Post on 18-Dec-2015
by
Mr. Venkataram Arabolu,
Managing Director, BSI Management Systems India
In Association with PetroFed
Business Continuity Management for
Oil, Gas & Petrochemical Industries
September 16, 2008, New Delhi
2
About BSI Group
• Founded in 1901, Royal Charter Company
• Clients in over 120 countries, BSI India Commenced operations in year 2000 and has over 3500 customers.
Independent assessment (third party & second party), certifications and training of management systems
Product testing Labs & services
The development of Management systems Standards such as BS 5750 (later became ISO 9001)
Integrated Management System software
3
What is Business Continuity Management ?
Definition
Holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities
6
Heart of U.S. Oil and Gas Industries Shut Down as Storm Approached
About 23 percent of the nation's oil refining capacity lies along the Texas coast
8
Shallow water facilities that currently act as a hub
Deepwater facilities that currently act as a hub
Future deepwater facilities
Pipelines
Spread of Oil & Gas facilities covering Texas, Louisiana, Mississippi & Alabama
Oil & natural gas production has been shut (US major Oil refineries with capacity of 5 MMBBL which is about 30% of US capacity in the effected area)
Staff has been evacuated from 452 production platforms (63.0%) and 81 rigs (66.9%)
4.5 Million people with power outage,no water, no power and no gasoline.
9
Disruptions in India
• Private Petroleum companies Shut retail outlets
• Oil spills threaten Gujarat marine park,
• Refinery fire & Explosion leading to shutdowns, affecting supplies & profitability etc
• Spurt in LPG imports due to unit interruption
BHN 5 BHN 5 after the fire
13
Terrorism
Corporate
Culture
Learned helplessness
Acquisition
Unreliable supply
obsolescence
Resource nationalism
Global warming
Outsourcing
Emerging threats….
unexpected event
Regulation deregulation
Pandemics IT Security
14
Marsh Report 2008
Type of Risk
Terrorism & Criminal Activities Availability of Oil and Gas Resources Energy price volatility Infrastructure & Development obsolescence Political/regulatory risk issues Risk of Natural Disasters Recruitment & retention of qualified work force Outbreak of Pandemic Environmental impact of operations Systemic financial risk Supply chain risk Increased internationalization ( partnership/JV risk) Global macro-economic risks
15
Revisit - Business Continuity Management
Definition
Holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities
17
People risks , 34.51
Technology risk, 18.62
Process risk , 26.65
Data risk , 5.14
Supply Chain partner risk , 8.35
Collaboration w ith public authorities , 6.74
What do you think is currently the weakest link in your Business continuity strategy, planning and recovery efforts?
18
18
BS 25999
• BS 25999-1:2006 Code of practice for
business continuity management
Published 28 November 2006
• BS 25999-2:2007 Specifications
Published 20 Nov. 2007
18
20
Business Continuity Lifecycle
Understanding the Organization
Determining BCM strategy
Developing and implementing BCM response
Exercising, maintaining and reviewing
BCM program Management
21
Plan–Do–Check–Act (PDCA) Cycle
Interested Parties
Interested Parties
Interested Parties
Interested Parties
Business Continuity
requirements and
expectations
Managed Business Continuity
EstablishEstablish
Maintain and improve
Maintain and improve
Implement and operate
Implement and operate
Plan
Check
Act Do
Monitor and review
Monitor and review
Continual improvement of the Business Continuity Management System
Continual improvement of the Business Continuity Management System
22
Why BCMS ?
• Minimize business disruptions
• Quickly recover to normal business operations
• Protect an organization’s value and reputation
• To meet shareholder commitments
national / legislative requirements
legal, regulatory and contractual commitments
moral and social responsibilities
• Demonstrate “best practice”.
• Reduce insurance liabilities.
23
Board
CEO
CFOCRO
Business Unit
Business Unit
Business Unit
Treasurer's office
Seeks strategic dialogue about risk but must rely on intuition
Has narrow & siloed view of risk, often focusing on compliance
Lacks the knowledge & risk vocabulary to engage in dialogue with management
Understands the risks but has little influence on decision making
Uses sophisticated risk management tools, but only for short term risk
Lacks the sophistication to understand, much less measure, their own risks
Sample Organizational Risk Culture
Source HBR Sept 08
27
Risk Impact versus control
Priority focus should be on the aspects with high risk and those with the largest gap between risk and control
IMPACT FACTOR VS STRENGTH OF CONTROL FOR ACTIVITIES
Vulnerability impact factor Strength of Controls
28BCM – the way forward
1. Top level commitment
3. Identify the Threats and Risks
2. Initiate the Management Process
8. Test, Exercise and Maintain the Plan
7. Developing and Implementing the Plan
6. Develop Strategies
5. Business Impact Analysis (BIA)
4. Manage the Risks as part of Risk Management
29
Where BCM is going?• No longer just a fashion accessory, BCM is now an integral part of
managing the business
• Integrated across all business functions; no longer seen as an IT speciality
• Now being accepted as a strategic business imperative
• Progress towards independent auditable processes
BS25999-2
• Broader based agreement on what is best practice in the form of the a new standard, BS 25999-1