Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2019 ipsm conference_managing_change_workshop_paul_denneman

24 views

Published on

Paul Denneman workshop at Kyiv Procurement & Supply Chain Conference on June 6'2019

Published in: Business
  • Be the first to comment

  • Be the first to like this

2019 ipsm conference_managing_change_workshop_paul_denneman

  1. 1. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk and Business Continuity Management 1 Lessening the impact of what we don’t understand
  2. 2. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Who is your trainer? Paul Denneman MSc CPIM CLTD CSCP ❑Eindhoven University of Technology ❑Independent trainer/consultant since 1993 ❑APICS, Prince2, ITIL & PI certified Professional Experience ❑Philips, Flex, Lenovo, Ultimaker, Optelec, Semec Electronics ❑MSD Intervet , Stryker, Pfizer/Hospira ❑Scandinavian Tobacco Company ❑Kuehne & Nagel, Maersk Logistics ❑JDA / RedPrairie ❑Aquon, Province of South Holland, Port of Rotterdam Accredited APICS Master Trainer ❑Certified Supply Chain Professional (CSCP) ❑Certified in Production and Inventory Management (CPIM) ❑Certified in Logistics, Transportation & Distribution Management (CLTD) ❑Trained 1000+ professionals, working for 100+ companies. ❑Recent inhouse trainings for Borouge, United Nations (UNSOS, UNMIK), King Abdullah University of Science and Technology (KAUST), Mobily, NCB Bank, Sabic, Siemens, Savola Foods, Volkswagen and others. paul@mutatis-mutandis.nl +31 6 100 34 200 https://nl.linkedin.com/in/pauldenneman
  3. 3. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved What can we expect from you?
  4. 4. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 4 In this workshop ……….. the conceptsand bestpracticesof Introduction to Risk Management Risk Management Process - Identification - Analysis - Treatment - Evaluation Internationalsecurity measures BusinessContinuity Management Governance & Compliance
  5. 5. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Enablers of the Supply Chain 1810 1900 1920 1950 1980 2010 2020 1811 Dr. William Muller Elements of the Science of War (Logistics) 1905 The Independent 1st mention of Supply Chain 1911 Frederick Taylor Scientific Management 1927 FORD Models a car application of Mass Production 1952 Woodland & Silver Barcoding 1957 Wroe Alderson Principles of Postponement 1964 Stephen Orlicky (1975) Concept of MRP 1964 BLACK&DECKER Implements IBM-MRP 1973 FEDEX Introduces Hub-and-spoke system 1969 GENERAL MOTORS Implements 2 scanners 1956 Malcolm McLean Intermodal Containerization 1990 WWW 2001 9/11 2009 Banking Crisis2000 Y2K Managing Disruption Risks in Supply Chains 2005 Kleindorfer & Saad 2012 Obama Supply Chain Security 2002 McDonough & Braungart Cradle-to-Cradle 1994 AMAZON Starts online bookstore 2005 WALLMART Introduces business sustainability strategy 1979 Michael Aldridge Electronic Shopping 2000 1948 TOYOTA Start of Toyota Production System INDUSTRY 1.0 Water/Steam Power INDUSTRY 2.0 Electric Power INDUSTRY 3.0 Computing Power INDUSTRY 4.0 Internet of Things (IoT) power 1939-1945 WWII1914-1918 WWI 1999 K. Asthon That Internet of Things 1973 Oil Crisis 1951 First Office Computer
  6. 6. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Supply Chain Risk Definition 6
  7. 7. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Source:BCIHorizonScanReport2019
  8. 8. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved
  9. 9. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Impact of Supply Chain Disruptions on Shareholder Value Source:WorldEconomicForum/Accenture-BuildingResilienceSupplyChains2013
  10. 10. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Simple Risk ProfileSupply chains are configured so that they can deliver the maximum intended value even if there are several high probability operational type risks. Source: WorldEconomic Forum / Accenture - Building ResilienceSupply Chains 2013 in the event of a low probability high impact systemic failure, a supply chain can not only fail to deliver its intended value but may also result in losses or negative value.
