Embed Size (px)
Citation preview
Business Continuity & Enterprise Risk Management
Business Continuity & Enterprise Risk Management
BCM as part of a “Compliant” Governance Programme
BCS - October 2003
David Spinks – Director ORM David Spinks – Director ORM
What is Business Continuity Management?
Business Continuity Management is a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.
BSI PAS 056
Or Surviving a crisis …..
SMALL SMALL LOSSESLOSSES-MANY MANY
INTERNALINTERNAL-DATAPOINTDATAPOINT
SS
MEDIUM MEDIUM LOSSESLOSSES-SOME SOME
INTERNALINTERNAL-DATAPOINTSDATAPOINTS
LARGE LOSSES - VERY FEW LARGE LOSSES - VERY FEW INTERNAL DATAPOINTSINTERNAL DATAPOINTS
Size of loss
Nu
mb
er
of
even
ts
External data is necessary here
Business Continuity vs Loss Distribution:
BCM starts here
Recoverers vs Non-Recoverers
-20-15-10-505
101520
1 51 101 151 201 251
Event Trading Days
Enterprise-Wide Risk Management
EnterprisewideRisk
Management
Credit RiskCredit Risk
Credit spread riskDirect credit riskCredit equivalent expenseSettlement risk
Business EventBusiness EventRiskRisk
Shift in credit ratingReputation riskTaxation riskLegal riskDisaster riskRegulatory risk
Execution orderProduct complexityBooking errorSettlement errorCommodity delivery riskDocumentation/contract risk
Exceeding limitsRogue tradingFraudMoney launderingSecurity riskKey personnel riskProcessing risk
Programming errorModel/methodology errorMark-to-market (MTM) errorManagement informationIT systems failureTelecommunications failureContingency planning
Communications failureTiming failure
TransactionRisk
OperationalControl
Risk
SystemsRisk
ProgramRisk
Op
erational R
iskO
peration
al Risk
StabilityStabilityMarket SensitivityMarket Sensitivity
Equity priceEquity priceEquity price volatilityEquity price volatilityEquity basis riskEquity basis riskDividend riskDividend risk
Interest rateInterest rateYield curve riskYield curve riskInterest rate volatilityInterest rate volatilityInterest rate basis spread riskInterest rate basis spread riskSpread riskSpread riskPrepayment riskPrepayment risk
FX rateFX rateFX volatilityFX volatility
Profit translation riskProfit translation riskCommodity priceCommodity priceForward price curve riskForward price curve riskCommodity basis spread riskCommodity basis spread risk
Economic sectorEconomic sectorInstrumentInstrumentMajor transactionMajor transaction
Market liquidityMarket liquidityLiquidity riskLiquidity risk
CorrelationRisk
LiquidityRisk
Equity Risk
Interest Rate Risk
Currency Risk
CommodityRisk
PortfolioConcentration
Mar
ket
Ris
k
Senior management is responsible for managing a wide variety of risk
Operational Risk ManagementOperational Risk Management
ORM ProcessOperational Risk Manager
EXECUTIVE BOARDEXECUTIVE BOARDAudit CommitteeAudit Committee
Formal ReportingEscalation
InformationSecurity
BusinessImpact
Analysis
Audit &Compliance
Fraud&
InvestigationsProgramme
Risk & Change
Risk Assessment and Data Collection Internal and External DataLegal and Regulators
Risk Assessment and Data Collection Internal and External DataLegal and Regulators
Corporate Governance Process
Business Continuity – Safety Net
Why Me?Why Me?
8
3.5 million desktops
20 billion km data lines
North America
Latin America
Africa
Europe
Australia
Korea
Singapore
Japan
Operations:7 x 24 hours
Why EDS?Why EDS?
Agenda
Agenda
Why BCM?
Sarbanes-Oxley
Money Laundering
Basel II – CAD III – Solvency 2
IAS 32/39 Accounting for Financial Instruments
Ratings agencies
Insurance …
Governance ….
Why Operational Risk Management ? Why Operational Risk Management ?
What attracts the attention of Execs? What attracts the attention of Execs?
What lessons can my organisation learn?
What questions do I need to ask to determine the robustness of my organisations BCM?
Executive perspective:
Sequence of Unplanned Event
Resumption Time
Objective
Minimum Acceptable
Performance Requirement
Recovery
Ou
tpu
t
Time
Event
Repair/Replacement Time
Resumption
Response
Plan
Implemented
But don’t forget to ask about ….. But don’t forget to ask about …..
Creep ……………..
Dependence on Suppliers ….….. Dependence on Suppliers ….…..
Creep ……………..
Challenger ….. Lessons Challenger ….. Lessons
Communicate withPress and Media
Understand and Communicate
Risk
Ferries across to Manhattan were virtually the only form of transport still operating at normal levels
The FirstEnergy operator said: "We have no clue. Our computer is giving us fits. We don't even know the status of some of the stuff around us."
FirstEnergy's chief executive Peter Burg has denied wrongdoing.
1810 BST: An alarm indicates a fault on a transformer at the Hurst substation in Kent
1820 BST: Transformer switched off but power still able to flow into London through other circuits 7 minutes later: Another fault occurs stopping flows on a 275,000 Volt underground cable between the New Cross and Wimbledon substation. Power black-out follows
1900 BST: Problem fixed and full power restored
2000: Nuclear chief quits over safety scandal
British Nuclear Fuels (BNFL) has confirmed its chief executive, John Taylor, has resigned over the safety scandal that has attracted severe criticism from watchdogs.
A damning report published last week by the Nuclear Installations Inspectorate confirmed that some safety records relating to a shipment of uranium and plutonium mixed oxide fuel
to Japan had been faked at BNFL's Sellafield in Cumbria.
Honesty always pays ….
But right and wrong may be sometimes confused!
1988: Dozens feared dead in Piper Alpha oil blaze
The worst ever accident in the North Sea oilfields has left up to 168 dead. Shortly before 2200 BST (2100 GMT) last night explosions were reported on the Piper Alpha
drilling platform, 120 miles off the north-east coast of Scotland.
Practice
Test
Stress test
Business is operating in a more uncertain world
Today threats are become not only more serious but their profiles are changing rapidly
Governments (laws),Investors regulators rating agencies are expecting executives to “learn the lessons”
Conclusions:
Executive leadership, sponsorship and activeparticipation in BCM is essential
BCM needs to be part of an overall approach to Enterprise Risk Management
Adopt Best Practice and ask the difficult questions
Thank you ….
Conclusions :
