Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Resiliency in 2018: Q&A With BCI’s David Thorp

Organizational resiliency is a focus of the Business Continuity Institute (BCI) and executive director David Thorp. It was the theme of this year’s annual Business Continuity Awareness Week, which Risk Management Monitor covered in May, and was the focus of BCI’s updated manifesto.

We reached out to Thorp to get his insight on organizational resiliency, how businesses can improve their continuity plans and for ways to better incorporate them into their culture.

Risk Management Monitor: What companies have best demonstrated resilience?

David Thorp: A few examples of organizations that have displayed a high level of resilience are Apple, TomTom, and PostNL.

Apple displayed resilience when they reemployed Steve Jobs to reshape the company.

TomTom started by making software for Palm computers. It has dealt with a rapidly changing marketplace and over the years it has:

  • produced navigation software for PDAs (personal digital assistant)
  • produced its own navigation devices
  • developed live traffic information
  • acquired a digital mapping company
  • developed navigation software for smartphones
  • struck up deals with car manufacturers

PostNL (formerly TNT) has had to adapt to the decline in regular mail as well as tapping into the requirement to deliver more packages (outside working hours) as a result of an increase of web shops.

RMM:  What do organizations most commonly overlook in their continuity planning?

DT: Two most commonly overlooked aspects are keeping plans up to date and exercising/testing.

Business continuity management is often initiated as a project, usually assisted with external expertise. Internal personnel frequently have this role in addition to their “normal” functions. As the organization changes, these plans often get overlooked. After one or two exercises have been carried out, the focus on exercising quickly diminishes.

Unfortunately, these two aspects have a large impact on the ability to recover as planned. It could be argued that this is an indication of a lack of management commitment.

RMM: Why do so many companies overlook their continuity planning and emergency preparedness?

DT: The biggest reason is that it is not a requirement for many organizations. When not required by a regulator or a customer, the organization must:

  1. know about continuity planning and emergency preparedness
  2. understand their risk
  3. understand its value before there is a possibility of it being implemented

By not having done a risk or impact analysis, it is also easy for organizations to think that a disruptive event will not happen to them and therefore not worth the hassle and investment.

RMM: How much time and effort does creating and initiating a business continuity plan take?

DT: This depends on the size and complexity of the organization, the ambition level and the resources available. For small organizations, it is possible to create and exercise plans within a month—but this would typically take a little longer as the required people will also have other tasks. For a large and more complex organization, it may take two-to-three years to reach the desired maturity level.

RMM: What advances would you like to see the global risk management community achieve with regard to planning and preparedness?

DT: I would like to see a better understanding of each other’s disciplines and a better collaboration between them. There is much overlap between the two disciplines and with better collaboration, we can more efficiently and effectively minimize risks and improve the continuity. We are currently working on better understanding how we achieve synergy between business continuity and risk management. We see this as being a prerequisite for achieving organizational resilience. Collaboration with other disciplines is also necessary.

RMM: We’ve seen examples of reputation crises that have in some cases forced companies to close. How can organizations avoid these pitfalls?

DT: A major factor in managing the extent of the reputation damage is the quality of the crisis communication. How well and honestly you inform those affected and of course how you deal with social media makes the difference in how you are perceived. The subsequent actions need to be in line with the messages communicated.

RMM: What has changed in the BCI’s Manifesto for Organizational Resilience that risk professionals should know about?

DT: The manifesto is built on the simple premise that resilience is not the responsibility of one part of the organization—it is the responsibility of discipline within an organization working closely together toward a common purpose. Risk Management, emergency planning, disaster recovery, security, facilities management, business continuity management, supply chain management, IT management, HR management…all have an equal role to play in delivering resilience.

The manifesto contains our undertaking to seek out alliances with other professional bodies along the spectrum of what might be termed “resilience disciplines” in order to work collaboratively. This would make organizations more resilient than if we each work within our own silo.

New RIMS Report Delivers a ‘Wakeup Call’ To Risk Managers

According to the new RIMS report, Enterprise Risk Management’s Wakeup Call: 10 Years After, an increasing number of organizations are at least partially integrating ERM into their frameworks as they prepare for the possibility of another financial crisis or a new threat.

“The evidence shows that risk management has evolved from a promising but somewhat perfunctory exercise into a strategic management competency,” said RIMS Vice President of Strategic Initiatives Carol Fox, who authored the report. “Even so, given increasingly uncertain times, risk management professionals would be unwise to declare victory or become complacent.”

