Presentation on Crisis Management and Business Continuity. ISCA Breakfast Talk 13 September See Hong Pek, Partner, PwC

Similar documents
Introducing ISO 22301

Business Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association

US Business Continuity Safeguarding Your Business from a Disaster

Business Continuity Planning and Disaster Recovery Planning

Essential Concepts. For Effective. Business Continuity Planning

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Fordham University BCP / DRP Lunch. Lunch

BUSINESS CONTINUITY PLANNING WORKPROGRAM

Good Practice Guidelines 2013 Global Edition Edited Highlights

WIC 104 RISK MANAGEMENT AND BUSINESS CONTINUITY PLANNING FOR LOCAL WIC AGENCIES. Peg Jackson, DPA, CPCU National WIC Association

2016 Business Continuity / Disaster Recovery Internal Audit Report

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

Building and Maintaining a Business Continuity Program

Global Crises: What We Really Need to Do to Be Prepared. Day One / Session C5

Relax and eat your breakfast. Thanks for coming to listen to me today, before we are done you will wish it was Friday.

Yale University Business Continuity Planning Quick Start Guide

GOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.

Tactical Implementation of Enterprise Risk Management

Presents. Director of Communications for GHR Foundation

BUSINESS CONTINUITY MANAGEMENT POLICY

From its adoption as a discipline in the 1980s,

Evaluating Your Business Continuity Plan: Beyond Checklists and Walkthroughs. Troy Harris, Director McGladrey LLP. All Rights Reserved.

The Six Stages of a Crisis. Stage Five: Resolution

ISO Business Continuity Management. Your implementation guide

Business Continuity & Disaster Recovery

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

Starting a Vendor Assessment Program

An introduction to business continuity planning

Security Operations Manual

ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE

Navigating the Intersection of Vendor Management and Business Continuity

Concept of Operations. Disaster Cycle Services Program Essentials DCS WC OPS PE

INSIDE. 2 Introduction 12 Conclusion 4 6. How Prepared Are Corporate Law Departments?

PUBLIC SAFETY California State University Los Angeles

ENTERPRISE CONTINUITY PLANNING PRINCIPLE OF DISASTER RECOVERY AND ENTERPRISE CONTINUITY. Presented by: John O. Adeika

Carahsoft End-User Computing Solutions Services

12.0 Business Continuity Management

Solution Track 5. Managing Vendor Risk and Contingency Plans. March 26, Strategic BCP, Inc. All rights reserved. strategicbcp.

University of Houston Business Continuity Planning Office of Emergency Management

How Does Business Continuity Differ from Emergency Preparedness?

BUSINESS CONTINUITY AS A SERVICE

Module 2 Study Guide. ITIL Managing Across the Lifecycle

Adaptive Business Continuity Manifesto

SESSION 405 Tuesday, November 3, 10:00am - 11:00am Track: Industry Insights

ISO/TS 22317: How to Use ISO s Newest BC Standard to Develop Real BC Requirements

AUDIT UNDP ENTERPRISE RISK MANAGEMENT SYSTEM. Report No Issue Date: 4 April 2014

Compliance Program Effectiveness Guide

Role of Internal Audit in Transformational Change

Effective Business Continuity Management Guidelines for Mobile Network Operators

Business Resilience: Proactive measures for forward-looking enterprises

RC & CRISIS MANAGEMENT. risk compliance RISK & COMPLIANCE MAGAZINE. risk & compliance REPRINTED FROM: JUL-SEP 2015 ISSUE

A guide to assessing your risk data aggregation strategies. How effectively are you complying with BCBS 239?

When Recognition Matters TRAINING AND CERTIFICATION CATALOGUE

DECISION 10/2014/GB OF THE GOVERNING BOARD OF THE EUROPEAN POLICE COLLEGE ADOPTING THE EUROPEAN POLICE COLLEGE S INTERNAL CONTROL STANDARDS AND

GOOD PRACTICE GUIDELINES 2010

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

Solutions Agenda

Business Resilience They Cannot Do This Without You!

Coastal Equities, Inc.

