Business Continuity vs. Operational Risk Management vs. Business Resiliency. Karen Dye Oakley, CBCP, MBCI

Transcription

1 Business Continuity vs. Operational Risk Management vs. Business Resiliency Karen Dye Oakley, CBCP, MBCI Background Most recently with Sun Microsystems, Inc. Director, Global Crisis Management Responsible for CM, BCP and ER Reported to Corporate Risk Management

2 Agenda Benefits of integration Risk definition Linking BCP to risk activities Practical application What is business resiliency? Webster ability to bounce back Applied to Business Continuity ability to recover from a disaster with minimal impact to business operations Resiliency requires investment and preparation

3 Integration Benefits Improved decision-making Use of limited budget during planning Faster response at time of disaster Prioritization of risks from global perspective Improved use of control functions Improved efficiency and efficacy Operational Risk Profile How do you define risk activities? Who is involved in risk activities? How do you integrate these activities?

4 Risk Definition ISO Guide 73 effect of uncertainty on objectives Can be: An event A change in circumstances A consequence Links risks to objectives Risk Drivers Financial Credit Interest rates Marketplace Competition Customer Demand Regulatory Reputational Product recall Public Perception Infrastructure Communications Supply Chain Natural disasters Terrorism Pandemic

5 Risk Mitigation Tolerate (accept) Treat (reduce exposure) Transfer (usually insurance) Terminate (remove the exposure) Risk Assessment What are the risks? What is the risk profile? Significance of risk Relative ranking How to treat the risks? Cost/benefit analysis Prioritization of risk treatment efforts Control mechanisms

6 To Start List functions you know are involved Interview to identify other groups and what is missing Interview newly identified groups BCP/CM Phases Normal Operations Planning Response Recovery

7 Normal Operations Prevention Building codes Physical audits Risk Transfer Property Insurance Mitigation Reduce magnitude of impact Functions Planning Phase Business Continuity Risk Management Objectives Prevention Risk Transfer Mitigation Training/Exercises

8 Functions Response Phase Security Emergency Response Facilities management Crisis Management Objectives Preservation of Life Protection of Assets Recovery Phase Objective Management of Operational Recovery Activities Coordination of available resources Escalation of needs Prioritization of business activities Emergency funding

9 Interviews with Each Function - Identify by Phase: All Activities Integration with Other Groups What information do they have that others need? What information do others have that they need? Identify gaps/what s missing Summary of Roles Phase Functions Objectives Activities Planning Business Continuity Risk Mgmt Facilities Prevention Risk Transfer Mitigation Eliminate or reduce impact Funding for mitigation Response Recovery Security Emergency Response Facilities Crisis Mgmt BCP IT Recovery Crisis Mgmt Preservation of Life Protection of assets Mgmt of Operational Recovery Mgmt. of events Coordination with public agencies Coordinate resources Prioritize activities

10 Table Sample for Emergency Response Role Phase/ Objectives Activities Integration with other Groups Gaps/What s missing Planning Develop plans Security Transition from ER to BCP Response Activate Plans Facility Manager Current call list Recovery Track status Insurance reporting to Risk Management Integration with Crisis Management Other Operational Risks Government Compliance Contract Compliance Inventory Mgmt Outsourcing Risks Product Liability Records Mgmt Environmental Regulations Privacy Breaches Export Trade law Supply Chain vulnerability Vendor Mgmt

11 Potential Challenges Multiple Executive Owners Different languages Different structures Silo d planning Lack of end to end testing Next Step Share information Identify tools Explore collaboration opportunities

12 Risk Summit Functions involved with risk mitigation, risk control and risk response Functional overviews Working session to identify opportunities Risk Summit Objectives Understand roles and risk related activities Reduce redundancy of risk efforts and improve overall efficiency Understand and leverage various processes, tools and overlaps Reduce frequency of touch points at local level

13 RS - Functional Presentations What is their definition of risk? Describe key activities and key partners. What quantification tools are used? What automated tools (incl. vendors) are used? What are objectives of tools? How is the information used? What gaps exist? RS - Working Session Obtain clarity on differentiators between functions Identify opportunities for increased collaboration and convergence Identify specific action items for future collaboration Time line/project plan to address gaps and opportunities

14 QUESTIONS?