INTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY

Similar documents
RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Perpetual s Risk Management Framework

Procedure: Risk management

MHEC MASTER PROPERTY PROGRAM BUSINESS INTERRUPTION VALUE REPORTING. March 8, 2018

REDUCING TOTAL COST OF RISK THROUGH ANALYTICS

Risk Management Policy and Framework

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Lindsay Grimes Marsh USA Inc.

QBE INSURANCE GROUP LIMITED RISK AND CAPITAL COMMITTEE CHARTER. Nature of committee: Risk and Capital Committee. Owner: Company Secretary.

RISK MANAGEMENT FRAMEWORK OVERVIEW

MARSH CAPTIVE SOLUTIONS

1st Capacity Building Seminar on Enterprise Risk Management

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

An executive summary should include the purpose of having a BCP for your business and highlight the key points in your plan:

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

How Internal Audit Can Help Promote Effective ERM

ERM Concepts and Framework. Paul Duffy

Guide to an ERM Risk Map and Working in Practice

ERM and ORSA Assuring a Necessary Level of Risk Control

Sections of the ORSA Report

How to Compile and Maintain a Risk Register

KEEPING JURISDICTIONAL INSPECTIONS ON COURSE:

The Business Continuity Blueprint. A practical guide to. business continuity planning. PART 1 An Introduction

Understanding Enterprise Risk Management: An Overview

RISK MANAGEMENT POLICY

Enterprise Risk Management Policy Adopted by the AMP Limited Board on 2 February 2017

Regulation and risk The strategic response to insurance regulatory developments Alex Thomson, May 2013

An Introductory Presentation for ECU Staff

GOV : Enterprise Risk Management Policy

CAPTIVE BEST PRACTICE GUIDELINES

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

Risk Management Policy Adopted by:

Risk Management Policy

Risk Management Policy & Procedures. Premier Ltd.

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

RISK AND BUSINESS CONTINUITY MANAGEMENT

SCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda

ERM in the Rating Process: A Practical Perspective

University Risk Management Policy

Senior Director, Fire Life Safety & Risk Management

Builder s Risk. Introduction and Coverages. March 9, 2018

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Risk Management Strategy

Risk Management Strategy Draft Copy

An Overview of the Enterprise Risk Management Process

Subject ST9 Enterprise Risk Management Syllabus

OWN RISK AND SOLVENCY ASSESSMENT. ERM Seminar Compliance All Dealing from the same deck now

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

Risk Management Strategy Highland Council Pension Fund

M_o_R (2011) Foundation EN exam prep questions

DRAFT 3/18/14 Financial Analysis Handbook 2014 Annual/2015 Quarterly

Effective Assurance Frameworks

RISK MANAGEMENT POLICY October 2015

Business Continuity Management and ERM

FERMA European Risk Manager Survey 2018

An Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association. Lauren Woods Member Engagement & Operations

Pillar 2 for Insurer s:

Webinar: Deep Dive into Risk, High Risk and Risk Assessments in the GDPR

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

HUBTOWN LIMITED REVISED RISK MANAGEMENT POLICY. (Effective from December 1, 2015)

Ingenious Capital Management Limited: Pillar III Disclosure

Document Service Agreement

PILLAR 3 DISCLOSURES MERCER UK AUGUST 2016

Subject SP9 Enterprise Risk Management Specialist Principles Syllabus

The Internet of Everything: Building Cyber Resilience in a Connected World

University of California Emeriti & Retiree Groups CAMPUSCONNEXIONS LIABILITY INSURANCE

7/25/2013. Presented by: Erike Young, MPPA, CSP, ARM. Chapter 2. Root Cause Analysis

Nagement. Revenue Scotland. Risk Management Framework

South Lanarkshire College Risk Management Policy and Procedures

Section Defining Risk Management. 11. Principles of Risk Management

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

Delivering Clarity to Credit Unions Through Expertise and Experience

How To Drive Actionable Intelligence On The Big Data Journey. October 15, 2015

Client Risk Solutions Going beyond insurance. Risk solutions for Financial Institutions. Start

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

The Changing face of ERM: The Insurance Company s Perspective

Standard Terms of Business

ERM and ORSA are they the same? Focus on Active Risk Management

What Is Enterprise Risk Management?

