Session R16: Examining the Inherency of Business Continuity in the Organization. Edward Cahn, PhD, PMP, CBCP BAE Systems
|
|
- Willis Miles
- 5 years ago
- Views:
Transcription
1 Session R16: Examining the Inherency of Business Continuity in the Organization Edward Cahn, PhD, PMP, CBCP BAE Systems
2 Significance Introduction Problem Statement Purpose Expectations Hypothesis Methodology Agenda Organizational Structure Departmentalization Data Analysis 2
3 Crisis Management Team Training 3
4 Significance Since September 11, 2001 attacks in the United States, business continuity has taken on an ever increasing role of importance Many organizations have slowly begun to realize the vital aspects of recovering their businesses in the wake of disaster Several United States government edicts depict business continuity as having national importance Abundant evidence exists in various disaster survival statistics that firms do not invest enough time and resources into business continuity management 4
5 Introduction The lack of the implementation of a standard set of businesses continuity requirements allows organizations to create systems that are highly specific and applicable to their organizations only While this can be positive, it also promotes these organizations to do as little or as much as management allows Problems arise due to missing key elements and an understanding of the overall big picture of the organization Fragmented systems across industries are the outcome from this type of requirements-less implementation 5
6 Problem Statement The processes involved in developing and managing a business continuity system requires a vivid understanding of the organization Including its structures, dependencies, functions and stakeholders To be successful, a business continuity system requires a deep penetration into the organization down to the departmental processes themselves 6
7 Problem Statement By adhering to a rigid organizational structure, the tailoring of business continuity requirements must be done to provide the proper fit The main problem is that key requirements and organizational elements are likely to be missed By adopting a standard set of requirements, organizations can match corresponding roles to implement the proper set of constraints This will help to provide a cohesive and comprehensively resilient business continuity system 7
8 Purpose The purpose of this presentation is to explore and describe how basic business continuity requirements are already inherently present in most organizations The baseline for this presentation consists of: Research of established business continuity elements A known cross section of business types and organizational structures Pre-defined departmental functions 8
9 Expectations The economic payback of showing how business continuity is inherent in everyday organizational tasks will become evident By equating daily tasks to these requirements, employees will understand that there will not be a significant additional workload 9
10 Expectations The Business Continuity Manager (BCM) usually has expertise in another discipline besides business continuity The BCM is not expert in every other organizational function They are now the organizational expert in BCM The BCM needs to work with these other functions By showing that business continuity is already inherent in many functional tasks, the BCM can better fulfill his/her duties 10
11 Hypothesis An organization should not have to drastically alter its structure or create new entities to incorporate a business continuity system Implementation issues may arise if: An organization is not prepared Lacks an understanding of the purpose and requirements of business continuity By showing that many of the basic elements are already intrinsic, the organization will more readily grasp many of the new concepts presented When they have in fact already been a part of the system, it will also be easier to create and maintain: Implementation strategies Business continuity plans and procedures 11
12 Methodology The independent variable the changeable portion: Specific departmental functions Organizational structures The dependant variable the unchangeable constant: Accepted and published business continuity requirements British Standard :2006/ :2007 BS was found to offer the greatest uniformity and applicability BS provided the best set of constants for this study 12
13 Organizational Structure Organizational structure can be defined by the way an organization arranges its resources to best meet its goals and objectives There are an equally infinite number of organizational structures as there are organizational types Trends from the traditional organization towards new and adaptive structures have come to light in recent years Borgatti (2001) credits globalization at the forefront of these trends A diverse and flexible workforce also shapes how an organization operates 13
14 Organizational Structure Business Continuity Planning Business continuity planning Requires an organization to utilize a set of methodologies that enable it to: Analyze its threats Provide mitigations to minimize them Determine critical assets, processes and functions An organization must also see through the walls and look both externally as well as internally noting perceived and unperceived risks 14
15 Organizational Understanding Element 2 of BS (2006, p. 16) - Understanding the Organization the activities associated with understanding the organization provide information that enables prioritization of an organization s products and services, identification of critical supporting activities and the resources that are required to deliver them 15
