kwsp2 - taklimat di intan 300610

8/9/2019 KWSP2 - Taklimat Di Intan 300610

1/21

BCM

PRESENTATIONLOCATION : INTANTH


2/21

Agenda

Organization Chart

Overview Risk Assessment


3/21

ORGANIZATION CHARTS


4/21

Business Continuity Management Framework

Mandate by Board / Top Management

Management Operations Risk Committee (MORC), Board Risk Management Committee

(BRMC)

BCM Secretariat Role & BCM Team Role

BCM

FrameworkBritish Standard

25999 - 1: 2006

Plan

Readiness

Human

Readiness

Infrastructure

ReadinessMonitoring


5/21

Risk Management Department , Organization

PENGURUS BESAR

KANAN

KETUA PEGAWAI EKSEKUTIF

SEKSYEN SEKSYEN SEKSYEN

SEKSYEN

Board Risk Management

Committee

5

MIS/ANALYTICS RISIKO

PELABURAN

RISIKO KREDIT RISIKO OPERASI

Unit Polisi

Risiko dan

Pemodelan

Unit

Risiko

Pasaran

Unit

Corporate Risk

Scorecard

(CRS)

Unit Penilaian Bebas

(Pembiayaan Korporat,

Pelaburan Hartanah &

Ekuiti Persendirian)

Unit

Business Continuity

Plan

(BCP)

Currently reporting to seksyen risiko pelaburan


6/21

Development of BCM Programme in Organization


7/21

OVERVIEW RISK ASSESSMENT


8/21

What ?

Risk Assessment Overview

Risk Assessment can help us to:

a) Have a list of threats that cause a disruption

on Organizationb) Identify a single points of failure

c) Recommend an actions to be taken to reduce

the threats strategy development


9/21

Risk Management Process

ESTABLISH THE CONTEXT

IDENTIFY RISKS

ANALYSE RISKS

TEANDCONSULT

ANDREVIEW

SSESSMENT

Establish the Context: for strategic, organisationaland risk management and the criteria against whichbusiness risks will be evaluated.

Identify Risk: that could prevent, degrade, delay orenhance the achievement of an organisations businessand strategic objectives.

Analyse Risk: consider the range of potentialconsequences and the likelihood that thoseconsequences could occur.

Evaluate Risks: compare risks against the firms pre-established criteria and consider the balance betweenpotential benefits and adverse outcomes.

9

EVALUATE RISKS

COMMUNIC

TREAT RISKS

MONITO

RISK

increasing potential benefits and reducing potentialcosts of those risks identified as requiring to be treated.

Monitor and Review: the performance and costeffectiveness of the entire risk management system andthe progress of risk treatment plans with a view tocontinuous improvement through learning fromperformance failures and deficiencies.

Communicate and Consult: with internal andexternal stakeholders at each stage of the riskmanagement process.

Note that: Identify, Analyse and Evaluate Risks

are collectively grouped as Risk Assessment.Extracted from ISO 31000:2009

Risk Management Standard


10/21

Organization BCM MethodologyRisk Management Process Identify Risk

Plan

The development

of the procedures/ work flow

5-Jul-10 Risk Management Department 10

BusinessFunction

WorkPlace

Human Understanding ofthe procedures

The equipmentand others tosupport the work


11/21

Non-adherence

Quantitative ImpactQualitative

Impact

Impact of Disaster on Organization

Quantitative and Qualitative Impact

1RM143 MILLION*Average contributions

applications that cannot be

processed per day

1

Risk Assessment Overview

charter

Unable to fulfil

national social

responsibility

*Source: KWSP Annual Report 2008

2RM90 MILLION*

Average withdrawals applications

that cannot be processed per day2

RM83 MILLION*

Average potential investment

earnings that may be lost per

day

3


12/21

Organization BCM MethodologyRisk Management Process Analyze The Risk

List of Causes

Natural disaster

Man made Disaster

Plan

5-Jul-10 Risk Management Department 12

Health and Safety IT System

Utility Failure

etc

BusinessFunction

WorkPlace

Human


13/21

Impact of Disaster on Organization

Cause and Effects Matrix

Epidemic (SARS, Bird Flu)

