18. Enterprise Risk Management an introduction (Part 2) John Glenn, MBCI Enterprise Risk Management practitioner Hollywood/Fort Lauderdale Florida 1-954-961-1674 – [email_address] http://JohnGlennMBCI.com Copyright 2010, John Glenn MBCI
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
Editor's Notes
Explain ERM is the evolution of D/R to protect the profit centers and all profit center resources, including internal and external vendors (internal=Accounting, Facilities, HR, IT, Purchasing, Shipping, etc.; external=all vendors [product, raw materials, money], customers, transportation, etc.)
Explain ROI
CIOs and VPs of MIS or IT often are tasked with Enterprise Risk Management sponsorship because they have Disaster Recovery experience and because other managers fail to understand what Enterprise Risk Management is about more than IT
Define processes – the need for granularity; ERM is done at ground level to follow a process from origination to completion (e.g., sale to money-in-bank). Practitioners need to “follow the trail” – e.g., if there is an IT dependency, what applications and what do the applications require (other apps, hardware, connectivity, etc.)
The seriousness behind the joke - If anything can go wrong, it will; risks will be missed, people will panic
Discussion. This diagram has a lot on it but it is not “all-inclusive.” What can be added?
Get input from class – what are some of the “Ubiquitous others” “ Ubiquitous others” are things that normally are not identified (but one of the reasons plans are NOT created in a vacuum – the more people involved, generally the better.
Get input from class – what are some of the “Ubiquitous others”
Get input from class – what are some of the “Ubiquitous others”; why “neighbors”?
What type insurance coverage might be considered? (Business interruption – with paperwork) Explain “absorption” – technology not worth replacing
Why groups (dynamics), aman·u·en·sis Have someone look up “amanuensis”
Explain why “second” prioritization (mgt’s biz plan); Smart SMEs don’t ask for the Sun when the Moon will do If implementation is >6 months away, exclude it from recovery planning; too many things can happen to cancel the implementation.
End of first day
Explain some of the consequences of failing any of the three Costs, competition, loss of personnel
See http://johnglennmbci.com/MiniOne.html and http://johnglennmbci.com/PlnVPln.html
Ask for other examples – troops called to active duty, traffic congestion
Why non-SMEs? Documentation must be complete and clear so that a person can be brought in, read the procedure(s) and accomplish the task. RECOVERY IS NOT NECESSARILY THE SAME AS “BUSINESS AS USUAL.”
Tests are pass/fail; they intimidate and are counterproductive; how often to exercise plans – unit, enterprise
Risk of multi-tasking (simultaneous jobs); boss may report to one of own reports; how to find out who is suitable
Press – honesty is critical; Relo – immediate, shot, long term, employee proximity
One reason why plaanning must be enterprise – lawyers are involved in evac and in-place sheltering and in other areas
Minimum once-a-year
#1 priority is to protect the #1 resource: personnel