BCM Training Part 1 - Introduction To BCM - Business Risk & Management
-
Upload
andrew-styles -
Category
Documents
-
view
717 -
download
3
description
Transcript of BCM Training Part 1 - Introduction To BCM - Business Risk & Management
Business ContinuityIntroduction
2 April 12, 2023
About Andrew…
Grew up in Australia Lived for past 6 yrs in Singapore 9 months in Thailand
Education Bachelor of Education Grad Cert Enterprise Management Grad Diploma in Rehabilitation Masters of Business Administration (MBA)
Employment Numerous, including… Hewlett Packard Regional Security/BC/Claims
Mgr Genzyme – Regional Security & BC Director Consultant: BC/Security/Investigations/Risk
[email protected]: 0818935329
Sections
1. Introduction2. Event/Disaster/Crisis/Accidents3. What is BCM?4. Typical company BCM5. BCM Standards & certification
3 Copyright © Business Risk & Management Pte Ltd
4 April 12, 2023
Business Continuity Management (BCM)
• Events of late have demonstrated that negative consequences can befall any organisation
• We’re seeing a shift from “it won’t happen to me” to developing a Business Continuity approach
• BCM legislation makes is being implemented in some countries making BCM a legal requirement
• Risk Management is a key component in Business Continuity Management
Threats
ReputationShareholder Value
Stakeholders SatisfactionCorporate Governance
Safety Net
CrisisManagement
DisasterRecovery
BusinessContinuity
5 April 12, 2023
“Event"…in BC, it means an existing or unusual occurrence in the natural or human-made environment that may adversely affect human life, property, or activity to the extent of a disaster.
6 April 12, 2023
Types of Events
Physical Operational3rd Party
Outsourcing e-Business
Fire Flood Earthquake Tornado Hurricane Snow storm Utility failure Bombing Riot/Civil unrest Terrorism Kidnapping Theft SARS/other viruses Hazardous
chemicals
Contract breach Legal issues Disruption to supplier No operating capacity Loss of JIT inventory Disruption of
distribution Unstable political
environment Regulatory
requirement issue Disruption at
manufacturing Loss at CM site
Theft at 3rd party warehouse
Gaps in 3rd party risk assessment
Fraud commited by 3rd party employees
Disruption of IT services/support
Disruption critical databases, networks
Disruption of Telecomms services
Computer viruses Cyber terrorism,
Hacker attacks Breach of info
security, confidentiality
Types of events
What ‘events’ have you experienced?
7 Copyright © Business Risk & Management Pte Ltd
What’s the chance of an ‘event’ happening? If it does happen, what is the impact?
© Business Risk & Management Pte Ltd 8
What is Risk?
Exposure to a chance of loss or damage;
"We risked losing a lot of money in this venture" "Why risk your life?“ Gamble: take a risk in the hope of a favourable outcome; "When you buy these stocks you are gambling“
Risk concerns the expected value of one or more results of one or more future events.
9 Copyright © Business Risk & Management Pte Ltd
Risk quotes…
Risk is part of every human endeavour.
Progress always involves risks. You can’t steal second base and keep your foot on first. Frederick Wilcox
A ship is safe in harbour, but that's not what ships are for.
You've got to go out on a limb sometimes because that's where the fruit is.
10 Copyright © Business Risk & Management Pte Ltd
Type 1 - Risk score calculator
11 Copyright © 2010 Accenture All Rights Reserved.
Type 2 - Risk Matrix
13 April 12, 2023
What is Business Continuity Management?
Unplanned events can have catastrophic effects and the
disruptive incidents can come from accidents, criminal
activity or natural disasters.
An organisation’s effort to limit the effects of a crisis by
providing uninterrupted operations and services
during this period.
Provides a basis for planning to ensure the long-term ability
to continue trading following a disruptive event
Not something developed at the time of a crisis
Phases of a Crisis
14 Copyright © Business Risk & Management Pte Ltd
time
Recovery
CM
ER
1 min
2 hrs 6 hrs 1 day 1 wk 1 month
inte
nsity
?
15 April 12, 2023
Does BCM impact on a company’s share price
Initial loss of shareholder
value is approx 5%
for recoverers
Initial loss of shareholder value is approx. 11% for non-
recoverers
The non-recoverers suffered a net cumulative
impact of almost 15% up to one year after the
catastrophe
* = Sourced from an Oxford Executive Research Briefing Paper ‘The Impact of Catastrophes on Shareholder Value’ Rory F. Knight & Deborah J. Pretty 1996.
How long can a company survive without a BC Program?
80% of businesses affected by a major incident either never re-open or close within 18 months (Source, Axa)
Companies that aren't able to resume operations within ten days (of a disaster hit) are not likely to survive. (Strategic Research Institute)
According to Contingency Planning Research & Strategic Research Corporation: 43% of U.S. companies experiencing disasters never re-open, and 29% close within 2 years
Within two years after Hurricane Andrew struck in 1992, 80 percent of the affected companies that lacked a business continuity plan failed (FEMA)
According to a recent Touche Ross study, the survival rate for companies without a disaster recovery plan is less than 10%!
16 Copyright © Business Risk & Management Pte Ltd
How long can a company survive without a BC Program?
70 percent of companies go out of business after a major data loss (Source, UK DTI)
Research by IBM (Varcoe, 1993) showed that 80 per cent of organisations without relevant contingency plans who suffered a computer disaster went bankrupt
In 2008, 40 per cent of organizations suffered disruption due to a loss of IT.
17 Copyright © Business Risk & Management Pte Ltd
How long can a company survive without a BC Program?
In relation to California…In fact, statistics indicate that 50% of businesses which sustain interruptions of a week or more due to problems at the primary site never recover. Recent media reports also indicate that an estimated 25% of the companies stricken by the California earthquakes were forced to close their businesses. http://www.drj.com/index.php....
Despite recognizing the threat posed by diseases such as influenza, 53 per cent of organizations still have no plans to help them cope during a pandemic. Source: The Business Continuity Management Report, 2009, Chartered Management Institute
18 Copyright © Business Risk & Management Pte Ltd
Despite the fact that the financial cost to our companies could be significant….
19 Copyright © Business Risk & Management Pte Ltd
“FAILURE IS NO LONGER AN OPTION”
7% of companies with revenue over $5bn experienced a business
disruption that cost the business over $5m during the last 12 months….
…at one company this cost was potentially worth up to $180m of $180bn business, each year
Source – Continuity Insights/KPMG 2003
Cost to Business
< $100k
$100k - $500k
$500k - $1m
$1m - $5m
> $5m
BCM global standards
UK: British Standards Institution (BSI), BS 25999
Thailand: 22301-2553
North America: National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs.
ISO: ISO/PAS 22399:2007 Guideline for incident preparedness and operational continuity management
Australia/NZ: HB 292-2006 : A practitioners guide to business continuity management. In 2010, Standard AS/NZS 5050 was released.
ASIS: ANSI/ASIS SPC.1-2009 Organizational Resilience: The ANSI/ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems—Requirements with Guidance for Use American National Standard
20 Copyright © Business Risk & Management Pte Ltd
Why get certification? The best reason for wanting to implement international standards is to
improve the efficiency and effectiveness of company’s operations.
Having implemented, companies can either: No further action Complete a Self-Declaration Have the management system certified by an independent auditor
Deciding to have an independent audit of the system to confirm that it conforms to BC25999 is a decision to be taken on business grounds
Reasons might include… Recognition Marketing Legal requirements
21 Copyright © Business Risk & Management Pte Ltd
Questions?
22 Copyright © Business Risk & Management Pte Ltd
23 April 12, 2023
Stop Check