1 / 42

BS 25999 – Part 2 Business Continuity Management Specification Awareness Presentation

BS 25999 – Part 2 Business Continuity Management Specification Awareness Presentation. Date: 28 Nov 2007 Mumbai. A turning point-but not the least. Disruptions that we are familiar with. Disruptions we almost forgot!!!. Started as LLDDS in Clinton, Mississippi

minor
Download Presentation

BS 25999 – Part 2 Business Continuity Management Specification Awareness Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BS 25999 – Part 2 Business Continuity ManagementSpecificationAwareness Presentation Date: 28 Nov 2007 Mumbai

  2. A turning point-but not the least

  3. Disruptions that we are familiar with

  4. Disruptions we almost forgot!!! • Started as LLDDS in Clinton, Mississippi • Merged with MCI in 1997 and called MCI WorldCom • Was second largest communications company n the US • Telecom industry entered a downturn in 1998 • Starting 1999 to 2001 there was accounting fraud • Underreporting ‘line costs’ (interconnection expenses with other telecommunication companies) by capitalizing these costs on the balance sheet rather than properly expensing them. • Inflating revenues with bogus accounting entries from ‘corporate unallocated revenue accounts’. • Internal fraud estimates was 3.8 Billion USD • Final estimates 11 billion USD • Post chapter 11 changed name to MCI which was acquired by Verizon in 2005

  5. Enron • irregular accounting procedures bordering on fraud throughout 1990’s. • opacity of the company's financial disclosures. • 2001 Jeff Skilling joined Enron as CEO but left in six months, but feore he left he sold 450000 shares. • Keneth Lay Chairman took over as CEO • Media and analysts doubted the liquidity • Enron's plunge occurred after it was revealed that much of its profits and revenue were the result of deals with special purpose entities (limited partnerships which it controlled). • Oct 2001, Enron declare a 1 time charge of 1 billion • Started to buy back commercial papers for 3.8 billion to give impression of good cash position, but consumed bank credit • Credit ratings lowered by Moody’s and S&P • Stocks tumbled • Arthur Anderson vanished

  6. Influenza

  7. Reality • Nearly 1 in 5 businesses suffer disruption every year • Source BCI

  8. Has your company been affected by any of the following interruptions in the past year?

  9. How much would you estimate business disruptions have cost your company in the past twelve months?

  10. What do you think is currently the weakest link in your continuity strategy, planning and recovery efforts?

  11. What is Business Continuity Management ? holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities

  12. Why BCMS ? • Minimize business disruptions • Quickly recover to normal business operations • Protect an organization’s value and reputation • To meet • shareholder commitments • national / legislative requirements • IBA guidelines for banks • legal, regulatory and contractual commitments • moral and social responsibilities • Demonstrate “best practice”. • Reduce insurance liabilities.

  13. What a BCMS achieves

  14. Logical steps

  15. Risk matrix Critical Less critical

  16. Risk Impact versus control Strength of controls Priority focus should be on the aspects with high risk and those with the largest gap between risk and control

  17. Typical Business Risks • Failure or refusal to supply • Bargaining power of suppliers • Business model • Processes • Loss making orders • Partners • Investment • Outsourcing

  18. Typical Business risks • Accounting practices • Lines of credit • Accounts receivables • Cash flow • Cost structure • Ability to raise finance and Liquidity • Overhead costs • Economy of scale

  19. Typical Business risks • Services • Channels • Currency fluctuations • Transfer pricing • Equity portfolio • Taxation • Deductibles • Availability of finance • Interest rates • Insurance claims/liabilities

  20. Typical Business risks • Migration of key people to competition • Quality of workforce • In-availability of workforce • Unions • Health of senior management/key employees • Crime

  21. Risks and Potential Threats

  22. Where BCM is going? • No longer just a fashion accessory, BCM is now an integral part of managing the business • Integrated across all business functions; no longer seen as an IT speciality • Now being accepted as a strategic business imperative • Progress towards independent auditable processes • BS25999-2 • Broader based agreement on what is best practice in the form of the a new standard, BS 25999-1

  23. Benefits of BCM The benefits of an effective BCM programme are that the organization: • is able to proactively identify the impacts of an operational disruption • has in place an effective response to disruptions which minimises the impact on the organization • maintains an ability to manage risks • encourages cross-team working • is able to demonstrate a credible response through a process of exercising • could enhance its reputation • might gain a competitive advantage, conferred by the demonstrated ability to maintain delivery.

  24. 29 29 BS 25999 • BS 25999-1:2006 • Code of practice for business continuity management • Published 28 November 2006 • BS 25999-2:2007 • Specifications • Published 20 Nov. 2007

  25. Association of British Insurers Association of Chief Police Officers Association of Insurance Risk Managers Business Continuity Institute Cabinet Office Chief Fire Officers' Association (CFOA) Continuity Forum Coventry University Department of Trade and Industry Emergency Planning Society Association of British Certification Bodies Organisations Represented on TC BCM/1 • Federation of Small Businesses • Financial Services Authority • Independent International Organization for Certification • Institute of Directors • Institute of Emergency Management • Institute of Internal Auditors • Institute of Risk Management • Intellect • Metropolitan Police • Securities Industry Business Continuity Management Group (SIBCMG) • Society of Industrial Emergency Services Officers (SIESO) • Survive

  26. Standards • An agreed, repeatable way of doing things • A full consensus of all interested parties, so not imposed • Voluntary • Best practice not general practice, thus aspirational • Back-up can be available through audit and certification • Updated on a regular cycle

  27. Standards: some benefits • Promotes competition • Attracts customers • Demonstrates market leadership • Creates competitive advantage • Develops and maintains best practice • Maximises compatibility

  28. What have standards done to Indian Businesses ? • Have given the opportunity for Indian companies to Leap-Frog the learning curve w.r.t. management systems and practices

  29. BCMS – PDCA Cycle

  30. Plan • Establish business continuity policy, objectives, targets, controls processes and procedures relevant to managing risk and improving business continuity to deliver results in accordance with an organisation’s overall policies and objectives

  31. Do • Implement and operate the business continuity policy, controls, processes and procedures

  32. Check • Assess and, where applicable, measure process performance against business continuity policy, objectives and practical experience, and report the results to management for review

  33. Act • Take corrective and preventive actions, or other relevant information based on the results of the management review, to achieve continual improvement of the BCMS

  34. The BCM Lifecycle Embedding BCM in the organizational culture Understanding the organization Determining BCM Strategy Exercising, maintaining and reviewing Developing and implementing BCM response

  35. The fit

  36. Definitions • Disruption • Event whether anticipated or unanticipated, which causes an unplanned negative deviation from the expected delivery of products or services according to the organisation’s objectives • Risk • something that might happen and its effect(s) on the achievement of objectives • Risk management • structured development and application of management culture, policy, procedures and practices to the tasks of identifying, analysing, evaluating, and controlling responding to risk

  37. Thank you

More Related