Tools You Can Use: Building Business Resilience

Similar documents
Business Resiliency Business Continuity Management - January 14, 2014

Business Continuity Management

BUSINESS CONTINUITY PLANNING GUIDELINES

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

BUSINESS CONTINUITY PLAN OVERVIEW

Building Economic Resilience to Disasters: Developing a Business Continuity Plan

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet

SUPPLY CHAIN RISK MANAGEMENT: THE MISSING LINK IN PROTECTING PROJECT PROFITABILITY

Business Continuity Planning for Risk Reduction

Prepared by Rod Davis, ABCP, MCSA November, 2011

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

Business Continuity and Disaster Recovery Planning

Intel Business Continuity Practices

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Table of Contents... 1

BUSINESS IMPACT ANALYSIS.5

Continuity of Operations Planning. A step by step guide for business

National Fire Protection Association s Contribution to Business Continuity Strategies

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June

Business, Resiliency and Effective Disaster Recovery. Anne Kleffner, PhD Haskayne School of Business, University of Calgary

Managing business risk

Business Continuity Planning Preparing Your Organization

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31

MHA Consulting. Business Continuity Management 101

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Ohio Supercomputer Center

Creating a Business Continuity Plan for your Health Center

Overview of Business Continuity Planning Sally Meglathery Payoff

External Supplier Control Requirements BCM

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Continuity Planning Guide

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

Overview. Emergency Response. Crisis Management

Cisco Disaster Recovery: Best Practices White Paper

Business Continuity Planning. Presentation and. Direction

The Business Continuity Maturity Continuum

Strategic risk: do not forget your supply chain!

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Temple university. Auditing a business continuity management BCM. November, 2015

BCP and DR. P K Patel AGM, MoF

NCUA LETTER TO CREDIT UNIONS

Business Continuity Planning. A guide to loss prevention

Ohio Conference for Payroll Professionals Disaster Recovery

Operational Risk Assessment Overview

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Coping with a major business disruption. Some practical advice

Willis 2012 Latin American Energy Conference

DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

11 Common Disaster Planning Mistakes

Standard for Business Continuity/Disaster Recovery (BC/DR) Service Providers

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

A BCP Tale: From Theory to Practice

TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY

Kick Starting your Business Continuity Program

Business Continuity Management and The Extended Enterprise

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Desktop Scenario Self Assessment Exercise Page 1

Business Continuity and Disaster Recovery Planning: A Collaborative Approach. Dr. Gillian Cambers, Disaster Risk Management Specialist, CDB

Business Continuity and Disaster Planning

ERM006 ERM and Business Continuity Management: Together at Last RIMS Annual Conference April 13, 2016

BUSINESS CONTINUITY PLAN

Recovery Site Evaluation: Finding Viable Alternatives

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT

Disaster Recovery in the Contact Center

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

The Supply Chain and Business Continuity: Preparing to Survive the Next Disaster

BUSINESS CONTINUITY POLICY

Business Continuity Management

pm4dev, 2007 management for development series The Project Management Processes PROJECT MANAGEMENT FOR DEVELOPMENT ORGANIZATIONS

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Developing a Business Continuity Plan... More Than Disaster

THE USE OF TRIZ IN BUSINESS CONTINUITY PLANNING

10-POINT FRAMEWORK. for Pandemic Influenza Business Preparedness

Interactive-Network Disaster Recovery

DISASTER RESPONSE: MANAGING THE ENVIRONMENTAL RISKS. By Frank Westfall and Robert Winterburn

Emergency Response and Business Continuity Management Policy

Transcription:

Tools You Can Use: Building Business Resilience (ERM007) Speakers: Linda Conrad, Head of Strategic Business Risk, Zurich Mike Epstein, Senior Director, Risk Management & Business Continuity, E.W. Scripps

Learning Objectives Through this session, you will: Identify risks to resilience Discover how you can use Business Resilience tools to manage risks systematically and holistically Show how business resilience tools can integrate in overall Enterprise Risk Management efforts Participate in an interactive exercise that can help you better address potential exposures

Facing the challenges of emerging risk There was a time when dealing with risk meant buying insurance. Today, stakes are too high. Natural & man-made disasters, supply chain disruptions, economic challenges are now part of the everyday vocabulary of risk management. Staying competitive means higher risks. New business strategies = new risks to be identified and managed Dealing with risk goes beyond looking at a series of random events, beyond mere risk-avoidance or transfer. To deal with risk properly means to look for strategic opportunities based on wellinformed risk thinking. 3

