covid-19 and risk management · principles should enable effective integration of processes into a...
TRANSCRIPT
![Page 1: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/1.jpg)
Copyright © 2020 BSI. All rights reservedCopyright © 2020 BSI. All rights reserved
COVID-19 and Risk ManagementJulia Graham, AirmicDeborah Higgins, EPC (Serco)Russell Price, Continuity Forum
![Page 2: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/2.jpg)
Copyright © 2020 BSI. All rights reservedCopyright © 2020 BSI. All rights reserved
COVID-19 and Risk ManagementRussell Price, Continuity Forum
![Page 3: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/3.jpg)
Copyright © 2020 BSI. All rights reserved
“The effect of uncertainty on objectives”1
Uncertainty Effect Objectives
ISO Definition of Risk
1BS ISO 31000:2018
If there is no OBJECTIVE set then there is no RISK in Risk Management terms.
Objectives can be hard or soft
3
![Page 4: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/4.jpg)
Copyright © 2020 BSI. All rights reserved
Risk Life Cycle
Issue ManagementEarly Issue Identification
Pre
ssur
e / C
ost /
Impa
ct
Opportunity to Influence Increasingly difficult to influence
Potential Current Crisis DormantEmerging
Increasing Awareness
Origin Development ResolutionImpact
Time / Development
4
![Page 5: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/5.jpg)
Copyright © 2020 BSI. All rights reserved
• It is the global standard for structuring the management of risk
• The content of ISO 31000 has been developed and agreed by the member organisations’ expert committees* from around the world
• ISO 31000 is part of the ISO family of standards and shares a common framework & terminology
• Principles based • Clear and concise
ISO 31000 – Framework Approach
*Committees consist of experts membersnominated by National Standards Bodiesorganisations (such as the BSI, ANSI and DIN)and have responsibility for the technical contentof standards.
International collaboration
![Page 6: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/6.jpg)
Copyright © 2020 BSI. All rights reserved
Setting the context for Risk Management Business Management
6
GovernanceCompliance & RegulationHealth & SafetyEnvironmental ManagementQuality Management Information Technology & Security
SecurityBusiness Continuity Organizational ResilienceDisaster RecoveryEmergency ManagementCrisis Management
and much more…
![Page 7: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/7.jpg)
Copyright © 2020 BSI. All rights reserved
Management of Risk & Resilience Building better performance …
• Clear understanding of management and organizational objectives• Improved communications & integration across the organization and
with stakeholders & wider society. • Better monitoring and horizon scanning across Risk, Resilience,
Continuity and Security operations • Evidence based Compliance - Maturity assessment
7
![Page 8: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/8.jpg)
Copyright © 2020 BSI. All rights reserved
8
ISO 31000:2018
Principles provide an anchor for the organizations decision making and provides guidance that helps people apply their experience in an most effective way.
Principles should enable effective integration of Processes into a Framework that delivers value for the organization
Structure
Principles and Guidelines
![Page 9: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/9.jpg)
Copyright © 2020 BSI. All rights reserved
Standards work togetherISO Directives
9
![Page 10: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/10.jpg)
Copyright © 2020 BSI. All rights reserved
Types of StandardsType A Type B
Specification Standard
Sets out Requirements
Can be assessed with Certification provided
Guidance Standard
Provides recommendations
Can be assessed or audited, but not certified
Handbooks & Technical Reports too Annex SP10
![Page 11: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/11.jpg)
Copyright © 2020 BSI. All rights reserved
Connecting capabilities Sector Standards
Specific Guidelines
11
![Page 12: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/12.jpg)
Copyright © 2020 BSI. All rights reserved
At the heart of the BS ISO 31000 Standard?
12
Principles
Ensuring Risk Management is directly focused on contributing to improved performance.
![Page 13: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/13.jpg)
Copyright © 2020 BSI. All rights reserved
Introduction Clauses 1-3 Scope, references and terms & definitions
Clause 4 – Principles – the foundations of the risk management framework
Clause 5 – Framework – integration of risk management into activities and functions
Clause 6 – Process – the systematic application of policies, procedures and practices, establishing the context, assessing, treating, monitoring and reporting risk
13
![Page 14: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/14.jpg)
Copyright © 2020 BSI. All rights reserved
ISO 31000 Structure
Principles
Process
Framework
14
![Page 15: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/15.jpg)
Copyright © 2020 BSI. All rights reserved
Principles
At the heart of ISO 31000:2018
15
![Page 16: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/16.jpg)
Copyright © 2020 BSI. All rights reserved
FrameworkThe purpose of the risk management framework is to assist the organization in integrating risk management into significant activities and functions.
