Upload
rml1804
View
234
Download
0
Embed Size (px)
Citation preview
8/9/2019 KWSP2 - Taklimat Di Intan 300610
1/21
BCM
PRESENTATIONLOCATION : INTANTH
8/9/2019 KWSP2 - Taklimat Di Intan 300610
2/21
Agenda
Organization Chart
Overview Risk Assessment
8/9/2019 KWSP2 - Taklimat Di Intan 300610
3/21
ORGANIZATION CHARTS
8/9/2019 KWSP2 - Taklimat Di Intan 300610
4/21
Business Continuity Management Framework
Mandate by Board / Top Management
Management Operations Risk Committee (MORC), Board Risk Management Committee
(BRMC)
BCM Secretariat Role & BCM Team Role
BCM
FrameworkBritish Standard
25999 - 1: 2006
Plan
Readiness
Human
Readiness
Infrastructure
ReadinessMonitoring
8/9/2019 KWSP2 - Taklimat Di Intan 300610
5/21
Risk Management Department , Organization
PENGURUS BESAR
KANAN
KETUA PEGAWAI EKSEKUTIF
SEKSYEN SEKSYEN SEKSYEN
SEKSYEN
Board Risk Management
Committee
5
MIS/ANALYTICS RISIKO
PELABURAN
RISIKO KREDIT RISIKO OPERASI
Unit Polisi
Risiko dan
Pemodelan
Unit
Risiko
Pasaran
Unit
Corporate Risk
Scorecard
(CRS)
Unit Penilaian Bebas
(Pembiayaan Korporat,
Pelaburan Hartanah &
Ekuiti Persendirian)
Unit
Business Continuity
Plan
(BCP)
Currently reporting to seksyen risiko pelaburan
8/9/2019 KWSP2 - Taklimat Di Intan 300610
6/21
Development of BCM Programme in Organization
8/9/2019 KWSP2 - Taklimat Di Intan 300610
7/21
OVERVIEW RISK ASSESSMENT
8/9/2019 KWSP2 - Taklimat Di Intan 300610
8/21
What ?
Risk Assessment Overview
Risk Assessment can help us to:
a) Have a list of threats that cause a disruption
on Organizationb) Identify a single points of failure
c) Recommend an actions to be taken to reduce
the threats strategy development
8/9/2019 KWSP2 - Taklimat Di Intan 300610
9/21
Risk Management Process
ESTABLISH THE CONTEXT
IDENTIFY RISKS
ANALYSE RISKS
TEANDCONSULT
ANDREVIEW
SSESSMENT
Establish the Context: for strategic, organisationaland risk management and the criteria against whichbusiness risks will be evaluated.
Identify Risk: that could prevent, degrade, delay orenhance the achievement of an organisations businessand strategic objectives.
Analyse Risk: consider the range of potentialconsequences and the likelihood that thoseconsequences could occur.
Evaluate Risks: compare risks against the firms pre-established criteria and consider the balance betweenpotential benefits and adverse outcomes.
9
EVALUATE RISKS
COMMUNIC
TREAT RISKS
MONITO
RISK
increasing potential benefits and reducing potentialcosts of those risks identified as requiring to be treated.
Monitor and Review: the performance and costeffectiveness of the entire risk management system andthe progress of risk treatment plans with a view tocontinuous improvement through learning fromperformance failures and deficiencies.
Communicate and Consult: with internal andexternal stakeholders at each stage of the riskmanagement process.
Note that: Identify, Analyse and Evaluate Risks
are collectively grouped as Risk Assessment.Extracted from ISO 31000:2009
Risk Management Standard
8/9/2019 KWSP2 - Taklimat Di Intan 300610
10/21
Organization BCM MethodologyRisk Management Process Identify Risk
Plan
The development
of the procedures/ work flow
5-Jul-10 Risk Management Department 10
BusinessFunction
WorkPlace
Human Understanding ofthe procedures
The equipmentand others tosupport the work
8/9/2019 KWSP2 - Taklimat Di Intan 300610
11/21
Non-adherence
Quantitative ImpactQualitative
Impact
Impact of Disaster on Organization
Quantitative and Qualitative Impact
1RM143 MILLION*Average contributions
applications that cannot be
processed per day
1
Risk Assessment Overview
charter
Unable to fulfil
national social
responsibility
*Source: KWSP Annual Report 2008
2RM90 MILLION*
Average withdrawals applications
that cannot be processed per day2
RM83 MILLION*
Average potential investment
earnings that may be lost per
day
3
8/9/2019 KWSP2 - Taklimat Di Intan 300610
12/21
Organization BCM MethodologyRisk Management Process Analyze The Risk
List of Causes
Natural disaster
Man made Disaster
Plan
5-Jul-10 Risk Management Department 12
Health and Safety IT System
Utility Failure
etc
BusinessFunction
WorkPlace
Human
8/9/2019 KWSP2 - Taklimat Di Intan 300610
13/21
Impact of Disaster on Organization
Cause and Effects Matrix
Epidemic (SARS, Bird Flu)
Health and Safety
Haze
Tsunami / Typhoon
Flood
Earthquake
Natural Disaster
Reputation
Affected
Services