FAIS Risk Management Plan

Practical aspects of determining and applying a risk appetite for SMEs

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Life in a Solvency II World

Southeastern Actuaries Conference 2012 Annual Meeting. Jeffrey S. Schlinsog, CFA, FSA, MAAA

ERM Capability A Rating Agency s View. David N. Ingram, CERA Director Enterprise Risk Management, Financial Services Ratings Standard & Poor s

D7 Risk Management Policy

Public service pension schemes

Operational Risk Management

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Actuaries Club of the Southwest

ADR Program Professional Liability Insurance and Commercial Liability Insurance Renewal Terms

Your Partner in Insurance. Solvency and Financial Condition Report. Ageas Insurance Limited Company Registration Number:

Topic RISK MANAGEMENT Procedure Category Risk Management Updated 07/2011

Risk Management Policy Coface Singapore

Presentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,IIK 6 th JULY 2017

Transcription:

INTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY June 2012 Sami Ahmed Assistant Vice President - MRC Paolo De Rosa Senior Vice President - MRC

Introduction Purpose Raise your knowledge and awareness of the reasons and processes to integrate Business Continuity Management (BCM) with Risk Identification and Assessment into an effective Enterprise Risk Management (ERM) Framework. Scope Background Method of integration Advantages of integration Governance structure Summary 1

Background What is a risk? Effect of uncertainty on achieving objectives The chance of something happening that will have an impact on objectives Is measured in terms of a combination of the likelihood of an event occurring and their consequences How do you control risk? Eliminate risk Avoid risk Transfer risk Retain risk Change the activity, cease it all together to eliminate the risk Change the activity to reduce the likelihood and/or consequence of the resulting from the risk Transfer the risk via contract, insurance or other means Accept that the risk is intrinsic to activity implement level of controls based upon risk appetite Increased exposure 08 June 2012 2

Background Business Continuity Management Exercise and Audit Understand the Organization Develop Business Continuity Plan Determine BCM strategy (BIA) 3

Background Business Continuity Management Process BCM Process Functions Filter Threats Plans Recovery of Business from Interruptions 4

Background What is Enterprise Risk Management? Enterprise risk management (ERM) is a structured, consistent and continuous way of managing risk. Allows companies to better understand and address the material risks ERM adds value by: Reducing risk Increasing potential opportunities Reduce overall uncertainty 5

Background Enterprise Risk Management ISO 31000:2009 6

Background Principals The values of risk management practices within the organisation Define the purpose How ERM should look and feel Ensure relevance to the organisation s culture 08 June 2012 7

Background Risk Management Framework Commitment Accountability Dedicated resources Relevant to the organisation Integration Adoption Review and Improvement 08 June 2012 8

Background Risk Management Process What is the Risk? How serious is the Risk? How do we mitigate the Risk? How do we sustain the mitigation of the Risk? 08 June 2012 9

Background Enterprise Risk Management Process ERM Process Likelihood Filter Impact Controls Protects against threats to Strategic Objectives 10

Background Traditionally some organisations have maintained separate Business Continuity Management and Enterprise Risk Management arrangements Silo effect ERM Process Threats Impacts BCM Process Likelihood Functions Filter Filter Impact Threats Controls Plans Protects against threats to Strategic Objectives Recovery of Business from Interruptions 11

Disadvantages of Silo Overall two separate practices may result in: The key risks threatening the organisation may not be mitigated In turn resulting in: incorrect investment in controls increased expenses a reduced bottom line 12

Our proposition ERM and BCM should be completed together BCM is part of an effective ERM Framework 13

Traditional BCM Business Impact Analysis Business Impact Analysis Division 1 Division 2 Division 3 Division Function/Process Scenario 1 Function/Process Scenario 4 Plan 1 Plan 1 Function/Process Scenario 2 Function/Process Scenario 5 Plan 2 Function/Process Scenario 3 14

Typical ERM Risk Identification and Assessment Risk Identification And Assessment Division 1 Division 2 Division 3 Division Risk Scenario 1 Control 1 Risk Scenario 2 Control 2 Risk Scenario 3 15

New Approach to Enterprise Risk Management Framework Enterprise Risk Management Framework Division 1 Division 2 Division 3 Division Risk Function/Process RIA -Control 1 BCM Plan 1 Risk Function/Process RIA -Control 2 BCM Plan 2 Risk Function/Process 16

