Crisis Management and Operational Risk Management. Christoph Stute Guatemala March 2012
|
|
- Bertram Hudson
- 8 years ago
- Views:
Transcription
1 Crisis Management and Operational Risk Management Christoph Stute Guatemala March 2012
2 Crisis Management Christoph Stute Guatemala March 2012
3 Definition - Bundesbank s methodology of ORM, crisis management and BCM ERM/Operational Risk Management ERM is the overall process for early identification, handling and monitoring of risks ERM includes business risks and OR ERM gives an overview on all risks and helps to decide which risks are acceptable and which not (risk tolerance /risk appetite) ERM/ORM has preventive character Focus: risks emerging from conducting the business Business Continuity Management Crisis Management CM is the ability of an organisation to respond to any crisis situation in a predefined way CM includes a tool box with organisational and technical utilities to support management (BCP is one of the tools ) CM has mainly reactive character BCM identifies potential threats to an organisation and the impacts to its most critical functions BCM includes BCP that put an organisation in a position to manage permanent continuity or adequate recovery of critical functions in the event of crisis situations in a predefined way. BCM has mainly reactive character; Focus: risks that endanger the object of a company crisis management 3
4 Differentiation crisis management risk management Risk management supervision and prevention at day-to-day business Crisis and business continuity management managing of crises and keep continue of the operational business in exceptional circumstances quick decisions and reaction under pressure crisis management 4
5 Crisis definition at Bundesbank The term crisis is understood to mean any unusual incident which has a significant (potential or acute) negative impact on the health and safety of the Bundesbank staff and its guests, the execution of Bundesbank s tasks, its material assets, its integrity and/or reputation Every crisis is unique, its cause and course are unpredictable and consequently specific plans cannot be made individual flexible rapid response required crisis management 5
6 (Potential) causes for a crisis long term breakdown of information technology long term electrical power outage fire epidemic (e.g. avian flu, swine flu, seasonal flu) natural disaster (e.g. flooding, ) armed robbery (with hostage-taking and / or damage to persons) media crisis terrorist attack crisis management 6
7 CM folder crisis management 7
8 The Bundesbank s CM concept CRISIS PREVENTION CRISIS MANAGEMENT CRISIS REVIEW Early recognition of crises Incident register Situation report Basis for rapid and systematic response Contingency planning BCP Trained staff Safeguarding the Bundesbank s decision-making function through a central crisis management team at top management level Overcoming the crisis incident through (immediate) operational measures by the contingency team, BCP team, police... Gathering experience from the crisis and making use of it through systematic documentation of the crisis management crisis follow-up and review of the existing plans (as required) crisis management 8
9 Roles and responsibilities Declaration of crisis Executive Board or (if not capable of acting) Ex. Board member for controlling & organis. Suspension of crisis Board Head of CMT Board member for controlling & organis. CMT senior manager (Core team: controlling & organisation, IT, administration, communication, head of CM secretariat) crisis management 9
10 Extended CMT Core crisis managementteam Head of the CMT (President (Executive or Executive Board Board member memeber for controlling) for controlling) (as required) CMT coordinator Head of Controlling Head of IT Head of Administration and Premises Head of CrisisCommuncation Communication Head of Crisis Management Secretariat Head of Personnel Head of Legal Department Heads of Cash, Markets, Payment Systems Operational technical level Decides on all measures necessary to overcome crises Decision-making preparation at operational-technical level At least 5 substitutes per function crisis management 10
11 Support teams Crisis management secretariat assists the CMT (file managers, telecommunications services, minute keepers, secretarial staff) Contingency/BCP teams implements the CMT s and the BCP s resolutions as well as emergency measures (Vb, IT, H, C, M, Z) Urgent measures Crisis communication team (Communication Department) operational implementation of crisis communication Local contacts implements the CMT s resolutions as well as emergency measures throughout Germany crisis management 11
12 Crisis management in praxis Crisis management concept Detailed concepts a. Organisational structure b. procedures c. Location planning d. Telecommunication e. Crisis communication CM folder - Guidance for CM (every CMT member) Contact data Diagrams & location plans Checklists and templates f. documentation g. training h. CM regional head offices i. CM branches crisis management 12