  11. 11. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 11 Which risks are we facing
  12. 12. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved
  13. 13. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Source:BCIHorizonScanReport2019
  14. 14. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Top 10 Disruptions Source:BCIHorizonScanReport2019
  15. 15. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Top 10 Disruptions (continued) Source:BCIHorizonScanReport2019
  16. 16. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Most common causes of supply chain disruptions (2009 -2018) Source:BCIHorizonScanReport2019
  17. 17. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Source:WorldEconomicForumGlobalRiskReport2019
  18. 18. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved The Global Risks Landscape 2019 Source:WorldEconomicForumGlobalRiskReport2019
  19. 19. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Most common impacts of supply chain disruptions 19 in % (2009-2017) Source:BCIHorizonScanReport2019
  20. 20. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Losses of Supply Chain Disruptions Source:BCIHorizonScanReport2019 Supply Chain Disruption costs are in most cases below a million euro. Nevertheless the conservative provision Maersk had to take after the cyber attack in 2017 was over 300 million dollars.
  21. 21. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Supply Chain Size and Scale Organizations have fewer suppliers now than they did five years ago, despite increasing interconnectedness through the global network. A significant minority of respondents (5.0%) are unaware of who their key suppliers are. Source:BCIHorizonScanReport2019
  22. 22. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved What are the forms of Supply Chain Risk? 22
  23. 23. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Management Risk Management Process 23
  24. 24. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Objectives Deliverables Tasks/ Activities Issues something that is impacting the quality, time, scope now Risks something that could possible impact the quality, time, scope in the future (impact x probability) accept, avoid mitigate, transfer recovery, resolve (impact) EventCause Projected Effect Effect Risk Management Process - Risks and Issues
  25. 25. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Management Model Identification Assessment Treatment Evaluation Risk Management Process - Model 25
  26. 26. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Management Risk Identification 26
  27. 27. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Cause Event Impact Effect Risk Identification - Cause and Effect 27
  28. 28. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Brainstorming possiblerisks Identification Timehorizon and scope Definition Causesand effects Risk Register Risk Identification - Process 28
  29. 29. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Management Workshop – Brainstorming possible risks 29
  30. 30. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved
  31. 31. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Key facts eCommerce retail market NL 1. bol.com fmcg NL 1.220 mil. euro 2. Coolblue fmcg NL 884 mil. euro 3. Zalando shoes DE 670 mil. euro 4. Wehkamp fmcg NL 570 mil. euro 5. Albert Heijn Online groceries NL 480 mil. euro 6. The Learning Network books NL 288 mil. euro 7. Amazon fmcg DE/US 230 mil. euro 8. H&M clothing DE 220 mil. euro 9. MediaMarkt electronics DE 210 mil. euro 10. De Bijenkorf fmcg NL 180 mil. euro Amazon and eBay for example aren’t that big in the Netherlands, mostly because consumers are very hooked on Wehkamp.nl and Bol.com, two players that are online for over 15 years. Coolblue is winning customers because they assist the customer with their choice and have physical stores. Source:Twinkle2018
  32. 32. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Key facts Wehkamp and her LSC 1. The Wehkamp Logistics Service Center (LSC) Zwolle became operational in 2015 The building stands on an 11-hectare site on the Hessenpoort industrial estate in Zwolle, the Netherlands. 2. With a surface area of 55000 m2 filled with high-tech automation, it was in 2015 the largest automated distribution centre for online retail in the world. 3. The building cost were approx. 120 mil total, 40 mil building, 80 mil for automation and interior. 4. With 468 automated shuttles, the innovative OSR Shuttle system collects items from 477,000 pick locations. 5. In total there is 2.5 kilometers of rack for hanging goods and there are 8,000 pallet locations. 6. With this system, more than 11,000 items can be picked per hour. 7. The time between order transmittal and parcel ready for shipping is 30 minutes. 8. The facility is extended in 2019 with another 60.000 m2 and the capacity of the shuttle system has been increased with 15%. 9. Currently it is the state-of-the-art, automated ecommerce operation and the outside world sees it as an example of how ecommerce operations will look like in the future.
  33. 33. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved The director of warehousing and distribution of Wehkamp, NL wants to get more insight of the risks he may face in the next 12 months while operating his automated warehouse in Zwolle, NL
  34. 34. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Assessment - Risk register 34 Risk Identification Risk Analysis Risk Management Response Risk Tracking & Control
  35. 35. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Management Risk Assessment 35
  36. 36. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Assessment - Rate Likelihood Score Likelihood level % Probability Likelihood description 5 Very high > 80 % It is seriously expected that the risk will occur. 4 High >50% - <80% It is more likely that the risk will occur than not occur. 3 Medium >10% - <50% There is a clear possibility the risk may occur which is lower than the risk not occurring. 2 Low >1%-<10% There is a low, but non-negligible possibility that the risk may occur. 1 Very low >0% - <1% Very rare and exceptional event (event every hundred years or less frequent).
