not-for-Profit Organisations Promoting good governance and supporting directors and boards of not-for-profit.

GOOD GOVERNANCE PRINCIPLES AND GUIDANCE for Not-for-Profit Organisations Promoting good governance and supporting directors and boards of not-for-profit.
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Effectively applying ISO9001:2000 clauses 5 and 8

Effectively applying ISO9001:2000 clauses 5 and 8
Continual Service Improvement Process

Continual Service Improvement Process
Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.

Global Risk Management Solutions Risk Management and the Board of Director: Moving Beyond Concepts to Execution Anton VAN WYK Partner, Global Risk Management.
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System

Similar presentations

Ads by Google