Deloitte Enterprise Risk: Issue 3
Business continuity planning and management: Protecting the business from undeserved calamity
* Should you be interested in purchasing this book, please download the subscription form attached.
Published: April 2012
Featured content: Business continuity planning and management
- Business continuity management provides a 360-degree defense against disaster
Business continuity management ("BCM") can help identify potential threats towards a company and their negative impact on the business operations. Meanwhile, it provides a set of effective feedback and recovery system, putting the interests of the shareholders, the company's reputation and the value creating activities under effective protection. This article summarizes the common errors and pitfalls of BCM, and provides a 360-degree business continuity solution.
- Making BCM policy fit business requirements
The Business Continuity Management Policy ("BCM Policy") is a key document of the whole BCM solution. It explains the reason for BCM implementation, provides the background on the necessary ability BCM requires and the principles the organization expects to understand. This article introduces the main steps of implementing the BCM policy including integrating the organization's strategy, goal and culture, defining the scope of the business continuity plan and formulating the BCM policy.
- Driving business value through achieving business continuity management : How to implement business impact analysis appropriately
Business Impact Analysis ("BIA") is the starting point in business continuity management. With limited resources, the management should focus on a key area which matters the most to the company's continuing operation. The objective of BIA is to identify the most important business and provide evidence to support the allocation of BCM resources and the decision of recovery priorities. This article introduces the core conception, methodology and significance of BIA.
- If the Japan earthquake had hit Taiwan, would your company have survived?
Drawing upon the economic consequences for Japan and the world following the magnitude-9 earthquake and the tsunami that happened on 11 March 2011 north east of Japan, this article initiates an in-depth discussion on the shock triggered by the temblor and the response aiming to help readers understand the impact of the earthquake in different industries (automobile and semiconductor industries), the measures of resilience and the recovering operation, and learn more about how companies should implement business continuity management and supply chain risk management.
- Taking preventive measure to get ready: Enhancing the bank's business continuity management
On 28 December 2011, the China Banking Regulatory Commission issued the notice of "The supervisory guidance on commercial bank business continuity ("Guidance")" which covers the requirements in respect of key links throughout the BCM life cycle, including the business continuity organization structure, business impact analysis, business continuity planning and resource development, business continuity implementation and continuous improvement, monitoring and disposition. BCM has since become an important topic for commercial banks. Discussed closely around the detailed requirements of the Guidance, this article explains the problems in the execution of BCM in commercial banks and provides insight into Deloitte's BCM methodology.
- The significance of risk analysis in BCM
BCM is a comprehensive management process. It awakens the company to potential crises and their corresponding impact, and impels the company to make recovery plans to restore the business continuity. The overall goal of BCM is to improve the organization's ability of preventing risks in order to respond to unplanned damages to the business and minimize their negative impact. This article focuses on the significance and the method of risk assessment in BCM.
- Building up corporate risk awareness to manage crises: Introduction to the Apollo 13 Corporate Risk Mock Program
The Apollo 13 Corporate Risk Mock Program was developed based on the scenario of the Apollo 13's distress in space in 1969. It concentrates the significant historical event into a half to one day course. By role playing under intense and exciting circumstances, participants will experience the process of building up a risk organization, designing a process, implementing event management and crisis communications. The Deloitte Taipei office has adopted this program in 2007 which has been converted into Chinese. Since then, the course has been offered to companies in a variety of industries.
- Study on commercial bank credit risk management based on the KMV model
The KMV model is an effective model used to measure credit risks. This article introduces domestic and foreign documents related to the KMV model, as well as its principle and methodology. It also covers an empirical analysis conducted on the basis of the model with six selected listed companies in the agriculture sector as samples. The results show that the KMV model has high accuracy in evaluating the credit risks of target companies by commercial banks. The article also provides suggestions on how to enhance the applicability and accuracy of the KMV model on credit risk management in commercial banks.
Multivariate perspective from Deloitte experts
- Deliberation on fair value and audit risk prevention
The US sub-prime mortgage loan crisis triggered the global financial crisis and drew people's attention to the fair value pricing of financial products. But based on the opinion of the author, an expert from Audit at Deloitte, fair value accounting should not be held mainly responsible for the current market volatility. This article provides an analysis on the main theoretical principles and the regulation of fair value accounting in China, how to improve the current fair value accounting practice, and how to prevent the related audit risk.
Risk management terminology
In this issue, the featured phrase that is related to risk and control is "crisis management".
Internal control practices
The following topics are covered:
- Short stories on risk management in insurance industry (2) – Paying for representative signing
- Internal control practices (6) – Purchase (3): Reconciling the invoice and payment