  37. 37. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Assessment - Rate Impact Score Impact level Yearly Cash impact range proxy; % EBITA 5 Very high > 20 % 4 High >10% - <20% 3 Medium >5% - <10% 2 Low >1%-<5% 1 Very low > 0%- <1%
  38. 38. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Riskstemsfromuncertaintyor lackof fullandtimelyinformation Riskmustbe evaluatedrelativeto its potentialcostexposureand thelikelihoodof occurrence RiskReward Levelof RiskLow High Low High Veryundesirable: High risk and low reward Y = max. level of risk tolerated (with levelof reward) X = min. levelof reward expected (with level of risk) efficient frontier Risk Assessment - Basic Concept of Risk Management 38 Y X Verydesirable: Low risk and high reward
  39. 39. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Assessment - Risk Scale Analysis Risk Likelihood $ Risk Consequence RiskScale= Risk Likelihood(or probability)x RiskConsequence(or impact) Expected MonetaryValue(EMV) or Nett Impact = ProbabilityX MonetaryImpact 39
  40. 40. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Assessment - Risk register 40 Risk Identification Risk Assessment Risk Management Response Risk Tracking & Control
  41. 41. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Assessment - Categories of Risk levels 41
  42. 42. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Assessment – Risk Heat Map 42 Minimize the affects of an event
  43. 43. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Management Risk Treatment 43
  44. 44. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved MITIGATE TRANSFER AVOIDACCEPT Risk Treatment - Risk response 44
  45. 45. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Avoidance • Exiting activities giving rise to risk Acceptance • Accept the chance of a risk occurring because of its low probability or benefit Transfer or Share • Taking action to reduce the likelihood or impact related to the risk Mitigate • Taking action to reduce the likelihood or impact related to the risk Redundancy • Having back-up processes or resources in case of failure Risk Treatment - Risk response 45
  46. 46. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Internal External Natural Source of disruption LowMediumHigh Magnitudeoffrequencyandimpact Absorb in normal operations or mitigate with preplanned action Mitigate with preplanned action or with a rapidly devised action based on previous experiences and flexible processes Mitigate with agile response that may require innovation and originality ImpactFrequency Reference: Richard E. Crandall, “Perceptions of Peril, Risk Treatment - Frequency and Impact 46
  47. 47. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Preventive action Riskresponsethat occurs before a harmfulrisk eventoccurs;intentis to reduce probability or severityof the risk. Contingent action Riskresponsethat occurs duringor aftera harmfulrisk event;intentis to minimizemonetary,physical,or reputationdamage. Riskevent Best-cost outcome vs. CostofMitigationCostof Occurrence × Probability Risk Treatment– Type of Action 47
  48. 48. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Treatment - Risk register 48 Risk Identification Risk Assessment Risk Treatment Risk Evaluation
  49. 49. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Management Risk Evaluation 49
  50. 50. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Evaluation - Risk Analysis Methodology Unmanaged risk level Assessment of risk arising from the nature of our activities and business environment, assuming no control measures* are in place or suddenly fail. Impact Potential consequence if the risk occurs, expressed in yearly CASH impact. LikelihoodChance of the risk to occur in the plan period, expressed in % probability. Managed risk level Assessment of risk taking into account effectiveness of current control measures. Controleffectiveness Perceived effectiveness of existing control measures, expressed in % risk level reduction. Planned risk level The Managed risk level we aim to achieve. Guides resource allocation and control improvement actions. Balanced with growth, return, stakeholder expectations, legal and regulatory requirements, our GBP and Brand reputation. * Control measures include any process, policy, device, practice, or other actions specifically taken to modify the impact or likelihood of the risk. U M P 3 scores drive the risk level: Impact, Likelihood and Control Effectiveness
  51. 51. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Evaluation - Risk Analysis Number (RAN) Risk level Very Low RAN>1 Low RAN>5 Medium RAN>15 High RAN>40 Very High RAN >75 MP ControlImprove U X Current (controlled) situation As-Is Future situation To-be Current (uncontrolled) situation As-Is Inherent Impact (I) Inherent Likelihood (L) Managed Risk level driven by RAN (IxLx(6-CE)) * 5 4 3 2 1 * The formula ensures the lower control effectiveness, the higher the risk level Very high High Medium Low Very low Effectiveness of current controls (CE)