13 Procedures in case of a crisis Identification of an incident (staff, sensor, security team etc.) Information of the security team Information head crisis secretariat Information head CMT alerting urgent / emergency measures Information of the business areas police (BCP-Teams, Administration, Fire brigade IT) ambulance Alerting CMT and secretariat crisis management 13
14 Tasks of the crisis secretariat Tasks of the secretariat Collect information of media, phone calls, , fax etc. Asses these information about priority, responsibility Compile a current situation report for the CMT Write minutes of the CMT meetings Provide CMT with information for decision making, food and drinking etc. crisis management 14
15 Tasks of the CMT working phase of the CMT explore proposals ensure the decisions are done CMT meetings Presentation Decision making on the proposals by the head of the CMT crisis management 15
16 Procedure D e r K ris e n s ta b s p ro z e s s E n ts c h e id u n g s e b e n e (b e i S ta b s b e s p re c h u n g ) o p e r a tio n a l- fa c h lic h e E b e n e K o m m u n ik a t io n s - s t e u e r u n g Working S ta b s a phase rb e it S ta b s b e - meetings s p re c h u n g Working S ta b s aphase rb e it S ta b s b e - meetings s p re c h u n g K r is e n s ta b s s e k re t a r ia t L a g e b ild e rs te llu n g u n d - fo r tf ü h r u n g, ( S e k r e ta r ia ts - ) A u fg a b e n, D o k u m e n t a tio n, S t e u e r u n g M e ld e w e s e n, P r o to k o llf ü h r u n g, S ic h e r s te llu n g K o m m u n ik a tio n c a M in. c a M in. c a M in. c a M in. t E r s tm a lig : E ra r b e itu n g L a g e b ild g g f. V e ra n la s s u n g S o f o rtm a ß n a h m e n E ra r b e itu n g M a ß - n a h m e n v o r s c h lä g e, K o m m u n ik a tio n s - v o rs c h lä g e E r w e ite r u n g K S / N o tfa llte a m s? Ü b e rp rü fu n g d. d u rc h g e fü h rte n M a ß n a h m e n E r s tm a lig : P r ä s e n ta tio n L a g e b ild P r ä s e n ta tio n B e s c h lu s s v o rs c h lä g e u n d K o m m u n ik a tio n s - e n tw ü rf e (u n d g g f. E rw e ite ru n g K S ) E n ts c h e id u n g d e r o.g. P u n k te d u r c h E n ts c h e id u n g s e b e n e V e r e in b a r u n g w e ite r e s V o rg e h e n, n ä c h s te r T e rm in S - B e s p r e c h u n g V e r a n la s s u n g / U m s e t- z u n g d e r E n ts c h lü s s e a u s d e r S ta b s b e - s p re c h u n g E r a rb e itu n g L a g e b ild E r a rb e itu n g M a ß - n a h m e n v o rs c h lä g e, K o m m u n ik a tio n s - v o r s c h lä g e Ü b e r p rü fu n g d. d u rc h g e fü h rte n M a ß n a h m e n E r s te llu n g / G e n e h m i- g u n g / V e r s a n d P ro to - k o ll S ta b s b e s p re c h u n g P rä s e n ta tio n L a g e b ild P rä s e n ta tio n B e s c h lu s s v o r s c h lä g e u n d K o m m u n ik a tio n s - e n tw ü rfe E n ts c h e id u n g d e r o.g. P u n k te d u rc h E n ts c h e id u n g s e b e n e V e re in b a ru n g w e ite re s V o rg e h e n, n ä c h s te r T e r m in S -B e s p re c h u n g crisis management 16
17 Basis conditions for CMT One decision maker head of CMT Five representatives for every CMT role Alerting system Arranged rooms for working and meetings Crisis hotlines Functional addresses crisis management 17
18 Locations of the CMT Head office Primary premise of the head office main building or Situation room under the guest house Regional head office Frankfurt Second site, if the head office is not available anymore or endangered HV Mainz bzw. situativ HV Berlin Third and fourth site, if the region of Frankfurt is not available anymore or endangered crisis management 18
19 Locations of the CMT II In all locations there are prepared a Meeting room Working room Secretary room If needed more rooms The rooms are used in daily business so computers and equipment are up to date All locations are provided with the same means (posters, forms, USB- Sticks, handys etc.) crisis management 19
20 Alerting system Definition of Who alarms Who is to alarm What is to tell / ask during the alarming call Firstly the secretary is alarmed, secondly the CMT If the first representative of a CMT function is not available or cannot reach the CM rooms within one hour, the next representative of the 5 substitutes of the function is called Representatives of a function that are currently not in the CMT can replaces their colleagues if the crisis lasts longer than 6 or 8 hours crisis management 20
21 Crisis communication I Bundesbank communicates with the media, staff and their related parties in a crisis The aims of crisis communication are Satisfaction of general public s right to information Strengthening credibility, confidence and acceptance Preventing damaging rumours and speculation Crisis communication concept by the PR department crisis management 21
22 Crisis communication II Crisis communication should be proactive to positively influence public opinion and to avoid being forced on to the defensive. speak with one voice avoid dissents Head of CMT is responsible for crisis communication but one representative of communication department in CMT crisis management 22
