Operational risk & business continuity management

2,146 views

Published on

Published in: Business, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,146
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
75
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Operational risk & business continuity management

  1. 1. Leading the risk profession Operational Risk & Business Continuity Management - An Effective And Integrated Approach Chris Lintern Co-operative Financial Services
  2. 2. Introduction & Approach Chris Lintern • Background in all aspects of Business Continuity Management within Financial Services • Part of central Operational Risk Management Team Co-operative Financial Services • Includes Co-operative Bank, Co-operative Insurance, Co-operative Investments • Merged last year with Britannia Building Society • Our vision is to be the UK’s most admired financial services business Approach to this session • Active participation • All views welcome and appreciated
  3. 3. Purpose • To share thoughts on the benefits of integrating Operational Risk & Business Continuity • Consider some of the key stakeholders, and the aims, and components for Operational Risk and Business Continuity frameworks • Conclusions
  4. 4. What is Operational Risk Management? Managing the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events (Basel Committee of the Bank of International Settlements) What is Business Continuity? A holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders reputation, brand and value creating activities (BS25999 – British Standard for BCM)
  5. 5. Back to Basics Preventing nasty surprises wherever practical, and having the confidence that your organisation can respond to and mitigate them - if and when they occur Health & Safety Key Suppliers / Outsource Partners Key person dependencies System failures Property & Facilities External threats
  6. 6. Historic Positioning of Op Risk & BCM • Focus on “traditional” business continuity – denial of access to premises, or loss of systems • BCM and Operational Risk seen as separate entities BCM Operational Risk
  7. 7. Synergies between the two Stakeholders Framework Components Intended Outcome Board Policy & Procedures Understanding of appetite Executive & Senior Supporting Management documents Proactive assessment Operational Management Understanding of impact Plans & Training Other Considerations Impact on Capital Impact on Change Insurance
  8. 8. Operational Risk – Integrated Approach Operational Risk Control SelfAssessment Business Continuity Insurance Operational Risk Capital
  9. 9. Operational Risk – Integrated Approach Operational Risk Control SelfAssessment Business Continuity Proactive identification of risks • Assessment and evaluation • Scenario analysis Insurance Operational Risk Capital
  10. 10. Operational Risk – Integrated Approach Operational Risk Control SelfAssessment Business Continuity Insurance Assess controls • CSA process • Review control weaknesses • Track actions • Link control evidence to risks • Review incidents as evidence of control failures Operational Risk Capital
  11. 11. Operational Risk – Integrated Approach Operational Risk Control SelfAssessment Business Continuity Mitigation of operational risks • Crisis Management Team & Plan • Incident Management Teams • Crisis Management Centre • Work-Area Recovery • Disaster Recovery strategy Insurance Operational Risk Capital
  12. 12. Operational Risk – Integrated Approach Operational Risk Control SelfAssessment Business Continuity Insurance Risk transfer • Placement • Claims Handling • Specific perils e.g. Buildings/Contents, Business Interruption Insurance • Advice & Guidance Operational Risk Capital
  13. 13. Operational Risk – Integrated Approach Operational Risk Control SelfAssessment Business Continuity Capital against unexpected losses • Calculation • Planning Insurance Operational Risk Capital
  14. 14. Operational Risk Components Purpose Vision Strategy 3 Year Strategic Plan External Events e.g. Weather, Terrorism Operational Risk Appetite Operational Risk Capital Change agenda Core Processes Control SelfAssessment Critical Systems Colleagues Operational Risk Key Controls Top-down Operational Risk Profile End-to-end Process view Bottom-up Operational Risk Profile Scenarios Facilities Suppliers & Outsource Partners Business Continuity Resilience Work-Area Recovery Disaster Recovery Incident & Crisis Management Incident & NearMiss Reporting Operational Risk strategy and plan Reporting Insurance Programme Policies Claims
  15. 15. Operational Risk Components Purpose Vision Strategy 3 Year Strategic Plan External Events e.g. Weather, Terrorism Operational Risk Appetite Operational Risk Capital Change agenda Core Processes Control SelfAssessment Critical Systems Colleagues Operational Risk Key Controls Top-down Operational Risk Profile End-to-end Process view Bottom-up Operational Risk Profile Scenarios Facilities Suppliers & Outsource Partners Business Continuity Resilience Work-Area Recovery Disaster Recovery Incident & Crisis Management Incident & NearMiss Reporting Operational Risk strategy and plan Reporting Insurance Programme Policies Claims
  16. 16. Embedding the Culture • Business buy-in of paramount importance • Incident Management framework known and utilised – importance of exercising • Risk Division seen as involved – not sat in Ivory Towers • Part of the solution, not part of the problem - BC & Op Risk representatives heavily involved in Incident Management • Keep things simple – common language • Linked to the CFS customer promise
  17. 17. Incident Framework Crisis Management Team Escalate up Incident Management Teams Operational Risk (incl. BCM) IS Service Continuity Business units / areas BC plan owners and Plan co-ordinators Cascade down
  18. 18. Incident Management Team - Structure
  19. 19. Integrated Approach
  20. 20. Conclusions • An effective, and consistent framework • Can be used to define overall risk appetite at Board level • Practical considerations – both areas need policies & procedures • Simple for the business • Aligned to business processes • Crucial that it’s accepted from a cultural perspective within the newly merged organisation • Potential to drive efficiencies and cost-savings
  21. 21. Thank You Any Further Questions – Chris.Lintern@cfs.coop

×