  52. 52. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Evaluation - Managed Risk Level Inherent Impact Inherent Likelihood IxL Managed Risk level driven by RAN (IxLx(6-CE))* 5 5 25 25 50 75 100 125 5 4 20 20 40 60 80 100 4 5 20 20 40 60 80 100 4 4 16 16 32 48 64 80 5 3 15 15 30 45 60 75 3 5 15 15 30 45 60 75 4 3 12 12 24 36 48 60 3 4 12 12 24 36 48 60 5 2 10 10 20 30 40 50 2 5 10 10 20 30 40 50 3 3 9 9 18 27 36 45 4 2 8 8 16 24 32 40 2 4 8 8 16 24 32 40 3 2 6 6 12 18 24 30 2 3 6 6 12 18 24 30 5 1 5 5 10 15 20 25 1 5 5 5 10 15 20 25 4 1 4 4 8 12 16 20 2 2 4 4 8 12 16 20 1 4 4 4 8 12 16 20 3 1 3 3 6 9 12 15 1 3 3 3 6 9 12 15 2 1 2 2 4 6 8 10 1 2 2 2 4 6 8 10 1 1 1 1 2 3 4 5 5 4 3 2 1 Very high High Medium Low Very low Effectiveness of current controls Risk level Very Low RAN>1 Low RAN>5 Medium RAN>15 High RAN>40 Very High >75 This column also represents“Unmanaged” risk level as this levelassumes a CE of 1
  53. 53. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 53 Risk Evaluation - Plans and Cost Preventive action Risk response that occurs before a harmful risk event occurs; intent is to reduce probability or severity of the risk Contingent action Risk response that occurs during or after a harmful risk event; intent is to minimize monetary, physical, or reputation damage Risk event Best-Cost Outcome vs. Cost of Response Cost of Occurrence × Probability Risk Evaluation - Plans and Cost
  54. 54. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Evaluation - Risk Strategy 54
  55. 55. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Prevention Recovery Negative Consequences Event Management Disruptive Event Preventan eventoccurring Isolatethe affectsof an event Minimizethe affectsof anevent Adapted fromNigel Slack and MichaelLewis, Operations Strategy. Risk Evaluation – Controlling risk strategies 55 LessonsLearned
  56. 56. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Risk Management Maturity Levels 56
  57. 57. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Level 0: No recognition Level 1: Initial Level 2: Buffer Planning Level 3: Proactive Level 4: Optimized Level 5: Sustained 57 Level5: Sustained performance of risk management strategy and processesfor more than one year Level4: Flexible supplychain; partner risk strategy alignment; quick response and adaptability Level3: Proactive risk management; use of quantitative tools; businesscontinuity plans; use of sensorsand predictors Level0: No risk management strategy in place Level1: Ad hoc processes,but not well-definedor documented Level2: Anticipatory risk planning; build capacity and inventory redundancy; basic risk governance Risk Management – Maturity levels
  58. 58. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Flexibilityand redundancy Totalsupply chain integration Riskgovernance Data,models, andanalytics Complexity management Internal functional alignment Channelpartner alignment Enablers of Supply Chain Risk Maturity 58
  59. 59. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved BestPractices:CoordinatedRiskManagement Programcoordination with partners Emphasize cooperation among functional areas in company and with SC partner to manage risks as a whole; establish a risk management coordination committee Sourcingrisk Multiplesources,strategic supplieragreements, partnerships Crisiscommunications Creating joint contingency plans BestPractices:SupplyChainDesignedto ManageRisk SC businessrules Businessrules (e.g.,customer or supplierpriority, production routing, transportation routing, etc.) to minimize SC risk SC information Information sharing internally and with partners; robust IT SC network Designing node locations, transportation routes,etc. Risk Management – Best Practices 59
  60. 60. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Think small Follow up on small issues before they become big problems. Encourage scepticism Consider decisions from multiple angles and avoid groupthink. Learn to stop Stopping gives us a chance to assess unexpected threats and figure out what to do before things get out of hand. Imagine failure Premortem involves working backward to come up with reasonsfor the failure and ideas for what could have been done to prevent it. Risk Management – Lessons Learned
  61. 61. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved International security measures 61
  62. 62. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Credentialing of participants in the supply chain Screening and validating of the contents of cargo being shipped Advance notification of the contents to the destination country Ensuring the security of cargo while in-transit via the use of locks and tamper-proof seals Inspecting cargo on entry Supply Chain Security - typical measures 62