16 Organizational Understanding In order to properly undertake these understanding activities, an organization must be intimate with its dayto-day operations, activities and outcomes in order to properly implement any type of system that effects the entire organization The organization needs to do a deep dive into itself and emerge with the awareness of its structure and critical make-up This will provide greater insight and more robust implementation strategies By breaking down the building blocks of business continuity, one can begin to understand its overall purpose in the organization 16
17 Organizational Function vs. Design Research suggests that by understanding how the organization functions (organizational theory) as an entity, one can see its inherent blueprint (organizational design) This bottoms-up approach is based on looking from the inside-out From the functional level towards the group or corporate level The inherent nature of business continuity can be better understood When looking top-down The view tends to be cluttered with the bureaucracy starting at the executive level and working its way through the entire organization 17
18 Organizational Structure Many types of structures, sub-structures, and combinations of arrangements exist in the business world today These formal compositions are based essentially on how they can best meet the organization s goals and objectives Their configuration is also defined by market, stakeholder, environmental, and geographical factors among others Six basic structures were best applicable for this study: Functional - Networked Matrixed - Borderless Projectized - Virtual 18
19 Departmentalization The process of departmentalization is defined as: The grouping of similar functions for the purpose of achieving a common product, process, or service 10 companies across 6 distinct industries were examined: High Tech & Manufacturing - Instructional Diversified foods - Life insurance Newspaper and communications - Transportation 19
20 Departmentalization This cross-sectional view provided a broad base of functions This helped to avoid any focus on a single industry which may corrupt the data Several functions were detailed as being a separate department in one company are subfunctions in other companies 20
21 Departments and Functions Twenty-one unique departments were defined: Communications Compliance Contracts Customer Service Distribution Engineering Environmental Safety & Health Facilities\Maintenance Finance Human Resources Human Resources Information Technology Legal Management & Administration Marketing Operations Procurement Quality Assurance Research & Development Sales Security Supply Chain\Logistics 21
22 Objectivity Analysis An objectivity analysis obtained the level of relevance of each department to the dependent variable This analysis examined the attributes of each department s function Analysis was scored to reflect their relationship to each of the 27 requirements of BS What level is the department responsible for meeting this requirement? How much influence in the organization does this department have in meeting the objective of this requirement? An equal analysis was performed at the organizational level Less important but supports departmental theories 22
23 Constancy and Variability Analysis A constancy and variability analysis assessed the level of rigidity and flexibility of each department to the dependent variable These scores reflected the levels of ability of the specific functional roles The department s ability to meet requirements The department s flexibility to vary its responsibility to meet requirements An equal analysis was performed at the organizational level Less important but supports departmental theories 23
24 27 Top Level BS Requirements 3.1 Planning the Business Continuity Management System Scope and objectives of the BCMS BCM policy Provision of resources Competency of BCM personnel 3.3 Embedding BCM in the organization s culture BCMS documentation and records Control of BCMS records Control of BCMS documentation Business impact analysis Risk assessment Determining choices 4.2 Determining business continuity strategy 4.3 Developing and implementing a BCM response Incident response structure Business continuity plans and incident management plans Exercising, maintaining and reviewing BCM arrangements BCM exercising Maintaining and reviewing BCM arrangements 5.1 Internal audit 5.2 Management review of the BCMS Review input Review output 6.1 Preventive and corrective actions Preventive action Corrective action 6.2 Continual improvement 24
25 Objectivity Analysis for Departments 80.00% 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00% Management & Administration Compliance Communications Quality Assurance Finance Human Resources Environmental Saftey & Health Legal Security Facilities\Maintenance Information Technology Operations Contracts Customer Service Distribution\Logistics Engineering Marketing Procurement Research & Development Sales Supply Chain Management Department 25 Total %
26 Departmental Objectivity Common Processes All functions share some common processes Data revealed that every department is involved minimally at certain levels with: Business continuity planning (paragraph 3.1) Defining scope and objectives (paragraph 3.2.1) Providing resources (paragraph 3.2.3) Assessing risk and analyzing its impact (4.1.1, 4.1.2) Determining choices and business continuity strategies (4.1.3, 4.2) Developing and implementing business continuity responses (4.3) These essential processes are required to ensure a sound foundation for business continuity in the organization 26
