Planning & Management Nuggets (2009/10 GUIDE)

Page 28

Page 33

Page 37

Page 40

Page 41

Online

From DRI International and the Business Continuity Institute

Professional Practices for Business Continuity Planners

  1. Program Initiation and Management
     Establish the need for a Business Continuity Management (BCM) Program, including resilience strategies, recovery objectives, business continuity, operational risk management considerations and crisis management plans. The prerequisites within this effort include obtaining management support and organizing and managing the formulation of the functions or processes required to construct the BCM framework.
     
  2. Risk Evaluation and Control
     Determine the risks (events or surroundings) that can adversely affect the organization and its resources (example(s) include: people, facilities, technologies) due to business interruption; the potential loss of such events can cause and the controls needed to avoid or mitigate the effects of those risks. As an outcome of the above, a cost benefit analysis will be required to justify the investment in controls.
     
  3. Business Impact Analysis
     Identify the impacts resulting from business interruptions that can affect the organization and techniques that can be used to quantify and qualify such impacts. Identify time-critical functions, their recovery priorities, and inter-dependencies so that recovery time objectives can be established and approved.
     
  4. Business Continuity Strategies
     Leverage the outcome of the BIA and Risk Evaluation to develop and recommend business continuity strategies. The basis for these strategies is both the recovery time and point objectives in support of the organization’s critical functions.
     
  5. Emergency Response and Operations
     Identify an organizations’ readiness to respond to an emergency in a coordinated, timely and effective manner. Develop and implement procedures for initial response and stabilization of situations until the arrival of authorities having jurisdiction (if/when).
     
  6. Business Continuity Plans
     Design, develop, and implement Business Continuity Plans that provide continuity and/or recovery as identified by the organization’s requirements.
     
  7. Awareness and Training Programs
     Prepare a Program to create and maintain corporate awareness and enhance the skills required to develop and implement Business Continuity Management.
     
  8. Business Continuity Plan Exercise, Audit and Maintenance
     Establish an exercise/testing program which documents plan exercise requirements including the planning, scheduling, facilitation, communications, auditing and post review documentation. Establish maintenance program to keep plans current and relevant. Establish an audit process which will validate compliance with standards, review solutions, verify appropriate levels of maintenance and exercise activities and validate the plans are current, accurate and complete.
     
  9. Crisis Communications
     Develop and document the action plans to facilitate communication of critical continuity information. Coordinate and exercise with stakeholders and the media to ensure clarity during crisis communications.
     
  10. Coordination with External Agencies
     Establish applicable procedures and policies for coordinating continuity and restoration activities with external agencies (local, regional, national, emergency responders, defense, etc.) while ensuring compliance with applicable statutes and regulations.
www.drii.org/professionalprac

From Risk & Insurance Management Society

www.rims.org/ERM/Pages/default.aspx

BCI: Boardrooms need a simple, transparent method of risk oversight

Business Continuity Institute has published a discussion paper on how risk oversight and transparency can be improved for non-executive directors and shareholders through applying business continuity management practices.

Entitled “Risk Management is Dead, Long Live Risk Management”, the BCI paper argues that traditional approaches to risk management have become too complex thereby undermining the value that a broadly-balanced board can bring to a company.

The paper argues that there is a need for a Corporate Impact Policy that considers the dependencies and vulnerabilities of a business around the seven areas of disruptive impact which include reputation, finance, supply chain and people. The paper also covers the case of a financial institution, Euroclear Bank, that applied business continuity management to successfully weather the collapse of Lehman Brothers.

In short, if used effectively, business continuity management helps the board focus on some key questions:

  • The company’s business and operating model
  • Key value creating products and services
  • Key dependencies such as critical assets and processes
  • How the company will respond to a loss or threat to any of the above
  • What the main threats are today and what is on the horizon
  • Evidence that the resulting business continuity plans will work in practice

www.thebci.org/riskmanagementdiscussion.html

Model Risk Management: Key Considerations for Challenging Times

Model risk management stands at the forefront of risk management for many financial services firms. In this article the current state of model risk management is reviewed by focusing on two areas.

Strengthening Supply Chains
Relationships with critical suppliers shouldn't be taken for granted; focusing on such relationships can ensure long-term business health.

