Business Continuity Management and Crisis Management and and Crisis- آ  10 What

  • View

  • Download

Embed Size (px)

Text of Business Continuity Management and Crisis Management and and Crisis- آ  10...

  • لمزًدددددد دددددد



    االحت افٌددددددددد

    ابحث فددددددددي

    عدددددددددددددددددددددد ادركها بوربوًن

    Business Continuity Management and Crisis Management and Role of

    Internal Auditors

    Prepared and presented by: Mr. Ibrahim Alfaifi

    Saturday 21 March, 2020

  • 2

    What is Business Continuity? Its importance and requirements

     Business Continuity Management (BCM) lifecycle

     Business Continuity Plan and Disaster Recovery Plan

     Emergency Response and Crisis Management

     Business Continuity Common Concerns and Challenges

     How Internal Auditors can “Add Value” to the BCM Program?

    Agenda of this awareness session

  • 3

    Business Continuity Plan (BCP) خطة استمرارية األعمال

    Disaster Recovery Plan (DRP) خطة التعافي من الكوارث

    Crisis Management إدارة األزمات

    Emergency Response االستجابة للطوارئ

    Recovery Time Objective (RTO) هدف وقت االسترجاع

    Recovery Point Objective (RPO) هدف نقطة االسترجاع

    Risk Assessment (RA) تقييم المخاطر

    Business Impact Analysis (BIA) تحليل األثر على األعمال

    Maximum Acceptable Outage (MAO) أقصى انقطاع مقبول

    Recovery Period فترة التعافي

    Restoration Period فترة االستعادة

  • 4

  • 5

    وتاريخ( 87)رقم مجلس الوزراء قرار

    ( الوطنيةالمخاطر مجلس )إنشاء هـ بشأن 2/1440 /7

    برئاسة سمو ولي العهد

    إجراء تقويم شامل للمخاطر الوطنية

    لنشر ثقافة إدارة المخاطر« مركز التميز»إنشاء

    دعم الجهات المعنية، لنشر الوعي العام بالمخاطر

    «مركز إدارة الكوارث واألزمات»إنشاء

    دراسة وإعالن رفع مستوى الجهوزية ضد المخاطر

    إعداد حلول لمراقبة المخاطر ومتابعتها

  • 6

  • 7

    2019 | Business Continuity Benchmark Study

    83% Continuous of


    76% Business Continuity is a priority for top executives in their organization

    Only 9% Their business continuity programs

    are ‘very mature’

    66% ROI is not measured for their business continuity program

    80% Employee


    Key Objectives of BCM Program

  • 8

  • 9

    حال رقم جالج

    هذا النص هو حال لنص ًمك أن ًسدتب ل

    في نفس المسداح لدد دم ولٌد هدذا

    .النص ول النص الع بى

    هذا النص هو حال لنص ًمك أن ًسدتب ل

    في نفس المسداح لدد دم ولٌد هدذا

    .النص ول النص الع بى

    Disruption of

    Electronic Services in


    Disruption of mada Payment Services in 2018

    Jeddah floods in 2009 affected Saudi Airlines

    Mid of 2019

  • 10

    What is Business


    Business Continuity is the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident.

    BCM is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause. It provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.

    (Source: ISO 22313/22301)

  • 11

    Importance of BCM

    • Continue the business operations

    • Safeguard assets

    High attention to:

    • Management Support & Awareness

    • BCM Investment

    • ROI for BCM investment

    • Risk & Audit priority and role

  • 12

    People Facilities & Equipment Comm. Infra./IT Sys. Data/Info.

  • 13

    How to deal with an incident/crisis from A-Z

  • 14

    •Build a business Case

    •Understand the value

    •Establish BCM Program/goals aligned with business goals

    Management Commitment and Support

    • Identify BC disruptive events, threats and vulnerabilities

    •Assess the likelihood and impact of disruptive events

    •Develop BC risk mitigation strategies

    Conduct a BC Risk Assessment Mitigation Plan

    • Identify business processes and define the critical processes

    •Define RTO, RPO and resources for each process

    • Identify other parties/suppliers and physical resources for recovery

    Conduct a Business Impact Analysis (BIA)

    •Define alternative (staffing, sourcing, offices)

    •Plan for transition back to normal operations + BCP and DRP

    •Select the suitable recovery solutions and recovery sites

    Define Business Recovery and Continuity Strategies &

    Establish IT Disaster Recovery

    •BCM awareness and training

    •Maintain the BCM Program and BC Plans

    •Exercise and test BC capabilities + Measurement and improvement

    Deploy, Verify and Maintain BCM Program Capabilities

  • 15

    Making sure that BCM Program is part of each BU

    and communicating the importance of BCM

    (Communication Protocol)

    Defining a central group/ committee within the

    organization that is responsible for BCM and managing governance

    (BC Strategy, Policy, Manual, Working Groups)

    Management Commitment and Support 1

    Making sure appropriate investment and funding

    for organization-wide BCM activities

    Participating in BC exercises, training sessions,

    and other emergency management events

  • 16

    Risk Assessment: is the process of identifying internal and external threats and vulnerabilities, identifying the likelihood and impact of an event arising from such threats or vulnerabilities, defining the controls in place or necessary to reduce exposure and evaluating the cost for such controls.

    Business Continuity Risk Assessment & Mitigation Plan 2

    Disruptive Events

    • Natural disasters (earthquakes, rain/flooding, etc)

    • Industrial events (fire, explosions, etc). • Supplier failures (provider disruptions

    and electricity utilities) • Medical epidemic such as a pandemic

    or other medical risks • Labor disruption • Economic or political instability • Human factors such as employee

    errors, criminal acts, and fraud • IT Risks and Cyber Attack

    Assessing the risks

    • The BC risk assessment can be used to determine the impact to critical business processes

    • Assessing the impact and likelihood of each disruptive event

    • Certain factors should be evaluated to understand the scope and the impact of each potential event: Geographic extent of the impact, Days of impact, Availability of staff, Availability of operations/offices, Availability of IT.

    Developing Risk Mitigation Strategies

    • Developing and deploying BC risk mitigation strategies will help to minimize the impact of disruptive events and will improve response capabilities.

    • Examples: - Loss of primary location: arrange for

    alternative location or initiate work from home policy.