27 Departmental Objectivity Common Processes Each department is also involved with: Business continuity plans (paragraph 4.3.3) Providing management review inputs and outputs (5.2.2, 5.2.3) Implementing preventive and corrective actions (6.1.2, 6.1.3) Ensures that the organization will continually improve its business continuity system (paragraph 6.2) This level of basic inherency shows a logical progression toward the required basis for implementing business continuity 27
28 Departmental Objectivity Unique Tasks Every department has shared functions within the organization but are also performing unique tasks as well Communications (34.57%) based on common requirements plus its ability to communicate with the entire organization Compliance (53.09%) based on its own unique function in dealing with audits and document control This department is also aligned with Quality Assurance (34.57%) for the same reason of document and record control Every function has unique characteristics which it inherently produces its contribution to the overall organization These characteristics, processes and procedures also reveal themselves in the department s level of relevance to the business continuity requirements shown herein 28
29 Departmental Objectivity Unique Tasks Management & Administration is perhaps in the most distinctive position as having overall organizational responsibility While generally not usually a distinct department, this function is chiefly involved in almost every requirement Except control of records and inputs and outputs to management reviews The objectivity score of 73.31% shows the high level of applicability and therefore of importance of the management function to business continuity 29
30 Departmental Objectivity These top qualifiers therefore share the most influence on system implementation and retain the most responsibility Management would have the most control over the system given their level of objectivity The remaining seven departments fell within these limits with varying degrees of objectivity These results prove that that the objectivity of every department is basically inherent when implementing a business continuity system into an organization Those departments having the most influence also have the most relevance inherently contained therein 30
31 Departmental Objectivity Analysis by Business Continuity Requirements 80.00% 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00% 31 Competency of BCM personnel Corrective action Preventive action Review output Review input Maintaining and reviewing BCM arrangements BCM exercising Exercising, maintaining and reviewing BCM Business continuity and incident management plans Incident response structure Determining choices Risk assessment Business impact analysis Control of BCMS documentation Control of BCMS records BCMS documentation and records Provision of resources BCM policy Scope and objectives of the BCMS Continual improvement Preventive and corrective actions Management review of the BCMS Internal audit Developing and implementing a BCM response Determining business continuity strateg y Embedding BCM in the organization s culture Planning the Business Continuity Management System Business Continuity Requirement Percentage of Requirement Fulfilled
32 Departmental Objectivity Essential Processes Data revealed that every department is involved at a certain levels with at least 4 requirements (6.35%) Essential processes are required to present a consistent basis for the coordination of business continuity in the organization Competency of BCM personnel (3.2.4) % Corrective action (6.1.3) % Preventive action (6.1.2) % Review output (5.2.3) % Review input (5.2.2) % Maintaining and reviewing BCM arrangements (4.4.3) % BCM exercising (4.4.2) % 32
33 Objectivity Analysis for Organizations % 90.00% 80.00% Total Percentage 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00% Functional Matrix Projectized Networked Borderless Virtual Organizational Type 33
34 Organizational Objectivity Every organization is arranged to meet its own unique goals and objectives Regardless of which field of endeavor it operates in, the organizational structure is based on the basic tenets and needs of the business to meet its customer requirements It was found that the three most structured organizational types examined (Functional, Matrixed, and Projectized) all were 100% applicable to the stated requirements These three forms are also the most traditional and common types of company structures found in most industries today 34
35 Organizational Objectivity The Network organization is the next most structured form Rated 69.14% The less defined Borderless organization Scored 66.67% Both types were very similar in their analysis Both organization s scores reflect a lack of centralized management The Networked form was stronger in the aforementioned aspect then the Borderless It lacks in the areas of preventive and corrective action due to the nature of its subcontracted arrangement 35