How can we integrate? A combined process Business Strategy Interviews and workshops Key RM activity BCM activity Integrated RM/BCM activity Key risks / threats Key processes Identification of Risks Impact of interruptions upon key processes Risk Map Risk Register Threats, Impact, Likelihood Dependencies Vulnerabilities Impact Risk Strategy & Controls (Preventative) Business Continuity Plans (Mitigation) 17

How can we integrate? Business Impact Analysis The Risk Likelihood Consequence Risk Rating Function affected Risk 1 Almost certain Very High Function 1.. Function n Risk 2 Likely High Function 2.. Function n Enterprise Risk Register Risk Risk Risk Rating Financial risk Risk 1 Risk 2 Strategic risk BCP Operational risk IT Risk BCM is a means of controlling relevant disruption related risks to the organisation 18

Why integrate? Considerations: BCM looks to provide ERM with: A better understanding of the critical activities (processes) and the infrastructure & resources that support these An existing risk mitigation framework Promotes whole of business communication of critical functions ERM looks to provide BCM with: A broader view of risk Systematic approach of consistently and continuously monitoring and managing risk Promotes cross divisional communication of key threats A better view of any emerging threats 19

Why Integrate? Traditionally BCM: Concentrates on mitigating the high consequence threats to functions such as an earthquake, flood or fire Then looks to mitigate the threats through Business Continuity Plan Disadvantage of segregation : Business may lose focus upon the high likelihood low consequence risk responses e.g. fraud, privacy breaches, data losses etc due to high impact priority Mitigation through BCM 20

Why Integrate? Traditionally ERM: Prioritises risks and risk treatments based upon Likelihood and Consequence Concentrates upon high likelihood and high consequence risks Mitigation through ERM Disadvantage of segregation: Business may lose focus upon the high consequence low likelihood e.g. disruption events due to low risk rating resulting in lower treatment priority 21

Why integrate? An integrated approach provides: Better coverage of the risk map Better prioritisation of resources More pragmatic risk treatment More efficient investment in risk management Mitigation through ERM Mitigation through BCM 22

Governance Structure Two possible ways to integrate: One division/department for both ERM and BCM Dedicated resources for the two practices for risk identification and mitigation Threats and Impacts rated based upon ERM tools Monitored by Chief Risk Officer or Chief Financial Officer Risk Management Division ERM BCM Useful for organisations BCM and/or ERM teams that require further maturity 23

Governance Structure Two separate departments May have been developed as a reaction to specific reactive needs Consistent and continuous communication between BCM and ERM teams Threats and Impacts rated based upon ERM tools Monitored by Senior Management and the Board ERM Team BCM Team Useful for organisations with already established separate BCM and ERM teams 24

Governance Structure Ways to initiate change Cultural adoption through incentives by: reward through recognition increase initial divisional budgets for risk management individual/divisional KPIs What s necessary? Champions and resources Commonality between ERM and BCM i.e. tools, definitions etc. Promotion of benefits to other stakeholders e.g. CFO, Board etc. Who can support you? IT Audit Function C Suite Operations 25

Governance Structure An integrated governance framework will: Creates Efficiency Improves Risk Profile Promote a Risk Aware Environment Implement effectives systems that: Are sustainable Strengthen Independence of RM Function Align with Business Objectives Managing Risk is Everybody's Responsibility 26

Summary What have we learnt? Background BCM, ERM, silo effect due to separation Method of integration Consideration of key risks when developing the BCP Advantages of integration Efficient coverage of risk map and use of resources Governance structure Framework, implementing change, benefits THANK YOU!! Questions? 27

This document and any recommendations, analysis, or advice provided by Marsh (collectively, the "Marsh Analysis") are intended solely for the entity identified as the recipient herein ("you"). This document contains proprietary, confidential information of Marsh and may not be shared with any third party, including other insurance producers, without Marsh s prior written consent. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. Any modeling, analytics, or projections are subject to inherent uncertainty, and the Marsh Analysis could be materially affected if any underlying assumptions, conditions, information, or factors are inaccurate or incomplete or should change. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Except as may be set forth in an agreement between you and Marsh, Marsh shall have no obligation to update the Marsh Analysis and shall have no liability to you or any other party with regard to the Marsh Analysis or to any services provided by a third party to you or Marsh. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or reinsurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback