Building business continuity through risk management, presented by Kimberley Hart, 10th Oct 2016, APM North West branch conference
•Transferir como PPT, PDF•
1 gostou•1,027 visualizações
Building business continuity through risk management Presented by Kimberley Hart Monday 10th October 2016 APM North West branch and Risk SIG conference Alderley Park, Macclesfield
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (20)
Semelhante a Building business continuity through risk management, presented by Kimberley Hart, 10th Oct 2016, APM North West branch conference
Semelhante a Building business continuity through risk management, presented by Kimberley Hart, 10th Oct 2016, APM North West branch conference (20)
Mais de Association for Project Management
Mais de Association for Project Management (20)
Último
Último (20)
Building business continuity through risk management, presented by Kimberley Hart, 10th Oct 2016, APM North West branch conference
- 1. Building business continuity through risk management The resilience myth? Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 2. Session Objectives • To consider the impact of risk perception on the achievement of objectives • To explore the relationship between effective risk management, project management and organisational resilience Kimberley Hart Internal Audit and Risk Management Slide 2
- 3. My current role • Risk and Resilience Lead • Directorate for Children & Families support and thematic lead for building resilience • Chair of the Manchester Business Continuity Forum Slide 3 Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 4. Responsibilities • Incident Management: co-ordinating response in a Council- wide incident, communication, triage, prioritising service recovery council-wide • Risk Management: assisting services through support and challenge in developing practical mitigation of their risks enabling them to deliver their objectives • Business Continuity Planning: production and testing of corporate and service business continuity plans for critical Council services • Advice and Assistance Programme: information and support to businesses & voluntary organisations • Consultancy work: a charged service for the provision of advice on risk and business continuity management Kimberley Hart Internal Audit and Risk Management Slide 4
- 5. Let’s play a game… Slide 5 Perception of reality Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 6. Background Slide 6 Miss Hart Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 7. Your perception is your reality! Slide 7 “Reality is merely an illusion, albeit a very persistent one.” Albert Einstein Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 8. Perception of risk…. Slide 8 Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services • Risk can be defined as the element of uncertainty of which affects decision making and planned outcomes. • Risk factors may be either positive opportunities or negative threats. • Essentially, they are the factors that help or hinder the achievement of our objectives.
- 9. The Rumsfeld Effect “There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know….” Slide 9 Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 10. What is business continuity? Slide 10Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services ‘The strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level’
- 11. Slide 11 Business continuity planning process… ISO 22301 • Identify and manage current and future threats to your business • Take a proactive approach to reduce the impact of incidents • Keep critical functions up and running during times of crisis • Minimise downtime during incidents and improve recovery time • Demonstrate resilience to customers, suppliers and other stakeholders Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 12. BC planning as ‘First Aid’ for the business? • Protects reputation • Protects people and services • Prevents incident deterioration • Maintains the most essential/time critical services • Promotes efficient service recovery • No panic – reduces stress Kimberley Hart Internal Audit and Risk Management Slide 12
- 13. What is resilience? Slide 13 Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services Resilient adj. the ability (of an organisation) to recover quickly from any incident that prevents it from delivering its services
- 14. What are the risks affecting business continuity? Slide 14Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 15. National Risk Register of Civil Emergencies An assessment of the likelihood and potential impact of a range of different risks that may directly affect the UK. It is designed to: • Increase awareness of the kinds of risks the UK faces • Encourage individuals and organisations to think about their own preparedness. The register also includes details of what the Government and emergency services are doing to prepare for emergencies. Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services Slide 15
- 16. What kind of risks would you expect to see on the National Risk Register? Slide 16 Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 17. Highest Priority Risks • Risk of terrorist and other malicious attacks • Pandemic Influenza • Coastal flooding • Widespread electricity failure • Major transport accidents • Major industrial accidents • Disruptive industrial action • Severe weather Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services Slide 17
- 18. • Do you create a risk register for your projects or programmes? • Do you maintain and review a risk register? How often? • Who is involved in the production of project/programme risk registers? • How are risks identified? • Are the risks specific to the project or do they take into account the broader context? • How are risks reported and escalated? Slide 18 Risk Management in action Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 19. A world in which all projects succeed? • Understanding uncertainty and risk in order to make informed decisions is at the heart of the management of planned change through project-based working. • Once understood, risks can be taken in pursuit of value with eyes open. Other risks can be avoided or contingency plans put in place, or existing plans can be reviewed and revised. Slide 19 Kimberley Hart Risk and Resilience Lead, Internal Audit and Risk Management Corporate Services
- 20. Manchester Business Continuity Forum (MBCF) • Aims to reduce the economic and social impact of emergencies and speed up the subsequent recovery through partnership working. • Offers a forum through which businesses, voluntary sector and emergency responders can co-ordinate and integrate emergency preparedness arrangements. • Sharing good practice information to promote effective business continuity and emergency planning. • Will share information about incidents where possible. www.manchester.gov.uk/businesscontinuity
- 21. Session Objectives • To consider the impact of risk perception on the achievement of objectives • To explore the relationship between effective risk management, project management and organisational resilience Kimberley Hart Internal Audit and Risk Management Slide 21
- 22. Further information Email: k.hart@manchester.gov.uk www.manchester.gov.uk/emergencies Kimberley Hart Internal Audit and Risk Management Slide 22
- 23. This presentation was delivered at an APM event To find out more about upcoming events please visit our website www.apm.org.uk/events
Notas do Editor
- Strategic and operational leadership in implementing effective risk and business continuity management
- Strategic and operational leadership in implementing effective risk and business continuity management
- I speak fluent French I am a Girl Guide Leader I am a keen scuba diver
- Take a minute to scan your surroundings. Are you in a familiar place or somewhere new? Stop and just look around you for a moment. Pick out an object, maybe something you hadn’t noticed before, and focus your attention on it. If you really focus, it might get brighter and more “real” than it was when it was just an unnoticed piece of the background noise of this session. Now, try to view your surroundings from the point of the object. Some people can do this with no effort, and for others, it takes some concentration. Depending on how adept you are at focusing your concentration, you may notice a slight shift in your perception – a weird jump in reality, where you are suddenly viewing the world from a different perspective. Did it work? Whether you noticed anything or not, your perception did change, albeit for an instant. It’s important to be conscious of your perception, because if you’re not, someone else will create it for you. Things aren’t always what they seem. Marketers and magicians rely on this fact to make you see things – the way they want you too see them. Artists do too.