36 Organizational Objectivity The newest and most open type of arrangement presented is the Virtual organization An objectivity rating of 43.21% This score reflects a lack of centralized management and company culture which is central to the Virtual firm s intrinsic structure The management function contains the most objectivity and is therefore the highest regarded characteristic concerning business continuity implementation The two important aspects of management and corporate culture are a necessary part of any business continuity system as it is those components that reside at its core 36
37 Thank You! Edward Cahn, PhD, PMP, CBCP (office) (mobile) BAE Systems 164 Totowa Rd Wayne, NJ
Introducing ISO 22301
Introducing ISO 22301 1 2 Background How was the ISO22301 formed? Contributors 3 Context 4 Source documents included BS25999-2 NFPA 1600 ASIS OR standard Singapore standards ISO 27031 ISO Guide 73 ISOPAS22399
More informationKey Risks and Risk Based Management Update
Key Risks and Risk Based Management Update Recommendation That the Standing Policy Committee on Finance recommend to City Council: 1. That the information be received; and 2. That the proposed Key Corporate
More informationCORROSION MANAGEMENT MATURITY MODEL
CORROSION MANAGEMENT MATURITY MODEL CMMM Model Definition AUTHOR Jeff Varney Executive Director APQC Page 1 of 35 TABLE OF CONTENTS OVERVIEW... 5 I. INTRODUCTION... 6 1.1 The Need... 6 1.2 The Corrosion
More informationCity of Saskatoon Business Continuity Internal Audit Report
www.pwc.com/ca City of Saskatoon Business Continuity Internal Audit Report June 2018 Executive Summary The City of Saskatoon s (the City ) Strategic Risk Register identifies Business Continuity as a high
More informationBusiness Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA
Business Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA Learning Bites Understand the context and relevance of BCM A Philippine & Telco Perspective Comprehend how
More informationThe Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector
The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational
More informationInsurance Analytics: Organizing Analytics capabilities to get value from Data Analytics solutions A Deloitte point of view on Data Analytics within
Insurance Analytics: Organizing Analytics capabilities to get value from Data Analytics solutions A Deloitte point of view on Data Analytics within the Dutch Insurance industry Insurance Analytics A Deloitte
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More informationGuidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note
More informationMaturity Modeling: A Strategic Roadmap to Improve Your Business Continuity Program
Maturity Modeling: A Strategic Roadmap to Improve Your Business Continuity Program Presentation to Association of Contingency Planners November Meeting Agenda Section 1 Metrics Section 2 Program Maturity
More informationAUDIT COMMITTEE HANDBOOK
AUDIT COMMITTEE HANDBOOK 2016 Ce document est également disponible en français Deposit Insurance Corporation of Ontario Page 1 Contents INTRODUCTION... 3 ORGANIZATION OF THE AUDIT COMMITTEE... 5 AUDIT
More informationCiti Institutional Clients Group - Business Continuity Management
Citi Institutional Clients Group - Business Continuity Management Enterprise Risk Management Establishing a Risk Control-based Continuity Program, CBCP, CBCP Senior Vice President, Citi Institutional Clients
More informationIntroduction to Business
ANALYSIS DESIGN IMPLEMENTATION Introduction to Business Continuity course This course is an introduction to the world of business continuity (BC). It is designed as a first step for newcomers to the subject
More informationFirm Profile TURNING RISKS INTO OPPORTUNITIES
Firm Profile TURNING RISKS INTO OPPORTUNITIES You can measure opportunity with the same yardstick that measures the risk involved. They go together. Earl Nightingale TRUSTED ADVISORS RiSK Opportunities
More informationLeading Change: Building Organisational Resilience. Jean D. Rowe, MBCI, CDCP May 1, 2017
Leading Change: Building Organisational Resilience Jean D. Rowe, MBCI, CDCP May 1, 2017 Jean.Rowe@ae.ey.com Agenda What is Organizational Resilience? Why Should You Care? Are You Prepared? What Do You
More informationUsing a Standards-Based Management-System Approach to Increasing Resilience
Using a Standards-Based Management-System Approach to Increasing Resilience The Need is Real The world is becoming turbulent faster than organizations are becoming resilient. Gary Hamel Harvard Business
More informationWHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY
WHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY It s hard to find an organization not impacted by at least one natural, man-made or cyber disruption in 2017. From earthquakes in Mexico, to
More informationSuccessful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)
1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management
More informationActive Essex Risk Management Strategy
Active Essex Risk Management Strategy 2017-2021 November 2017 Contents 1. Policy Statement 2. Statement of Commitment 3. Risk Management Framework 4. Risk Appetite 5. Risk Maturity 6. Risk Management Levels
More informationSupport Services Review Template
Update Year: 2012 Unit Name: Office of Internal Audit Today s Date: June 28, 2012 Unit Review Leader: Imad Mouchayleh Five Fundamental Questions 1. What are the primary services or outcomes provided by
More informationBUSINESS CONTINUITY MANAGEMENT
Loss Control BUSINESS CONTINUITY MANAGEMENT Preparing for the Unexpected Preparing your organization for a disaster can be an overwhelming task, but the risk of being unprepared can be even more devastating.
