David Nolan, CEO Fusion Risk Management, Inc.

Size: px

Start display at page:

Download "David Nolan, CEO Fusion Risk Management, Inc."

Cornelia Strickland
5 years ago
Views:

1 David Nolan, CEO Fusion Risk Management, Inc.

2 Business Continuity Risk Management ( BCRM ) What Defining BCRM Why Justifying BCRM Who Organizing BCRM Roles How Establishing a BCRM Process When Sustaining BCRM

3 BCRM is a Science Science (from Latin scientia, meaning "knowledge" [1] ) is a systematic enterprise that builds and organizes knowledge in the form of testable explanations and predictions Data Organization Process Logic Measurement Procedures and Recipes

variables that make it impossible to predict precisely what may happen.

4 BCRM is an Art The arts are a vast subdivision of culture, composed of many endeavors Artistic elements come into play when dealing with variables that make it impossible to predict precisely what may happen. Observation Assessment Interpretation Communication Orchestration Improvisation

5 BCRM defined the business process that prepares us to keep our products and services, and therefore our revenue flowing under extreme adverse circumstances. A typical business continuity program should consider, at a minimum, four primary disruption scenarios including: Disruption of IT Services any disruption affecting access to IT Services. Too often referred to as IT Disaster Recovery. Workplace Disruption any disruption of a business entity (offices, call centers, trading rooms, manufacturing plants, labs, warehouses etc.). Workforce Disruption any disruption involving personnel such that sufficient, trained and skilled personnel are not available. Possible causes may include labor actions, pandemic, and regional disasters where the community or public infrastructure is severely impacted causing severe absenteeism. Supply Disruption any external supplier, service provider, utility or logistics disruption that stops or slows the movement of critical products and/or services.

BCRM Program Scope Cause Workplace Disruption

Financial Impact BCRM Programs must focus on

entities interact and be flexible enough to

Impacts must paint the picture showing first

6 BCRM Program Scope Cause Workplace Disruption Workforce Disruption Supply Disruption IT Disruption Effect Operational Impact Reputational Impact Compliance Impact Financial Impact BCRM Programs must focus on Risk Intersections where processes and entities interact and be flexible enough to adapt to the nature of the incident. Impacts must paint the picture showing first and foremost how a company works, how it breaks and how it can be put back together.

7 BCRM Requires Balance of Fiscal & Fiduciary Drivers Fiscal Tactical Execution Quarterly Results Productivity Cost Control Efficiency Revenue & Profit Fiduciary Strategic Value Creation Value Protection Trust Prudence Brand & Equity Value The immediacy of fiscal pressures often trumps the best fiduciary intentions. Until a balance is established, BCRM will lack direction and underperform.

Business Drivers are Evolving Traditional Drivers Loss

Compliance Customer Acquisition Customer Retention

Protection Emerging drivers move BCRM into the critical path

8 Business Drivers are Evolving Traditional Drivers Loss avoidance Regulatory Compliance Emerging Drivers Contract Compliance Customer Acquisition Customer Retention Insurability Access to Capital Markets Equity & Brand Protection Emerging drivers move BCRM into the critical path of fiscal objectives providing savvy firms a window of opportunity to finally do this right!

Priorities Must Shift with Evolving Drivers From:

Impact to Operations To: Impact to Operations

All real business impact flows from disruption to

9 Priorities Must Shift with Evolving Drivers From: Compliance Financial Loss Avoidance Brand/Reputation Impact to Operations To: Impact to Operations Brand/Reputation Financial Loss Avoidance Compliance All real business impact flows from disruption to operations. Failure to prioritize operational impact leads to waste and risk.

10 Attributes of Underperformers

Manager Process Disruption Surviving Operations Operational Alternatives Mobilization

11 Who Cares About What? Risk Manager Location Manager Property Loss Injuries Liability Claims Financial impact BC Manager Process Disruption Surviving Operations Operational Alternatives Mobilization Logistics Operational Impact Evacuation First Responders Triage Loss Control Salvage & Restore Until your teams are aligned, you will spend more and get less for your investment.

12 How Will They Work Together? A successful BCRM program depends on: Clearly defined roles, Policy and process for communication, Accountability Business Stakeholders Outage Tolerance Loss Tolerance Strategies Alternatives Direction & Approach Decision Making Risk Manager BC Manager Location Mgr.

