A Risk Management Approach to Business Continuity

1
A Risk Management Approach to Business Continuity

• An introduction to Business Continuity

2
A Risk Management Approach to Business Continuity

• Twelve week course delivered through a
  combination of
• Lectures
• Visual and audio aides
• Class discussion
• Case studies
• Projects
• Possible field trips
• Guest lectures
• Quizzes
• Text A Risk Management Approach to Business
  Continuity Graham and Kaye - 2006

3
A Risk Management Approach to Business Continuity

• Syllabus objectives
• Week 1- relationship between risk and continuity
  
• Week 2 - stakeholders and their importance
• Week 3 - context, emergency services, government
  and engagement of the Board
• Week 4 - business continuity management cycle
• Week 5 - business impact analysis
• Week 6 - technology continuity planning

4
A Risk Management Approach to Business Continuity

• Syllabus objectives
• Week 7 - production line, suppliers, outsourcing
  and business support
• Week 8 - application of business continuity
  management tools and techniques to other
  operational risk areas
• Week 9 - people issues, communication and
  training
• Week 10 - the relationship between business
  continuity management and insurance
• Week 11 - plan review and maintenance, quality
  assurance, compliance and audit
• Week 12 - putting theory into practice

5
A Risk Management Approach to Business Continuity

• 100 points
• Research paper 35
• Presentations 10
• Quizzes 45
• Projects 10
• General housekeeping
• Attendance

6
A Risk Management Approach to Business Continuity

• Week One
• Why worry about business continuity?

7
Why Worry About Business Continuity?

• Week One Objectives
• Examine the link between Risk Management and
  Business Continuity
• Consider Business Continuity as part of the
  Risk Management Framework
• Explore disasters that affect organizations
• Discuss the impact September 11, 2001 had on
  world business and economy

8
The Language useful terms

• Supports common understanding
• No generally accepted global definitions
• Generic sources include ISO, BSi, Standards
  Australia, DRI and the course text
• Risk
• Risk Management
• Business Continuity
• Definitions may be developed to reflect industry
  sectors

9
Risk Management

• Something that might happen and its effect(s) on
  the achievement of objectives. ISO 31000/BSi
  31100 draft
• Upside and downside
• Concerned with both
• Engineering/safety roots typically more focussed
  on the negative

10
Operational Risk

• Loss resulting from inadequate or failed internal
  processes, people and systems, or from external
  events
• High people factor
• Often hard to quantify
• Can be the most damaging
• Yet the most difficult to transfer
• Business Continuity often forms part of the
  Operational Risk function of an organization

11
What keeps CEOs awake at night?

• The top 10 includes
• 1 loss of Reputation
• 2 business interruption
• 3. failure to change
• 4. product liability/tamper
• 5. impact of regulation and legislation
• Source Risk management and Financing Survey AON

12
What keeps CEOs awake at night?

• Three trends
• Rising tide of the intangible risk at the expense
  of tangible, measurable and transferable risk
• Increasing concern over risks difficult to
  predict and consequently difficult to plan for
• Aggregation and domino effects in an increasingly
  global business world

13
Business Continuity Management

• Definitions are based on the principle that it is
  a key responsibility of an organizations
  directors (or equivalent) to ensure continuation
  of its operations at all times. Chartered
  Management Institute
• Definition key words
• holistic, management process
• identification of potential threats
• resilience
• effective response
• stakeholder protection

14
The Evolution of Risk Management

• London coffee houses to 9/11
• Risk financing limitations raise awareness of
  risk based solutions
• Risk management is a balancing act
• Enterprise risk management - the future?

15
The Board Agenda

• Risk and Business Continuity are issues for Board
  governance
• The Risk Management framework
• Facilitates articulation of objectives
• Policies, processes, tools, techniques,
  information and scenarios
• Business continuity may be managed as part of
  facilities, IT, risk management, or as a
  stand-alone management activity, but it is an
  enterprise-wide risk control

16
Capturing Board Commitment

• The Board
• Establish the vision, mission and values
• Set the strategy and structure
• Delegate to management
• Exercise accountability to stakeholders
• The Champion
• Engage
• Participate

17
Survival planning

• Risk decisions into the board room
• A business, not just a facilities, matter
• Focus on the critical arteries and dependencies
• best value is from prevention
• emergency response structure

18
Framework components

• Breaking down silos
• A common infrastructure
• Business continuity as part of the risk framework
• Business continuity as part of governance and
  management

19
Disasters That Affect Organizations

• Natural
• Weather
• Floods
• Earthquake
• Pandemics

20
Earthquake case study

21
Storm case study

22
Pandemics case study

• Understanding the threat
• Sources of information
• Strategies
• Medical aspects and information
• Implementing strategies
• Responding to threat levels

23
Disasters That Affect Organizations

• Environmental
• Chemical spills
• Power Outages, etc

24
Power outage case study

25
Disasters That Affect Organizations

• Incited
• Workplace violence
• Homicide
• Suicide
• Kidnap for ransom
• Cyber attacks on information

26
Workplace violence case study

27
The Impact of 9 September 2001

• Discussion

28
Course work