10 Minutes on Corporate Governance Issues and the Economic Downturn
Boards of directors facing today's credit crisis and economic realities must reassess certain business fundamentals, including risk management in a globally integrated market, and executive compensation, all while taking measures to help their companies weather the current storm.

Enterprise Risk Management: A Practical Guide to Risk Assessment and Risk
This whitepaper outlines how organizations that vigorously interpret the results of their risk assessment process set a foundation for establishing an effective enterprise risk management (ERM) program and are better positioned to capitalize on opportunities as they arise.

www.pwc.com/us/en/forms/usengnss0regpubsmodelrisk
managementkeyconsiderationsforchallengingtimes.jhtml

From KPMG

The Risk & Compliance Think Tank
The Think Tank consists of ten senior risk and compliance commentators from across the KPMG network of firms. Convened on a regular basis, this group aims to provide an opinion on the issues of the moment; ranging from risk management and fraud through to governance and compliance. Here are some of the pieces you will find:

  • Identifying the next emerging risk
  • The rise of systemic risk
  • The need for alignment
  • Demonstrating a return on investment in ERM

The Risk & Compliance Think Tank

WMD Prevention and Preparedness Act Introduced in the Senate

As the nation prepared to mark the eighth anniversary of the 9/11 attacks and the subsequent anthrax attacks, Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and Ranking Member Susan Collins, R-Me., introduced legislation to prevent and prepare for terrorist attacks from biological weapons and other weapons of mass destruction (WMD).

The Weapons of Mass Destruction Prevention and Preparedness Act of 2009 responds to a statement by the Director of National Intelligence Mike McConnell in December 2008 and the findings of a Congressionally-mandated WMD commission that a WMD terrorist attack is more likely than not to occur by 2013 and that a biological attack is more likely than a nuclear attack.

The bill would strengthen security at labs using the most dangerous pathogens, improve capabilities to assess the threat of terrorists acquiring WMD, ensure that citizens get critical safety information, and develop a means for quickly delivering life-saving drugs to areas that have been attacked.

http://www.emforum.org

From Business Roundtable

Business Roundtable, a membership organization of nearly 160 CEOs from leading U.S. companies, launched the Partnership for Disaster Response in 2005, following the Asian tsunami. The mission: to expand corporate commitment to disaster response beyond financial contributions.

The Partnership for Disaster Response works to:

  • Enhance the efficiency of the private sector’s disaster response
  • Foster public-private collaborations to prepare for the health, social and economic burdens that disasters can create
  • Ensure that the business community’s response efforts address the most critical needs
  • Mobilize the technologies and resources of Business Roundtable’s member companies

Top Ten Myths of Disaster Relief
The top ten most common myths of disaster relief:
Download

The Dos and Don'ts of Effective Giving
A guide for companies on how to most effectively contribute to the immediate relief and recovery effort.
Download

How Can my Company Help? A Guide for Country Managers in Responding to Natural Disasters
A guide for country managers in responding to natural disasters.
Download

Protecting Your Business
A guide for security, real estate, tax and legal staff on issues to consider when sharing office space after a disaster.
Download

Roles & Responsibilities of Key Players in Disaster Response
Disasters create a web of physical, financial and emotional crises that require quick, decisive action from a large number of entities. This section provides an overview of the roles and responsibilities of key players involved in disaster response; NGOs, Government, Private Sector, United Nations and the Military.

About Disaster Response

From FEMA

Voluntary Private Sector Preparedness Accreditation And Certification Program
 The Voluntary Private Sector Preparedness Accreditation and Certification Program is mandated by the Implementing Recommendations of the 9/11 Commission Act of 2007 to establish a common set of criteria for private sector preparedness, including disaster management, emergency management, and business continuity programs. The goal of this voluntary program is to enhance nationwide resilience in an all hazards environment by improving private sector preparedness. Participation in the program will be voluntary and intended to be driven by the marketplace.

The Act was signed into law on August 3, 2007. Title IX of this Act amends elements of the Homeland Security Act of 2002 to include development of a voluntary private sector preparedness accreditation and certification program.