Affected
IT Systems
Affected
Building
AffectedPeople Affected
EFFECTSCAUSES
Epidemic (SARS, Bird Flu)
Health and Safety
Haze
Tsunami / Typhoon
Flood
Earthquake
Natural Disaster
Reputation
Affected
Services
Affected
IT Systems
Affected
Building
AffectedPeople Affected
EFFECTSCAUSES
Risk Assessment Evaluate the risk
25 November 2005 Page 13Consulting Services for
Business Continuity PlanOutsource Party Terminated
Others
Telecommunication Outage
Water Outage
Power Outage
Utility Failure
IT Security Compromised
IT System Failure
Riot & Civil Commotion
Security Threats
p em c po sonous gas, can een
contamination, Antrax)
Fire / Arson
IT System
War
Hostage / Key staff unavailable
Explosion
Outsource Party Terminated
Others
Telecommunication Outage
Water Outage
Power Outage
Utility Failure
IT Security Compromised
IT System Failure
Riot & Civil Commotion
Security Threats
p em c po sonous gas, can een
contamination, Antrax)
Fire / Arson
IT System
War
Hostage / Key staff unavailable
Explosion
8/9/2019 KWSP2 - Taklimat Di Intan 300610
14/21
Organization is affected by the worst-case scenario whereby the disaster happens at the most inopportunetime
Processes
Location Registration Contribution Withdrawal Enforcement FraudRship &
Channel MgtInvestments
SupportServices
Remarks
Disaster atHeadquarters
EPF1, EPF 3and EPF4Record
Keeping
Form ARecordKeeping
Deceased,Pension
Prosecution
myEPF,Email
enquiries
10 supportservices
EPF forms,legal docsdestroyed,Investmentsystems
affected.
Impact of Disaster on Organization Organization Location Disas
Organization Disaster
Risk Assessment Evaluate The Risk
Page 14Consulting Services for Business Continuity
Plan14 February 2006
Disaster at ITData Centre
Key ITsystem
services
IT Core
Systemsaffected, keyservices atState / Branchaffected.
Disaster atProcessing
Office
Reroute toother
processingoffice.
Disaster atEPF Institute
Call Centre
Training
Servicesdelayed androuted to
other location
Disaster at a
State Office
Reroute to
other stateoffice
Disaster at a
Reroute to
8/9/2019 KWSP2 - Taklimat Di Intan 300610
15/21
Disaster
Disaster is defined into 2 categories:
Organization Disaster
impacts Organization through widespreadand overall total de radation of
Risk Assessment Outcome
operations and service delivery
Location Disaster
impacts only the affected branch officebut does not degrade the branchs overalloperations and service delivery
8/9/2019 KWSP2 - Taklimat Di Intan 300610
16/21
STEP- BY- STEP APPROACH
8/9/2019 KWSP2 - Taklimat Di Intan 300610
17/21
How To
Identify Causes & Consequences
17
Identify Primary Controls (preventive, detective andcorrective) and Secondary Controls and Effectiveness
Identify actions plans to mitigate the risks
8/9/2019 KWSP2 - Taklimat Di Intan 300610
18/21
How often?
Risk Assessment
Evaluated if :
a) There is a significant changes in the internal
business process, locations or technologyb) There is a significant changes in the external
environment eg regulatory changes
c) Part of BCM annual programmes
8/9/2019 KWSP2 - Taklimat Di Intan 300610
19/21
Key success
factors?
Risk Assessment
a) Get support from the management
b) Commitment from the various parties staffs, Head of Department ,
suppliers etc
c) Identify the scope of RA, BIA - all organization , some part of business
d) Understand the key business process , so that we can identify the risk and
respond to it.
e) Document the risk for knowledge, training and audit trail
f) Up to date and reflect the changes in the organization
8/9/2019 KWSP2 - Taklimat Di Intan 300610
20/21
Organization BCM Methodology
BCM Monitoring
How we know that we are ready
Plan
Action driven
Simple and concise
Human
Succession planning
Right nominations
Infrastructure
Command centre
Business facilities
Monitoring
Monthly Status fromthe Department /Branches
Framework
5-Jul-10 20
GenericWorst nightmares
Roles &responsibilities
Team recovery
Reference material
Listings
Contact numbers
Review Strategy,Plan , MRR , BIA,RTO
AuthoritySpecialists
Clear roles
Trained personnel
BCM Awareness
Training programme
Call Tree,Walkthrough , CrisisSimulation , Tutorial
Meeting roomsResources
Equipment
Furniture
Vendor agreements
Communications
Testing ofEquipment
War chest update
Site Design
SLA
Customer Survey
8/9/2019 KWSP2 - Taklimat Di Intan 300610
21/21
5-Jul-10 Jabatan Pengurusan Risiko 21