SlideShare una empresa de Scribd logo

Business Continuity ROI

G
Greg Cybulski, CBCP, ARM

The document discusses how business continuity management (BCM) programs can provide both short-term and long-term return on investment (ROI) for organizations. It outlines the key components of a BCM program, including business impact analysis, risk assessment, emergency response planning, and governance processes. Examples are provided of how BCM planning helped organizations reduce risks and increase resilience during events like natural disasters. While some benefits are tangible and easy to quantify, others are intangible, but no less important to the overall ROI of a BCM program. Developing and implementing a full BCM program allows an organization to identify impacts, improve preparedness, and gain competitive advantages through operational resilience.

1 de 10
Descargar para leer sin conexión
` Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Risk. Reinsurance. Human Resources. Business Continuity Management Return on Investment Gregory T Cybulski, CBCP, ARM Associate Director Aon Global Risk Consulting Business Continuity Management
Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 1 Increasingly, organizations are looking to integrate business continuity as a strategy to drive operational resiliency and preparedness. However, risk and financial stakeholders are often faced with a dilemma of providing a case for return on investment to the C-Suite and board leadership. This paper identifies a number of areas where the development and implementation of a sound business continuity management program can provide both short-and long-term benefits and better align business objectives to ensure a Return on Investment (ROI). Making the Case for Business Continuity As organizations strive to drive operational efficiency in the face of an increasingly competitive business environment, risk leaders need to make a solidbusiness case to procure financial resources from corporate boards and financial leaders. Exacerbating the issue is a host of external challenges including an aggressive regulatory landscape, complicated supplier/contractor relationships, and the increasing need to devote resources to mitigate potential data and cyber breaches, just to name a few. Organizations that focus on short-term profitability may miss opportunities and the long-term benefits of a well-developed business continuity program. As with all new initiatives, stakeholders require adequate time and resources to effectively embed practices and processes and ensure they abide by the organization’s culture and mission. The media reports countless episodes where organizations experienced financial or reputational issues that could have been diverted if for some wise and proactive planning. This is in full evidence in the following examples:  Thailand floods. Supply chain disruptions affecting the automotive and high-tech industries during the Thailand floods of 2011 have made it one of the top five costliest natural disaster events in modern history (1) . More than 1,000 factories were impacted, resulting in insurance claims reaching US$ 20 billion (2) . The concentration of suppliers within a geographic region created the global impact.  Hurricane Sandy. Millions of Americans from North Carolina to Maine were not well prepared for the impact of Hurricane Sandy. Wind, storm surge, and flooding impacted communities (3) , and in many cases, business activity was at a standstill for an extended period. The continuous frequency and cost of large hurricanes, cyclones and storms (Hurricane Wilma in 2005, Hurricane Katrina in 2005, Hurricane Ike in 2008) should have alerted communities and businesses to act swiftly and with purpose.  Reputational crises. A natural catastrophe can wreak as much havoc on your organization’s reputation as it does on its physical property. Over the past few years there were many reputational crisis incidents requiring organizations to redirect efforts as well as funding to halt or reverse negative effects - both perceived and actual - to remove themselves from the negative spotlight. Some of these reputational crisis incidents included the BangladeshRana Plaza factory collapse, the Barilla Pasta remarks (4) , Malaysia Airlines Flight MH370 (5) , and the General Motors ignition recall (5) . In each case, a mature crisis management team, aware of its risks, could have pre-emptively managed the negative effects by properly managing internal communications and getting out in front of the media with effective press strategies. What is the ROI of BCM? Determining if a financial decision will produce positive results is typically done by calculating the ROI, a performance measure used to evaluate the efficiency of an investment, or by comparing the efficiency of
Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 2 a number of different investments. To calculate ROI, the benefit (return) of an investment is divided by the cost of the investment; the result is expressed as a percentage or a ratio. Return on Investment = (Gain from Investment - Cost of Investment) X 100 Cost of Investment The formula measures and compares the tangible benefits of expenditures and discounts those that are intangible, such as qualifying alternate suppliers or well-developed teams who can pre-emptively identify and remediate risk or have been trained to execute recovery. Many organizations implement ROI procedures to quantify success, in financial terms, and justify the necessary expenditures. Business continuity management can drive relevant ROI results and tangible benefits by understanding how “intangible” areas can influence business decision, e.g., when an organization suffers a production facility disruption, that is so extreme, the senior management team decides rebuilding the facility is simply not financially feasible, thereby eliminating the entire product line produced in the facility from its portfolio. Deciding factors to exit the business couldhave been elevated by understanding and measuring the impact to their reputation and image, and not just the immediate inability to qualify and contract duplicate production or contract manufacturers. Thus, ROI calculations used for making