The 10 Years After report highlights a range of perspectives from executives, officers and risk professionals who represent banking, higher education, technology, health care, transportation, and a federal agency. These professionals offer their perspectives on where ERM stands today. In fact, one shared observation is that the factors which contributed to the crisis are resurfacing, but that ERM can help protect against them. As one technology officer noted: “…as soon as people are introduced into the equation, things change and risks are introduced into the process. While financial models and robot investing are agnostic, once you introduce people, their biases come back into play and disrupt the integrity of those models.”

The integration of ERM programs—even partially—has seen a slow-but-steady climb in the past decade. The report cites statistics from recent RIMS surveys, showing that 92% of financial institutions have fully or partially integrated ERM programs since the housing market crisis. Full integration, however, may be the key to protection and value—and this is accordingly the most daunting, long-term task. “At any point in time, changes in an organization itself, given myriad complexities and disruptions, may take focus away from full integration,” Fox said.

The report discusses what the experts and their industries learned from the financial crisis in the way of risk appetite and regulatory systems. By examining recent literature and studies to better understand the risks facing organizations, the report challenges risk professionals to deliver programs that generate value.

It also offers insight as to what organizations should consider as they further integrate programs. Changes in legislation, interest rates and the volatility of cryptocurrencies are on the collective radar as risk professionals look to the future.

“[bitcoin’s] future is unknown, especially given its recent run-up and sudden devaluation,” the technology officer said. “Cryptocurrency could become problematic because of scale—particularly if someone figures out a way to short-sell it much like what occurred with CDOs.”

Enterprise Risk Management’s Wakeup Call: 10 Years After is available to RIMS members only for the first 60 days. After the introductory period, it will become available to the broader risk management community. You can download the report via Risk Knowledge.

Complementary to the report, Risk Management Monitor recently published Compliance in 2018: Q&A with James Reese of the SEC, highlighting how the SEC views organizational risk management.

Hawaii Volcanic Activity Reinforces States’ Need for Catastrophe Planning

Recent volcanic activity in Hawaii has turned national attention to emergency preparedness planning. As previously reported, the Kilauea eruption lessened but caused aftershocks, lava flow and lingering hazardous fumes in nearby areas. About 1,800 people live in the area, which was ordered to be evacuated last week by Hawaii County. No deaths or injuries have been reported.

On May 9, two more actively erupting fissures from the Kilauea volcano opened near Lanipuna, a neighboring community to the already affected Leilani Estates. Fox News reported that first responders went door to door to ensure everyone in the community was safely evacuated. At least 14 fissures are now open from Kilauea—considered one of the world’s most active volcanoes—with some releasing toxic gases and others spewing lava, at times at least 200 feet into the air.

Hawaii Gov. David Ige signed a Presidential Disaster Declaration request, asking President Donald J. Trump to declare the state a major disaster as a result of the ongoing seismic activity. Gov. Ige also requested assistance from the Federal Emergency Management Agency (FEMA), citing the unpredictable nature of the volcano, the number of structures destroyed, and the fact that residents may be unable to return to their homes for an undetermined amount of time.

Gov. Ige said in his Presidential Declaration request:

As more fissures open and toxic gas exposure increases, the potential of a larger scale evacuation increases. A mass evacuation of the lower Puna District would be beyond current county and state capabilities, and would quickly overwhelm our collective resources. Federal assistance would be necessary to enable us to successfully conduct such large-scale operations.

CBS reported that many people in the affected communities live in “lava zone one,” a high-risk area. Lava insurance doesn’t exist and homeowners’ insurance is very expensive, so some are going to be left on their own to try and rebuild.

With all these events, however, visitors to Hawaii.gov will find very little, if anything about the volcanic eruption on the state’s homepage [see screenshot]. Instead, there is much about the mild weather and announcements of a groundbreaking ceremony for a road pavement rehabilitation and the modernization of its payroll system. All-in-all, it’s difficult for the public to gage imminent dangers, such as the dangers of molten lava on the site. Visitors, as well as residents, need to navigate to the Residents Page to find the Emergency Information.

What Other States Can Learn
While volcanic eruptions may be relatively infrequent in the continental United States, the threat exists: There are 169 active volcanoes in the U.S., and 54 of them are considered high threats by the United States Geological Survey (USGS). Washington is one state that is proactive in its planning, and May just happens to be when it observes Volcano Preparedness Month. Washington has had five active volcanoes: Mount Rainier, Mount Baker, Mount Adams, Glacier Peak, and Mount St. Helens. The latter volcano erupted in 1980 and demonstrated the disaster potential of volcanoes, causing an estimated $31 million in insured losses. That eruption killed 57 people and left dramatic changes to the landscape. It undoubtedly impacted state officials, who regularly include environmental and natural disasters in their strategic plans.

