Jeremy Isaac | Journalist Jeremy Isaac’s CV and features ...
Risk Analysis In Business Continuity Management - Jeremy Wong
-
Upload
bcm-institute -
Category
Documents
-
view
1.771 -
download
0
Transcript of Risk Analysis In Business Continuity Management - Jeremy Wong
![Page 1: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/1.jpg)
Risk Analysis In Business Continuity Management
Jeremy WongSenior Vice President GMH Continuity Architects
![Page 2: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/2.jpg)
GMH Continuity Architects
• A leading consultancy focusing on business continuity, disaster recovery and crisis management in Asia Pacific since 1999.
• Our core business is in safeguarding our clients’ businesses through the sound application of proven, business-oriented business continuity methodologies.
* GMH is an accredited partner of BCM Institute.
![Page 3: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/3.jpg)
Jeremy Wong
http://www.bcmpedia.org/wiki/Jeremy_Wong
Prior Appointments
Nomura– Head of BCM, South Asia
United Overseas Bank– Head of BCM
Bax Global
J P Morgan
Andersen Consulting
![Page 4: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/4.jpg)
BCM Planning Methodology
Source: Goh, Moh Heng (2008): Managing Your Business Continuity Planning Project 2nd Edition ISBN: 978-981-05-9767-2
![Page 5: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/5.jpg)
Risk Analysis & Review
IDENTIFY
ANALYSE
EVALUATETREAT
IMPLEMENT & MONITOR
![Page 6: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/6.jpg)
Identify Assets & Threats
IDENTIFY
ANALYSE
EVALUATETREAT
IMPLEMENT & MONITOR
• Identify Organisational Assets
• Identify Threats
![Page 7: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/7.jpg)
Identify Organisational Assets
• Assets essential to carry out mission• Examples: – Facilities– People– Data– Software– Applications– Equipment
![Page 8: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/8.jpg)
Identify Threats
Natural• Tornado (wind storm)• Thunderstorm and hail storm• Lightning and electrical storm• Snow and winter ice storm• Typhoon and hurricane• Flood and other water-based
incident• Earthquake• Mudslide• Volcanic eruption and ash
fallout• Tsunami• Large natural fire• Epidemic and pandemic
Man-Made• Toxic and radioactive contamination• Sabotage (both external and internal)• Riot, civil disorder and coup• Fraud and embezzlement• Accidental explosion (on and offsite)• Water leak and plumbing failure• Workplace violence• Terrorism• Aircraft crash• Vandalism• Arson• Physical asset theft• Misuse of resources• Building and physical security
weakness• Fire
![Page 9: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/9.jpg)
Identify Threats
Business• Power outage• Labor dispute• Employee turnover and
single point of failure• Unavailability of key
personnel• Human error• Gas outage• Water outage• Loss of transportation• Single source suppliers
Information Technology
• Voice and data telecommunication failure
• IT equipment failure• Human error from
programmers and users• Security vulnerability• Data and software
sabotage• In-house developed
application failure• HVAC failure• Defective software
![Page 10: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/10.jpg)
Analyse Risks
• Identify impact or consequence of the threat materializing
• Estimate the likelihood of occurrence
• Determine risk level
IDENTIFY
ANALYSE
EVALUATETREAT
IMPLEMENT & MONITOR
![Page 11: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/11.jpg)
Risk Analysis Process
ImpactImpact
How does the threat affect
business operations?
What are the adverse events that can occur?
What is the likelihood that the threat will adversely affect
business operations?
What is the effects on people, infrastructure,
facilities, and systems?
What is the effects on people, infrastructure,
facilities, and systems?
What is the potential loss exposures to
business?
What is the potential loss exposures to
business?
What is cost for the Controls to be implemented?
What is cost for the Controls to be implemented?
What Controls are in place?
What Controls are in place?
![Page 12: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/12.jpg)
Risk Level Matrix
High
Impact Medium
Low
Low Medium High
Likelihood
Fire
Pandemic
![Page 13: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/13.jpg)
Risk Evaluation
• Assess risk rating and prioritized for further treatment
IDENTIFY
ANALYSE
EVALUATETREAT
IMPLEMENT & MONITOR
![Page 14: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/14.jpg)
Evaluation Criteria
• Criteria Examples:– People– Processes– Infrastructure
• Weighting for different criteria
![Page 15: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/15.jpg)
1504-
![Page 16: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/16.jpg)
Risk Evaluation
High
Impact Medium
Low
Low Medium High
Likelihood
Fire
Pandemic
![Page 17: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/17.jpg)
Risk Treatment
• Explore Treatment Strategies for risks deemed unacceptable
• Document reasons for selection of strategy for each risk treatment
IDENTIFY
ANALYSE
EVALUATETREAT
IMPLEMENT & MONITOR
![Page 18: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/18.jpg)
Risk Treatment Strategies
• Risk Avoidance
• Risk Reduction
• Risk Transfer
• Risk Acceptance
![Page 19: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/19.jpg)
Risk Treatment Strategies
High
Impact Medium
Low
Low Medium High
Likelihood
Transfer
Accept
Reduce / Active Control
Reduce (if Cost Justifiable)
Avoid
![Page 20: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/20.jpg)
Risk Reduction
High
Impact Medium
Low
Low Medium High
Likelihood
Fire
Pandemic
Business Continuity Plan (BCP)
![Page 21: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/21.jpg)
Risk Analysis and Business Continuity Planning
Risk Analysis
Identification
Analysis
Evaluation
Treatment
Avoidance
Reduction BC Planning
Business Impact
Analysis
Recovery Strategy
Plan Development
Testing and Exercising
Program Management
Transfer
Acceptance
Monitoring
Treatment for risks that could potentially interrupt business operations
Risk Treatment Strategies
Process
![Page 22: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/22.jpg)
Implement & Monitor
• Present Recommendations to management for approval
• Implement recommendations
• Monitor results
• Adjust as necessary
IDENTIFY
ANALYSE
EVALUATETREAT
IMPLEMENT & MONITOR
![Page 23: Risk Analysis In Business Continuity Management - Jeremy Wong](https://reader035.fdocuments.net/reader035/viewer/2022062404/554ddde2b4c905cc0e8b522a/html5/thumbnails/23.jpg)
Risk Analysis Process
Identify
Analyse
EvaluateTreat
Implement & Monitor