This presentation is about how organizations can build their resilience in challenging times and economic uncertainty, with the focus on ISO 31000 risk management, business continuity and disaster recovery.
This was presented at the 2015 CPA Congress in Australia.
Eluru Call Girls Service ā ļø93326-06886 ā¤ļøāš„ Enjoy 24/7 EscortĀ Service
Ā
Managing Risks in Uncertainty - Building your Organizational Resilience
1.
2. Managing risks in uncertainty ā
Building your organizational resilience
Esther Oh, MCRL, GAICD, CRMA, CISA, FCPA(Aus)
ļ£All Rights Reserved AusAsia Resources
3. Are you prepared for the VUCA Century?
V ā Volatile
U ā Uncertain
C ā Complex
A - Ambiguous
Chart 1: ASX 200 trend from 1 Oct 2014 ā 1 Oct 2015
Source: www.asx.com.au
ļ£All Rights Reserved AusAsia Resources
4. Session Outline
How to manage risks and
build your organizational resilience?
- Risk Management
- Business Continuity
- Disaster Recovery
ļ£All Rights Reserved AusAsia Resources
7. Organisational resilience:
āa businessās ability to adapt and evolve as the global market is evolving, to
respond to short term shocksābe they natural disasters or significant
changes in market dynamicsāand to shape itself to respond to long term
challenges.āāāāāāā
Source:
http://www.organisationalresilience.gov.au/
ļ£All Rights Reserved AusAsia Resources
8. āResiliency wraps around the organizationās culture, values, attitudes
and business practices, especially towards changes and disruptions.ā
Rod A. Beckstrom,
āThe Spider and the Starfishā
ļ£All Rights Reserved AusAsia Resources
9. Why is resilience so important?
It determines Your SURVIVAL & SUCCESS
ļ£All Rights Reserved AusAsia Resources
10. Chances of failures
Consequences from such failures
Time to recovery
Reputation, trust & goodwill
Demand from customers
Speed to respond
Benefits:
ļ£All Rights Reserved AusAsia Resources
11. When facing tough challenges, you can choose to:
Decline Survive Bounce back Move Forward
ļ£All Rights Reserved AusAsia Resources
12. Components
1. Leadership
2. Culture
3. Systems
4. People
5. Workplace
Source: Gartner Group
Leadership
Culture
Workplace
Systems
People
ļ£All Rights Reserved AusAsia Resources
14. Remember:
- Fit for purpose
- Current
- Flexible
- Responsive
- Practical
Resilience Framework
ļ£All Rights Reserved AusAsia Resources
15. Reality Checklist:
1. Is your organization structure, policies and processes still fit for purpose?
2. Does your organization embrace and adapt to changes quickly?
3. Does your workforce exhibit commitment, flexibility and trust?
4. Does your employees constantly seek to create value despite challenges?
5. Are your employees engaged and connected to the vision, mission, values
and strategies of your organization?
ļ£All Rights Reserved AusAsia Resources
17. Common Roadblocks
1. No commitment - lack of visible leadership
2. Silo mentality ā lack of communication
3. Myopic views ā lack of vision, purpose and values
4. Resistance to change ā lack of situational awareness
5. Detachment ā lack of teamwork/toxic culture
ļ£All Rights Reserved AusAsia Resources
19. Top global risks at a
macro level
Source: World Economic Forum, 2015 Global Risks
Report, 10th edition,
http://www.weforum.org/reports/global-risks-
report-2015
ļ£All Rights Reserved AusAsia Resources
20. Top common risks at the micro level
1. Reputational
2. Financing
3. Human capital
4. Technology
5. Market
6. Geopolitical
7. Credit risk
8. Terrorism
9. Foreign exchange
10. Regulatory
11. Crime and security
12. Natural disasters
ļ£All Rights Reserved AusAsia Resources
21. Definitions
Risk is the āeffect. of uncertainty on objectivesā and an effect is a positive or
negative deviation from what is expected.
Risk management refers to a coordinated set of activities and methods that
is used to direct an organization and to control the many risks that can affect
its ability to achieve objectives. It also refers to the architecture that is used
to manage risk.
Source: ISO31000:2009 Terms and Definitions
ļ£All Rights Reserved AusAsia Resources
22. Risk management framework
ISO 31000:2009 Risk Management Principles and Guidelines
1. Principles (elements)
2. Framework model
3. Process
Useful reference:
https://www.theirm.org/media/886062/ISO3100_doc.pdf
ļ£All Rights Reserved AusAsia Resources
23. ISO 31000 RM framework
ļ£All Rights Reserved AusAsia Resources
24. How to manage risks in uncertainty
1. Set objectives within established framework
2. Assess and quantify your risks
3. Devise and implement your plans and
strategies
4. Use tools and technology to monitor and
review
5. Keep consulting and communicating with
stakeholders
ļ£All Rights Reserved AusAsia Resources
25. Implementing ISO 31000
Risk management
process, tools and
resources
Source: http://esvc001356.wic015u.server-web.com/
iso31000/index.html
ļ£All Rights Reserved AusAsia Resources
26. Example of a Risk Map:
Likelihood and impact of
the major global risks in
2015
Source: World Economic Forum, 2015 Global Risks Report,
http://www.weforum.org/reports/global-risks-report-2015 Likelihood
ļ£All Rights Reserved AusAsia Resources
27. More examples of tools:
o Risk registers
o Risk matrix heat maps
o Traffic light indicators/trend
o Simulation models
o Decision tree analysis
o Fault tree analysis
o RACI matrix
o Dashboards
o Risk Barometers/odometers
ļ£All Rights Reserved AusAsia Resources
28. Examples of risk assessment techniques
ļ£All Rights Reserved AusAsia Resources
33. Key Risk Indicators Key Performance Indicators
Provide early warning of increasing risk exposure Provide high level indication of past performance
Provides forward looking prediction and insight
on potential risks BEFORE the risk event
Provides historical performance of the
organization AFTER the event occurred
Decreases likelihood for management to override
key controls
Rewarding on KPIs alone increases likelihood of
management override and risky behaviour
Promotes risk awareness, proper management of
risks and healthy risk culture
Measuring by KPIs alone can lead to unnecessary
risk taking and unhealthy risk appetite
Copyrights and All Rights Reserved AusAsia
Resources.
