RISK AND DISASTER MANAGEMENT: SOME USEFUL TOOLS AND RESOURCES FOR BUSINESSES AND ORGANISATIONS

Similar documents
Is your business ready for a disaster? Ten questions to help you determine the answer.

Business Continuity Plan Template

GUIDANCE ON THE COMPILATION OF BUSINESS CONTINUITY PLANS. Front cover Add your logo, company name and the date the plan was last amended.

Business Continuity Management For Small to Medium-Sized Businesses

Disaster Preparedness & Response

The 10 Minute Business Continuity Assessment

CONTINUITY OF OPERATION PLAN (COOP) FOR NONPROFIT HUMAN SERVICES PROVIDERS

CONTINUITY OF OPERATIONS PLAN TEMPLATE

Flood Preparedness Checklist

Business continuity plan

Disaster Recovery Plan

Business Continuity Plan

A GUIDE TO BUSINESS CONTINUITY PLANNING

Business/ Organisation Name

IT Disaster Recovery Plan Template

Business insurance. a practical guide smallbusiness.wa.gov.au The small business specialists BUILDING YOUR KNOWLEDGE

How to Prepare for an Emergency: A Disaster and Business Recovery Plan

PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA

Offsite Disaster Recovery Plan

BUSINESS CONTINUITY PLAN

Would Your Business survive a crisis?

Continuity of Operations Planning. A step by step guide for business

Creating a Business Continuity Plan

Preparing Your Business for a Flood

It s the Business! Business continuity considerations for all organisations

Milk Haulers Pandemic Planning Guide

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

SCHOOLS BUSINESS CONTINUITY PLANNING GUIDANCE

Emergency Planning and Business Continuity Policy

BUSINESS CONTINUITY PLAN

Disaster Recovery Plan Checklist

Business Continuity Planning Checklist

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Plan Toolkit

BUSINESS CONTINUITY PLAN

HURRICANE PLAN CAN HELP BUSINESSES WEATHER A STORM. By Gerald Dunlop USA Small Business Development Center

Business Continuity Template

Yale Business Continuity Program Emergency Response Guide

Not If, But When: Prepare a Disaster Recovery Plan Today

Business Continuity Planning

would your business stay afloat? A guide to preparing your business for flooding

BUSINESS CONTINUITY ASSESSMENT CHECKLIST

BUSINESS CONTINUITY MANAGEMENT PLAN

Disaster and Pandemic Planning for Nonprofits. Continuity and Recovery Plan Template

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Business Continuity Policy and Business Continuity Management System

Preparing Your Business for a Flood

Business Continuity Planning Guide

Jacksonville State University All Hazards - Continuity of Operations Plan (COOP)

Business Continuity Planning Assessment

Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits

Good Security. Good Business

Each section has handy hints and advice on completing your plan along with links to further information which you can download and print.

Public Protection. [insert organisation name] Emergency Planning Unit Business Continuity Management Plan

would your business stay afloat?

Business Continuity Planning

Disaster Preparedness Plan. "[Click Here and type your Company Name]" Prepared By: Date:

Business Continuity Training and Testing: Narrowing the Gaps

BUSINESS CONTINUITY PLAN

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

BUSINESS CONTINUITY GUIDE FOR SMALL BUSINESSES

Method 1 of 4: Understanding What Makes a Good Business Continuity Plan

Building and Maintaining a Business Continuity Program

HURRICANE PREPAREDNESS PLAN

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

It also provides guidance for rapid alerting and warning to key officials and the general public of a potential or occurring emergency or disaster.

Service Continuity Planning. A Guide for Community Pharmacists

Business Continuity Planning Guide April 2013

Business Checklist for Severe Weather

business continuity plan for:

HURRICANE DISASTER PREPARATION CHECKLIST AND BUSINESS CONTINUITY PLAN

Disaster Recovery Best Practices & Lessons Learned

NCUA LETTER TO CREDIT UNIONS

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

'(! ! "! # ' () )**+),-./(."# # $ %$& #01111&22&3

Fire Department Guide. Creating and Maintaining Business Continuity Plans (BCP)

Changes to the 2014 Acute Care Hospital Manual on Emergency Management Compliance. January 30, 2014 Brad Keyes, CHSP

