Jeremy Smith


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Jeremy Smith

  1. 1. Business Continuity Management. Caribbean Association of Indigenous Banks November 2005 Jeremy Smith, Practice Leader Enterprise Risk Services ©2005 Deloitte & Touche
  2. 2. Agenda • Introduction to Business Continuity Management • Lessoned Learned from Hurricane Ivan • Summary ©2005 Deloitte & Touche
  3. 3. Introduction to Business Continuity Management ©2005 Deloitte & Touche
  4. 4. Benefits of Business Continuity Management and Crisis Management Development period for a new problem. Number of Incidents Losses Time Allen, D.E. (1992) First Problem Key Failure Understood Reactive feedback Proactive Risk and Crisis Improvement in the curve due to Management early warning of problems ©2005 Deloitte & Touche
  5. 5. BCM Regulatory Summary Legislation and regulations are focusing on protection of the entire financial market, escalating BCM as a key regulatory requirement. Business Continuity Management Drivers • NASD Rules 3510, 3520 and NYSE 446 • OCC and SEC White Paper • ICSA • CFTC Compliance Rule 2-38 • SEC Policy Statement • FSA Paper 142 Consultation Paper Risk Management Drivers • GLBA HIPAA, PIPEDA • Sarbanes-Oxley • Basel II ©2005 Deloitte & Touche
  6. 6. Continuity has moved from Operational to Management Imperatives Disaster Business Continuity Business Continuity Recovery Planning Management Resilience Business Business Value Continuity Disaster Plan Predictive Recovery Modeling Plan Backup Business s Continuous Continuity Availability Management Vision ©2005 Deloitte & Touche
  7. 7. A Framework for Business Continuity This approach assumes the development of a long range capability; more than just a plan. Analyze Develop Implement Resource Current State Governance Acquisition & Assessment Implementation Availability/ Risk Training & Recoverability Assessment Testing Strategies Business Impact Procedures Maintenance Analysis Process Improvement ©2005 Deloitte & Touche
  8. 8. Lessons learned from Hurricane Ivan ©2005 Deloitte & Touche
  9. 9. Anatomy of a Storm Naval Research Lab ©2005 Deloitte & Touche
  10. 10. Anatomy of a Storm (continued) UN Economic Commission for Latin America and the Caribbean (ECLAC) •Total damage US$3.5 billion 2 yrs Cayman GDP •Estimate US$95,625 per person By Sector •53% Social US$1.88 billion •33% Production US$1.2 billion •14% Infrastructure US$420 million ©2005 Deloitte & Touche
  11. 11. Tips from Lessons Learned • Separate primary and backup sites Geographical • Investigate working from Disbursement alternative jurisdictions • Pre-clear permits and operation license with regulators, legal counsel, and relevant authorities Dual-sited • Engineer fail-over and Disaster Recovery capability Organisations • Test backup sites regularly ©2005 Deloitte & Touche
  12. 12. Tips from Lessons Learned • Develop strategies in advance (e.g. plane charters, reserved Transportation flights and vehicle fuel storage) • Setup remote working ability • Automated notification systems - multiple devices (cell, email, land Communication line) Plan • Setup backup cellular networks (e.g. blackberries, PDA) • Predefined/agreed messages ©2005 Deloitte & Touche
  13. 13. Tips from Lessons Learned • Agreements in place (transportation, DR, etc) Service Level Agreements • Conduct vendor risk assessments • Test recovery capability of vendors Plan • Scenario driven crisis Maintenance management and business recovery plans (evolve during and Testing major reorganisations/systems Critical conversions) ©2005 Deloitte & Touche
  14. 14. Tips from Lessons Learned • Crisis leadership that can quickly Chain of mobilize invocation procedures Command • Pre-agreed roles/responsibilities and levels of authority • Encourage counseling services • Succession planning • Assist employees personal Human recovery Aspects • Engage remote working or non- critical employees • Prepare for compassionate situations (family bereavement) ©2005 Deloitte & Touche
  15. 15. Summary A member firm of Deloitte Touche Tohmatsu ©2005 Deloitte & Touche
  16. 16. In Summary Financial Institutional Objective: • Decide risk position as it relates to increasingly strict BC regulation and lessons learnt • Seek clear demonstration of response & recovery capability from your organisation • Ensure all critical operational and physical components are integrated into your approach Finally…Evaluate your BC programme in its entirety ©2005 Deloitte & Touche
  17. 17. Member of Deloitte Touche Tohmatsu ©2005 Deloitte & Touche