23 Exercises / Incidents in the past I Sept 07 Exercise bomb explosion in Bundesbank buildings Nov 07 Exercise LÜKEX worldwide Influenza pandemic Oct 08 Incident financial crisis Oct 08 Incident coin contamination (ill staff) Mar 09 Exercise alert exercise May 09 Exercise Mainz coffee contamination (dead of staff) Aug 09 Incident Pandemic Oct 09 Exercise Hannover hostage taking in a branch Jan 10 Exercise LÜKEX worldwide threat by islamic terrorism May 10 Exercise München mass demonstration with conflicts May 10 Incident short power outage in branch crisis management 23
24 Exercises / Incidents in the past II Sept 10 Incident one day IT break down Oct 10 Exercise Düsseldorf - flood water and accident of a BBK cash transport March 11 Incident earthquake in Japan representation closed April 11 Exercise Berlin offices for other Ministry, leak of personal data Sept 11 Exercise Frankfurt - air condition system fell on building Aug 11 Incident Hurricane warning NY Sept 11 Incident DDOS Attack on Bundesbank-website crisis management 24
25 Reasons for regular exercises Apply the existing CM structures and procedures Train CM team work by using the available means Train the alert system Check the Crisis Communications Sensitise the CM team members Realize weaknesses of the CM concept crisis management 25
26 Operational Risk Management Christoph Stute Guatemala March
27 Definition - Bundesbank s methodology of ORM, crisis management and BCM Operational Risk Management ORM is the overall process for early identification, handling and monitoring of risks ORM includes business risks and OR ORM gives an overview on all risks and helps to decide which risks are acceptable and which not (risk tolerance /risk appetite) ORM has preventive character Focus: risks emerging from conducting the business Crisis Management CM is the ability of an organisation to respond to any crisis situation in a predefined way CM includes a tool box with organisational and technical utilities to support management (BCP is one of these tools ) CM has mainly reactive character Business Continuity Management BCM identifies potential threats to an organisation and the impacts to its most critical functions BCM put an organisation in a position to manage permanent continuity or adequate recovery of critical functions in the event of crisis situations in a predefined way. BCM has mainly reactive character; Focus: risks that endanger the object of a company Seite 27
28 Definition Risk Management Risk management is a logical and systematic method of identifying, analysing, treating and monitoring risks. Risk management system Early identification of risks Handling of risks Monitoring of risks Identification of risks Evaluation of risks Communication of risks Controls Internal audit 28
29 Definitions Risk = adverse variance from a reference figure Operational Risk = the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events Transversal Risk = risk which can occur cross-functional and effect several business areas 29
30 Definitions Transversal Risks some examples: risks related to corruption risks related to compliance risks related to data protection risks related to general/ physical security risks related to money laundering risks related to IT risks related to employees risks related to media/ public relations 30
31 Definitions Inherent Risk = risk situation without taking any treatment measures into consideration Residual Risk = risk situation considering implemented treatment measures 31
32 Factors of influence financial impact reputational impact by example to review the RM set up damage to persons crisis 2004 recommendations of internal & external auditors legal background 32
33 The Framework Implementation after the approval by the board in March 2006 published to the staff via intranet Contents Aims and structure of the framework Legal background Definitions Aims and functions of risk management Risk culture Expertises and responsibilities Risk structure Risk management process Early identification of risks Identification of risks Risk evaluation Communication of risks Handling of risks Monitoring of risks 33
34 Governance structure of the Bundesbank Internal audit IT Department ERM Office; Security and Crisis Management Office for Risk Control 34
35 Governance structure of the Bundesbank Responsibilities The Executive Board has the overall responsibility for the management of risks is basically responsible for decision making approves a risk tolerance policy and residual risks in specific risk zone receiver of aggregated risk reports 35
36 Governance structure of the Bundesbank Business areas are responsible for the according to their tasks overall the whole Bundesbank (decentralisation) The heads of departments are responsible for the identification, assessment and mitigation of their own risks. They have an informal relationship with the risk management office. In some areas, such as the risk management of foreign reserves and other portfolios, IT- security and general security, related tasks are performed by central work units. 36
