Tuesday, March 22, 2016

EXPECT THE UNEXPECTED: MANAGING YOUR CONTINUITY RISK



 
            Organizations base their strategies and decisions on assumption that they will continue to operate.  It is therefore compelling to implement strategies to manage business continuity risk.

            Risk management is concerned with putting in place control and treatments that seek to prevent or mitigate continuity risk, encompassing the establishment of appropriate strategies and plans.  Business continuity management (BCM) is concerned with considering what to do when it all goes wrong, and making sure that customers and other people are not inconvenienced or put at risk when something does go wrong.

            BCM should be based on an approach that considers the entire organization, all hazard and all agencies, and should be community-focused.  All part of the organizations must be involved in BCM.  The procedure must consider the organization as part of the community it operate in.  The primary objective of BCM control, strategies and plan is:
·         To ensure uninterrupted availability and resilience of key or time sensitive resources.
·         And dependencies so that they support the organization’s critical business processes, operations and services.

            BCM also seeks to protect the interest of key stakeholder.  Decisions on how organizations respond to incidents, regardless of cause, should be driven by these basic principles:
·         Always put the health, security and safety of people first
·         Always seek to provide and manage factual, rapid and transparent communications.

            BCM should be integrated with the organization’s existing risk management framework and processes.  BCM goes well beyond implementing a simple process and writing business continuity plan and strategies.  BCM should also reflect the organization’s unique culture.  It comprises of a comprehensive set of activities that are appropriately integrated into organizational learning and improvement.
 
PRINCIPLES OF HAVING BEING EFFECTIVE WHEN IMPLEMENTING BCM
·         BCM is part of the organization’s risk management
-       Therefore
*      Must consider a wide range of strategies and operational risk that have the potential to disrupt the achievement of organizational objectives.
·         BCM is an important contributor to overall organizational resilience.
·         BCM helps organizations to continue achieving its objectives.
·         BCM drives organizational preparedness for
o   managing disruptive events
o   proactively treating risk, and
o   establishing the capability to manage potential impacts
·         BCM builds an organization’s capability
-       To prevent adverse events from occurring, and
-        To respond to, manage and recover from these event should they happen?
·         BCM seeks to
-       Understand an organization’s requirement for people, processes, information, assets and technology
that will contribute to the achievement of its objectives.
·         BCM is an iterative process that is
-       Continually monitoring, and
-       Reviewing external and internal contexts
For change and responding to change
·         BCM iterative process drives continually improvement so that it contributes to organizational preparedness and resilience.
·         BCM is focused on the understanding of uncertainty and how organizations could respond to, and manage that uncertainly
·         BCM provides
-       An analytical framework which assist decision makers in making informed choices on the management of continuity and risk events.

There are 6 overlapping clusters of activities that organizations have consider doing before, during and after a disruption or an emergency.  They overlap because one or more these activities can be activated concurrently and/ or sequentially:
1.      Risk management (prevention and risk mitigation)
2.      Response (immediate management)
3.      Recovery
4.      Restoration
5.      Resumption (normalization back to “ business as usual)
6.      Control.
 
DOCUMENT THAT SHOULD BE IN PLACE
1.      Risk management policy and plan
-       Framework
-       Process to communicate

2.      Crisis/media management plan
-       Steps to maintain reputation
-       Steps to execute the relevant communication strategies or protocol/plan

3.      Response plan
-       Steps to immediately respond to a disruptions or emergency, ensuring human safely and security and maintaining communication

4.      Contingency plan
-       Steps to activate or restore alternate processes, system and physical location or facilities where appropriate and necessary.

5.      Recovery plan
-       Steps to restore specified critical key infrastructure

6.      Restoration plan
-       Steps to provide basic “normal” business services

7.      Resumption planning
·         Steps to bring services levels operations and facilities back to business.


 
AN INTEGRATED ORGANISATION PROCESS
·         Establish the programmer or project
·         Develop organization’s BCM policy and framework
·         Risk assessment and impact analyses
·         Establish government structure for
-       Incident command
-       Management
-       Recovery
-       Support
·         Develop cost-effective intuitive strategies and plans
·         Develop and test strategies and plan
·         Review, maintaining, training and auditing of strategies and plan


 
PERFORMANCE DRIVERS FOR SUCCESFUL BCM
Structured Co-ordination
·         Ensure all planning and system are aligned to organizational objective
·         Well understood and communicated to all stakeholders
·         Roles are responsibilities clearly and documented.
Workforce capabilities
·         Develop capabilities and competencies
·         Skills training and adequate provision of technical equipment and committed resources.
Capability building
·         Built capability planning dimension into their services and operation.
Inter-operation of plans
·         Ensure coordination and operational activities.
Regular testing
·         Is essential
·         Will ensure disconnections, omissions and decencies are fixed before they have to be used

 
It is important to:
·         Test system’s and dependencies and readiness
·         Exercise and review
·         Rehearsed to respond and fully understand their roles and responsibilities
·         Update regularly and maintain strategies and plans, especially emergency contact list

Strategies and plans need to have acceptable Recovery Time Objective (RTO) and maximum acceptable outage (MAO) that are aligned with the organization’s objectives, risk management frame work.  Continuity plans are living document it should be continuously tested, refined, and trained so as to maintain.  The relevance effectiveness and impact.


                                                                                           Shared from article by Patrick Ow
                                                                                           Management and Business,
                                                                                             Accountants Today,
                                                                                             September 2006
                                                                                              

1 comment:

  1. eToro is the #1 forex trading platform for novice and professional traders.

    ReplyDelete