More informationRisk Management at Statistics Canada
Risk Management at Statistics Canada Presentation to Workshop on Risk Management Practices in Statistical Organizations J. Mayda April 25 th, 2016 Introduction Statistics Canada has had a formal Integrated
More informationGuam Power Authority Corporate Governance
Guam Power Authority Corporate Governance September 2009 Baker Tilly Virchow Krause, LLP Corporate governance Good corporate governance Long-Term Sustainability 3-2 Highly effective utilities possess governance
More informationQuality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation
Quality Management System Guidance ISO 9001:2015 Clause-by-clause Interpretation Table of Contents 1 INTRODUCTION... 4 1.1 IMPLEMENTATION & DEVELOPMENT... 5 1.2 MANAGING THE CHANGE... 5 1.3 TOP MANAGEMENT
More informationInternal Control at OSU COSO & Enterprise Risk Management. Oregon State University Board of Trustees Executive & Audit Committee Educational Session
Internal Control at OSU COSO & Enterprise Risk Management Oregon State University Board of Trustees Executive & Audit Committee Educational Session OSU Internal Control Model - COSO The COSO framework
More informationHorizontal audit of the Public Services and Procurement Canada investigation management accountability framework
Final Report Horizontal audit of the Public Services and Procurement Canada investigation October 11, 2017 Office of Audit and Evaluation Table of contents Background... 1 About the audit... 2 Audit observations...
More informationIT Audit Process Prof. Liang Yao Week Three IT Risk Assessment
Week Three IT Risk Assessment Defining Risks Inherent Risk: The risk that an activity would pose if no controls or other mitigating factors were in place (the gross risk or risk before controls) Residual
More informationBusiness Continuity: Can Orange County Stay Open for Business After a Disaster?
Business Continuity: Can Orange County Stay Open for Business After a Disaster? 1. Summary Orange County government agencies have comprehensive and tested plans for responding to emergencies and for providing
More informationTax Risk Management: From Risk to Opportunity
Tax Risk Management: From Risk to Opportunity Tax Control Framework Robbert Hoyng, Sander Kloosterhof and Alan Macpherson This chapter is based on information available up to 1 November 2009. 1. From risk
More informationCorporate Governance Principles for Unlisted Companies: the Why and How?
Corporate Governance Principles for Unlisted Companies: the Why and How? Summary In November 2010, the Institute of Directors and the European Confederation of Directors Association jointly published a
More informationA Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.
A Vision of an ISO 55000 Compliant Company by Bruce Hawkins, MRG, Inc. ISO 55000 refers to a series of three standards outlining the purpose, requirements, and implementation guidance for an Asset Management
More information18 Business Continuity Management
18 Business Continuity Management Business Continuity is the strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business
More informationOur Approach to Risk Management
62 Li & Fung Limited Annual Report 2017 Our Approach to Risk Management Our Approach to Risk Management We maintain a solid, effective system of risk management and internal controls to support us in achieving
More informationProject Management Session 6.2. Project Initiation Phase Integration Management
Project Management Session 6.2 Project Initiation Phase Integration Management 1 Project Phases & Knowledge Areas 1. Integration 2. Scope Management 3. Time Management 4. Cost Management 5. Quality Management
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationFrom its adoption as a discipline in the 1980s,
DISASTER RECOVERY From its adoption as a discipline in the 1980s, Disaster Recovery has come a long way. Since the publication of PAS 77 in 2006 (the precursor to BS25777 published in 2008), even its name
More informationINTERNAL AUDIT PLAN AND CHARTER 2018/19
INTERNAL AUDIT PLAN AND CHARTER 208/9 PURPOSE OF REPORT. To present the proposed 208/9 audit plan and charter to the Audit Committee for consideration and approval..2 The Internal Audit Plan for 208/9
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationProject Management. Business Administration 458. Enterprise IT Governance Professor Michael J. Shaw. By: Michael Pantazis
Project Management Business Administration 458 Enterprise IT Governance Professor Michael J. Shaw By: Michael Pantazis Contents Introduction...3 Project Management Definition...3 Triple Constraint Model...3
More informationCEIOPS-SEC-182/10. December CEIOPS 1 response to European Commission Green Paper on Audit Policy: Lessons from the Crisis
CEIOPS-SEC-182/10 December 2010 CEIOPS 1 response to European Commission Green Paper on Audit Policy: Lessons from the Crisis 1. CEIOPS welcomes the opportunity to comment on the Commission s Green Paper
More informationOPERATIONS INTEGRITY MANAGEMENT SYSTEM
OPERATIONS INTEGRITY MANAGEMENT SYSTEM OPERATIONS INTEGRITY MANAGEMENT SYSTEM Chairman s Message ExxonMobil remains steadfast in its commitment to achieve and maintain excellence in Safety, Health and
More informationKeys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits
Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits Betty A. Kildow, CBCP, FBCI, Emergency Management Consultant Kildow Consulting 765/483-9365; BettyKildow@comcast.net 94 nd
More information6. IT Governance 2006
6. IT Governance 2006 Introduction The Emerging Enterprise Model 3 p IT is an integral part of the business p IT governance is an integral part of corporate governance 4 Challenges for the IT IT gets more
More informationRisk Based Internal Audit Plan
Risk Based Internal Audit Plan (Developing a Risk based IA Plan and updating the Audit Universe) C.A. Milan Mody WIRC of ICAI Presentation on 18th August 2018 1 2 Table of Contents Backdrop What is Risk?