34. Illustrative Example
Objective: Manage bad debts to reduce financial loss
Risks: Slowing economy, increasing customers default = negative impact on cash flow
= affects ability to pay bills on time
35. Letās assume your sales are dropping quickly.
1. Objectives?
2. Risks?
3. Strategies?
4. Key Risk Indicators?
5. Key Performance Indicators?
Copyrights and All Rights Reserved AusAsia
Resources.
36. Objective:
Increase profitability
Strategies
Increase revenue
with new
products
Negotiate with
suppliers for
lower costs
KRI
New Product
Rejection
Rate %/mth
#Suppliers
who walk
away/mth
KPI
New Product
Sales % total
Sales/mth
$ Saved from
suppliers/mth
Risks
Monitor KRIs/KPIs against Objectives and Risks,
and adjust Strategies to achieve desired outcomes
ļ£All Rights Reserved AusAsia Resources
37. Be SMART about your KRIs/KPIs
ļ¼ Specific
ļ¼ Measurable
ļ¼ Auditable
ļ¼ Relevant
ļ¼ Timely
ļ£All Rights Reserved AusAsia Resources
38. Where possible, KPIs/KRIs should be
ā¢ Based on established benchmarks or practices
ā¢ Developed consistently across the organization
ā¢ Provide unambiguous view of highlighted risk
ā¢ Comparable across time and business units
ā¢ Simple and easy to monitor and communicate
ļ£All Rights Reserved AusAsia Resources
39. Tips for RM implementation:
ļ£All Rights Reserved AusAsia Resources
41. Business Continuity (BC)
āthe capability of the organization to continue delivery of
products or services at acceptable predefined levels
following a disruptive incident. ā
Source: ISO 22301:2012 Societal security ā Business continuity management
systems ā Requirements
ļ£All Rights Reserved AusAsia Resources
42. BCP Life Cycle
1. Risk assessment
2. Business Impact Analysis
3. Plan Strategies
4. Test, train and maintain BCP Source: www.eci.com
ļ£All Rights Reserved AusAsia Resources
43. What You Need
ļ§ Business Continuity Plan
ļ§ Emergency Response Plan
ļ§ Disaster Recovery Plan
ļ§ Crisis Management Plan
ļ£All Rights Reserved AusAsia Resources
44. Inter-relationships between
- Business Continuity Plan
- Emergency Response Plan
- Disaster Recovery Plan
- Crisis Management Plan
Source: http://www.chainlinkresearch.com/
ļ£All Rights Reserved AusAsia Resources
45. Using Mindmaps as a BCP tool
ļ£All Rights Reserved AusAsia Resources
46. Impact of Being Prepared vs Not Prepared on Business Resumption
Source: http://www.chainlinkresearch.com/
ļ£All Rights Reserved AusAsia Resources
47. Tips for implementing BCP:
1. Identify and prioritize Critical Business Functions
2. Determine Recovery Time Objectives/Service Levels for Critical Assets
3. Establish Recovery Points for Critical Applications
4. Conduct Comprehensive Risk Assessments On Critical Facilities
5. Ensure Succession Plans Exist for Owners, Key Employees or Consultants
6. Test your BCP, DRP and emergency response plans regularly
ļ£All Rights Reserved AusAsia Resources
48. Tips for implementing BCP (continued)
7. Ensure Multiple Sources are available for Critical Supplies and Processes
8. Engage People in Business Continuity Planning
9. Use Tools, Technology and Training to provide Advanced Warnings
10. Always have Plan B (or more) ready to execute when Plan A fails
11. Ensure Physical, Logical and Internet Security are monitored constantly
12. Ensure Capacity Planning is flexible and adaptive for dealing with increased
or decreased Demand
52. DRP Focus: IT Systems and infrastructure
ļ£All Rights Reserved AusAsia Resources
53. 1 in 4 that experienced a disaster unprepared
never reopened after a disaster
Av. cost of downtime US$336,000/hour
Source: http://www.hostway.com/blog/the-increasing-importance-of-
disaster-recovery-and-business-continuity
ļ£All Rights Reserved AusAsia Resources
54. Tips for implementing DRP:
1. Prioritize your systems and determine service levels by importance
2. Weigh your costs(risks) vs benefits and resources availability
3. Create redundancy in your systems, e.g. spare servers and electrical power
generators
4. Regularly back up using various storage methods e.g. Cloud, HDD, USB,
Google Drive, Dropbox, emails
5. Test and refine your systems, e.g. do a dry run or fire drill with the relevant
staff at least once a year
ļ£All Rights Reserved AusAsia Resources
55. A resilient organization is always prepared by:
1. Demonstrating authentic leadership
2. Establishing frameworks
3. Documenting plans
4. Linking ORS-Keys
5. Communicating and engaging people
6. Increasing levels of capabilities
7. Actively assessing & monitoring risks
8. Using SMART tools and technology
9. Testing & refining the plans
10. Seeking independent advice and training
ļ£All Rights Reserved AusAsia Resources
Source: Infographic origin not cited