1 / 21

Operational Risk & Business Continuity Management - An Effective And Integrated Approach

Leading the risk profession. Operational Risk & Business Continuity Management - An Effective And Integrated Approach. Chris Lintern Co-operative Financial Services. Introduction & Approach. Chris Lintern Background in all aspects of Business Continuity Management within Financial Services

mariannj
Download Presentation

Operational Risk & Business Continuity Management - An Effective And Integrated Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Leading the risk profession Operational Risk & Business ContinuityManagement - An Effective And Integrated Approach Chris Lintern Co-operative Financial Services

  2. Introduction & Approach • Chris Lintern • Background in all aspects of Business Continuity Management within Financial Services • Part of central Operational Risk Management Team • Co-operative Financial Services • Includes Co-operative Bank, Co-operative Insurance, Co-operative Investments • Merged last year with Britannia Building Society • Our vision is to be the UK’s most admired financial services business • Approach to this session • Active participation • All views welcome and appreciated

  3. Purpose • To share thoughts on the benefits of integrating Operational Risk & Business Continuity • Consider some of the key stakeholders, and the aims, and components for Operational Risk and Business Continuity frameworks • Conclusions

  4. What is Operational Risk Management? • Managing the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events (Basel Committee of the Bank of International Settlements) What is Business Continuity? • A holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders reputation, brand and value creating activities (BS25999 – British Standard for BCM)

  5. Back to Basics • Preventing nasty surprises wherever practical, and having the confidence that your organisation can respond to and mitigate them - if and when they occur Health & Safety Key Suppliers / Outsource Partners System failures Property & Facilities Key person dependencies External threats

  6. Historic Positioning of Op Risk & BCM • Focus on “traditional” business continuity – denial of access to premises, or loss of systems • BCM and Operational Risk seen as separate entities Operational Risk BCM

  7. Synergies between the two

  8. Operational Risk – Integrated Approach Operational Risk Control Self-Assessment Business Continuity Insurance Operational Risk Capital

  9. Operational Risk – Integrated Approach Operational Risk Control Self-Assessment Business Continuity Insurance Operational Risk Capital • Proactive identification of risks • Assessment and evaluation • Scenario analysis

  10. Operational Risk – Integrated Approach Operational Risk Control Self-Assessment Business Continuity Insurance Operational Risk Capital • Assess controls • CSA process • Review control weaknesses • Track actions • Link control evidence to risks • Review incidents as evidence of control failures

  11. Operational Risk – Integrated Approach Operational Risk Control Self-Assessment Business Continuity Insurance Operational Risk Capital • Mitigation of operational risks • Crisis Management Team & Plan • Incident Management Teams • Crisis Management Centre • Work-Area Recovery • Disaster Recovery strategy

  12. Operational Risk – Integrated Approach Operational Risk Control Self-Assessment Business Continuity Insurance Operational Risk Capital • Risk transfer • Placement • Claims Handling • Specific perils e.g. Buildings/Contents, Business Interruption Insurance • Advice & Guidance

  13. Operational Risk – Integrated Approach Operational Risk Control Self-Assessment Business Continuity Insurance Operational Risk Capital • Capital against unexpected losses • Calculation • Planning

  14. Operational Risk Components Purpose Strategy 3 Year Strategic Plan External Events e.g. Weather, Terrorism Operational Risk Appetite Vision Operational Risk Capital Change agenda Scenarios Reporting Suppliers & Outsource Partners Core Processes Critical Systems Colleagues Facilities Control Self-Assessment Operational Risk Business Continuity Insurance Programme Resilience Incident & Crisis Management Top-down Operational Risk Profile Policies Key Controls Work-Area Recovery Claims Bottom-up Operational Risk Profile End-to-end Process view Disaster Recovery Incident & Near-Miss Reporting Operational Risk strategy and plan

  15. Operational Risk Components Purpose Strategy 3 Year Strategic Plan External Events e.g. Weather, Terrorism Operational Risk Appetite Vision Operational Risk Capital Change agenda Scenarios Reporting Suppliers & Outsource Partners Core Processes Critical Systems Colleagues Facilities Control Self-Assessment Operational Risk Business Continuity Insurance Programme Resilience Incident & Crisis Management Top-down Operational Risk Profile Policies Key Controls Work-Area Recovery Claims Bottom-up Operational Risk Profile End-to-end Process view Disaster Recovery Incident & Near-Miss Reporting Operational Risk strategy and plan

  16. Embedding the Culture • Business buy-in of paramount importance • Incident Management framework known and utilised – importance of exercising • Risk Division seen as involved – not sat in Ivory Towers • Part of the solution, not part of the problem - BC & Op Risk representatives heavily involved in Incident Management • Keep things simple – common language • Linked to the CFS customer promise

  17. Incident Framework Crisis Management Team Escalate up Cascade down Incident Management Teams Operational Risk (incl. BCM) IS Service Continuity Business units / areas BC plan owners and Plan co-ordinators

  18. Incident Management Team - Structure

  19. Integrated Approach

  20. Conclusions • An effective, and consistent framework • Can be used to define overall risk appetite at Board level • Practical considerations – both areas need policies & procedures • Simple for the business • Aligned to business processes • Crucial that it’s accepted from a cultural perspective within the newly merged organisation • Potential to drive efficiencies and cost-savings

  21. Thank YouAny Further Questions – Chris.Lintern@cfs.coop

More Related