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY 1 AUTHOR/ APPROVAL DETAILS Document Author Written By: Phil Hartwell Authorised Signature Authorised By: Helen Shields Date: 06
More informationEDINBURGH NAPIER UNIVERSITY BUSINESS CONTINUITY POLICY AND FRAMEWORK
EDINBURGH NAPIER UNIVERSITY BUSINESS CONTINUITY POLICY AND FRAMEWORK Purpose This policy sets out the University s approach to maintaining and developing business continuity plans on an on-going basis
More informationPOLICY ON RISK MANAGEMENT
POLICY ON RISK MANAGEMENT This Policy was approved by the Board of Trustees on March 14, 2017. Table of Contents 1. INTRODUCTION... 1 2. OBJECTIVE... 1 3. APPLICATION... 1 4. POLICY... 1 5. ROLES AND RESPONSIBILITIES...
More informationSession 7: Corporate Governance
Session 7: Corporate Governance New York Bankers Association-Community Bank Auditors Group 2016 Internal Audit Training-June 6-8, 2016 MEMBER OF ALLINIAL GLOBAL, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
More informationCapability Maturity Model for Software (SW-CMM )
PHASE-IV: SYSTEMS IMPLEMENTATION Software Quality Assurance Application Development Installation and Support Software Quality Assurance Capability Maturity Model for Software (SW-CMM ) The Capability Maturity
More informationManaging Successful Programmes 2011 Glossary of Terms and Definitions
Version 2, November 2011 This glossary: is subject to terms and conditions agreed to by downloading the glossary, uses international English which has been adopted to reflect and facilitate the international
More informationThe Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be
Enterprise Risk Management The Current State of Risk Management Maturity for Belgian Organizations kpmg.com/be 2 Enterprise Risk Management Table of content 1. Introduction...05 2. Takeaways...07 3. Key
More informationEnsuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationLI & FUNG LIMITED ANNUAL REPORT 2016
52 Our approach to risk management We maintain a sound and effective system of risk management and internal controls to support us in achieving high standards of corporate governance. Our approach to risk
More informationFederal Policy for Emergency Management BUILDING A SAFE AND RESILIENT CANADA
Federal Policy for Emergency Management BUILDING A SAFE AND RESILIENT CANADA DECEMBER 2009 Her Majesty the Queen in Right of Canada, 2012 Cat. No.: PS4-127/2012 ISBN: 978-1-100-54206-5 Printed in Canada
More informationBusiness Continuity Maturity Model (BCMM) Overview & Standards Compliance Assessment v2.5
Business Continuity Maturity Model (BCMM) Overview & Standards Compliance Assessment v2.5 Virtual Corporation, Inc. 100 Enterprise Drive Suite 301 Rockaway, NJ 07866 973-426-1444 virtual-corp.com/business-continuity
More informationChapter 2 - Project Selection and Prioritization
Chapter 2 - Project Selection and Prioritization TRUE/FALSE 1. Strategic analysis is an important first step in setting strategic direction. ANS: T DIF: Easy REF: P. 28 OBJ: CPMT.KLOP.15.02.01 2. Strategic
More informationControl of Documented Information. Integrated Management System Guidance
Control of Documented Information Integrated Management System Guidance ISO 9001:2015, ISO 14001:2015 & OHSAS 18001:2007 Table of Contents Integrated Management System Guidance 1 INTRODUCTION... 4 1.1
More informationA Guide to Business Continuity
A Guide to Business Continuity Getting Started Business Continuity Management is a process driven from the top of the organisation. The first stage has to be an acceptance by the Board or the Executive
More informationInternational Standards for the Professional Practice of Internal Auditing (Standards)
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Attribute Standards 1000 Purpose, Authority, and Responsibility The purpose, authority, and responsibility of the
More informationEY s Africa Resilience Survey 2016
EY s Africa Resilience Survey 2016 For more information, please visit: ey.com/za Follow us on Twitter: @EY_Africa B EY s Africa Resilience Survey 2016 Foreword Welcome to EY s Africa Resilience Survey
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationFail to Prepare, Prepare to Fail. Business Continuity Management in the Food Industry
Fail to Prepare, Prepare to Fail Business Continuity Management in the Food Industry Fail to Prepare, Prepare to Fail Business Continuity Management in the Food Industry Business continuity (BC) systems
More informationISO whitepaper, January Inspiring Business Confidence.
