Upload
ark-group
View
223
Download
0
Embed Size (px)
Citation preview
7/31/2019 Carl Gibson
1/71
Risk and
business
continuity:
a cautionary tale of
Divergence, Devolution,
Divas and Dinosaurs
7/31/2019 Carl Gibson
2/71
Theoriginsofbusinesscontinuity
DisasterRecoveryPlanning
-1970s
7/31/2019 Carl Gibson
3/71
"and I saw in my dream and beholdseven ears came up in one stalk,
full and good. And behold seven
ears withered, thin and blasted
with the east wind, sprung up after
them
Genesis 41:22
7/31/2019 Carl Gibson
4/71
Joseph:
Status
Authority
Resources
Capability
7/31/2019 Carl Gibson
5/71
DEVOLUTION
7/31/2019 Carl Gibson
6/71
Theoriginsofriskmanagement
7/31/2019 Carl Gibson
7/71
TheCodeofHammurabi
If any one be too lazy to keep his
dam in proper condition, and does
not so keep it; if then the dam
break and all the fields be flooded,
then shall he in whose dam the
break occurred be sold for money,
and the money shall replace the
corn which he has caused to be
ruined
7/31/2019 Carl Gibson
8/71
17thCentury
AgeofEnlightenment
Maths&Science
7/31/2019 Carl Gibson
9/71
18thCentury
WilliamMorgan
Mathematicalprinciples
ofriskmanagement
7/31/2019 Carl Gibson
10/71
19thCentury
Insurancecompanies
1844-1853
-149we
reformed
- 59surv
ived
"Insurance companies writing
life business were breedinglike flies in the summer sky,
and disappearing just as fast".
7/31/2019 Carl Gibson
11/71
1940s
ManhattanProjec
t
NicholasMetropolis
MonteCarloanalysis
7/31/2019 Carl Gibson
12/71
1950son
wards
Theriseo
fthem
athematici
ans
John Nash game theory
Harry Markowitz Investment
Theory
Benoit Mandelbrot fractal
geometry
7/31/2019 Carl Gibson
13/71
Last30year
s -
Thedo
minanc
eoftheQa
nts
Engineers
Actuar
ies
Financia
lanalys
ts
7/31/2019 Carl Gibson
14/71
Theriseofstand
ardisation
The dumbing down of a discipline
7/31/2019 Carl Gibson
15/71
Differentphi
losophie
s
Metho
dologies
Grosssimpli
fication
Ignoran
ce
7/31/2019 Carl Gibson
16/71
The problems and failures
of business continuity
7/31/2019 Carl Gibson
17/71
All systems have a
propensity towards failure
Not if - but when
7/31/2019 Carl Gibson
18/71
Examples of BCM failure
appear more widespread
than tales of its success
7/31/2019 Carl Gibson
19/71
Highly process focused
Yet often ignores the widercontrol environment:
-Preventive controls
-Detective controls
-Corrective controls
7/31/2019 Carl Gibson
20/71
Significant focus on the
big disaster
A comprehensive
management systems
approach ..resulting in an
emergency, crisis, ordisaster.
ASIS SPC-1
7/31/2019 Carl Gibson
21/71
Significant focus on the
big disaster
.approach by an
organization that will ensure
its recovery and continuity in
the face of a disaster or othermajor incident or business
disruption
BS25999
7/31/2019 Carl Gibson
22/71
Significant focus on the
big disaster
Ignorant of the creeping
failures
and
The most common causes of
potential organisational
disruption
7/31/2019 Carl Gibson
23/71
2001200220032004200520062007200820092010
Source= ICM 2010
7/31/2019 Carl Gibson
24/71
7/31/2019 Carl Gibson
25/71
Narrow understanding
of risk
Risk management seeks to
manage risk around the key
products and services that an
organization delivers
BS25999 -1
7/31/2019 Carl Gibson
26/71
Narrow understanding
of risk
Still event focused
All business activity is
subject to disruptions, such
as technology failure,flooding, utility disruption
and terrorism
BS25999 -1
7/31/2019 Carl Gibson
27/71
Themovetowards
proscriptivemanagement
systemstandards
ISO 9001:
Research- variable results
Some improvement in
consistency and process
efficiency
Compared to no formalQM approach
7/31/2019 Carl Gibson
28/71
Doesnotad
equatelyc
onsider
networksofinter
-
relationsh
ips
Such as:
- internal informal relationships
- external relationships
- extended supply chains
7/31/2019 Carl Gibson
29/71
Disruptions present complex problems !
