Business Continuity Management


Published on

An Overview of BCM

Published in: Business, Economy & Finance
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Business Continuity Management

  1. 1. Business Continuity Managementchapter 1: an overview<br />Diane Christina<br />
  2. 2. Objective of this chapter<br />Introduce risk management and business continuity management as part of good governance <br />Develop the link between risk management and business continuity management as part of a risk management framework<br />
  3. 3. Material references<br />A risk management approach to business continuity: Aligning business continuity with corporate governance, Julia Graham & David Kaye, 2006, Chapter 1-3<br />COSO Enterprise Risk Management Framework: 2004<br />Standards Australia: ASNZS 4360: 2004<br />PAS 56:2003 – Guide to BCM:BSI: March 2003<br />Expecting the Unexpected: 2003<br />Aligning Business Continuity and Information Security: Special Project Report, 2006<br />Dr. GohMehHeng, 1st ed. 2007, Managing & Sustaining Your Business Continuity Management Program<br />Dr. GohMehHeng, 1st ed. 2004, Implementing Your Business Continuity Plan<br />Andre Hiles, 1st ed. 2002, Enterprise Risk Assessment and Business Impact Analysis <br />
  4. 4. Risk Managing Today <br />The essence of risk management is <br />A BALANCING ACT<br />Getting the balance right between taking and exploit risk<br />
  5. 5. Risk Managing Today <br />The challenge for management is <br />to create an environment that facilitates the identification and tight control of the negative risks, <br />while nurturing an environment that allows for the identification and conversion of opportunities, and <br />to determine how much uncertainty an organization is prepared to accept (risk tolerance)<br />
  6. 6. Risk Management vs Business Continuity Management<br />In managing risk,<br /><ul><li>Do we have control over the outcome?
  7. 7. Do we have control on the linkage between </li></ul>effect and cause of risk?<br />Maximize Controllable Area<br />Insurance<br />Outsource<br />Others Mitigation Tools<br />BCM<br />Minimize Uncontrollable Area<br />Transfer the risk<br />BCM as alternative mechanism for risk mitigation<br />
  8. 8. Business Continuity Management<br />As potential key control to minimize the impact of disasters on the organization, its people, and assets<br />As an alternative mechanism for risk mitigation<br />As a contributor to business resilience in organizational processes to business disruption <br />A Strategic management process <br />to identify potential incidents and <br />develop effective response plans<br />- BCM Institute -<br />
  9. 9. Business Continuity Management<br />A holistic management process <br />that identifies potential impacts that threaten an organization and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value creating activities<br />- BCI PAS 56-<br />
  10. 10. Business Continuity Management<br />BCM is not just a response<br /> also building resilience to strengthen an organization <br />BCM is not just about fighting fires<br />also developing understanding what might be at risk and developing strategies if things do go wrong<br />BCM is not just about having plans to recover a business that are over elaborate<br />also about having plans that suit the nature of your business<br />BCM is not an add-on to business<br />To be effective, it must be an embedded management process, as part of risk management and part of good business management <br />It’s a Proactive Process that concentrates on critical resources required to continue key business process disregards the event<br />
  11. 11. What is Business Continuity Planning?<br /> The main purpose of the BCP process isto ensure continuity of product / service delivery following an unplanned disruption tonormal working.<br />“An ongoing process that helps organisations anticipate, prepare for, prevent, respond to and recover from disruptions, whatever their source and whatever aspect of the business they affect.”<br />Civil Contingencies Act 2004<br />
  12. 12. BC incidents<br />
  13. 13. Fully tested effective BCM<br />A<br />B<br />No BCM – lucky escape<br />C<br />No BCM – usual outcome<br />Successful recovery or failure?<br />Level of business<br />Critical recovery point<br />Time<br />
  14. 14. Understand your business<br />What functions are critical?<br />What are the ingredients of those functions?<br />What is the impact of them being disrupted?<br />Internally<br />Externally<br />How long could you cope without them?<br />
  15. 15. Identify Risk- What if????<br />Fire <br />Crime – theft / damage<br />Flood<br />Power disruption<br />IT failure<br />Staff shortage<br />Road network disruption / fuel problems<br />Severe weather<br />Reputation loss / customer confidence<br />
  16. 16. Consequences<br />Loss of premises<br />Loss of essential information<br />Loss of staff<br />Loss of a key supplier<br />Loss of specialist equipment<br />Disruption to finance flow<br />Loss of company reputation<br />
  17. 17. Risk Strategies<br />Identify and evaluate risk mitigation options<br />Reduce likelihood<br />Reduce impact<br />
  18. 18. Risk mitigation examples<br />I.T procedures back up information off site<br />Physical security<br />Fire prevention, alarm and suppression systems.<br />Flood protection (internal & external)<br />Alternate communications<br />
  19. 19. Recovery Strategies<br />Business Continuity Plans.<br />Other disaster recovery plans & procedures.<br />Plans kept on and off site.<br />
  20. 20. Case Study<br />The Auckland Power Failure<br /> Auckland, New Zealand, 1990<br />The Manchester Bombing <br /> Manchester, UK, 1996<br />The Ladbroke Grove Rail Disaster<br /> London, UK, 1999<br />The Marriot and Ritz Carlton<br /> Jakarta, Indonesia, 2009<br /><ul><li>Brief Description on the event
  21. 21. Key lesson to be learned in related to minimizing the impact of disasters on the organization, its people, and assets
  22. 22. Maximal 2 pages A4,
  23. 23. 1.5 line spacing, 11 font size</li>