King County, Washington is in close proximity to these volcanoes and has a page dedicated to volcanic activity. It explains how its active volcanoes pose different threats from Hawaii’s:

Unlike Hawaiian volcanoes that ooze molten lava, volcanoes in the Pacific Northwest are known for sending choking ash, hot rocks, and poisonous gases high into the sky. Lahars, which are deadly mixes of hot mud, ash, and other debris, are also a big concern.

It also advises how residents and businesses should prepare and react in the event of an eruption. After ashfall:

  • Wear goggles to protect your eyes and long-sleeved shirt and pants to protect your skin.
  • Clear roofs and rain gutters of ashfall. Ashfall is very heavy and can cause buildings to collapse. Use extreme caution when working on a roof.
  • Avoid running vehicle engines. Driving can stir up volcanic ash that can clog engines, damage moving parts, and stall vehicles.
  • Avoid driving in heavy ashfall unless absolutely required. If you must drive, keep the speed down to 35 MPH or slower. Be prepared to change oil, oil filter, and air filters frequently (every 50 to 100 miles in heavy dust and every 500 to 1,000 miles in light dust).
  • As much as possible, keep ash out of buildings, machinery, air and water supplies, downspouts, storm drains, etc.

In 2017, King County co-hosted a climate change resiliency summit with the United Kingdom’s consulate to assess the physical geography and explore better emergency preparedness plans.

Risk Manager of the Year Honor Roll Member Jennifer Hills already had natural disasters on her radar. The director of risk management for King County, Hills is continually learning about the practical threats of a natural disaster and the county’s resiliency.

“We’re now looking at where emergencies and climate change should be on our risk register,” she told Risk Management magazine earlier this year, adding that she frequently collaborates with the county’s climate change and emergency management offices. “There’s a lot we’re understanding about King County’s exposures to natural disasters and we’re planning for those risks and how to mitigate them.  There’s a lot of untapped resources we may need to open.”

Business Continuity Awareness Week Takes On Emergency Preparedness

Resilience is constantly on the minds of risk professionals. If last year taught us anything—between ransomware attacks, natural disasters, and pandemics, just to name a few examples—it is that businesses have unlimited reasons to plan for major disruptions.

To help professionals address emergency preparedness, the Business Continuity Institute (BCI) has initiated the annual Business Continuity Awareness Week (BCAW), May 14 through May 18. The online event will feature 29 webinars tackling a variety of issues under the resiliency umbrella, including crisis leadership, workplace recovery and data breaches that will be hosted by BCI members and organizations such as Amazon and Google. Additionally, BCI will host three onsite launches for its organizational resilience manifesto in London, Toronto and Sydney.

BCI uses the global event as a vehicle to raise awareness of the profession and demonstrate the value effective business continuity management can have to organizations of all sizes. The organization is also hosting a blog writing competition and a photo face cut-out contest with Amazon vouchers for prizes.

Other resources include BC24, an interactive roleplay game where you and up to five colleagues can test your responses in an emergency and tackle the challenge of recovering after an incident. The game is designed to encourage critical thinking about the importance of decisions made in a crisis and demonstrates how these decisions can impact the wider organization. There is free access to the game for the month of May only.

In an effort to bring BCAW awareness into the workplace, BCI advises risk managers to initiate campaigns in their companies, with suggestions including:

  • Run an exercise. You can use BC24 or devise your own exercise to ensure that employees and colleagues are informed on what to do during an incident.
  • Host Q&A sessions. These can be in-person or on social media channels. Asking your staff important questions relating to your incident response strategies can help in identifying your training needs.
  • Circulate your documentation. Does your staff know where to find your business continuity plans? Why not circulate them to everyone, asking for feedback or questions.
  • Hold competitions. You put some fun into learning by holding your own contests. Devise a quiz relating to your business continuity plan, or even send staff members on a scavenger hunt for clues relating to an incident.
  • Host a webinar. BCI will host webinars throughout BCAW, however, there may be a topic relevant to your organization or discipline that it does not cover. You can contact the BCI with questions on how to host a webinar and the best ways to engage your staff.
  • Publish white papers. Every organization approaches disaster recovery in a slightly different way. You can share your analysis with staff members by publishing white papers from various disciplines. This raises awareness about resilience and helps employees understand your organization in more depth. You can email yours to BCI here, and it may publish via its news channel through BCAW.
  • Social media. Social media campaigns will be running throughout the week, asking questions about business continuity and organizational resilience. Tweet BCI at @thebceye with your BCAW activities to inspire other organizations.