However, much of the thinking in
BCM is highly bounded, linear and
ultimately overly simplistic
7/31/2019 Carl Gibson
30/71
Challe
ngehorizo
nEn
vironm
ent
Organisation
DisruptionOperation
Aninadequate
considera
tion
oftheinte
ractionofforce
s
7/31/2019 Carl Gibson
31/71
Risk 1
Risk 2
Risk 1+2 Risk 3
7/31/2019 Carl Gibson
32/71
Risk 1
Risk 2
Risk 1+2+3 Risk 3
7/31/2019 Carl Gibson
33/71
Safety
Workload
Safety &
Workload Urgency
7/31/2019 Carl Gibson
34/71
Safety
Safety & Workload &Urgency
Workload
Urgency
7/31/2019 Carl Gibson
35/71
The issues with risk
management
7/31/2019 Carl Gibson
36/71
Problems of perception
H
euristicsPeakendrule
Small
sample
bias
Prob
ability
7/31/2019 Carl Gibson
37/71
Problems with
probability
7/31/2019 Carl Gibson
38/71
Space shuttle
Probability of a vehicle loss
Management: 1: 100,000 flights
Engineers: 1:100 flights
Reality: 2: 135 flights
7/31/2019 Carl Gibson
39/71
Culture and emotion
Emotional beliefs misconception
of reality
Lack of emotional resources to deal
with adverse situations
Willingness to step up
7/31/2019 Carl Gibson
40/71
Emotional
versus
Analytical
Kahneman 2003
7/31/2019 Carl Gibson
41/71
Ignores theinfluence of luck
Simkin & Roychowdury (2008)
7/31/2019 Carl Gibson
42/71
Little basis on scientific
theory or evidence
Largely intuitive
7/31/2019 Carl Gibson
43/71
Lackofretro
spective
analysis
Werare
lylookb
ackand
validate
7/31/2019 Carl Gibson
44/71
Creatingreput
ationalrisk
&harm
7/31/2019 Carl Gibson
45/71
ORGANISATION
STAKEHOLDERSRISK/EVENT
ENVIRONMENT
7/31/2019 Carl Gibson
46/71
CUSTOMERS
primary
secondary
Funding sources
AlliancesSTAKEHOLDERS
SUPPLIERS
COMPETITORS
REGULATORS
EMPLOYEES
FUTURE RECRUITS
PARTNERS
7/31/2019 Carl Gibson
47/71
ENVIRONMENT
7/31/2019 Carl Gibson
48/71
RISK/EVENT
Certainty?
Severity
Level/duration/
frequency of harm
Level of association
Deviance
Control?