Establishment of the Voluntary Private Sector Preparedness Accreditation and Certification Program
The Department of Homeland Security (DHS) was charged with a number of core tasks to establish the voluntary accreditation and certification program, which include:

  • The Secretary of Homeland Security was directed to designate an officer within the department responsible for the voluntary program;
  • Designate one or more organizations to act as an accrediting body;
  • Designate one or more standards for assessing private sector preparedness;
  • Provide information and promote the business case for voluntary compliance with preparedness standards;
  • Monitor the effectiveness of the program on an ongoing basis; and
  • Submit report to Congress on the program.

Establishment of an Accrediting Body
 DHS has signed an agreement with the ANSI-ASQ National Accreditation Board (ANAB) to develop and oversee the certification process, manage the accreditation, and accredit qualified third parties to carry out the certification in accordance with the accepted procedures of the program.

Designation of Preparedness Standards
The third requirement of the legislation is to designate one or more standards for assessing private sector preparedness. In developing and implementing the program, DHS will consider preparedness standards, business continuity standards, and best practices established under other provisions of Federal law, regulations, and as established by sector-specific agencies. DHS will coordinate with other preparedness and business continuity programs in other Federal agencies.

Private sector entities may choose a selected standard and become certified based on their compliance to that standard. The standards designated are used by the certification body to assess private sector preparedness compliance.

www.fema.gov/media/fact_sheets/vpsp.shtm

From The Natural Hazards Center

Since 1976, the Natural Hazards Center has served as a national and international clearinghouse of knowledge concerning the social science and policy aspects of disasters. The Center collects and shares research and experience related to preparedness for, response to, recovery from, and mitigation of disasters, emphasizing the link between hazards mitigation and sustainability to both producers and users of research and knowledge on extreme events. Following is a sampling of the publications offered by the center.

Natural Hazards Observer
Bimonthly periodical of the Natural Hazards Center. It covers current disaster issues; new international, national, and local disaster management, mitigation, and education programs; hazards research; political and policy developments; new information sources and Web sites; upcoming conferences; and recent publications.

Disaster Research
Biweekly e-newsletter that includes some news items that also appear in the Natural Hazards Observer as well as other timely articles about new developments, policies, conference announcements, job vacancies, web resources, and information sources in the field of hazards management.

Research Digest
A quarterly online publication that compiles recent research into an easily accessible format for the hazards and disasters community. It provides complete references and abstracts (when available) for current research in the field. The issues include more than 35 peer reviewed publications.

Natural Hazards Review
Joint publication of the Natural Hazards Center and the American Society of Civil Engineers, which brings together the regulatory and policy environments and the social, behavioral, and physical sciences to confront natural hazards loss reduction.

www.colorado.edu/hazards/o/

From the Economist Intelligence Unit

Managing Risk in Perilous Times: Practical steps to accelerate recovery
This research, written by the Economist Intelligence Unit and sponsored by ACE, KPMG, SAP and Towers Perrin, examines lessons that have been learned from the current financial crisis, and propose ten practical lessons that could help to address perceived weaknesses in risk identification, assessment and management.

Managing Risk in Perilous Times

From Ernst & Young

The depth of the global recession impact has permanently changed the rules of the game for corporate. Ernst & Young study finds 88% of global companies say their operating model has been altered by recession.

The impact of the economic downturn has clearly been significant, however not all companies are equally affected by the recession, according to a study of executives at 570 leading global companies released in June of 2009 by Ernst & Young LLP. The comparisons with a similar study in January also reveal that while the white heat of the crisis has passed, the majority of companies are still focused on survival. However, a significant minority are looking to take advantage of the situation to pursue new opportunities.

The study “Opportunities in adversity: accelerating the change” finds nearly half of those surveyed (43%) said that their operating model had been permanently altered by the events of the last 18 months. A further 45% said there had been a temporary impact. Similarly 56% of the executives said that their risk management processes had been permanently altered, 33% temporarily. For 45% the regulatory framework for business had also fundamentally changed.

Global Recession Impact
Study available at ey.com/opportunities-in-adversity.

From Contingency Planning & Management

Beyond Disaster Recovery: Becoming a Resilient Business
An object-oriented framework and methodology

Succession Planning and the Aging Workforce
Companies need to bear in mind that the upcoming retirement years are going to be larger than any other time in U.S. history. With 76 million Boomers leaving the workforce and only 46 million Generation Xers available to take the newly vacant roles, there will be a deficit of 30 million workers. So while there are approximately 100 million Millennials, the oldest of them are still too young and inexperienced to step into leadership roles.

