What are we talking about?
Download
Report
Transcript What are we talking about?
Organisational resilience
What are we talking about?
Anneke Schoonhoven & Maurice van Rooijen
Organisational Resilience
What are we talking about?
Agenda:
1. Current approach
2. Need for change?!
3. New approach: Organisational Resilience
4. Plenary discussion
5. Next steps
2
11/12/2015
Organisational Resilience
What are we talking about?
Goal of this presentation:
•
Share the first concept of an Organisational Resilience framework with experts in the
financial sector.
•
Receive first feedback as input for further consultation with internal and external
stakeholders.
3
11-12-2015
Organisational Resilience
What are we talking about?
Question:
Is the concept of Organisational Resilience already used in your organisation?
A. Yes, my organisation is already using the concept and already has an
Organisational Resilience framework in place.
B. Yes, my organisation is currently developing a framework.
C. No, not yet. We are waiting until more guidance becomes available for
financial institutions.
D. No, we do not see the relevance for our organisation.
4
12/11/2015
Organisational resilience:
Why DNB thinks a common approach is relevant
5
11-12-2015
1. Current approach:
Focus on preventing and managing business disruption
Preventing business disruptions by ways of:
Risk
Management
Business
Continuity Mgt
IT security
Physical
security
Managing business disruptions by ways of:
Disaster
recovery
Incident
Management
6
Crisis
Management
(Re)insurance
11-12-2015
2. Need for Change?!
Attacks and disruptions are no longer a possibility, but a certainty!
Survival of the fittest = the most resilient
7
11-12-2015
3. New approach: Organisational Resilience
Goal of DNB:
A. Common approach: guidance, not a mandatory policy
B. Common language: internally and externally
To have a common approach, we need a common definition. Though many definitions
are available……
(BCI) Organisational resilience is “the capacity of an organisation to plan for and adapt to
change or disruption, through anticipation, protection, responsive capacity and
recoverability”.
(BoE) Resilience is “…an organisation's ability to protect or sustain its critical functions, and
underlying assets, while adapting to expected or unexpected occurrences of operational
stress or disruption.”
8
11-12-2015
3. New approach: Organisational Resilience
Nothing new under the sun?
Essential capabilities of Organisational Resilience:
1.
the capability to assess risks and threats, to anticipate a disruption and mitigate, avoid it or prevent it
from occurring;
2.
the capability to plan and prepare for disruption, thereby protecting the organization;
3.
the capability to adapt or respond to and manage a disruption successfully, thereby preventing a
disruption from spreading its impacts;
4.
the capability to recover to a new “normal” state after a disruption.
What’s new?
•
Integral involvement: organisational, not only operational
•
Strategic advantage instead of regulatory requirement
9
11-12-2015
3. New approach: Organisational Resilience
Difference between BCM and Organisational Resilience
BCM is one of many activities of Organisational Resilience
Business Continuity Mgt
Organisational Resilience
Focus on continuity
Focus on resilience
Focus on products or processes
Focus on organisation as a whole
BCM is an activity
Resilience is an outcome
10
11-12-2015
3. New approach: Organisational Resilience
DNB framework
11
11-12-2015
3. New approach: Organisational Resilience
Inner circle:
Set
Depicts the cyclic,
continuous approach of
organisational resilience
strategy
Set risk
appetite
Evaluate
Questions:
Set the
policy /
standard
Risk mgt
Do you recognize the
steps in the cycle?
Do you miss any steps
or aspects?
12
activities
Monitor,
manage,
control
and
comply
Structure
Execute
procedure
11-12-2015
3. New approach: Organisational Resilience
Outer circle:
Depicts the activities that
need to be in place to be
able to be resilient as an
organisation
Questions:
Strategy &
Governance
Information
Security
Physical
Security
HR
Crisis Mgt
Disaster
Recovery
BCM
Compliance
Incident
Mgt
Risk Mgt
Claims &
Risk
Transfer
Do you recognize the
activities?
Do you miss any
activities or aspects?
13
Service Mgt
11-12-2015
3. New approach: Organisational Resilience
Goal: common approach and framework
•
Approach is meant as guidance, not meant as a mandatory policy;
•
Approach is applicable for a broad scope of financial institutions (institutions under
supervision, institutions under oversight and DNB itself);
•
Financial institutions are free to decide on the governance and embedding of the
organisational resilience approach / framework, fitting their structure, complexity
and risk management system;
•
Approach is, where possible, based on current (inter)national regulation and
frameworks.
14
11-12-2015
4. Plenary discussion
1. Do you see the need for a new approach?
A. Yes, I am convinced of the added value of Organisational Resilience for my
organisation.
B. No, our current Business Continuity Management approach is sufficient
for my organisation.
15
11-12-2015
4. Plenary discussion
2. The Business Continuity discipline is the best ambassador to coordinate
the implementation of an Organisational Resilience framework
A. Yes, the Business Continuity discipline is the best equipped to coordinate the
implementation of an Organisational Resilience framework.
B. No, the Business Continuity discipline should stick to its core business.
16
11-12-2015
5. Next steps
Next steps DNB regarding Organisational Resilience as a framework:
•
Receive more feedback from stakeholders in various external and internal
working groups, f.i. Platform Business Continuity Vital Infrastructure Financial
Sector (BC VIF)
•
Consultation on draft guidance internally and externally (guidance thus not a
mandatory policy)
•
Communication of guidance to the relevant financial sectors
•
Use of the guidance as an internal and external framework (f.i. as a reference
framework for DNB supervision / inspections)
17
11-12-2015
Questions?
For more information please contact:
•
•
•
•
•
18
Leon Strous: [email protected]
Petra Steenbakker: [email protected]
Maurice van Rooijen: [email protected]
Anneke Schoonhoven: [email protected]
Elizabeth Rosheuvel: [email protected]
11-12-2015