Inspiring Business Confidence. ISO 31000 whitepaper, January 2015 Author: Graeme Parker enquiries@parkersolutionsgroup.co.uk www.parkersolutionsgroup.co.uk ISO 31000 is an International Standard for Risk
More informationBoard Charter. Values Statement for IDCARE
Board Charter New Zealand Entity Company Number 4918799 NZ Business Number 9429041070109 Australian Entity ABN 84 164 038 966 Values Statement for IDCARE In all its planning, services and behaviour, IDCARE
More informationBusiness Continuity 101. Fairchild Resiliency Systems
Business Continuity 101 Fairchild Resiliency Systems Business Continuity Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable
More informationISO Business Continuity Management. Your implementation guide
ISO 22301 Business Continuity Management Your implementation guide Build a robust and resilient organization with ISO 22301 It s never been more important to protect your business from the unexpected.
More informationBusiness Continuity Maturity Model Margaret D. Langsett Executive Vice President Virtual Corporation
Business Continuity Maturity Model Margaret D. Langsett Executive Vice President Virtual Corporation 1 Agenda History and Overview of BCMM Proprietary BCMM BCMM Assessment Training Class BCMM International
More informationJohn Liuzzi, CBCP, CBRITP National Director, Business Continuity Southern Glazer s Wine and Spirits
John Liuzzi, CBCP, CBRITP National Director, Business Continuity Southern Glazer s Wine and Spirits johnliuzzi@sgws.com Introduction So how do you gain alignment and executive support? With the ever-increasing
More informationRisk Management Update ISO Overview and Implications for Managers
Contents - ISO 31000 highlights 1 - Changes to key terms and definitions 2 - Aligning key components of the risk management framework 3 - The risk management process 4 - The principles of risk management
More informationCMMI Project Management Refresher Training
CMMI Project Management Refresher Training Classifica(on 2: Foxhole Technology Employees Only RMD 032 Project Management Refresher Training Course September 21, 2017 Version 1.0 The Process Approach The
More informationBUSINESS CONTINUITY MANAGEMENT A MANAGER S TOOLKIT A
Anytown Council BUSINESS CONTINUITY MANAGEMENT A MANAGER S TOOLKIT A guide to Business Continuity Management in Anytown Council CONTENTS Introduction - The need for Business Continuity Management (BCM)
More informationNext-generation enterprise risk management
Next-generation enterprise risk management Advancing strategy and performance in light of the COSO 2017 refresh Heading into the beginning of the year, the EY Center for Board Matters published the Top
More informationMANAGING RISK AT SUNCORP
SUNCORP GROUP LIMITED CORPORATE GOVERNANCE MANAGING RISK AT SUNCORP 1 MANAGING RISK AT SUNCORP Managing risk is a key contributor to Suncorp Group's success. The Board and management recognise that an
More informationSouth Wales Fire and Rescue Authority Report by the Auditor General for Wales. Preliminary Corporate Assessment August 2010
South Wales Fire and Rescue Authority Report by the Auditor General for Wales Preliminary Corporate Assessment August 2010 Wales Audit Office 24 Cathedral Road Cardiff CF11 9LJ Tel: 029 2032 0500 Fax:
More informationUS Business Continuity Safeguarding Your Business from a Disaster
US Business Continuity Safeguarding Your Business from a Disaster Juanita Hardin BMO Harris Bank Head TPS Risk and Compliance William Simmons BMO Harris Bank Vice President Business Continuity Management
More informationAHIMA Information Governance & The Information Governance Adoption Model (IGAM )
AHIMA Information Governance & The Information Governance Adoption Model (IGAM ) Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors 2017 2017 Introductions and Welcome! Agenda Part Part
More informationOctober WFE Response to the BoE-FCA-PRA Discussion Paper: Operational Resilience
October 2018 WFE Response to the BoE-FCA-PRA Discussion Paper: Operational Resilience Background The World Federation of Exchanges (WFE) is the global trade association for exchanges and clearing houses,
More informationJune 2011 COMMON CRITERIA EMBRACE, REFORM, EXTEND. Presented by:
June 2011 COMMON CRITERIA EMBRACE, REFORM, EXTEND Presented by: Executive Summary Common Criteria Embrace, Reform, Extend Discussion Draft 1.0 The security of information and communications technology
More informationGovernance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
More informationPRINCE Update. Changes to the manual. AXELOS.com. April 2017 PUBLIC
PRINCE2 2017 Update s to the manual AXELOS.com April 2017 2 PRINCE2 2017 Update Contents 1 Introduction 3 2 Summary of changes 4 PRINCE2 2017 Update 3 1 Introduction This document provides a list of the
More informationRISK MANAGEMENT REPORT
RISK MANAGEMENT REPORT A RCL FOODS RISK MANAGEMENT REPORT 2016 RISK MANAGEMENT REPORT FRAMEWORK Risk management is considered by the Board to be a key business discipline, designed to balance risk and