37 Governance structure of the Bundesbank Office for Risk Control Department Financial Stability Area V Department This unit is dealing with market risks such as currency risks, interest rate risks, counterparty risks and liquidity risks. It is responsible for the risk management of foreign reserves and other portfolios. Office For Risk Control 37
38 Governance structure of the Bundesbank IT- Security Management Area VI Department Information Technology IT- Security Management Department Supports the board and the business areas in questions concerning IT-Security and is responsible for the design and maintenance of firewalls, evaluation of information from proxy server, the maintenance and enhancement of IT- security concepts. 38
39 Governance structure of the Bundesbank Division Organisation Area III The Division Organisation is part of the Department Department Controlling, Accounting and Organisation Department Department Controlling, Accounting Division and Organisation. Organisation ERM Office Security and Crisis Management 39
40 Governance structure of the Bundesbank Division Organisation ERM Office In context with risk management, the ERM Office is responsible for the maintenance and enhancement of the risk management framework, the methodology, documentation and coordination. In that context reports of the business areas are summarised, results of risk assessments are checked and analyses conducted as well as an annual report drawn up. 40
41 Governance structure of the Bundesbank Division Organisation C 35: Security and Crisis Management Topic centre for questions concerning general security Design and maintenance of the security framework Business-Continuity-Planning, Crisis Management 41
42 Governance structure of the Bundesbank Internal Audit Area II Department Department Audit The Internal Audit is directly responsible to one of the board members of the Deutsche Bundesbank. It is as an independent entity not being involved in the working processes. 42
43 Risk structure Reputational loss Financial loss Damage to persons Business Risks Operational Risks Currency Risks Interest Rate Risks Counterparty Risks Liquidity Risks Gold price Risks Employee Risks Human Failures Incorrect Conduct Misallocation Of Staff Inadequate Qualification Of Staff Technical Risks IT Risks Critical Infrastructure External Risks Primary Maintenance Risks Dependencies On Third Parties Negative Press Coverage Legal Risks Natural Risks General Security Risks 43
44 Risk Management Process 1. Identification of risks Task of business areas Identification should be output oriented with regard to the underlying task Root causes have also to be identified and documented Helpful information could be gathered from: Audit reports (internal as well as external) Test reports (IT-systems) Incident data bases 44
45 Risk Management Process 2. Risk Assessment As a basic principle, a risk at the Deutsche Bundesbank can result in the following three categories of losses: Financial loss Damage to persons Reputational loss Each of these categories is evaluated for each risk partly in a qualitative and partly in a quantitative way Risk Event = Probability of loss occuring Event X Impact Event 45
46 Risk assessment grading scales Risk likelihood grading scale Likelihood level Criteria 5 - Almost certain 4 - Likely 3 - Possible 2 - Unlikely 1 - Rare Frequency of loss events Every year or more Once every 1-2 years Once every 2-5 years Once every 5-10 years Less than once every 10 years If no observable events: Qualitative criteria (fraud and attacks oriented) Motivation Personal gain... Attracting attention ( making a point ) Skills & knowledge Basic skills, sufficient, knowledge not necessary Collaboration Traceability Time and cost <1 day < EUR 100 > 1 year > EUR
47 Risk assessment grading scales Impact Level Definition Level Definition Very high * high medium Very high high medium Numerous deaths Individual deaths Life-threatening injuries low negligible low negligible Major injuries Minor injuries financial impact personal injuries 47
48 Risk assessment grading scales Impact Level Very high high Definition The occurrence of an event can endanger the Bank's security for a lengthy period or cause critical damage to its interests. Examples: Criminal proceedings against individual members of the Bundesbank's governing bodies The occurrence of an event can endanger the Bank's security or cause major damage to its interests. Examples: medium low negligible The occurrence of an event can be of disadvantage to the Bank's interests. Examples: reputational impact 48
49 Risk tolerance policy Likelihood of loss occurring Almost certain rare unlikely possible likely Impact on overall loss negligible low medium high very high 49