Health and Safety

Haze

Tsunami / Typhoon

Flood

Earthquake

Natural Disaster

Reputation

Affected

Services

Affected

IT Systems

Affected

Building

AffectedPeople Affected

EFFECTSCAUSES

Epidemic (SARS, Bird Flu)

Health and Safety

Haze

Tsunami / Typhoon

Flood

Earthquake

Natural Disaster

Reputation

Affected

Services

Affected

IT Systems

Affected

Building

AffectedPeople Affected

EFFECTSCAUSES

Risk Assessment Evaluate the risk

25 November 2005 Page 13Consulting Services for

Business Continuity PlanOutsource Party Terminated

Others

Telecommunication Outage

Water Outage

Power Outage

Utility Failure

IT Security Compromised

IT System Failure

Riot & Civil Commotion

Security Threats

p em c po sonous gas, can een

contamination, Antrax)

Fire / Arson

IT System

War

Hostage / Key staff unavailable

Explosion

Outsource Party Terminated

Others

Telecommunication Outage

Water Outage

Power Outage

Utility Failure

IT Security Compromised

IT System Failure

Riot & Civil Commotion

Security Threats

p em c po sonous gas, can een

contamination, Antrax)

Fire / Arson

IT System

War

Hostage / Key staff unavailable

Explosion


14/21

Organization is affected by the worst-case scenario whereby the disaster happens at the most inopportunetime

Processes

Location Registration Contribution Withdrawal Enforcement FraudRship &

Channel MgtInvestments

SupportServices

Remarks

Disaster atHeadquarters

EPF1, EPF 3and EPF4Record

Keeping

Form ARecordKeeping

Deceased,Pension

Prosecution

myEPF,Email

enquiries

10 supportservices

EPF forms,legal docsdestroyed,Investmentsystems

affected.

Impact of Disaster on Organization Organization Location Disas

Organization Disaster

Risk Assessment Evaluate The Risk

Page 14Consulting Services for Business Continuity

Plan14 February 2006

Disaster at ITData Centre

Key ITsystem

services

IT Core

Systemsaffected, keyservices atState / Branchaffected.

Disaster atProcessing

Office

Reroute toother

processingoffice.

Disaster atEPF Institute

Call Centre

Training

Servicesdelayed androuted to

other location

Disaster at a

State Office

Reroute to

other stateoffice

Disaster at a

Reroute to


15/21

Disaster

Disaster is defined into 2 categories:

Organization Disaster

impacts Organization through widespreadand overall total de radation of

Risk Assessment Outcome

operations and service delivery

Location Disaster

impacts only the affected branch officebut does not degrade the branchs overalloperations and service delivery


16/21

STEP- BY- STEP APPROACH


17/21

How To

Identify Causes & Consequences

17

Identify Primary Controls (preventive, detective andcorrective) and Secondary Controls and Effectiveness

Identify actions plans to mitigate the risks


18/21

How often?

Risk Assessment

Evaluated if :

a) There is a significant changes in the internal

business process, locations or technologyb) There is a significant changes in the external

environment eg regulatory changes

c) Part of BCM annual programmes


19/21

Key success

factors?

Risk Assessment

a) Get support from the management

b) Commitment from the various parties staffs, Head of Department ,

suppliers etc

c) Identify the scope of RA, BIA - all organization , some part of business

d) Understand the key business process , so that we can identify the risk and

respond to it.

e) Document the risk for knowledge, training and audit trail

f) Up to date and reflect the changes in the organization


20/21

Organization BCM Methodology

BCM Monitoring

How we know that we are ready

Plan

Action driven

Simple and concise

Human

Succession planning

Right nominations

Infrastructure

Command centre

Business facilities

Monitoring

Monthly Status fromthe Department /Branches

Framework

5-Jul-10 20

GenericWorst nightmares

Roles &responsibilities

Team recovery

Reference material

Listings

Contact numbers

Review Strategy,Plan , MRR , BIA,RTO

AuthoritySpecialists

Clear roles

Trained personnel

BCM Awareness

Training programme

Call Tree,Walkthrough , CrisisSimulation , Tutorial

Meeting roomsResources

Equipment

Furniture

Vendor agreements

Communications

Testing ofEquipment

War chest update

Site Design

SLA

Customer Survey


21/21

5-Jul-10 Jabatan Pengurusan Risiko 21

kwsp2 - taklimat di intan 300610

Documents