1 / 23

Understanding risks in quantifiable terms provides the roadmap

2010 Virginia RIMS and PRIMA Conference October 5, 2010 Business Impact Analysis: The Road Map to Managing Risks. The need for information…. Understanding risks in quantifiable terms provides the roadmap. Business Impact Analysis (BIA).

eulae
Télécharger la présentation

Understanding risks in quantifiable terms provides the roadmap

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2010 Virginia RIMS and PRIMA ConferenceOctober 5, 2010 Business Impact Analysis: The Road Map to Managing Risks

  2. The need for information… Understanding risks in quantifiable terms provides the roadmap

  3. Business Impact Analysis (BIA) Measures the enterprise-wide impacts to an organization in the event of a major disruption to key business processes • Financial $ quantification of specific exposures • Applied to internal as well as external processes / facilities

  4. The Evolving Landscape Corporate governance Regulatory compliance Need for transparency Executive accountability BUSINESS Competitive pressure Reduced time to market Margin pressure Operational efficiency High asset utilization Lean manufacturing Consolidations Global supply chains & economic conditions Business model complexities / silos

  5. The Evolving Landscape • Internal risks • Traditionally covered ? • External risks? • Do risk management efforts match? • The distinction between internal and external is becoming more blurry • The property risk blind spot

  6. Pressures lead to increasing risks and accountability to manage risk

  7. And yet…

  8. Response: The BCM ‘umbrella’ BUSINESS CONTINUITY MANAGEMENT RISK MANAGEMENT FACILITIES MANAGEMENT & RISK IMPROVEMENT DISASTER RECOVERY SUPPLY CHAIN MANAGEMENT HEALTH & SAFETY QUALITY MANAGEMENT EMERGENCY MANAGEMENT KNOWLEDGE MANAGEMENT SECURITY CRISIS COMMUNICATIONS & PUBLIC RELATIONS Courtesy of the Business Continuity Institute

  9. BIA Analysis / prioritization BC / Ops Strategies The BCM Model Understand your business Design For Resilience STRATEGY Keep continuity alive Develop your continuity strategies CULTURE Implement your continuity strategies

  10. A few basic assumptions • BCP: Scenario neutral • Probabilities • Factor into crisis management, not BCP • Outage time is the key consideration with recovery strategies • Scope • Entire facility Worst case scenarios DO happen… plan on it and you’re ready for anything

  11. Design for Resilience • To know where to direct limited resources, you must determine which activities are most critical to maintaining continuity and achieving your strategic objectives • How would the current level of understanding be assessed? • Revenue streams, resilience and risks? • Interdependencies between revenue streams? • Mitigation capabilities? • Ultimate exposures? Understand your business

  12. Developing BC strategies Make changes now to critical process in your business model to make it more resilient Develop plans that you can implement to maintain your business if the worst happens Prevent losses happening in the first place by protecting your critical processes Specific $ estimates allow for easier cost / benefit evaluation

  13. Information sharing is critical Operations Finance Supply chain Risk Management to create a prioritization map

  14. Firm Infrastructure – Finance Human Resources Information Technology Purchasing/Procurement Profit Inbound Logistics Marketing & Sales Outbound Logistics Operations Service Execution – Business Model Analysis Questionnaires, with follow-up interviews

  15. Dependency Mapping Understanding the relationship between revenue / margin streams and: • Locations (can also drive values reporting) • Processes • Applications • Suppliers (mainly sole sources)

  16. Quantification Approach Internal / External Analysis • Determine product lines impacted and direct variable margin impacts on a product line basis • Evaluate potential interdependent impacts – other revenue streams • Determine current replacement / recovery period • Assess mitigation capabilities • Consider other loss-cost factors • Additional expenses, related to mitigation or other • Customer losses, after recovery; can be huge factor

  17. RTO / MTO Identification • Maximum tolerable outage • The duration after which an organization’s viability will be threatened if the activity cannot be resumed. • Recovery time objective • The specific target time set for resumption of performance of an activity / process / application, etc. after an incident, which must support the MTO. • Evaluate the gap from current recovery • Identification is important, but consider subjectivity • Evaluate against specific $ exposure quantifications via worst-case scenario

  18. Risk evaluation Consider the relationship between physical risk and impact to the business when evaluating risk mitigation strategies

  19. Resource direction

  20. Some examples… • Capet manufacturing: chemical supplier • Coal mining interdependency • Production bottlenecks • Medical device supplier exposures • Sr. management / BOD support for BCP / RI efforts • Focusing RM resources (RI, BCP, transfer,…) > $400M + Reputation + Market Share + Shareholder Value

  21. Summary • BCM more critical • Prioritized approach to make manageable • $ quantifications with assessment of physical risks • Optimizes mitigation strategy selection • Framework includes loss prevention Does the management of internal and external risks match?

  22. Eric Jones, CPA, CVA, CBCP FM Global AVP, Manager, Business Risk Consulting eric.jones@fmglobal.com 972-731-1613

More Related