This webinar demonstrates strategies to build effective risk mitigation and how to apply risk mitigation strategies in organizations. Mitigation is the effort to reduce loss of life and property by lessening the impact of disasters. In order for mitigation to be effective, we need to take action now—before the next disaster—to reduce human and financial consequences later by analyzing risk, reducing risk, and insuring against risk. Effective mitigation requires that we all understand local risks, address the hard choices, and invest in long-term community well-being. Main points covered: • Practical Use of ISO 31000 • How to Build Effective Risk Mitigation Strategies • Applying Risk Mitigation Strategies in Your Organization Presenter: This webinar was presented by Henry Ee. He is the Managing Director at BCP ASIA, Regional Director for Asia at BCI, and has more than 20 years of experience in Business Continuity, IT-Disaster Recovery & Crisis Management. Link of the recorded session published on YouTube: https://youtu.be/jIN0Yv4y0ZI

1. 1© Copyright 2016 Business Continuity Planning Asia Pte Ltd© Copyright 2016 Business Continuity Planning Asia Pte Ltd
5 May 2016
For ISO31000
Effective Mitigation
Strategies
Presented By: Henry Ee, FBCI CBCP

2. 2© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Henry Ee
Regional Director for Asia at BCI
Mr. Henry Ee is Regional Director for Asia at BCI and has more than 20 years of experience
in Business Continuity, IT-Disaster Recovery & Crisis Management.
(65) 63252080
henry@bcpasia.com
www.bcpasia.com
https://sg.linkedin.com/in/henryee
www.twitter.com/henryee
www.facebook.com/henry.ee2

3. 3© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Founded in Year 2000
First consulting company to achieve certification in ISO 22301
The market leader in business continuity industry in Asia
CONSULTANCY TRAINING INTERNAL AUDIT SOFTWARE

4. 4© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Founder, Managing Director & Trainer
• Certified:
 BCM Professional: FBCI (BCI)
 BCM Professional: CBCP (DRII)
 Certified Management Consultant
(PMC)
 ACTA certified Trainer by WDA
 Certified ISO 22301 Lead Auditor
(BCI/ICOR/ANSI)
 ISO22301 Lead Implementer, PECB
• 20 years of experience in Business
Continuity, IT-Disaster Recovery & Crisis
Management. He is appointed President of
BCI Asia Chapter and a Board Member of
RIMAS (Singapore)
• Undertaken over 300 BCM Projects across
APAC and has guided and trained over 5000
professionals
Henry Ee FBCI, CBCP

5. 5© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Philippines
Singapore
Singapore
Thailand
China

6. 6© Copyright 2016 Business Continuity Planning Asia Pte Ltd
ISO31000
Practical Use of

7. 7© Copyright 2016 Business Continuity Planning Asia Pte Ltd
ISO31000
Risk
Management
Emergency
Management
Business
Continuity
Management
Crisis
Management
(IT) Disaster
Recovery
ISO31000 Relating to Other Disciplines

8. 8© Copyright 2016 Business Continuity Planning Asia Pte Ltd
ISO31000 Risk Management Process

9. 9© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Know Your Risk Appetite to Establish
Context
Risk appetite can be defined as the amount and type of
risk that an organisation is willing to take in order to meet
their strategic objectives.

10. 10© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Risk Classification During Risk
Identification
When formulating risk mitigation strategies later, it is better to
evaluate the risks based on their groups to determine most
cost-effective strategies that can be applied to each group.
Policies Processes People
Infrastructure Others
When identify threats, you can group or classify each threat
under various Risk Categories depending on the impact
they cause.

11. 11© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Analyse Your Risk According to Risk
Appetite
Impact (I)
1 Negligible
2 Low
3 Moderate
4 Significant
5 Catastrophic
Probability (P)
1 Unlikely
2 Low Likelihood
3 Likely
4 High Likelihood
5 Inevitable
Risk = P X I
How do you determine that a threat is “Unlikely” to happen?
What contributes to a “Catastrophic” impact?

12. 12© Copyright 2016 Business Continuity Planning Asia Pte Ltd
1 2 3 4 5
1
2
3
4
5
Probability
Impact
R02
R31
R07
R12
R27
R05
R15
R09 R04
R10
R28
R23
R21
R11
R20
R01
R30
R06
R19
R14
ID High Risk Threats
R16
High / Mass Staff
Resignation / Turnover /
Absenteeism
R32
Over Reliance on Single
Customer
R22
Technology - Software /
System Failure
R27
Environmental Risk - Fire
/ Explosions
R05
Loss of Samples /
Records / Proposals /
Contracts / Project Data
etc.
R14
Shortage of Critical Skill
Set or Knowledge
R15
Loss of Key Appointment
Holders
R03
R25
R17
R29
R24
R32
R22
R16
Medium Low
HighMedium High
Low
Risk Matrix to Reflect Your Risk Appetite

13. 13© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Risk Mitigation
Strategies
Building Effective

14. 14© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Evaluate Key Consequences of Your Top
Risks
Loss of Premises Loss of Staff
Loss of Equipment
Disruption of
Process
Possible
Consequences
This would lead you to the planning of effective strategies to
mitigate the top risks of your organization by identifying the
various consequences.
Evaluating the top risks can also help the organization to
prepare any special respond plans required.

15. 15© Copyright 2016 Business Continuity Planning Asia Pte Ltd
One of the practical mitigation strategy is to
integrate the Implementation of
Risk Strategy with
ISO22301 – Business Continuity
Management System

16. 16© Copyright 2016 Business Continuity Planning Asia Pte Ltd
ISO22301
Societal security – Business
continuity management systems
Requirements for audit
Published by ISO on 15 May 2012
Accepted worldwide
Used for certification

17. 17© Copyright 2016 Business Continuity Planning Asia Pte Ltd
BCM Elements as Defined in ISO22301
Operational
Planning and
Control
Business Impact Analysis
and Risk Assessment
Exercising and
Testing
Establish and Implement
Business Continuity
Procedures
Business
Continuity Strategy

18. 18© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Using ISO31000 in ISO22301
Operational
Planning and
Control
Business Impact Analysis
and Risk Assessment
Exercising and
Testing
Establish and Implement
Business Continuity
Procedures
Business
Continuity Strategy
ISO31000
Risk Management
Process

19. 19© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Risk Mitigation
Strategies
Applying
In Your Organization

20. 20© Copyright 2016 Business Continuity Planning Asia Pte Ltd
What’s Your Preferred Approach?
What are the pros and cons of a top-down vs
bottom-up approach?
Find one that fit your organization culture the best.

21. 21© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Are You Already Using an ERM Software
Tool?
• To collate information quickly from different sites or locations
• To centrally track the mitigation strategies

22. 22© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Visit www.bcpasia.com

23. 23© Copyright 2016 Business Continuity Planning Asia Pte Ltd
?
QUESTIONS
THANK YOU
(65) 63252080
henry@bcpasia.com
www.bcpasia.com
https://sg.linkedin.com/in/henryee
www.twitter.com/henryee
www.facebook.com/henry.ee2

24. 24© Copyright 2016 Business Continuity Planning Asia Pte Ltd
Scan Me!
BUSINESS CONTINUITY PLANNING ASIA PTE LTD
1 Commonwealth Lane #08-27 One Commonwealth Singapore 149544
 Mainline: (65) 63252080 Help Desk: (65) 66594480
* enquiry@bcpasia.com 8 www.bcpasia.com