50 Risk Management Process 3. Risk Treatment Policy of risk avoidance and risk limitation while implementing preventive measures Principles e.g. : Principle of hierarchy Editorial principle (to use a second set of eyes) Principle of separation of functions Principle that tasks, competences and responsibilities should be located within the same entity 50
51 risk Risk and threat analysis Actual risk position Risk avoidance Concept of measures Insurances are only used in law driven issues Approval of the Executive Board Preventive measures Usually, there is no risk transfer Residual risk 51
52 Risk Management Process 4. Communication of risks Risk reporting within the business areas Report within business area (hierarchy) Periodical reports (e.g. daily report of market risks) Ad-hoc reporting if necessary Centralised risk reporting Notification of loss Security relevant matters Compliance, money laundering, corruption Major projects... Centralised annual risk report 52
53 Centralised annual risk report Annual risk report according to our risk management framework The business areas have to examine their risk assessment. The results were aggregated from the ERM Office. Report to the board and feedback to the business areas The board has to decide whether additional mitigation measures should be taken or not. 53
54 RMS at the Bundesbank Structure of the ORM template 54
55 Risk Management Process 5. Monitoring of risks Monitoring is part of the internal supervision by the head of each unit responsibility of business areas no formal KRI in place no centralised monitoring 55
56 Thank you for your attention! 56
Business Continuity Management. Christoph Stute Guatemala 28 29 March 2012
Financial Risk Management and Business Continuity Management Christoph Stute Guatemala 28 29 March 2012 Financial Risk Management Christoph Stute Guatemala 28 29 March 2012 Risk Management in Banks Regulatory
More informationOperational Risk Management Policy
Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationAn Introduction to. Business Continuity Planning
An Introduction to Business Continuity Planning Company Profile Practical Experience European Head Office Extensive Client Base Established 1998 Expert Consultants Global Network Why BCP? I am often asked
More informationNovember 2007 Recommendations for Business Continuity Management (BCM)
November 2007 Recommendations for Business Continuity Management (BCM) Recommendations for Business Continuity Management (BCM) Contents 1. Background and objectives...2 2. Link with the BCP Swiss Financial
More informationIT Disaster Recovery and Business Resumption Planning Standards
Information Technology Disaster Recovery and Business IT Disaster Recovery and Business Adopted by the Information Services Board (ISB) on May 28, 1992 Policy No: Also see: 500-P1, 502-G1 Supersedes No:
More informationM P L S /V P N S e c u rity. 2 0 0 1, C is c o S y s te m s, In c. A ll rig h ts re s e rv e d.
M P L S /V P N S e c u rity M ic h a e l B e h rin g e r < m b e h rin g @ c is c o.c o m > M b e h rin g - M P L S S e c u rity 2 0 0 1, C is c o S y s te m s, In c. A ll rig h ts re s e rv e d. 1 W h
More informationIRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS
IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationBusiness Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited
Business Continuity and Risk Management Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited What does Business Continuity mean? Business Continuity Management- Definition Business Continuity
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationNHS 24 - Business Continuity Strategy
NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS
More informationInternational Diploma in Risk Management Syllabus
International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More informationCorporate risk register
EXECUTIVE BOARD EB133/10 133rd Session 17 May 2013 Provisional agenda item 7.3 Corporate risk register Organization-wide strategic risk management in WHO Report by the Secretariat 1. This report is submitted
More informationVersion: 3.0. Effective From: 19/06/2014
Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016
More informationW h a t is m e tro e th e rn e t
110 tv c h a n n e ls to 10 0 0 0 0 u s e rs U lf V in n e ra s C is c o S y s te m s 2 0 0 2, C is c o S y s te m s, In c. A ll rig h ts re s e rv e d. 1 W h a t is m e tro e th e rn e t O b je c tiv
More informationEmergency Preparedness Guidelines
DM-PH&SD-P7-TG6 رقم النموذج : I. Introduction This Guideline on supports the national platform for disaster risk reduction. It specifies requirements to enable both the public and private sector to develop
More informationBeyond Effective Security. The Art and Science of Business Continuity Planning
Beyond Effective Security The Art and Science of Business Continuity Planning Fred Young, CIPM, CRM Executive Director Risk Management RE/MAX International Holdings, Inc The Wildlife Experience Business
More informationB rn m e d s rlig e b e h o v... 3 k o n o m i... 6. S s k e n d e tils k u d o g k o n o m is k frip la d s... 7 F o r ld re b e ta lin g...