- Risk Management is a simple, common sense process; it is an intuitive skill used by everyone in their day to day lives and one of the main ways in which people keep themselves safe and make sensible and appropriate decisions. Scenario 1: Identify risks that the cyclist faces in cycling to work, write down all the threats and opportunities (2 min) Scenario 2: Identify risks that a commuter faces catching a train to work, write down all the threats and opportunities (2 min) Which is the most risky??? Threats: Death Head Injury Injury Reputation Financial Damage to the bike Sunburn/frost bite Opportunities: Exercise Sunlight Reputation Financial Role model Environment Scenario 2: Identify risks that a commuter faces catching a train to work, write down all the threats and opportunities Risks: Being late/unreliable Cramped No exercise Financial Opportunities: Environment Less stressful than driving Social
- The infamous quote from the then US Defense Secretary, Donald Rumsfeld, in 2002, referring to Saddam Hussein’s rumoured weapons of mass destruction. This has inspired researchers at City University London and demonstrates important implications for measuring the reliability of people’s self awareness of their knowledge.
- Business Continuity is often described as ‘just common sense’. It is about taking responsibility for your business and enabling it to stay on course whatever storms it is forced to weather. It is about “keeping calm and carrying on”! BC is about building and improving resilience in your business; it’s about identifying your key products and services and the most urgent activities that underpin them and then, once that ‘analysis’ is complete, it is about devising plans and strategies that will enable you to continue your business operations and enable you to recover quickly and effectively from any type disruption whatever its size or cause. It gives you a solid framework to lean on in times of crisis and provides stability and security. In fact, embedding BC into your business is proven to bring business benefits. Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. (Source: ISO 22301:2012) Business Continuity Management (BCM) is defined as a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (Source: ISO 22301:2012) At the heart of good BC practice, sits the BCM Lifecycle. The BCM Lifecycle shows the stages of activity that an organization moves through and repeats with the overall aim of improving organizational resilience. These stages are referred to as the Professional Practices and are made up of Management and Technical Practices.
- Business continuity is about understanding and managing risks to the everyday running of an organisation. It helps you to prepare for an emergency or disruptions by planning different ways of working so that you can continue to deliver your key functions. For example, if your premises were affected by a fire or flood, how would you carry on your core business? Understanding how you can get your organisation up and running quickly after an incident means that you are much more likely to continue providing employment, meet customer need and ultimately, survive the incident. The ability to respond and recover quickly from an unexpected incident is a measure of 'resilience' and is an important aspect of building safer and stronger communities. In other words, we need to make sure that the City can cope with incidents and can return to 'business as usual' as quickly as possible.
- What are the benefits of planning to respond to incidents?
- Does business continuity create ‘false’ assurance that risks are being managed? Experience shows that developing a Business Continuity Plan can help to reduce the impact and costs of an emergency. It means your organisation is much more likely to continue trading / delivering services if an incident or emergency were to happen. Having a plan in place can also help to reduce your insurance premiums, so it may be worth checking with your provider... Although major emergencies are thankfully rare, smaller scale disruptive incidents affect us much more frequently and highlight the need for us to be prepared. By their very nature and definition, emergency incidents tend to disorientate and overwhelm those involved. Those who have been involved in such events highlight how much easier and more organised the whole experience would be if response strategies have been ‘rehearsed’ previously with tried and tested plans to use. If you know who will take on key roles, have checklists, contact lists and procedures in place, a tested framework for communications and some practised skills to draw on, then your response to a crisis will be more assured and better than the most intelligent improvisation. Writing a plan is fairly easy, the hard bit is the planning process itself and getting the right people involved. Risk that have a lovely BCP/BCM framework on paper – but what if it’s not tested? What if people don’t buy into it? Tick box exercise to meet demands of regulators/legislation? What if resilience is compromised by organisation change? E.g. WAR and property rationalisation, H&SC integration, impact of PSR and Devo Manc?
- What do you think??? (dependent on time) Cyber, partnership risk, corp security? Loss of building, staff, ICT, systems? Usually say that it doesn’t matter about the type of risk, it’s the impact of risk that matters, however strong case for the management of specific risks
- Is anyone aware we have one? Has anyone ever read it? What about GM community risk register?
- Projects/programmes usually affect organisational change – does anybody consider how org change might impact on resilience/BC?
- What happens when controls fail? What happens when we don’t invest in risk and resilience?
- Strategic and operational leadership in implementing effective risk and business continuity management