B13: The Case for Integration Converting the BCM Silo into an Enterprise Risk Foundation

Transcription

1 B13: The Case for Integration Converting the BCM Silo into an Enterprise Risk Foundation Doug Weldon, FBCI, CBRP, CBRA, CISM (Pending) Director, Business Continuity & Operational Risk Management - Ipreo

2 Agenda Evolution of the BCM Profession The Advantages and Challenges of BCM as a Risk Discipline and Profession The Choices Ahead of Us How do we Enhance our Influence For Our Companies/Customers For Ourselves Discuss our Challenges

3 Quick History of BCM Leading to a Uniform Business Continuity Management Process Evolved from a focus on mainframe disaster recovery in the late 1970 s Further expanded in the 1980 s to include mid-range/minicomputing environments 1990 s saw the inclusion of business operations continuity and related support technology Maturing life-cycle processes ranging from the BIA and risk assessment to regular maintenance marked the 2000 s And reaching a climax in 2012 with the publishing of the ISO 22301/22313 Standards.

4 Results of which We Can be Proud as BCM Professionals A mature profession and standardized process definition of the work we do and value we provide A global understanding of the problems we help to solve and the value we provide to prepare for and manage crises Overall, a well established and respected profession at a high level on the maturity curve. X 1970s 1980s 1990s 2000s 2010s

5 Potential Challenges on the Horizon for BCM Within your enterprise: Are we effectively and efficiently addressing the multiplying threat scenarios? Are the BCM Standard and process steps we are following to perform our work adapting to this wider range of threats? Is BCM properly represented among the other Operational Risk disciplines? Is BCM maturing to its full potential?

6 What are companies worried about? (BCI Horizon Scan 2017)

7 What is the global risk landscape? (WEF 2016)

8 BCM Needs to Do What it Does Best Across the Full Range of Operational Risks Example: Some of the Silos/Domains of Operational Risk Spanning the Silos with one BIA: BIA IT Disaster Recovery Business Operations Continuity Performance/ Capacity Management Information Security Physical Security Health & Safety Process Quality Management Incident Management Availability & Reliability Management

9 Business Value Chain Stakeholders, Dependencies & Supporting Assets

10 Risk & Control Self Assessment (RCSA) Lifecycle Driven by the BIA!

11 Examples of BCM Competencies Applicable Across all Operational Risk Domains (Reference ISO 22310) BIA All of the Operational Risk Silos/Domains require this type of analysis to assess stakeholder requirements and analyze operational dependencies to fulfill requirements Risk Assessment likewise, all Domains require a risk assessment as a precursor to business decisions on risk mitigations Strategy and Design similarly, each Domain requires a strategy design phase to embody requirements into solutions, cascaded through the BIAdefined dependencies Exercise each Domain requires a regular solution testing discipline to validate on-going compliance with requirements Maintenance each Domain requires a regular maintenance discipline to insure that solutions can satisfy requirements Incident Management and of course each Domain requires a scripted plan to manage through crisis scenarios unique to each Domain.

12 As BCM Expands its Role, the list of Potential Crises Expands a Short List:

13 BCM Needs to Do What it Does Best Across the Full Range of Operational Risks Foundational Example: Some of the Silos/Domains of Operational Risk Spanning the Silos with one Incident Management Structure and Plan: IT Disaster Recovery Business Operations Continuity Performance/ Capacity Management Information Security Physical Security Health & Safety Process Quality Management Incident Management Availability & Reliability Management Incident Management

14 The Challenges of Expanding the Role of BCM Must start thinking as a horizontal and foundational support function across all Operational Risk Domains Find ways of closing gaps between the Domain silos Also find ways to improve effectiveness and efficiencies across the Domains Develop improved BCM staff competencies within all of the risk Domains Overall, expand the role and relevance of your BCM Program.

15 Conclusion and Discussion Items Where is your BCM Program on the maturity curve? What is the scope of your Program? Is your Program prepared to integrate into other risk Domains in a more profound way? Culturally, how resistant to change are the various risk Domain silos? Is the current Organizational Structure a potential impediment?

16 About Ipreo Ipreo is a global leader in providing market intelligence, data, and technology solutions to all participants in the global capital markets, including sell-side banks, publicly traded companies, and buy-side institutions - we power the networks that connect capital to ideas! Please Note: The positions and opinions expressed in this presentation do not necessarily represent the opinions or policies of Ipreo, its owners, customers, or suppliers.