V e lf rd s s e k re ta ria te t S a g s n r. 1 4 3 4 1 5 B re v id. 9 9 3 9 7 4 R e f. S O T H D ir. tlf. 4 6 3 1 4 0 0 9 s o fie t@ ro s k ild e.d k G o d k e n d e ls e s k rite rie r fo r p riv a tin
More informationRisk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge
1 Extreme Heritage, 2007 Australia, 19-21 July 2007, James Cook University, Cairns, Australia Theme 6: Heritage disasters and risk preparedness approach for Cultural Heritage Projects Based on Project
More informationIntegrated Risk Management:
Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationA n d r e w S P o m e r a n tz, M D
T e le h e a lth in V A : B r in g in g h e a lth c a r e to th e u n d e r s e r v e d in c lin ic a n d h o m e A n d r e w S P o m e r a n tz, M D N a tio n a l M e n ta l H e a lth D ir e c to r f
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationEffectiveness of BCM through Exercising
Effectiveness of BCM through Exercising By Wan Asriah Wan Adnan Head Business Continuity & Disaster Recovery Bursa Malaysia Berhad wan_asriah@bursamalaysia.com 31 October 2007 Bursa Malaysia and its Group
More informationThe Crisis Management System in Germany
The Crisis Management System in Germany www.bmi.bund.de Last update: January 2010 Contents Preliminary remarks... 5 1. Background... 5 2. Legal framework... 8 3. Crisis management at the federal level..
More informationCRISIS MANAGEMENT PLAN
CRISIS MANAGEMENT PLAN Table of Contents Introduction... 3 Purpose... 3 Objectives... 3 Types & Levels of a Crisis... 4 Plan Activation... 6 Crisis Management Team (CMT) Structure... 6 CMT Responsibilities...
More informationBusiness Continuity Policy
Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England
More informationHow To Manage A Financial Institution
BUSINESS CONTINUITY MANAGEMENT GUIDELINE April 2010 Table of Contents Preamble...3 Introduction...4 Scope...5 Coming into effect and updating...6 1. Continuity and resumption of business...7 2. Sound and
More informationA structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000
A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 Contents Executive summary Introduction Acknowledgements Part 1: Risk, risk management and ISO 31000 1 Nature
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationReport on Internal Control
Annex to letter from the General Secretary of the Autorité de contrôle prudentiel to the Director General of the French Association of Credit Institutions and Investment Firms Report on Internal Control
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationSystem of Governance
CEIOPS-DOC-29/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: System of Governance (former Consultation Paper 33) October 2009 CEIOPS e.v. Westhafenplatz 1-60327 Frankfurt Germany Tel.
More informationWFP ENTERPRISE RISK MANAGEMENT POLICY
WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement
More informationGood Security. Good Business
Good Security Good Business Good Security Good Business Attorney-General s foreword Small business plays a crucial role, not only in our nation s economy but in Australian society. We often make decisions
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationRisk Management: Coordinated activities to direct and control an organisation with regard to risk.
POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationRESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT
RESERVE BANK OF VANUATU DOMESTIC BANK PRUDENTIAL GUIDELINE NO 12 OPERATIONAL RISK MANAGEMENT 1. This Guideline outlines a set of principles that provide a framework for the effective management of operational
More informationAUSTRALIAN COLLEGE OF THEOLOGY
AUSTRALIAN COLLEGE OF THEOLOGY Critical Incident Policy Approval Resolution No: DIR1412-18.3 Date: 8 December 2014 Table of Contents Part A: Policy... 1 1. Purpose and Scope... 1 2. Policy Level... 1 3.
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More informationCIS CO S Y S T E M S. G u ille rm o A g u irre, Cis c o Ch ile. 2 0 0 1, C is c o S y s te m s, In c. A ll rig h ts re s e rv e d.