The effectiveness of risk management will depend on its integration into the governance of the organization, including decision-making.
This requires support from stakeholders, particularly top management.
16
![Page 17: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/17.jpg)
Copyright © 2020 BSI. All rights reserved
ProcessThe risk management process involves the systematic application of policies, procedures and practices to the activities of communicating and consulting, establishing the context and assessing, treating, monitoring, reviewing, recording and reporting risk.
17
![Page 18: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/18.jpg)
Copyright © 2020 BSI. All rights reserved
Not just for big businessSMEs can benefit big time too!• Improve quality of products and services• Increased credibility and trust• Benefit from global best practice and expertise• Reduce costs, improve performance• Access to new markets and compete better• Comply with regulations
18
![Page 19: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/19.jpg)
Copyright © 2020 BSI. All rights reserved
Integrating performanceBuilding resilience
19
![Page 20: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/20.jpg)
Copyright © 2020 BSI. All rights reserved
Managing Risk Performance
Culture• Risk Ownership• Responsibility &
Accountability • Knowledge, Skills,
Attitudes & Behaviour (KSAB)
CapabilityACTIVE MONITORING, TESTING, HORIZON SCANNING, REVIEW & UPDATE
Activities should be aligned with the organisations interests & proportionate to Threats & Opportunities.
Board engagement & responsibility
Risk Management• Understanding Context• Risk Identification• Risk Analysis• Risk Evaluation• Risk Treatment• Scanning & Review
Governance• Evaluate• Direct• Monitor• Communicate• Assure
Operational management & accountability
20
![Page 21: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/21.jpg)
Copyright © 2020 BSI. All rights reserved
Protecting the futureStandards are evolving
Risk Management• ISO 31000:2018• ISO 31010:2019 Risk
Assessment Techniques• ISO Guide 73:2009 1 (ISO 31073)
• ISO 31022 Legal Risk Mgmt 2
• IWA 31 - Guidance on risk management in management systems 2
1 under revision2 in development
Governance• ISO 19600 – Compliance 1
OTHER ISO TC 262
• ISO 31030 - Workforce Travel Risk 2
• ISO 31050 – Emerging Risk 2
• ISO 31070 – Guidelines on core concepts2
21
![Page 22: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/22.jpg)
Copyright © 2020 BSI. All rights reserved
A balanced approach…• Assess the organisations wider risk and resilience issues, identify
the critical priorities – protect them!
• Engage with an ‘informed’ management focus on risk and resilience issues
• Connect with ‘business drivers’ to develop management support, drive improvement and deliver improved value & performance
22
![Page 23: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/23.jpg)
Copyright © 2020 BSI. All rights reserved
Changing Habits• Re-thinking Risk management with better focus on ‘business’
opportunities & addressing real threats to organizations and society
• Improve value and return for the organization & wider society
• Evolving challenges and growing complexity
• Share, connect and amplify expertise
• Change the future … ? 23
![Page 24: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/24.jpg)
Copyright © 2020 BSI. All rights reservedCopyright © 2020 BSI. All rights reserved
COVID-19 and Risk ManagementJulia Graham, Airmic
![Page 25: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/25.jpg)
Copyright © 2020 BSI. All rights reserved
COVID-19Exploring the “Known unknown”
![Page 26: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/26.jpg)
Copyright © 2020 BSI. All rights reserved
“A CRISIS LIKE NO OTHER”Kristalina GeorgievaManaging Director, IMF2nd April 2020
![Page 27: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/27.jpg)
Copyright © 2020 BSI. All rights reserved
27
![Page 28: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/28.jpg)
Copyright © 2020 BSI. All rights reserved
28
![Page 29: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/29.jpg)
Copyright © 2020 BSI. All rights reserved
29
![Page 30: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/30.jpg)
Copyright © 2020 BSI. All rights reserved
30
![Page 31: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/31.jpg)
Copyright © 2020 BSI. All rights reserved
31
![Page 32: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/32.jpg)
Copyright © 2020 BSI. All rights reserved
2020 is a different computer generation 1 million daily users at the end of 20041.7 billion daily users at the start of 2020
Growth of UK Internet users ” risk
32
![Page 33: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/33.jpg)
