![Page 1: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/1.jpg)
Business Continuity & Enterprise Risk Management
Business Continuity & Enterprise Risk Management
BCM as part of a “Compliant” Governance Programme
BCS - October 2003
David Spinks – Director ORM David Spinks – Director ORM
![Page 2: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/2.jpg)
What is Business Continuity Management?
Business Continuity Management is a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.
BSI PAS 056
Or Surviving a crisis …..
![Page 3: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/3.jpg)
SMALL SMALL LOSSESLOSSES-MANY MANY
INTERNALINTERNAL-DATAPOINTDATAPOINT
SS
MEDIUM MEDIUM LOSSESLOSSES-SOME SOME
INTERNALINTERNAL-DATAPOINTSDATAPOINTS
LARGE LOSSES - VERY FEW LARGE LOSSES - VERY FEW INTERNAL DATAPOINTSINTERNAL DATAPOINTS
Size of loss
Nu
mb
er
of
even
ts
External data is necessary here
Business Continuity vs Loss Distribution:
BCM starts here
![Page 4: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/4.jpg)
Recoverers vs Non-Recoverers
-20-15-10-505
101520
1 51 101 151 201 251
Event Trading Days
![Page 5: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/5.jpg)
Enterprise-Wide Risk Management
EnterprisewideRisk
Management
Credit RiskCredit Risk
Credit spread riskDirect credit riskCredit equivalent expenseSettlement risk
Business EventBusiness EventRiskRisk
Shift in credit ratingReputation riskTaxation riskLegal riskDisaster riskRegulatory risk
Execution orderProduct complexityBooking errorSettlement errorCommodity delivery riskDocumentation/contract risk
Exceeding limitsRogue tradingFraudMoney launderingSecurity riskKey personnel riskProcessing risk
Programming errorModel/methodology errorMark-to-market (MTM) errorManagement informationIT systems failureTelecommunications failureContingency planning
Communications failureTiming failure
TransactionRisk
OperationalControl
Risk
SystemsRisk
ProgramRisk
Op
erational R
iskO
peration
al Risk
StabilityStabilityMarket SensitivityMarket Sensitivity
Equity priceEquity priceEquity price volatilityEquity price volatilityEquity basis riskEquity basis riskDividend riskDividend risk
Interest rateInterest rateYield curve riskYield curve riskInterest rate volatilityInterest rate volatilityInterest rate basis spread riskInterest rate basis spread riskSpread riskSpread riskPrepayment riskPrepayment risk
FX rateFX rateFX volatilityFX volatility
Profit translation riskProfit translation riskCommodity priceCommodity priceForward price curve riskForward price curve riskCommodity basis spread riskCommodity basis spread risk
Economic sectorEconomic sectorInstrumentInstrumentMajor transactionMajor transaction
Market liquidityMarket liquidityLiquidity riskLiquidity risk
CorrelationRisk
LiquidityRisk
Equity Risk
Interest Rate Risk
Currency Risk
CommodityRisk
PortfolioConcentration
Mar
ket
Ris
k
Senior management is responsible for managing a wide variety of risk
![Page 6: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/6.jpg)
Operational Risk ManagementOperational Risk Management
ORM ProcessOperational Risk Manager
EXECUTIVE BOARDEXECUTIVE BOARDAudit CommitteeAudit Committee
Formal ReportingEscalation
InformationSecurity
BusinessImpact
Analysis
Audit &Compliance
Fraud&
InvestigationsProgramme
Risk & Change
Risk Assessment and Data Collection Internal and External DataLegal and Regulators
Risk Assessment and Data Collection Internal and External DataLegal and Regulators
Corporate Governance Process
Business Continuity – Safety Net
![Page 7: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/7.jpg)
Why Me?Why Me?
![Page 8: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/8.jpg)
8
3.5 million desktops
20 billion km data lines
North America
Latin America
Africa
Europe
Australia
Korea
Singapore
Japan
Operations:7 x 24 hours
Why EDS?Why EDS?