y
7/31/2019 Carl Gibson
49/71
Crisis
typogra
phy
Victim
cluster
Naturald
isaster
Malevo
lence
Rumour
Coombs & Holladay 2002
y
7/31/2019 Carl Gibson
50/71
Acciden
talclust
er
Technica
lbreak
down
Crisis
typogra
phy
y
7/31/2019 Carl Gibson
51/71
Crisis
typogra
phy
Preven
tablec
luster
Humane
rror
Miscon
duct
7/31/2019 Carl Gibson
52/71
Development of a
crisis
7/31/2019 Carl Gibson
53/71
ORGANISATION
HISTORY
RESPONSE
Reputational capital
7/31/2019 Carl Gibson
54/71
ORGANISATION
STAKEHOLDERSRISK/EVENT
ENVIRONMENT
7/31/2019 Carl Gibson
55/71
Multipl
efactor
sworkin
g
intand
em
Control
lableac
tions
Certain
ty
Stakeho
lderassociati
on
Deviant
Media
coverage
7/31/2019 Carl Gibson
56/71
Development of a
crisis
7/31/2019 Carl Gibson
57/71
D f i
7/31/2019 Carl Gibson
58/71
Socio-eco-
political
Strategic
& policy
Operational
& people
Defensive
factors
A f il f
7/31/2019 Carl Gibson
59/71
A failure of response
Understanding & ownership of risk
Forget transient nature
Slow to act
Inadequate/incompetent
Underplays significance
Discounts new information
Eventually overcompensates
Dishonesty perceived
7/31/2019 Carl Gibson
60/71
Proactiv
eandre
active
managemen
t
7/31/2019 Carl Gibson
61/71
Critic
alIncide
nt
Managem
ent
Communications
Faciliti
es
Finance &
Logistics
Safety &Security
Operations
Operations
Legal
adviceCrisis Control
HRadvice
Crisis Management
R hi h
7/31/2019 Carl Gibson
62/71
Accuse
Deny
Excuse
Victimised
Justify
Ingratiate & deflect
Correct
Apologise
Response hierarchy
7/31/2019 Carl Gibson
63/71
Managingintelligentand
controlledchangeinthefaceo
f
uncertainfutures
BCM
Conting
encymanage
ment
Riskma
nagement
resilienc
e
7/31/2019 Carl Gibson
64/71
Risk mgt
Resilience
Emergencymgt
BCM
7/31/2019 Carl Gibson
65/71
Into the future
GRC:
Governance, Risk & Compliance
Resilience
7/31/2019 Carl Gibson
66/71
Time
Activity
Event commences
Stabilisation
Continuity
Recovery
Preparedness
7/31/2019 Carl Gibson
67/71
Evaluation
Planning
Capability development
Exercise & testing
Resource allocation
Vulnerability mgt
Emergency response
Containment
Suppression
Quarantine
Loss control
Isolation
Continuity of operations
Continuity of strategy
Consequence mgt
Salvage
Leakage control
Hibernation
Functional restoration
Capability recovery
Infrastructure restoration
Withdrawal / divestment
Performance improvement
Operational redevelopment
Stabilisation strategies
Continuity Strategies
Recovery StrategiesEven
tcommencement
Preparedness
Pre-event Post-event commencement
Time
7/31/2019 Carl Gibson
68/71
Leadership Culture
Acuity
Trust
Agility Interconnections
Creativity
Learnability
BehavioursValues Ambiguity
tolerance
Characteristics
Stress
coping
Strategic
surety
Resource
capability
Through chain
capability
GovernancePeople capability
Decision making
processes
Risk
management
Communication
BCM & Crisis
management
Infrastructure &
technology capabilityFinancial
management
Relationship
management
Activities & Capabilities
Compliance
Emergency
management
Resilience
C t t d d t
7/31/2019 Carl Gibson
69/71
Attributes
Resources
Infrastructure
Resilience
capability
Changing context
(conditions, affects & time)
+ +- -
Attributes
Resources
Infrastructure
Resilience
Vulnerable
Resilient
High
resilience
Low
resilience
Context dependant
R E S I L I E N C E
7/31/2019 Carl Gibson
70/71
Fitnessfor
purpose
Capacity
FlexibilityTenacity
Processca
pabilitie
s
Resources&
infrastructu
recapabilities
Leadership, people and knowledge capabilities
Context Context
Context
E
R
E
S
I
L
I
E
N
CER
E
S
I
L
I
E
N
CE
R ES I L I E N CE
Head
7/31/2019 Carl Gibson
71/71
HeadScientific based &
analytical Handprocess
Heart
emotional