Upload
farzil
View
221
Download
0
Embed Size (px)
Citation preview
8/9/2019 OM Risk Management
1/21
Operational Risk & Business Continuity
Management - An Effective And Integrated
ApproachChris Lintern
Co-operative Financial Services
Leading the risk profession
8/9/2019 OM Risk Management
2/21
Introduction & Approach
Chris Lintern
Background in all aspects of Business Continuity Management within
Financial Services
Part of central Operational Risk Management TeamCo-operative Financial Services
Includes Co-operative Bank, Co-operative Insurance, Co-operative
Investments
Merged last year with Britannia Building Society
Our vision is to be the UKs most admired financial services businessApproach to this session
Active participation
All views welcome and appreciated
8/9/2019 OM Risk Management
3/21
Purpose
To share thoughts on the benefits of integrating Operational
Risk & Business Continuity
Consider some of the key stakeholders, and the aims, and
components for Operational Risk and Business Continuityframeworks
Conclusions
8/9/2019 OM Risk Management
4/21
What is Operational Risk Management?
Managing the risk of loss resulting from inadequate or failed
internal processes, people and systems or from external events
(Basel Committee of the Bank of International Settlements)
What is Business Continuity?
A holistic management process that identifies potential threats to an
organisation and the impacts to business operations that those
threats, if realised, might cause and which provides a framework forbuilding organisational resilience with the capability for an effective
response that safeguards the interests of its key stakeholders
reputation, brand and value creating activities (BS25999 British
Standard for BCM)
8/9/2019 OM Risk Management
5/21
Back to Basics
Preventing nasty surprises wherever practical, andhaving the confidence that your organisation can
respond to and mitigate them - if and when they occur
Health
&
Safety
Key
Suppliers /
Outsource
Partners
System
failures
Property &
Facilities
Key person
dependenciesExternal threats
8/9/2019 OM Risk Management
6/21
Historic Positioning of Op Risk & BCM
Focus on traditional business continuity denial ofaccess to premises, or loss of systems
BCM and Operational Risk seen as separate entities
BCM
Operational
Risk
8/9/2019 OM Risk Management
7/21
Synergies between the twoStakeholders Framework
Components
Intended
Outcome
Board Policy &
Procedures
Understanding
of appetite
Executive & Senior
Management
Supporting
documents
Proactive
assessment
Operational
Management
Plans & Training Understanding
of impact
Other Considerations
Impact on Capital Impact on Change Insurance
8/9/2019 OM Risk Management
8/21
Operational Risk Integrated Approach
Operational
Risk
Busi
ness
Cont
inuity
Insu
ranc
e
Operat
ional
RiskCapital
Contro
l Self-
Assessment
8/9/2019 OM Risk Management
9/21
Operational Risk Integrated Approach
Operational
Risk
Busi
ness
Cont
inuity
Insu
ranc
e
Operat
ional
RiskCapital
Proactive identification of risks
Assessment and evaluation Scenario analysis
Contro
l Self-
Assessment
8/9/2019 OM Risk Management
10/21
Operational Risk Integrated Approach
Operational
Risk
Busi
ness
Cont
inuity
Insu
ranc
e
Operat
ional
RiskCapital
Contro
l Self-
Assessment
Assess controls
CSA process
Review control weaknesses Track actions
Link control evidence to risks
Review incidents as evidence of control failures
8/9/2019 OM Risk Management
11/21
Operational Risk Integrated Approach
Operational
Risk
Busi
ness
Cont
inuity
Insu
ranc
e
Operat
ional
RiskCapital
Contro
l Self-
Assessment
Mitigation of operational risks
Crisis Management Team & Plan
Incident Management Teams Crisis Management Centre
Work-Area Recovery
Disaster Recovery strategy
8/9/2019 OM Risk Management
12/21
Operational Risk Integrated Approach
Operational
Risk
Busi
ness
Cont
inuity
Insu
ranc
e
Operat
ional
RiskCapital
Contro
l Self-
Assessment
Risk transfer
Placement
Claims Handling Specific perils e.g. Buildings/Contents, Business
Interruption Insurance
Advice & Guidance
8/9/2019 OM Risk Management
13/21
Operational Risk Integrated Approach
Operational
Risk
Busi
ness
Cont
inuity
Insu
ranc
e
Operat
ional
RiskCapital
Contro
l Self-
Assessment
Capital against unexpected losses
Calculation
Planning
8/9/2019 OM Risk Management
14/21
Operational Risk Components
PurposeVision
3 Year StrategicPlan
Strategy
CoreProcesses
CriticalSystems
Colleagues
External Eventse.g.Weather,
Terrorism
Change agenda
Bottom-upOperational Risk
Profile
Scenarios
Top-down
Operational RiskProfile
Facilities
Operational
Risk Capital
OperationalRisk Appetite
Business Continuity
Incident & Near-Miss Reporting
Resilience
Work-Area
Recovery
DisasterRecovery
Incident &
CrisisManagement
Insurance
Programme
Operational Risk strategy and plan
ReportingSuppliers &OutsourcePartners
Operational Risk
End-to-endProcess view
Key Controls
Control Self-
Assessment
Policies
Claims
8/9/2019 OM Risk Management
15/21
Operational Risk Components
PurposeVision
3 Year StrategicPlan
Strategy
CoreProcesses
CriticalSystems
Colleagues
External Eventse.g.Weather,
Terrorism
Change agenda
Bottom-upOperational Risk
Profile
Scenarios
Top-down
Operational RiskProfile
Facilities
Operational
Risk Capital
OperationalRisk Appetite
Business Continuity
Incident & Near-Miss Reporting
Resilience
Work-Area
Recovery
DisasterRecovery
Incident &
CrisisManagement
Insurance
Programme
Operational Risk strategy and plan
ReportingSuppliers &OutsourcePartners
Operational Risk
End-to-endProcess view
Key Controls
Control Self-
Assessment
Policies
Claims
8/9/2019 OM Risk Management
16/21
Embedding the Culture
Business buy-in of paramount importance
Incident Management framework known and utilised
importance of exercising
Risk Division seen as involved not sat in Ivory Towers
Part of the solution, not part of the problem - BC & Op Risk
representatives heavily involved in Incident Management
Keep things simple common language
Linked to the CFS customer promise
8/9/2019 OM Risk Management
17/21
Incident Framework
Crisis
Management
Team
Incident Management
Teams
IS ServiceContinuity
Business units / areas
BC plan owners and Plan co-ordinators
Escalate
up
Cascade
down
Operational Risk(incl. BCM)
8/9/2019 OM Risk Management
18/21
Incident Management Team - Structure
8/9/2019 OM Risk Management
19/21
Integrated Approach
8/9/2019 OM Risk Management
20/21
Conclusions
An effective, and consistent framework
Can be used to define overall risk appetite at Board level
Practical considerations both areas need policies &
procedures
Simple for the business
Aligned to business processes
Crucial that its accepted from a cultural perspective within the
newly merged organisation
Potential to drive efficiencies and cost-savings
8/9/2019 OM Risk Management
21/21
Thank You
Any Further Questions