  63. 63. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Customs Trade Partnership against Terrorism (C-TPAT) Authorized Economic Operator (AEO) Container Security Initiative (CSI) Global Container Control Program (CCP) Global Trade Exchange (DHS data-mining) International Ship and Port Facility Security Code (ISPS Code) Private initiatives on f.e. RFID Standards for the establishment and management of supply chain security (ISO/PAS 28000) Supply Chain Security – Security Initiatives 63
  64. 64. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Business Continuity Management 64
  65. 65. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 65 Business Continuity management
  66. 66. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 66
  67. 67. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Business continuity is about having a plan to deal with difficult situations, so your organization can continue to function with as little disruption as possible. Business continuity management is a holistic management process that is used to ensure that operations continue and that products and services are delivered at predefined levels, that brands and value-creating activities are protected, and that the reputations and interests of key stakeholders are safeguarded whenever disruptive incidents occur. This is achieved by identifying potential threats, analyzing possible impacts, and taking steps to build organizational resilience. (A holistic process is one that emphasizes the importance of the whole process and the interdependence of the parts that make up that process.) ISO 22301:2012 Business Continuity Management (BCM) 67
  68. 68. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved BCM – Planning Cycle BCM Planning Cycle 68
  69. 69. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved BCM – Escalation process Phase 1 INCIDENT Phase 2 EMERGENCY Phase 3 CRISIS
  70. 70. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved BCM – Recovery process Disruptive event Back to Normal Within minutes to hours Within hours to days Within days/weeks up to one year INITIAL RESPONSE BUSINESS CONTINUITY RESPONSE BACK TO NORMAL EmergencyPlan Crisis Management Plan Product & ServiceContinuity Plan Business RecoveryPlan IT ServiceContinuityPlan Resumption plan timeline 70
  71. 71. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 71 BCM – Recovery time
  72. 72. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Lossofgoods Lossofintellectualproperty Lossesfromlawsuits Loss of Premises Loss of IT Loss off Suppliers BCM – Testing and exercising Loss off Workforce 72
  73. 73. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Business Continuity Management Workshop BCM Crises Management and Recovery 73
  74. 74. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved
  75. 75. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved RESPONSE PROTOCOL Classification Do we have an incident, emergency or a crisis? Classify the event based on the impact at People, Primary process, Finance, Environment, Assets and Reputation Facts and assumptions What do we know for sure? What do we believe has occurred (and consequently) what do we need more information / confirmation about? Scenarios What is the worst-case scenario here? What is the most likely to happen / have happened? Stakeholders Who are the stakeholders in this situation? In what order of priority should they be contacted according to the interest and influence the have? Key message What message must we convey to each stakeholder? Objective(s) What are our objectives? i.e. what indicators must we achieve to solve the problem and to return to normal business? Action plan and priorities What actions must we complete to achieve the objectives? What need to be done now and what can wait?
  76. 76. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved OBJECTIVE Resume Critical Business Processes Plans are business process / unit specific and focus on: People Processes Resources Technology What in the plans? Activation / Notification Procedures Phone trees / contact lists Business Process prioritization Mitigation / workaround strategies / recovery tasks Teams / Tasks / Procedures Vital records – Anything needed the critical business processes Business Resumption Plans
  77. 77. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved Governance & Compliance 77
  78. 78. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 78 Governance, Risk & Compliance
  79. 79. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 79 Resilience Supply Chain Framework
  80. 80. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 80 ISO 31000 Risk Management - Framework
  81. 81. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 81 ISO 22301 BCM - Framework
  82. 82. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 82 Additional ISO Supporting Standards
  83. 83. © 2018 Mutatis Mutandis, all rights reserved © 2019 Mutatis Mutandis, all rights reserved 83 You have learned about ……….. the conceptsand bestpracticesof Introduction to Risk Management Risk ManagementProcess - Identification - Assessment - Treatment - Evaluation Internationalsecurity measures BusinessContinuity Management Governance & Compliance

×