The Role of Safety in Business Continuity
Over the past few years, disasters and emergencies have garnered much attention in American society. From the disaster that did not occur, Y2K, to the attacks on the World Trade Center, the blackouts in 2003, the multiple hurricanes making landfall during 2004 in Florida, Katrina in 2005, and the droughts and subsequent wildfires as well as the flooding and mudslides in the Northwest in 2006, it seems like a steady drumbeat of bad headlines have caught America’s attention for the past few years. Like families, businesses are paying close attention to these headlines.

www.contingencyplanning.com/articles/73105/

Go To Source

Development Of Workplace Violence Prevention And Intervention National Standard Underway
ASIS International and Society for Human Resource Management, both American National Standards Institute accredited Standards Development Organizations, will collaborate on the development of a joint Workplace Violence Prevention and Intervention American National Standard. MORE>>

Lack Of End User Training Growing Threat To It Security, According To Comptia Study
While information security remains a top priority for eight in 10 IT professionals surveyed, many companies seem to be underestimating one of the most significant IT security threats -- end user error. According to CompTIA's 7th Annual Trends in Information Security survey, human error is the primary cause of the most severe security breaches, yet significantly fewer organizations (45 percent) provided security training for their non-IT staff in 2008 compared to 53 percent in 2007. MORE>>

DHS Releases 2009 National Infrastructure Protection Plan
The National Infrastructure Protection Plan provides the unifying structure for the integration of a wide range of efforts for the enhanced protection and resiliency of the nation's critical infrastructure and key resources (CIKR) into a single national program. MORE>>
 
To read the plan, visit www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf.

Forecast Says Operational Risk To Increase In 2009
iJET Intelligent Risk Systems, a provider of global intelligence and business resiliency services, is advising organizations of a coming increase in operational, facility and supply chain disruptions due to the current state of the global economy. The intelligence firm is also offering recommendations for businesses to prepare for and mitigate increasing risk, as well as uncover potential opportunities during the current economic recession. MORE>>

From InterCEP

The Business Case for Preparedness
InterCEP has compiled an annotated bibliography to provide organizational decision makers with a series of arguments to support the business case for preparedness.

As a research effort, this annotated bibliography is only a first step toward a meta-analysis of how the business case for preparedness is currently evolving in the field. InterCEP solicits feedback from readers of this bibliography.

» Read the annotated bibliography, or
» Download and print it (.pdf).

From NEMA & FEMA

NEMA and Partners Identify Recommendations for an Effective National Mitigation Effort

The National Emergency Management Association (NEMA), in conjunction with the Federal Emergency Management Agency and the assistance of numerous other organizations, today released a white paper titled “Recommendations for an Effective National Mitigation Effort,” outlining the importance of mitigation efforts aimed at building disaster resiliency across the nation.

The release of the white paper comes at a time where the threat of flooding, tornados, hurricanes, and other disasters weigh heavily on economically challenged states and localities across the country. While mitigation initiatives can come with hefty short term price tags, the long-term effects of successful mitigation plans and projects can prove to be crucial investments for the safety and resiliency of any community. Natural and man-made disasters can happen anywhere and at any time, making the effort to increase attention to all-hazards mitigation efforts essential to national preparedness.

“Mitigation is the least visible, but perhaps the most important concept that can be used to protect communities from disasters. Mitigation cannot completely eliminate the risk of disasters, but the process of identifying hazards should lead to effective, community-supported measures that can save lives, lower the overall cost of a disaster, and makes communities more resilient,” said James Mullen, Director of the Washington State Emergency Management Division and the NEMA Mitigation Committee chair. “That so many professional associations worked to develop this paper is a testament to their conviction that all-hazards mitigation is essential to effective national preparedness.”

The paper originated from a meeting held in January that brought together partner organizations from many different sectors concerned with the issues surrounding mitigation benefits and challenges. The project was funded through a cooperative agreement established between NEMA and FEMA in the hope of facilitating mitigation dialogue and establishing relationships between those in the mitigation community.

The Mitigation white paper is now available for download.
 
www.nemaweb.org/?3190

Back to the top