Everyone's World is Different How we see the world is shaped by what we do in it A moment to understand the worlds we live in and where were coming from

Zurich Insurance Group Mission: better understand and protect ourselves and our customers from risk. Team helps deliver a holistic, proactive approach to resilience and managing Enterprise Cost of Risk for Zurich and clients Business Interruption modeling and quantification Business Continuity Management gap analysis Supply Chain Risk Assessment and Insurance Enterprise Risk Management Healthcheck Emerging Risk Group Total Risk Profiling Risk Room

Learning Objectives At the end of this session, you will: Identify risks to resilience Discover how you can use Business Resilience tools to manage risks systematically and holistically Show how business resilience tools can integrate in overall Enterprise Risk Management efforts Participate in an interactive exercise that can help you better address potential exposures

What Is Resilience? According to Websters: the capability of a strained body to recover its size and shape after deformation caused especially by compressive stress an ability to recover from or adjust easily to misfortune or change Business Resilience: Actions taken to encourage additional risk identification, prevention or mitigation that will improve the ability to recover from or adjust easily to misfortune or change Source: http://www.merriam-webster.com/dictionary/resilience

What Is Resilience? In an Enterprise Risk Management Framework An organization that is better able to: Anticipate surprises Recover from disruptions Adapt to changing conditions Leverage emerging opportunities

Key Resilience Assumptions You own the business On both good days and bad Whether you do the work in-house or out Your business is your clients expectations Commoditization of many industries aside, your reputation is as much a product as your service or widget Start your understating of your needs with what your clients expect of you Continuity of service = continuity of product availability Continuity of service/product = continuity of resources People/Skills Facilities Utilities/Infrastructure Technology/Connectivity Supplies

Have You Seen Worse? Hurricane/Super Typhoon Earthquake Tornado Blizzard/Severe Winter Storm Flood Pandemic Work Place Violence Active Shooter Cyber Attack Water Main Break Power Outage Network Carrier Failure Tsunami Lottery Win School/Daycare Closure Supplier Failure Car Accident Chemical Spill Volcanic Eruption Labor Action Port Disruption Roadway/Bridge Failure Political Upheaval Population Migration Industry Disruption Stalkers (you don t want to know)

Blizzard Hitting ½ the City Buffalo, NY Nov. 17-19, 2014

Blizzard Hitting Your Commute Buffalo, NY Nov. 17-19, 2014

Blizzard Hitting Your House Buffalo, NY Nov. 17-19, 2014

Door Meets Stolen Landscaping Truck Baltimore, MD May 13, 2014

Wall Street Finds Ways Of Muddling Through Dec 10, 1992, storm surge of about 3 ft. at Battery Park in Manhattan. A high tide of 8 ft. above sea level was high enough to surpass the sea walls. The ensuing flooding submerged portions of FDR East River Drive to 4 ft. deep. Low-lying neighborhoods of the City were also flooded. The severity of the storm caught many in the region by surprise. Firms in several low-lying buildings, including 55 Water Street, 100 Wall Street and 2 New York Plaza, were disabled when salty water from the rising tides of New York Harbor found its way into basement vaults holding electrical transformers and telephone equipment. At County NatWest Securities, damage was severe enough that the staff was moved to a trading room in Staten Island that was created in 36 hours by a Minneapolis company specializing in disaster recovery for large businesses. Source: http://www.nytimes.com/1992/12/15/business/wall-street-finds-ways-of-muddling-through.html And https://en.wikipedia.org/wiki/december_1992_nor%27easter

Learning Objectives At the end of this session, you will: Identify risks to resilience Discover how you can use Business Resilience tools to manage risks systematically and holistically Show how business resilience tools can integrate in overall Enterprise Risk Management efforts Participate in an interactive exercise that can help you better address potential exposures

Which Brings Us Too? Risk Assessment and Business Impact Analysis

What Can Really Happen? Staffing Availability Severe Weather, Pandemic, Lottery Facility Availability Natural Disaster, Fire, Flood Utility Availability Power Outage, Water Main Break, Potable Water Hazard, Network Carrier Outage Technology/Tool Availability Equipment Failure, Cyber Attack, Incompatible Upgrade Supply Channel Availability All of The Above Distribution Channel Availability All of The Above