![Page 9: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/9.jpg)
![Page 10: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/10.jpg)
Agenda
![Page 11: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/11.jpg)
Agenda
![Page 12: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/12.jpg)
![Page 13: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/13.jpg)
Why BCM?
Sarbanes-Oxley
Money Laundering
Basel II – CAD III – Solvency 2
IAS 32/39 Accounting for Financial Instruments
Ratings agencies
Insurance …
Governance ….
![Page 14: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/14.jpg)
Why Operational Risk Management ? Why Operational Risk Management ?
![Page 15: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/15.jpg)
What attracts the attention of Execs? What attracts the attention of Execs?
![Page 16: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/16.jpg)
What lessons can my organisation learn?
What questions do I need to ask to determine the robustness of my organisations BCM?
Executive perspective:
![Page 17: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/17.jpg)
Sequence of Unplanned Event
Resumption Time
Objective
Minimum Acceptable
Performance Requirement
Recovery
Ou
tpu
t
Time
Event
Repair/Replacement Time
Resumption
Response
Plan
Implemented
![Page 18: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/18.jpg)
But don’t forget to ask about ….. But don’t forget to ask about …..
Creep ……………..
![Page 19: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/19.jpg)
Dependence on Suppliers ….….. Dependence on Suppliers ….…..
Creep ……………..
![Page 20: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/20.jpg)
Challenger ….. Lessons Challenger ….. Lessons
Communicate withPress and Media
Understand and Communicate
Risk
![Page 21: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/21.jpg)
Ferries across to Manhattan were virtually the only form of transport still operating at normal levels
The FirstEnergy operator said: "We have no clue. Our computer is giving us fits. We don't even know the status of some of the stuff around us."
FirstEnergy's chief executive Peter Burg has denied wrongdoing.
![Page 22: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/22.jpg)
1810 BST: An alarm indicates a fault on a transformer at the Hurst substation in Kent
1820 BST: Transformer switched off but power still able to flow into London through other circuits 7 minutes later: Another fault occurs stopping flows on a 275,000 Volt underground cable between the New Cross and Wimbledon substation. Power black-out follows
1900 BST: Problem fixed and full power restored
![Page 23: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/23.jpg)
2000: Nuclear chief quits over safety scandal
British Nuclear Fuels (BNFL) has confirmed its chief executive, John Taylor, has resigned over the safety scandal that has attracted severe criticism from watchdogs.
A damning report published last week by the Nuclear Installations Inspectorate confirmed that some safety records relating to a shipment of uranium and plutonium mixed oxide fuel
to Japan had been faked at BNFL's Sellafield in Cumbria.
Honesty always pays ….
![Page 24: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/24.jpg)
But right and wrong may be sometimes confused!
![Page 25: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/25.jpg)
1988: Dozens feared dead in Piper Alpha oil blaze
The worst ever accident in the North Sea oilfields has left up to 168 dead. Shortly before 2200 BST (2100 GMT) last night explosions were reported on the Piper Alpha
drilling platform, 120 miles off the north-east coast of Scotland.
Practice
Test
Stress test
![Page 26: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/26.jpg)
Business is operating in a more uncertain world
Today threats are become not only more serious but their profiles are changing rapidly
Governments (laws),Investors regulators rating agencies are expecting executives to “learn the lessons”
Conclusions:
![Page 27: Business Continuity & Enterprise Risk Management BCM as part of a “Compliant” Governance Programme BCS - October 2003 David Spinks – Director ORM](https://reader035.vdocuments.site/reader035/viewer/2022062712/56649c995503460f9495539c/html5/thumbnails/27.jpg)
Executive leadership, sponsorship and activeparticipation in BCM is essential
BCM needs to be part of an overall approach to Enterprise Risk Management
Adopt Best Practice and ask the difficult questions
Thank you ….
Conclusions :