Creating a Business Continuity Plan for your Health Center

SAMPLE IT CONTINGENCY PLAN FORMAT

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

Continuity Planning and Disaster Recovery

Greater Wellington Regional Parks Health and Safety Plan

Prudential Practice Guide

Don t gamble with your business prepare for survival

BUSINESS CONTINUITY PLAN

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

Version: 3.0. Effective From: 19/06/2014

Emergency Preparedness Guidelines

Business Continuity Management Policy and Plan

Business Continuity Planning advice for Businesses with employees

The Joint Commission Approach to Evaluation of Emergency Management New Standards

Chapter 10. Chapter 10 Learning Objectives. Insurance and Risk Management: An Introduction. Property and Motor Vehicle Insurance

Vermont Division of Emergency Management and Homeland Security Business Disaster Preparedness Workbook

Business Continuity Planning in IT

Business Continuity Policy & Plans

Table of Contents... 1

Ready for Anything BUSINESS CONTINUITY GUIDE FOR BUSINESS OWNERS. Plan to Stay in Business

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

Bus incident management planning: Guidelines

Working for business. Workplace Safety Discount Application With employees

Transcription:

RISK AND DISASTER MANAGEMENT: SOME USEFUL TOOLS AND RESOURCES FOR BUSINESSES AND ORGANISATIONS MAY 2011 Sector Development Team Queensland Council of Social Service Inc

DEVELOPING A BUSINESS CONTINUITY PLAN BASED ON A PREVENTION, PREPAREDNESS, RESPONSE AND RECOVERY CYCLE This plan incorporates the Prevention, Preparedness, Response and Recovery (PPRR) framework (Queensland Government: Business Continuity Plan Template, 2010). Each of the four key elements is represented by a part in the Business Continuity Planning Process. Source: Queensland Government: Business Continuity Plan Template (2010) The Queensland Government provides a detailed, step-by-step planning template for business continuity, which is very useful for developing a plan to manage risks and disasters for small businesses. Further information and access to the template is available on the Department of Employment, Economic Development and Innovation s (DEEDI) official website under Business Development. BUSINESS CONTINUITY AND DISASTER RECOVERY CHECKLIST FOR SMALL BUSINESS OWNERS A checklist has been developed by Capital One to help small businesses in the United States prepare for both large and small incidents (Department of Employment, Economic Development and Innovation, 2011a). DEEDI has also provided a sample emergency plan for businesses (embedded below) sampleplan.pdf Source: Department of Employment, Economic Development and Innovation (2011a) Develop a business continuity/disaster recovery plan Establish a disaster-recovery team of employees who know your business best, and assign responsibilities for specific tasks 1

Identify your risks (kinds of disasters you're most likely to experience) Prioritize critical business functions and how quickly these must be recovery Establish a disaster recovery location where employees may work off-site and access critical back-up systems, records and supplies Obtain temporary housing for key employees, their families and pets Update and test your plan at least annually Alternative operational locations Determine which alternatives are available. For example: A satellite or branch office of your business The office of a business partner or even an employee Home or hotel Backup site Equip your backup operations site with critical equipment, data files and supplies: Power generators Computers and software Critical computer data files (payroll, accounts payable and receivable, customer orders, inventory) Phones/radios/TVs Equipment and spare parts Vehicles, boats and spare parts Digital cameras Common supplies Supplies unique to your business (order forms, contracts, etc.) Basic first aid/sanitary supplies, potable water and food Safeguard your property Is your property prepared to survive a hurricane or other disasters: Your building? Your equipment? Your computer systems? Your company vehicles? Your company records? Other company assets? Contact information Do you have current and multiple contact information (e.g., home and cell phone numbers, personal e- mail addresses) for: Employees? Key customers? Important vendors, suppliers, business partners? Insurance companies? Is contact information accessible electronically for fast access by all employees? Communications Do you have access to multiple and reliable methods of communicating with your employees: Emergency toll-free hotline? 2

