View
0
Download
0
Embed Size (px)
لمزًدددددد دددددد
عددددددددددددددددد
البوربوًندددددددد
االحت افٌددددددددد
ابحث فددددددددي
عدددددددددددددددددددددد ادركها بوربوًن
Business Continuity Management and Crisis Management and Role of
Internal Auditors
Prepared and presented by: Mr. Ibrahim Alfaifi
Saturday 21 March, 2020
2
What is Business Continuity? Its importance and requirements
Business Continuity Management (BCM) lifecycle
Business Continuity Plan and Disaster Recovery Plan
Emergency Response and Crisis Management
Business Continuity Common Concerns and Challenges
How Internal Auditors can “Add Value” to the BCM Program?
Agenda of this awareness session
https://www.google.com.sa/url?sa=i&url=https://www.facebook.com/What-we-really-need-to-learn-1853631968227751/&psig=AOvVaw1WIGTgJH7EVExp7eTn5szy&ust=1584654789822000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCLiHj6aBpegCFQAAAAAdAAAAABAD
3
Business Continuity Plan (BCP) خطة استمرارية األعمال
Disaster Recovery Plan (DRP) خطة التعافي من الكوارث
Crisis Management إدارة األزمات
Emergency Response االستجابة للطوارئ
Recovery Time Objective (RTO) هدف وقت االسترجاع
Recovery Point Objective (RPO) هدف نقطة االسترجاع
Risk Assessment (RA) تقييم المخاطر
Business Impact Analysis (BIA) تحليل األثر على األعمال
Maximum Acceptable Outage (MAO) أقصى انقطاع مقبول
Recovery Period فترة التعافي
Restoration Period فترة االستعادة
4
5
وتاريخ( 87)رقم مجلس الوزراء قرار
( الوطنيةالمخاطر مجلس )إنشاء هـ بشأن 2/1440 /7
برئاسة سمو ولي العهد
إجراء تقويم شامل للمخاطر الوطنية
لنشر ثقافة إدارة المخاطر« مركز التميز»إنشاء
دعم الجهات المعنية، لنشر الوعي العام بالمخاطر
«مركز إدارة الكوارث واألزمات»إنشاء
دراسة وإعالن رفع مستوى الجهوزية ضد المخاطر
إعداد حلول لمراقبة المخاطر ومتابعتها
6
7
2019 | Business Continuity Benchmark Study
83% Continuous of
Operations
76% Business Continuity is a priority for top executives in their organization
Only 9% Their business continuity programs
are ‘very mature’
66% ROI is not measured for their business continuity program
80% Employee
Safety
Key Objectives of BCM Program
https://www.google.com.sa/url?sa=i&url=https://www.continuitycentral.com/&psig=AOvVaw22Oeu7Is6sh1btrK09DJNA&ust=1584644057199000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCPj50aHZpOgCFQAAAAAdAAAAABAN https://www.google.com.sa/url?sa=i&url=https://www.thebci.org/news/a-statement-from-the-business-continuity-institute.html&psig=AOvVaw0CS_D_-c19O2CIEy52vyei&ust=1584644113679000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCJCRzbvZpOgCFQAAAAAdAAAAABAD https://www.google.com.sa/url?sa=i&url=https://drii.org/&psig=AOvVaw2AMYgE2-ecuLueA295JCvi&ust=1584644155289000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCJDXx9HZpOgCFQAAAAAdAAAAABAD https://www.google.com.sa/url?sa=i&url=https://www.facebook.com/AssociationOfContinuityProfessionals/&psig=AOvVaw0CVEnoaSWgde2mVXhH7vl8&ust=1584644196963000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCOj9wOPZpOgCFQAAAAAdAAAAABAD https://www.google.com.sa/url?sa=i&url=https://www.123rf.com/photo_84285634_stock-vector-office-two-paper-line-icon-vector-illustration-.html&psig=AOvVaw1qgUX3z3-CUPsxtNW4jMQB&ust=1584644290269000&source=images&cd=vfe&ved=0CAIQjRxqFwoTCPCktJHapOgCFQAAAAAdAAAAABAD
8
9
حال رقم جالج
هذا النص هو حال لنص ًمك أن ًسدتب ل
في نفس المسداح لدد دم ولٌد هدذا
.النص ول النص الع بى
هذا النص هو حال لنص ًمك أن ًسدتب ل
في نفس المسداح لدد دم ولٌد هدذا
.النص ول النص الع بى
Disruption of
Electronic Services in
2017
Disruption of mada Payment Services in 2018
Jeddah floods in 2009 affected Saudi Airlines
Mid of 2019
10
What is Business
Continuity?
Business Continuity is the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident.
BCM is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause. It provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.
(Source: ISO 22313/22301)
11
Importance of BCM
• Continue the business operations
• Safeguard assets
High attention to:
• Management Support & Awareness
• BCM Investment
• ROI for BCM investment
• Risk & Audit priority and role
12
People Facilities & Equipment Comm. Infra./IT Sys. Data/Info.
13
How to deal with an incident/crisis from A-Z
14
•Build a business Case
•Understand the value
•Establish BCM Program/goals aligned with business goals
Management Commitment and Support
• Identify BC disruptive events, threats and vulnerabilities
•Assess the likelihood and impact of disruptive events
•Develop BC risk mitigation strategies
Conduct a BC Risk Assessment Mitigation Plan
• Identify business processes and define the critical processes
•Define RTO, RPO and resources for each process
• Identify other parties/suppliers and physical resources for recovery
Conduct a Business Impact Analysis (BIA)
•Define alternative (staffing, sourcing, offices)
•Plan for transition back to normal operations + BCP and DRP
•Select the suitable recovery solutions and recovery sites
Define Business Recovery and Continuity Strategies &
Establish IT Disaster Recovery
•BCM awareness and training
•Maintain the BCM Program and BC Plans
•Exercise and test BC capabilities + Measurement and improvement
Deploy, Verify and Maintain BCM Program Capabilities
15
Making sure that BCM Program is part of each BU
and communicating the importance of BCM
(Communication Protocol)
Defining a central group/ committee within the
organization that is responsible for BCM and managing governance
(BC Strategy, Policy, Manual, Working Groups)
Management Commitment and Support 1
Making sure appropriate investment and funding
for organization-wide BCM activities
Participating in BC exercises, training sessions,
and other emergency management events
16
Risk Assessment: is the process of identifying internal and external threats and vulnerabilities, identifying the likelihood and impact of an event arising from such threats or vulnerabilities, defining the controls in place or necessary to reduce exposure and evaluating the cost for such controls.
Business Continuity Risk Assessment & Mitigation Plan 2
Disruptive Events
• Natural disasters (earthquakes, rain/flooding, etc)
• Industrial events (fire, explosions, etc). • Supplier failures (provider disruptions
and electricity utilities) • Medical epidemic such as a pandemic
or other medical risks • Labor disruption • Economic or political instability • Human factors such as employee
errors, criminal acts, and fraud • IT Risks and Cyber Attack
Assessing the risks
• The BC risk assessment can be used to determine the impact to critical business processes
• Assessing the impact and likelihood of each disruptive event
• Certain factors should be evaluated to understand the scope and the impact of each potential event: Geographic extent of the impact, Days of impact, Availability of staff, Availability of operations/offices, Availability of IT.
Developing Risk Mitigation Strategies
• Developing and deploying BC risk mitigation strategies will help to minimize the impact of disruptive events and will improve response capabilities.
• Examples: - Loss of primary location: arrange for
alternative location or initiate work from home policy.
-