CIS CO S Y S T E M S A c c e s s T e c h n o lo g y T e le c o m /IT Co n n e c tiv ity W o rk s h o p G u ille rm o A g u irre, Cis c o Ch ile g m o.a g u irre @ c is c o.c o m S e s s io n N u m b e
More informationBusiness Continuity, Risk Management & Pandemic Planning
, Risk Management & Pandemic Planning Risk Management and a little on Pandemic Issues and Planning Advanced Topics why? Business owners and managers should be familiar with Should be building the capability
More informationOperational Risk Management (ORM) and Business Continuity Plans (BCP)
The World Bank Operational Risk Management (ORM) and Business Continuity Plans (BCP) Ian Storkey, Consultant ORM & BCP Why Necessary? ORM Govt Cases Anglo Leasing Affair in Kenya (2004) Orange County (1994)
More informationGENERAL TERMS OF SERVICE OF THE BUDAPEST STOCK EXCHANGE LTD. BOOK EIGHT REGULATIONS ON OPERATIONAL RISK MANAGEMENT
BOOK EIGHT REGULATIONS ON OPERATIONAL RISK MANAGEMENT 1 TABLE OF CONTENTS CHAPTER 1 PURPOSE, SUBJECT MATTER, FUNDAMENTAL PRINCIPLES AND SCOPE OF THE REGULATIONS ON OPERATIONAL RISK MANAGEMENT... 3 1 PURPOSE
More informationUnderstanding Today s Enterprise Risk Management Programs
Understanding Today s Enterprise Risk Management rograms Joel Tietz, TIAA-CREF Managing Director, Enterprise Risk Management March 23, 2015 TIAA-CREF - UBLIC USE Agenda 1) Enterprise Risk Management rograms
More informationSecurity Risk Assessment Tool
Security Risk Assessment Tool Version: (Draft) 24 April 2014 This tool was developed by the ACT Safety & Security Community of Practice (SSCP) for use by ACT Alliance members and partners. 1. Purpose of
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationRISK MANAGEMENT FOR INFRASTRUCTURE
RISK MANAGEMENT FOR INFRASTRUCTURE CONTENTS 1.0 PURPOSE & SCOPE 2.0 DEFINITIONS 3.0 FLOWCHART 4.0 PROCEDURAL TEXT 5.0 REFERENCES 6.0 ATTACHMENTS This document is the property of Thiess Infraco and all
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationEM EA. D is trib u te d D e n ia l O f S e rv ic e
EM EA S e c u rity D e p lo y m e n t F o ru m D e n ia l o f S e rv ic e U p d a te P e te r P ro v a rt C o n s u ltin g S E p p ro v a rt@ c is c o.c o m 1 A g e n d a T h re a t U p d a te IO S Es
More informationPOL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:
POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationVMIA Business Continuity Initiatives
VMIA Business Continuity Initiatives The need for Business Continuity Identified as key risk area during Risk Framework Quality Reviews (2006-7) Identified Vic Gov Risk Management Framework Particular
More informationPolicy 10.105: Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January
More informationRisk Management Programme Guidelines
Risk Management Programme Guidelines Submissions are invited on these draft Reserve Bank risk management programme guidelines for non-bank deposit takers. Submissions should be made by 29 June 2009 and
More informationSound Practices for the Management of Operational Risk
1 Sound Practices for the Management of Operational Risk Authority 1.1 Section 316 (4) of the International Business Corporations Act (IBC Act) requires the Commission to take any necessary action required
More informationInsurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive
Insurance Guidance Note No. 14 Transition to Governance Requirements established under the Solvency II Directive Date of Paper : 31 December 2013 Version Number : V1.00 Table of Contents General governance
More informationPSPSOHS606A Develop and implement crisis management processes
PSPSOHS606A Develop and implement crisis management processes Revision Number: 1 PSPSOHS606A Develop and implement crisis management processes Modification History Not applicable. Unit Descriptor Unit
More informationPrepared by Rod Davis, ABCP, MCSA November, 2011
Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,
More informationERM Program. Enterprise Risk Management Guideline
ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible
More informationNHS Hardwick Clinical Commissioning Group. Business Continuity Policy
NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance
More informationCRISIS MANAGEMENT PLAN FOR THE DSK
CRISIS MANAGEMENT PLAN FOR THE DSK March, 2009 By Christa Dietterle Index: 1. Executive Summary page 2 2. Introduction page 3 3. Prevention and Mitigation page 6 4. Preparedness page 7 5. Response page
More informationStaying In Business. A Business Continuity White Paper by. Paul O Brien and Gerard Joyce. LinkResQ Limited
Staying In Business A Business Continuity White Paper by Paul O Brien and Gerard Joyce LinkResQ Limited Contents: Introduction. 2 What is Business Continuity? 2 Loss Events = Opportunities for Disaster..