Website? Cell phones? Satellite phones? Pagers? BlackBerry(TM)? Two-way radios? Internet? E-mail? Employee preparation Make sure your employees know: Company emergency plan Where they should relocate to work How to use and have access to reliable methods of communication, such as satellite/cell phones, e-mail, voice mail, Internet, text messages, BlackBerry(TM), PDAs How they will be notified to return to work Benefits of direct deposit of payroll and subscribe to direct deposit Emergency company housing options available for them and their family Customer preparation Make sure your key customers know: Your emergency contact information for sales and service support (publish on your website) Your backup business or store locations (publish on your website) What to expect from your company in the event of a prolonged disaster displacement Alternate methods for placing orders Alternate methods for sending invoice payments in the event of mail disruption Evacuation order When a mandatory evacuation is issued, be prepared to grab and leave with critical office records and equipment: Company business continuity / disaster recovery plan and checklist Insurance policies and company contracts Company checks, plus a list of all bank accounts, credit cards, ATM cards Employee payroll and contact information Desktop/laptop computers Customer records, including orders in progress Photographs/digital images of your business property Post disaster contact information inside your business to alert emergency workers how to reach you Secure your building and property Cash management Be prepared to meet emergency cash-flow needs: Take your checkbook and credit cards in the event of an evacuation Keep enough cash on hand to handle immediate needs Use Internet banking services to monitor account activity, manage cash flow, initiate wires, pay bills 3

Issue corporate cards to essential personnel to cover emergency business expenses Reduce dependency on paper checks and postal service to send and receive payments (consider using electronic payment and remote deposit banking services) Post-disaster recovery procedures Consider how your post-disaster business may differ from today Plan whom you will want to contact and when Assign specific tasks to responsible employees Track progress and effectiveness Document lessons learned and best practices RISK MANAGEMENT PLAN The Government of Victoria has detailed information on how to develop risk management plan for individual business/organisation. Business Victoria webpage provides a combined Risk Register and Risk Treatment Register (templates) which businesses/organisations can use to plan and manage risks (embedded below) sbv_template_risk_r egister_and_risk_treatment_register.doc Source: Government of Victoria: Risk Management Plan (2009c) Further, organisations can use information from the Assessing Individual Risk page on the same website along with the Risk Assessment Table (1.2) below to gauge the level of risks. RECORDS MANAGEMENT PLAN The University of Technology, Sydney website has some useful forms and templates for records storage and recovery (embedded below) storage-risk-assessm ent.docm 4

records_recoveryflo wchart.pdf Source: University of Technology, Sydney: Risk and Disaster Management (2010) In addition, businesses and organisations can also store important operational details such as bank account details, staff salary in the Critical Information List. This can be used to hand over to someone else (e.g. power of attorney) during emergencies (embedded below) critical_information_li st.doc Source: Government of Victoria: Critical Information List (2009a) 5

ADDITIONAL TOOLS AND TEMPLATES FOR RISK AND DISASTER MANAGEMENT 1.1 COMMUNITY CONTEXT (Note: Only for organisations that provide direct services to the community) FEATURE RELEVANT INFORMATION AND CONSIDERATIONS Geography Climate and Weather Population Community Capacity Industry Public buildings, spaces and events Critical Infrastructure Essential Services Hazardous Sites Source: Department of Emergency Services (2005) 6

1.2 RISK ASSESSMENT TABLE Consequences Major Serious Minor Insignificant e.g. death, disability, large financial loss e.g. serious injury, cash flow shortage e.g first aid injury, temporary supply shortage e.g. incident but no injury, non-essential staff ill Very likely, almost certain to happen Extreme risk High risk High risk Medium risk Likelihood Likely, will probably happen at some time High risk High risk Medium risk Medium risk Unlikely, could happen at some time High risk Medium risk Medium risk Low risk Very unlikely, might happen rarely Medium risk Medium risk Low risk Low risk Source: Government of Victoria: Risk Assessment Table (2009b) 7