More informationExecutive Teams and the Use of ISO in Decision Making. Scott Wightman, ARM-E National Director Gallagher ERM Practice
Executive Teams and the Use of ISO 31000 in Decision Making Scott Wightman, ARM-E National Director Gallagher ERM Practice Agenda Defining ERM Mission, Objectives and Uncertainty Governance and Risk Varying
More information1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General
1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General The organization s management with executive The commitment and involvement of the responsibility shall define, document
More informationUnit 3: NIMS Preparedness
Unit 3: NIMS Preparedness This page intentionally left blank. Objectives At the end of this unit, you should be able to: Describe the importance of preparedness. Identify the NIMS mechanisms and tools
More informationOversight by Board, Risk Management & Audit Committee (RMAC) and other committees. Second line of defense
47 In the business environment that we live in, doing nothing might be the biggest risk of all. At Cim, the Board plays a crucial role in risk oversight; it is bringing more diverse viewpoints into the
More informationInternal Audit Best Practices for Community Banks. A CSH White Paper
Internal Audit Best Practices for Community Banks A CSH White Paper Internal audit is not an option; examiners expect your bank to have an effective internal audit program in place. However, in today s
More informationCitizens Property Insurance Corporation Business Continuity Framework
Citizens Property Insurance Corporation Framework Dated September 2015 Approvals: Risk Committee: September 17, 2015 (via email) Adopted by the Audit Committee: Page 1 of 12 Table of Contents 1 INTRODUCTION...
More informationInside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali
MANAGING OPERATIONAL RISK IN THE 21 ST CENTURY White Paper Series Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali 2 In today s competitive and
More informationRisk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance
Risk Advisory SERVICES A holistic approach to implementing effective governance, managing risk and maintaining compliance Contents Weaver's Risk Advisory Services 1 Enterprise Risk Management 4 Assessing
More informationThis charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.
CORPORATE AUDIT DEPARTMENT CHARTER PURPOSE This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department. The Institute of Internal Auditors
More informationB U S I N E S S R I S K M A N A G E M E N T L T D
B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop
More informationDiving into the 2013 COSO Framework. Presented by: Ronald A. Conrad
Diving into the 2013 COSO Framework Presented by: Ronald A. Conrad 2 Objectives Obtain an understanding of why the COSO Framework has been updated Understand how the framework has changed Identify the
More informationMoving to the AS9100:2016 series. Transition Guide
Moving to the AS9100:2016 series Transition Guide AS9100-series - Quality Management Systems for Aviation, Space and Defense - Transition Guide Successful aviation, space and defense businesses understand
More informationGUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))
GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for
More informationInformation governance for the real world
Information governance for the real world 1 2 Information governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing associated
More informationCourse outline Introduction to project management The project management process groups Project initiation
Course outline Introduction to project management The project management process groups Project initiation Total Quality Project Management 2 Many organizations today have a new or renewed interest in
More informationCrowe Activity Review System
Crowe Activity Review System Quality at the Source Audit Tax Advisory Risk Performance With ever-increasing expectations of review processes from various stakeholders, organizations are under pressure
More informationIT Governance and the Audit Committee Recognizing the Importance of Reliable and Timely Information
IT ADVISORY IT Governance and the Audit Committee Recognizing the Importance of Reliable and Timely Information KPMG INTERNATIONAL IT Governance and the Audit Committee: Recognizing the Importance of
More informationSelf Assessment Workbook
Self Assessment Workbook Corporate Governance Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Self Assessment Workbook: Corporate Governance Audit Committee
More informationISO Your implementation guide
ISO 55001 Your implementation guide Optimize the value from your assets with ISO 55001 Don t let the management of costly and complex assets become a burden to your organization.. ISO 55001 can help you
More information