SC12(V3)Jul/05/10GC/ZCA Things You Might Find: Your dual carrier network runs with both carriers sharing the same line in the last mile Exposure due to potential failure of a supplier higher than initially estimated: USD10 million vs.1 million Actual reliance on one supplier significantly greater than presumed: 70% vs. 20% Company discovered that key component supplier and its alternative were located in earthquake zone Two key suppliers at the next level in the supply chain were in significant financial trouble A disproportionate number of your key employees live in the same area and rely on the same commuting path

Annual Share of Business Interruption Claims Share of Business Interruption in Total Annual Property Share of BI of Total Claims Claims grows by 1.6% p.a. 55% 50% 53% 45% 40% 46% 43% 43% 37% 44% 35% 36% 36% 30% 28% 25% 20% 24% 24% 21% 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 Source: Zurich Year

SC9(V1)Jul/05/10GC/ZCA Enterprise Resilience Tools Source: Zurich

Business Interruption value chain modeling Customer High protection High protection High protection Suppliers Sourcing Production Distribution Clients Analyzing risks along the value chain encourages risk quantification and prioritization of mitigation Source: Zurich 23

Business interruption value chain modelling Map Locations, buildings Group of products Customer/groups Suppliers Warehouses Interdependencies Scenarios Calculation of effects Risk report Source: Zurich

GCPP31(V1)Aug/17/10GC/ZCA Business Continuity Plan Review and Grading Source: Zurich

Risk assessment stages Determine those suppliers most critical to protecting profitability Develop a supply chain/value chain map Gather key supply/supplier details Evaluate risk factor information Define and evaluate risk scenarios Develop risk grading Determine risk strategies Source: Zurich

GCPP31(V1)Aug/17/10GC/ZCA Supply chain grading Risk Factor As is Comments To Be Advice 1 Industry/Supply-Specific - Geographical Exposures B A 2 Industry/Supply-Specific - Economic Exposures. B A 3 Industry/Supply-Specific - Political Exposures. B A 4 Industry/Supply-Specific - Structural Risks B A 5 Supplier Specific - Geographical Exposures B A 6 Supplier Specific - Economic Exposures B A 7 Supplier Specific - Political Exposures B A 8 Supplier Specific - Structural Risks B A 9 Product Management / New Product Development B A 10 Supplier Selection Management B A 11 Supplier Management (Financial Strength) B A 12 Supply Chain Performance B A 13 Internal Risk Management B A 14 Business Continuity Management (BCM) B A 15 Vulnerability To Accidents / Errors B A 16 Vulnerability To Malicious Intervention B A 17 Commercial Contract Management B A 18 Skills And IP Management (Insured) B A 19 Regulatory Issues B A 20 Relationship With Supplier (Influence, Maturity) B A 21 Supplier' s Security Of Supply B A Supplier's Knowledge And Experience Of Providing 22 Required Supplies B A 23 Skills and IP Managament (Supplier) B A 24 Risk Engineering Factor B A OVERALL GRADING = 72 4 Source: Zurich

Learning Objectives At the end of this session, you will: Identify risks to resilience Discover how you can use Business Resilience tools to manage risks systematically and holistically Show how business resilience tools can integrate in overall Enterprise Risk Management efforts Participate in an interactive exercise that can help you better address potential exposures

ERM Wheel Enterprise Resilience Management Source: Zurich

Embedding a Risk Culture Source: Zurich 30

ERM Diagnostic tool

Learning Objectives At the end of this session, you will: Identify risks to resilience Discover how you can use Business Resilience tools to manage risks systematically and holistically Show how business resilience tools can integrate in overall Enterprise Risk Management efforts Participate in an interactive exercise that can help you better address potential exposures

Enterprise Resilience Challenges 33

Exposure Assessment Customers Job Job RTO (Days) Process Take-out Bake Cookies 5 baking Grocery Store Bake Cakes 2 baking Event Planners Bake Breads 7 baking "Carol's" Restaurant Fry Donuts 7 Frying Indiv. Wedding Parties Decorate Cookies 5 Decoration Melissa's Bridal (150k/yr) Decorate Cakes 9 Decoration Mary's Bridal (400k/yr) Package Retail Goods 7 Packaging Deliver Retail Goods 8 Delivery Deliver SO Goods 2 Delivery Front-house Maint 7 Cleaning Back-house Maint 7 Certified Cleaning Sales - Phone 7 Sales Sales - Store 7 Sales Wedding Counciler 7 Consulting Retail Liason 4 Sales "Melissa's" Coordinator 3 Consulting "Mary's" Coordinator 2 Consulting "Carol's" Coordinator 4 Consulting Package SO Goods 2 Packaging