Extended Enterprise Risk Management

Corporate policy. Business Continuity Management Policy. Issue sheet

Emergency Management, Business Continuity, & Crisis Management Self-Assessment Checklist

Emergency Support Function (ESF) #18: PERSONNEL (Volunteer) MANAGEMENT

Draft Internal Audit Plan for Institute of Technology Blanchardstown 2017

Avoiding security risks with regular patching and support services

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Book A : REFERENCE DOCUMENTS

BP3: Decomposing the Crisis/ Incident Management Timeline

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

B U S I N E S S S Y S T E M S AN AL Y S T Schematic Code (

Improving the RFP and Contracts Process With COBIT 5

ITIL CSI Intermediate. How to pass the exam

Business Resilience: Equipping the FM for Success

Business Continuity Institute Responding To The Resilience Challenge

Incident Management Systems:

Business Continuity Management Policy and Procedure

Defending the Fortress Women in FM 15 th July Samantha Bowman Senior Facilities Manager

BUSINESS CONTINUITY MANAGEMENT POLICY

Governance, Risk Management

Leading financial institutions are transforming the way they manage IT risk

Nursing Student Orientation. Code of Conduct and Preventing Workplace Violence

IMPLEMENT A PIPELINE SMS

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Public Information Manager

Ministerial Review - Better Responses to Natural Disasters and Other Emergencies in New Zealand. Submission by the Engineering Leadership Forum

An Overview of the AWS Cloud Adoption Framework

INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

DeVry Approach to ERM

Competency Area: Business Continuity and Information Assurance

Enterprise SM VOLUME 2, SECTION 2.1.8: PROGRAM MANAGEMENT PLAN

Internal audit operating at the strategic level

Risk Advisory Services Developing your organisation s governance for competitive advantage

Brand, Reputation and Culture Risk. January 15, 2018

WHITE PAPER THE 6 DIMENSIONS (& OBSTACLES) OF RISK MANAGEMENT

Stress-Testing Frameworks and Techniques in the Banking Industry Donovan Hutchinson

Transcription:

Presentation on Crisis Management and Business Continuity ISCA Breakfast Talk 13 September 2017 See Hong Pek, Partner,

.

Some definitions.. Business Continuity is the: Capacity of the organization to continue delivery of products or services at acceptable predefined levels following disruptive incident. (ISO 22301) Business Continuity Management is a: Holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (ISO 22301)

Some definitions.. Business Continuity Programme is an: Ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management (ISO 22301)

Bottom line.. Either the Situation Controls you or YOU control the situation.

Overview of disaster recovery timeline INCIDENT DECLARE DISATER ESCALATION PEACE TIME EMERGENCY RECOVERY RESUMPTION NORMAL BAU Incident BAU Mgt - Investigation - Containment - Incident reporting Crisis Management What, when, why, who & How Business Recovery Follow predetermined recovery strategy / procedures BAU Incident Management & Escalation Plans Crisis Management Plans (including Communications Plan Recovery Plans including IT DRP (By function or departments)

Objectives of Crisis Management End the crisis quickly Limit the damage Restore credibility Ensure quick return to normalcy Crisis Communications -Objectives To provide accurate and timely information to all targeted internal and external audiences To maintain a positive image of the organisation as a good corporate or community citizen To show that the organisation takes its responsibilities seriously To demonstrate concern for people

Key Principles of Crisis Communications Containment Openness Responsibility Compassion (or Empathy) Action Getting the message right Work on two or three key messages Focus on the key messages ALL the time Convey your key messages through your actions (or inaction), your words and your body language Think of your position and instructional messages

Organisation s resilience and readiness life cycle Review compliance to organisations BCM policy [IA] Review compliance to regulations [IA] ERM Assist in risk analysis (e.g. risk at outsourced vendor) Plan maintenance Lead in remediation of gaps in own business unit Review design and operating effectiveness of remediation [IA] Remediate weaknesses/gaps Periodic staff awareness training Threat Analysis, BIA, determine recovery strategy Establish ops guidelines / procedures for use during crisis Review plans against organisation / regulatory / best practice standards [IA] Develop Business Continuity Plans Regular exercise of teams/plans Active participation

What functions should be included in the BCP? High Medium High High Medium Low Medium High Probability Low Low Low Medium Very Low Low Low Low Low Med High Impact

Typical roles of Finance/IA during crisis recovery? Lead in recovery of own department s critical functions Supervisory role over management of funds Lead in liaison with finance-related regulators Act in secondary role in implementing organisations' policy and controls (e.g. line 2 role) Monitor effectiveness of organisation s controls (now operating in a crisis mode) and provide real-time recommendations to remediate deficiency [IA] May be deployed into other parts of the organisation to augment staff resources

Challenges for organisations to be DR-ready Inadequate experience in business continuity planning, crisis management Incomplete knowledge of business operations, especially interdependencies between functions SOP out of date (e.g. no inventory of reports/data from system) Lack of discipline in updating plans (e.g. vendor contacts) Wrong assumptions Incomplete recovery procedures Inappropriate strategy BCPs not useful

In conclusion. The Chinese use two brush strokes to write the word 'crisis.' One brush stroke stands for danger; the other for opportunity. In a crisis, be aware of the danger - but recognize the opportunity. 危机 John F. Kennedy, Speech in Indianapolis, April 12, 1959 35th president of US 1961-1963 (1917-1963)

Thank you

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback