Message
FAQ
- Details
- Category: Uncategorised
- Published on Tuesday, 27 December 2011 15:36
- Written by Super User
- Hits: 61
FAQ - frequently asked questions
1. What is a BCM program? A BCM program is an ongoing management process which is promoted and enforced by the top management, notably in terms of seeing the program is adequately resourced and budgeted. The program’s purpose is to identify the impact of untoward incidents and potential loss, and to develop and maintain appropriate recovery strategies and plans. It also includes training, exercises and regular management reviews aimed at securing production and service continuity in the event of a contingency situation. The BCM program, its scope of validity, designated roles and responsibilities, are documented in a policy signed by top management and published throughout the company. 2. What different BCM strategies are there? A company will develop its own particular strategic options for conducting and resourcing its critical activities. It is therefore necessary to define BCM strategies for the following resources:
3. What are standards, and what added value do they offer? “A standard is an agreed, repeatable way of doing something. It is a published document that contains a technical specification or other precise criteria designed to be used consistently as a rule, guideline, or definition. Standards help to make life simpler and to increase the reliability and the effectiveness of many goods and services we use.” (British Standard Institution) Standards incorporate internationally recognized methods for introducing and efficiently maintaining management systems. They are a powerful tool helping raise productivity in companies of all sizes and lines of business. Certain standards (such as ISO 31000, ISO 27001 or BS 25999) also serve to proactively manage risks and help companies comply with their contractual and legal requirements. Standards create a common understanding of a particular management system. 4. What benefits are there to certification in BCM? BS 25999-compliant business continuity management systems helps companies save costs when auditing and appraising partners along their critical process path. Certification helps companies use a BCMS proactively and can demonstrably minimize risks and their impact. With the entire system undergoing regular audits, improvement takes place on a continuous basis. The company demonstrates its commitment to BCM and significantly raises its ability to survive a disaster. 5. What do we understand by risk or risks? Risk concerns the possibility that one or more outcomes of future events can deviate from their expected value – in business, for instance, when revenues are not the same as in the business plan. In essence, risk is about variability, and as such has an up-side as well as a down-side. Positive variability can also be an opportunity. The origin of the term is uncertain (Latin resecare or ancient Greek rhiza, later used in Latin for “cliff”). In another definition, risks are simply future issues that can be avoided or mitigated, rather than present problems that must be immediately addressed. 6. Why should I proactively engage with questions of risk? Doing business is about risks and opportunities. Companies are first and foremost in business to make a profit. When a company pursues an opportunity in business, it should also be aware what the down-side risk is. This means installing processes to identify and assess risk (for example, potential scale of damage). When an organization enters into a risk consciously and deliberately, the residual risk must be made manageable by measures such as continuity planning, recovery strategies and crisis management. People who don’t know what their risks are, or who take decisions solely on “gut feeling”, are essentially doing “management by lottery”. In the eyes of the law, this is considered to be grossly negligent conduct (see § 91 paragraph 2 and § 93 paragraph 2 of the Companies Act with impact on GmbH and other types of company). Effective risk management is also opportunity management, and the foundation for responsible governance. 7. What is meant by the term “risk map”? The various risks that are present in companies are organized into categories such as operational risk (OpRisk), market risk, currency and liability risk (compliance), reputational and liquidity risk and many more. The sum total of identified risks make up the risk map. The risks specified in the map should be reviewed periodically and if necessary updated. The current risk map is the basis for further risk assessment and control.8. What is meant by the term risk management? Managing risk means identifying, assessing and controlling risks, and their impact in the event of occurrence. 9. Which standards are relevant for introducing a risk management system? Standards of key relevance are:
10. What is compliance/compliance management? “Compliance” means confirming to a rule or regulation. In the business world, compliance management is the methodology for meeting standards and frameworks (laws, regulations, customer requirements and internal codes). In a more general sense, it concerns the governance practices in an organization that ensure management and staff fulfil their obligations in terms of civil and criminal liability. |