More informationContinuity of Operations Planning. A step by step guide for business
What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationPreparing a Disaster Recovery Plan (Church)
Preparing a Disaster Recovery Plan (Church) In the event of a serious fire, a church may be required to close during the rebuilding period. The rebuilding process can take up to two years or more. Heritage
More information(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For
Unofficial Translation by the courtesy of The Foreign Banks' Association This translation is for the convenience of those unfamiliar with the Thai language. Please refer to the Thai text for the official
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jeffrey P. Back 2009 Oncore Associates, LLC Business Continuity Planning Business continuity planning is the way an organization can prepare for and aid
More informationAccreditation Application Forms
The Institute of Risk Management The Institute of Risk Management Accreditation Application Forms Universities and Professional Associations The Institute of Risk Management Accreditation Application Forms
More informationA guide for members APES 325 Risk Management for Firms
A guide for members APES 325 Risk Management for Firms An explanation and introduction to APES 325 Risk Management for Firms Overview of the scope and application of a risk management framework. APES 325
More informationGUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK
SUPERVISORY AND REGULATORY GUIDELINES: PU-0412 Operational Risk 25 th November, 2013 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK 1. INTRODUCTION 1.1. The Central Bank of The Bahamas ( the Central
More informationThe best practice guide for businesses and human resources
Emergency response and business continuity plan: The best practice guide for businesses and human resources How to develop and implement an emergency response and business continuity plan to deal with
More informationBusiness Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM
Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business
More informationGuidance notes: Financial Planning & Managing Risk
Guidance notes: Financial Planning & Managing Risk This guidance note is particularly for governors on the audit or finance committee, but will be of interest to all governors. What is the governing body
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationBusiness Continuity Management
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
More informationNGO security coordination and other sources of support WITHIN FIRST 1-2 WEEKS. Office/compound/ facility security
3 Risk assessment tool BEFORE DEPLOYMENT OR STARTING PROGRAMME Context analysis and actor mapping Risk assessment Security strategies Acceptance, protection and deterrence What is the context and who are
More informationDe Nederlandsche Bank N.V. May 2011. Assessment Framework for Financial Core Infrastructure Business Continuity Management
De Nederlandsche Bank N.V. May 2011 Assessment Framework for Financial Core Infrastructure Business Continuity Management Contents INTRODUCTION... 3 BUSINESS CONTINUITY MANAGEMENT STANDARDS... 5 1. STRATEGY
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationB a rn e y W a r f. U r b a n S tu d ie s, V o l. 3 2, N o. 2, 1 9 9 5 3 6 1 ±3 7 8
U r b a n S tu d ie s, V o l. 3 2, N o. 2, 1 9 9 5 3 6 1 ±3 7 8 T e le c o m m u n ic a t io n s a n d th e C h a n g in g G e o g r a p h ie s o f K n o w le d g e T r a n s m is s io n in th e L a te
More informationBusiness Continuity Position Description
Position Description February 9, 2015 Position Description February 9, 2015 Page i Table of Contents General Characteristics... 2 Career Path... 3 Explanation of Proficiency Level Definitions... 8 Summary
More informationThe Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies
The Essentials of Enterprise Risk Management Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies Introduction How should an organization think about the management
More informationManagement of Information Systems. Certification of Secure Systems and Processes
Management of Information Systems Certification of Secure Systems and Processes Information Security Management System (ISMS) ISO 27001 Protecting valuable information Information is an asset whose loss,
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationHow To Manage Health, Safety, Security And Environment
Health, Safety, Security and Environmental Management System Management Standards and take c&re of yourself, others and the environment Health, Safety, Security and Environment Policy E.ON Climate & Renewables
More informationBusiness Resilience Communications. Planning and executing communication flows that support business continuity and operational effectiveness
Business Resilience Communications Planning and executing communication flows that support business continuity and operational effectiveness Introduction Whispir have spent the last 14 years helping organisations
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationPAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationRisk Management Policy and Framework
Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871
More information39 GB Guidance for the Development of Business Continuity Plans
39 GB Guidance for the Development of Business Continuity Plans Policy number: Version 2.2 Approved by Name of author/originator Owner (director) 39 GB Executive Committee Date of approval August 2014
More information