BCM Training Part 1 - Introduction To BCM - Business Risk & Management

Business Continuity Introduction

About Andrew… Grew up in Australia Lived for past 6 yrs in Singapore 9 months in Thailand Education Bachelor of Education Grad Cert Enterprise Management Grad Diploma in Rehabilitation Masters of Business Administration (MBA) Employment Numerous, including… Hewlett Packard Regional Security/BC/Claims Mgr Genzyme – Regional Security & BC Director Consultant: BC/Security/Investigations/Risk November 20, 2011 [email_address] : 0818935329

Business Continuity Management (BCM) November 20, 2011 Events of late have demonstrated that negative consequences can befall any organisation We’re seeing a shift from “it won’t happen to me” to developing a Business Continuity approach BCM legislation makes is being implemented in some countries making BCM a legal requirement Risk Management is a key component in Business Continuity Management Threats Reputation Shareholder Value Stakeholders Satisfaction Corporate Governance Operational Resilience Risk Management Safety Net Crisis Management Disaster Recovery Business Continuity

“ Event" … in BC, it means an existing or unusual occurrence in the natural or human-made environment that may adversely affect human life, property, or activity to the extent of a disaster. November 20, 2011

November 20, 2011 Types of Events Physical Operational 3 rd Party Outsourcing e-Business Fire Flood Earthquake Tornado Hurricane Snow storm Utility failure Bombing Riot/Civil unrest Terrorism Kidnapping Theft SARS/other viruses Hazardous chemicals Contract breach Legal issues Disruption to supplier No operating capacity Loss of JIT inventory Disruption of distribution Unstable political environment Regulatory requirement issue Disruption at manufacturing Loss at CM site Theft at 3 rd party warehouse Gaps in 3 rd party risk assessment Fraud commited by 3 rd party employees Disruption of IT services/support Disruption critical databases, networks Disruption of Telecomms services Computer viruses Cyber terrorism, Hacker attacks Breach of info security, confidentiality Types of events

What’s the chance of an ‘event’ happening? If it does happen, what is the impact? © Business Risk & Management Pte Ltd

What is Risk? Exposure to a chance of loss or damage; "We risked losing a lot of money in this venture" "Why risk your life?“ Gamble: take a risk in the hope of a favourable outcome; "When you buy these stocks you are gambling“ Risk concerns the expected value of one or more results of one or more future events. Copyright © Business Risk & Management Pte Ltd

Risk quotes… Risk is part of every human endeavour. Progress always involves risks. You can’t steal second base and keep your foot on first. Frederick Wilcox A ship is safe in harbour, but that's not what ships are for. You've got to go out on a limb sometimes because that's where the fruit is. Copyright © Business Risk & Management Pte Ltd

What is Business Continuity Management ? Unplanned events can have catastrophic effects and the disruptive incidents can come from accidents, criminal activity or natural disasters. An organisation’s effort to limit the effects of a crisis by providing uninterrupted operations and services during this period. Provides a basis for planning to ensure the long-term ability to continue trading following a disruptive event Not something developed at the time of a crisis November 20, 2011

Does BCM impact on a company’s share price November 20, 2011 Initial loss of shareholder value is approx 5% for recoverers Initial loss of shareholder value is approx. 11% for non-recoverers The non-recoverers suffered a net cumulative impact of almost 15% up to one year after the catastrophe * = Sourced from an Oxford Executive Research Briefing Paper ‘The Impact of Catastrophes on Shareholder Value’ Rory F. Knight & Deborah J. Pretty 1996.

How long can a company survive without a BC Program? 80% of businesses affected by a major incident either never re-open or close within 18 months (Source, Axa) Companies that aren't able to resume operations within ten days (of a disaster hit) are not likely to survive. (Strategic Research Institute) According to Contingency Planning Research & Strategic Research Corporation: 43% of U.S. companies experiencing disasters never re-open, and 29% close within 2 years Within two years after Hurricane Andrew struck in 1992, 80 percent of the affected companies that lacked a business continuity plan failed (FEMA) According to a recent Touche Ross study, the survival rate for companies without a disaster recovery plan is less than 10%! Copyright © Business Risk & Management Pte Ltd

How long can a company survive without a BC Program? 70 percent of companies go out of business after a major data loss (Source, UK DTI) Research by IBM (Varcoe, 1993) showed that 80 per cent of organisations without relevant contingency plans who suffered a computer disaster went bankrupt In 2008, 40 per cent of organizations suffered disruption due to a loss of IT. Copyright © Business Risk & Management Pte Ltd

How long can a company survive without a BC Program? In relation to California… In fact, statistics indicate that 50% of businesses which sustain interruptions of a week or more due to problems at the primary site never recover. Recent media reports also indicate that an estimated 25% of the companies stricken by the California earthquakes were forced to close their businesses. http://www.drj.com/index.php.... Despite recognizing the threat posed by diseases such as influenza, 53 per cent of organizations still have no plans to help them cope during a pandemic. Source: The Business Continuity Management Report, 2009, Chartered Management Institute Copyright © Business Risk & Management Pte Ltd

Despite the fact that the financial cost to our companies could be significant…. Copyright © Business Risk & Management Pte Ltd “ FAILURE IS NO LONGER AN OPTION” 7% of companies with revenue over $5bn experienced a business disruption that cost the business over $5m during the last 12 months…. … at one company this cost was potentially worth up to $180m of $180bn business, each year Source – Continuity Insights/KPMG 2003 Cost to Business

BCM global standards UK : British Standards Institution (BSI), BS 25999 Thailand : 22301-2553 North America: National Fire Protection Association NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs. ISO : ISO/PAS 22399:2007 Guideline for incident preparedness and operational continuity management Australia/NZ: HB 292-2006 : A practitioners guide to business continuity management. In 2010, Standard AS/NZS 5050 was released. ASIS : ANSI/ASIS SPC.1-2009 Organizational Resilience: The ANSI/ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems—Requirements with Guidance for Use American National Standard Copyright © Business Risk & Management Pte Ltd

Why get certification? The best reason for wanting to implement international standards is to improve the efficiency and effectiveness of company’s operations. Having implemented, companies can either: No further action Complete a Self-Declaration Have the management system certified by an independent auditor Deciding to have an independent audit of the system to confirm that it conforms to BC25999 is a decision to be taken on business grounds Reasons might include… Recognition Marketing Legal requirements Copyright © Business Risk & Management Pte Ltd

BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management

More Related Content

What's hot

Similar to BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management

BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management

BCM Training Part 1 - Introduction To BCM - Business Risk & Management

Similar to BCM Training Part 1 - Introduction To BCM - Business Risk & Management

BCM Training Part 1 - Introduction To BCM - Business Risk & Management