Copyright © 2020 BSI. All rights reserved
Then and now• COVID-19 appears less deadly than other
coronaviruses• But by 31 March 2020 the disease had infected
and killed more people than SARS (2003) and MERS (2012) combined
• COVID-19 has spread faster than SARS and MERS• But has lower fatality rates …. based on what
we know so far• Response has demanded agility: travel and on-line
access levels have played a key role• Longevity of the crisis depends on how case
numbers decline• But what do we bounce back to and where?• Recovery to the New Next will vary by sector
and location• With challenges to sustainable global connectivity
33
![Page 34: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/34.jpg)
Copyright © 2020 BSI. All rights reserved
Now and next
Now• People• Critical business drivers of value• What creates this value• Multiple lenses of risk across the enterprise • Communicate then communicate some more
Then survival• Financial impact• Cash flow• Leverage• Engaging innovations
![Page 35: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/35.jpg)
Copyright © 2020 BSI. All rights reserved
Key considerations
• Business purpose, activities, key cash flow, people and suppliers
• Geographical locations of facilities, customers and suppliers• Cultures that affect how people respond and behave• People who may be at higher risk from COVID-19• Expected peak absenteeism rates and potential patterns• Government actions, such as travel, quarantine, restrictions
on mass gatherings and guidelines on social distancing
Continuously keeping context front of mind
35
![Page 36: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/36.jpg)
Copyright © 2020 BSI. All rights reserved
36
![Page 37: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/37.jpg)
Copyright © 2020 BSI. All rights reserved
37
![Page 38: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/38.jpg)
Copyright © 2020 BSI. All rights reserved
38
![Page 39: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/39.jpg)
Copyright © 2020 BSI. All rights reserved
39
![Page 40: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/40.jpg)
Copyright © 2020 BSI. All rights reserved
Edelman’s COVD-19 observations• An uncertain context trust in institutions
becomes even more critical • Strong leadership and decision making
will be required to shape and earn trust post-crisis
• Many organisations were caught off-guard by the crisis and living up to the established purpose may seem daunting - but at some point organisations will need to regroup. This will require and enterprise approach.
• Purpose is not immune to shifts in context, with millennials having a profound influence – purpose must adapt in harmony with culture
• Now is the time to start thinking – the clarity that comes with crisis provides a unique opportunity
• Trust remains a key metric at this time• “Proof of purpose” if an organization
wants to build lasting trust•
40
![Page 41: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/41.jpg)
Copyright © 2020 BSI. All rights reserved
41
![Page 42: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/42.jpg)
Copyright © 2020 BSI. All rights reserved
42
![Page 43: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/43.jpg)
Copyright © 2020 BSI. All rights reserved
Responses to COVID-19 research from Imperial College
Priority• Improve the way the current outbreak response is planned and implemented;• Improve the way information and guidance is provided to and understood by the public;• Optimise the support provided to communities and vulnerable groups; and• Improve future outbreak preparednessSecondary• Understanding the role of the media in influencing how people react and respond;• Furthering our basic understanding of the virus – how it spreads, who it affects the most and why, and whether
people achieve and maintain immunity after being infected;• Critiquing the UK’s response to the pandemic against that of other countries; and• Ensuring lessons can be learnt from this outbreak to better equip us for future outbreaks, and public health
emergencies in general
https://www.imperial.ac.uk/mrc-global-infectious-disease-analysis/covid-19/
43
![Page 44: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/44.jpg)
Copyright © 2020 BSI. All rights reserved
44
![Page 45: COVID-19 and Risk Management · Principles should enable effective integration of Processes into a Framework that delivers value for the organization . ... Governance • Evaluate](https://reader036.vdocuments.mx/reader036/viewer/2022081405/5f0b5fc07e708231d43033ee/html5/thumbnails/45.jpg)
Copyright © 2020 BSI. All rights reservedCopyright © 2020 BSI. All rights reserved
COVID-19 and Risk Management
Deborah Higgins, EPC (Serco)Julia Graham, AirmicRussell Price, Continuity Forum
Questions?