1.3 MANAGING RISK STEP 1 STEP 2 STEP 3 STEP 4 STEP 5 IDENTIFY RISKS THAT COULD IMPACT YOUR BUSINESS Take a close look at each of your business operations and ask yourself: What could cause an impact? How serious would that impact be? What is the likelihood of this occurring? Can it be reduced or eliminated? For example, if you owned a cafe, your risks might include fire, food poisoning and flood ANALYSE RISKS TO ASSESS THEIR IMPACTS Determine which risks have a greater consequence or impact than others Separate minor acceptable risks from major risks which must be managed immediately. This involves deciding on the relationship between the likelihood and impacts of the risks you have identified In a cafe, the likelihood of a flood may be assessed as low, but the impacts on the business would be very high. A flood could potentially destroy both equipment and stock and would lead to loss of trade and financial loss EVALUATE RISKS TO PRIORITISE THEIR MANAGEMENT Compare the likelihood and impact of each risk to evaluate and prioritise the resources you are prepared to invest to treat these risks. The outcome of this step is a prioritised list of risks that require further action In the cafe example, your prioritised list may be: Source: Department of Employment, Economic Development and Innovation (2011b) Fire - your top priority risk. The likelihood is high and the potential impact of a fire on the business is very high Food poisoning - your second priority risk. Whilst the probability may be assessed as low, the impact on the business would be very high Flood - your third priority risk. The probability is assessed as very low, but again the impact on the business would be very high 8 TREAT RISKS TO MINIMISE THEIR IMPACT Determine which risks are acceptable for your business to leave untreated and which risks need to be treated. Risk treatment is about considering options for treating risks that are not considered acceptable, through a number of strategies including: Insurance quality control processes Staff training C Complying with government legislation and regulations Properly maintaining facilities, plant and equipment Using appropriate security devices Establishing systems and controls e.g. segregation of duties (cash receipting, banking and accounting) Developing contingency plans Some of the treatment strategies for the risk of flood might include: Ensure flooding is covered by your existing insurance policy and the amount of cover is adequate Ensure stock and equipment are stored off the ground where possible Organise off-site storage for stock and equipment when a flood is forecast DEVELOP AND REVIEW YOUR RISK MANAGEMENT PLAN A Risk Management Plan indicates the chosen strategy for treatment of the identified risks. It details information about: Risks identified Level of risks Planned strategy Timeframe for implementing the strategy Resources required Individuals responsible for ensuring the strategy is implemented The final documentation should include appropriate objectives, a budget and milestones on the way to achieving those objectives

1.4 RISK MANAGEMENT RECORD HAZARD VULNERABLE SECTOR POTENTIAL RISK LIKELIHOOD CONSEQUENCE LEVEL OF RISK ACTION PRIORITY RISK TREATMENT OPTIONS RISK TREATMENT EVLAUATION RESPONSIBLE AGENCY CONSEQUENTIAL ACTIONS IMPLEMENT ATION TIMEFRAME (Source of Risk) (Element at Risk) (Risk Statements ) (Include Current Control Measures) (Link Treatment Option to Core Business of Relevant Organisation) (Identifying Project Details) (Define timeframe & any dependenc e) Source: Department of Emergency Services (2005) 9

REFERENCES Department of Emergency Services (2005). Queensland Disaster Management Planning Guidelines 2005: For Local Government (online). Available from < http://www.disaster.qld.gov.au/publications/pdf/disaster_management_guide.pdf > Accessed 21 April 2011 Department of Employment, Economic Development and Innovation (2011a). Recovering from a Disaster: Business Continuity and Disaster Recovery Checklist for Small Business Owners (online). Available from < http://www2.business.qld.gov.au/managing/275.htm > Accessed 09 May 2011 Department of Employment, Economic Development and innovation (2011b). Business Development: Managing Risks (online). Available from < http://www2.business.qld.gov.au/managing/206.htm > Accessed 09 May 2011 Government of Victoria (2009a). Emergency Contingency Plan: Critical Information List (online). Available from < http://www.business.vic.gov.au/busvic/standard/pc_63238.html > Accessed 10 May 2011 Government of Victoria (2009b). Risk Assessment Table (online). Available from < http://www.business.vic.gov.au/busvic/standard/pc_50328.html > Accessed 10 May 2011 Government of Victoria (2009c). Risk Management Plan (online). Available from < http://www.business.vic.gov.au/busvic/standard/pc_50328.html > Accessed 10 May 2011 Government of Victoria (2009). Assessing Individual Risks: Risk Assessment Table (online). Available from < http://www.business.vic.gov.au/busvic/standard/pc_50328.html > Accessed 10 May 2011 Local Government Association of Queensland (2010). Incorporating Disaster Management into Local Government Corporate Planning Practices: Workshop Manual (online). Available from < http://www.lgaq.asn.au/c/document_library/get_file?uuid=52239ba1723a9360ce1db5b8b13210cb& groupid=10136 > Accessed 03 May 2011 Queensland Government (2010). Business Continuity Plan Template (online). Available from < http://www.business.qld.gov.au/risk-management/business-continuity-planning.html > Accessed 06 May 2011 University of Technology, Sydney (2010). Risk and Disaster Management (online). Available from < http://www.records.uts.edu.au/forms/index.html > Accessed 10 may 2010 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information