13 6 Steps to Success Define Charter & Policy Risk & Impact Assessment Risk Disposition & Strategy Development Implementation & Planning Exercise & Evaluation Governance, Management & Continuous Improvement.

14 Charter & Policy Purpose Scope Objectives Risk Tolerance Accountability Sustainability Charter and Policy set the tone for everything that follows.

15 Risk & Impact Assessment Top down Risk Intersections Fact based, Negotiated and resolved Factor Risk and Investment Appetite Measured Minimal: an impact contained at departmental levels Material: an impact visible at corporate levels, but manageable locally Significant: an impact that would require corporate intervention & resources Catastrophic: an impact that would be visible in the public domain and would require corporate intervention and resources, and may threaten the stability of the firm. Continuity Risks are characterized by extraordinary potential impacts with relatively low probabilities leaving too many organizations unwittingly accepting outsize risk.

Consider mitigating some of several, rather than all of one risk Build strategies to evolve over time

16 Risk Disposition & Strategy Development Low cost, high impact measures first, Catastrophic next Work from top to bottom, not in order of discovery! Consider mitigating some of several, rather than all of one risk Build strategies to evolve over time Manage residual risk, not just capabilities Align strategies with business plans Vulnerabilities and threats are endless. The funds to address them are not!

you have a plan to leverage them Engage stakeholders for what they know Don t try to make business leaders into BC Planners Planning is

17 Implementation & Planning Focus on information versus documents Plan an approach based on: What you need to know Organizing what you do know Documenting/prioritizing the gap Build a plan to discover, learn and/or create what you don t know Resist big capital items until you have a plan to leverage them Engage stakeholders for what they know Don t try to make business leaders into BC Planners Planning is all about having the information we need to make good decisions fast, communicate effectively and leverage the benefit of forethought.

Exercise & Evaluation Build an exercise plan Be realistic Engage executives as a team building event Focus on training participants over testing the plan Apply scenarios and variables to challenge

18 Exercise & Evaluation Build an exercise plan Be realistic Engage executives as a team building event Focus on training participants over testing the plan Apply scenarios and variables to challenge participants Be prepared to inject variables to key people engaged Catalog key learning and apply to improve plans A good exercise presents a compelling opportunity to see how people work under pressure along with pointing out areas needing improvement.

annual BIAs Governance is central to compliance Contractual Regulatory Standards An organization is

19 Governance, Management & Improvement Focus on data management Information currency & accuracy is critical Understand data half life Align improvement with exercise program Proactive data management replaces annual BIAs Governance is central to compliance Contractual Regulatory Standards An organization is either committed to quality, customer service and shareholder value or it is not. BCRM is a process, not a project.

20 Successful Programs Emphasize: Data over documents Process over projects Flexibility over rigidity Distributed versus centralized Simple over complex Communication & Collaboration Managing to Capability and Residual Risk

21 Final thoughts Establish scope and risk tolerance Make sure the program is aligned with business values Align program with revenue, profit, customers & brand. Focus on knowing, not just plans and procedures. Build a repeatable process for sustainability Justify automation based on quality, efficiency, productivity and speed. Position BCRM in the context of risk management some risks will be accepted in favor of more compelling uses for limited funds and resources.

Executive Guide To Business Continuity Management Business Continuity ( BC ) programs are becoming increasingly important

catastrophes. Business continuity strikes at the heart of the fiscal and fiduciary responsibilities of the executive team.

simultaneously minimizing the probability, impact and duration of a disruption.

22 Executive Guide To Business Continuity Management Business Continuity ( BC ) programs are becoming increasingly important as every organization seeks to manage risk that could result from natural, man made, geo political, and public health catastrophes. Business continuity strikes at the heart of the fiscal and fiduciary responsibilities of the executive team. Strong arguments can be made that a solid BC management program can more than pay for itself in fiscal benefits while simultaneously minimizing the probability, impact and duration of a disruption. This white paper provides the guidance that every C Level executive should have to ensure that their BC Programs are aligned with their business needs and objectives.

23 Questions? David Nolan, CEO Fusion Risk Management, More Information? WHILE YOU ARE AT OUR LINKEDIN COMPANY PAGE, JOIN OUR INVITATION ONLY GROUP BCM INNOVATORS