Exposure Assessment Process RTO People Cheff Office Kitchen baking 2 Yes No Yes Frying 7 Yes No Yes Decoration 5 No No Yes Packaging 2 No Yes Yes Delivery 2 No Yes No Cleaning 7 No Yes No Certified Cleaning 7 No No Yes Sales 4 Yes Yes No Consulting 2 Yes Yes Yes -

Exposure Assessment Cheff Processes RTO Normal Critical Level Day 1 Day 2 Day 3 Day 4 Day 5 Day7 Day14 Day21 Day28 baking 2 5 3 1 2 3 3 3 3 3 3 3 Frying 7 2 0 0 0 0 0 0 0 0 0 0 Decoration 5 6 3 1 2 3 3 3 3 3 3 3 Packaging 2 4 2 2 2 2 2 2 2 2 2 2 Delivery 2 4 2 2 2 2 2 2 2 2 2 2 Cleaning 7 2 1 0 1 1 1 1 1 1 1 1 Certified Cleaning 7 5 2 0 2 2 2 2 2 2 2 2 Sales 4 6 2 2 2 2 2 2 2 2 2 2 Consulting 0 3 1 0 1 1 1 1 1 1 1 1-0

Opportunities in Cyber?

Broad Impact Analysis IT needs to support R & D or sales pipeline for a new product or service Acquisition of company or suppliers for a business unit or product line Business impact of IT outage in ordering or production process Reputation, legal and compliance issues with protected classes of data Human element in an ERM process that encourages behavioral training Capital expenditure project or IT system implementation controls Narrow Impact Analysis Software and hardware purchase specifications Procurement work sequence and preapproval screening Mapping the manufacturing operation and logistics sequences Encryption standards in various business units or countries Access control management for employees, contractors, and vendors Data flow diagrams and critical paths through a network or production Source: Zurich

Insurance Product Network Security/Privacy Property Bus. Interruption General Liability E&O / Professional Indemnity Supply Chain Insurance Source: Zurich

Insurance Product Network Security/Privacy Property Bus. Interruption General Liability E&O / Professional Indemnity Supply Chain Insurance Types of Losses Covered Data release liability, extortion, recovery and coaching costs Lost revenue, additional costs incurred as a result of internal data loss TPL for PD, Bodily Injury, Advertising TPL arising from performance of professional services Lost revenue and additional costs incurred as a result of infrastructure breakdown Source: Zurich

Insurance Product Network Security/Privacy Property Bus. Interruption General Liability E&O / Professional Indemnity Supply Chain Insurance Types of Losses Covered Data release liability, extortion, recovery and coaching costs Lost revenue, additional costs incurred as a result of internal data loss TPL for PD, Bodily Injury, Advertising TPL arising from performance of professional services Lost revenue and additional costs incurred as a result of infrastructure breakdown ERM Relational Linkage Total Risk Profiling Business continuity plan (BCP) audit & disruption scenario testing BI modeling and quantification Business continuity plan (BCP) audit & disruption scenario testing Business continuity plan (BCP) audit & disruption scenario testing ERM support & Enterprise Risk Management Diagnostic ERM support & Enterprise Risk Management Diagnostic Total Risk Profiling Business continuity plan (BCP) audit & disruption scenario testing Total Risk Profiling Source: Zurich

Linking Resilience and Results A study found firms demonstrating a more mature approach to Risk Management have better financial results EBITDA growth of over 10% was generated by 28% of companies with advanced risk management practices, compared with just 16% of firms with emerging practices Revenue growth of 10% was shown by 29% of companies with advanced practices, compared with 18% of companies with emerging practices Creating an active risk culture is correlated with higher growth, as organization becomes more aware and accountable for risk. Source: 2012 study by Federation of European Risk Management Associations

Thoughts To Leave With Left of Bang Continuity Planning Infrastructure Selection Strategic Investment Partner Selection Right of Bang Claims Submission and Payment Crisis Management Reputational Outcomes Insurance Programs Risk Engineering Loss Control

Tools You Can Use: Building Business Resilience (ERM007) Speakers: Questions? Linda Conrad, Head of Strategic Business Risk, Zurich Mike Epstein, Senior Director, Risk Management & Business Continuity, E.W. Scripps The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this presentation and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information