a case for investment in a Business Continuity Management program may be understated. The full range of benefits is not recognized until the planning and implementation processes have been completed. By reviewing the business continuity objectives and planning components, there is a clear path to understanding both tangible and intangible benefits. Prior to providing examples of both in terms of your own organization, it is important to review the business continuity management objectives and planning components. Business Continuity Objectives The objective of a business continuity management program is to define the process, protocols and benchmarks for organization to develop plans ensuring the safety of employees, its community and the continuity of time-sensitive operations. The definition of business continuity is an ongoing process to ensure the necessary steps are taken to identify the impacts of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services (6) . By this definition, business continuity provides tools to measure impacts on productivity, customers, market share and reputation. Business Continuity Planning Components A well-executed business continuity plan follows defined standards/codes and best practices (NFPA 1600 – Standard on Disaster/Emergency Management and Business Continuity Programs and /or ISO 22301 – Societal Security, Business Continuity Management Systems) and best practices (DRII – Disaster Recovery Institute International) to yield benefits. The following three phases are critical when developing a compliant Business Continuity Management program: 1) the Discovery phase (Business Impact Analysis and Risk Assessment), 2) the Planning phase (Emergency Response and Management, Crisis Management and Communications) and 3) the Governance phase (Plan Auditing, Updating and Exercising). Adhering to these standards, codes and best practices during the planning phases, ensures
Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 3 these planning components generate both tangible and intangible benefits. The diagram (below) provides a depiction of the planning components, along with descriptions: Discovery Process The Discovery Process phase provides the opportunity to identify potential risks and measure the amount of disruption an organization can withstand or those which must be addressed, either by reduction / remediation or through tactical and strategic planning. The following two planning components are the baseline for a business continuity plan, These tools also help organizations measure ROI on the business continuity program:  The Business Impact Analysis (BIA) identifies and qualifies the time-sensitive business functions and processes. This measurement enables the organization to understand the point in time when an impact starts to drive negative consequences. The measured impact is not just a financial calculation but also measures when the impact begins to affect customer service, legal / regulatory and contractual issues, operational performance, organizational image and reputation, and leadership / management. The BIA can be designed to accommodate additional impacts by quantifying and evaluating the output. Once these impacts are understood, the organization can develop the framework to accept, remediate or develop planning strategies to support organizational recovery.  The Risk Assessment and Remediation (RA) should yieldmeasurable results by quantifying and qualifying those risks and threats that can disrupt the organizations ability to continue time-sensitive business functions and processes. Determining the organization’s optimal risk acceptancelevel and implementing a consistent assessment process provides the means for measuring and replicating the process throughout all locations. Dozens of RA methodologies exist and range from very simplistic Heat Maps to highly complex formula-based methodologies. Whichever process is selected, implementation across the organizationneeds to be consistent to ensure proper and accurate risk measurement and remediation.
Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 4 Planning Process The Planning Process phase collates three separate but integrated plans to coordinate activities, authorities and responsibilities. These plans draw from the information captured and analyzed during the Discovery Process phase to ensure theorganization not only survives catastrophic events, but can more effectively manage the situation, drive operational resiliency, and possibly project a better public image. These three integrated plans are as follows:  The Emergency Management & Response component outlines the initial strategies for responding to, and stabilizing an event. First responders are responsible for life safety, stabilizing the incident, qualifying and remediation of damage, and communicating to authorities and the Crisis Management Team.  The Crisis Management & Communications plan bridges theresponsibility and coordination between the emergency management / response team and business restoration and operational recovery; providing the leadership, decision-making and communications structure to support recovery time objectives, while restoring or maintaining critical functions.  The development of Business Restoration and Operational Recovery plans includes the strategy development, documentation and deployment of activities required to restore and recover functional operations to meet or exceed the recovery time objective. Governance The Governance phase provides the organization with the ability to keep the business continuity plans fresh and accurate. This phase includes three distinct processes:  Plan Auditing provides a formalized method for measuring how business continuity processes are being managed and determining the effectiveness of the organizations objectives an understanding of capabilities or maturity of the plans.  Plan Updating to ensure accurate and up to date strategies, resources and agreements have been documented in compliance with the business continuity policy.  Plan Exercising is conducted on a preset schedule allowing the teams to practiceplan implementation, strengthen responsibilities and capabilities while identifying improvements to strategies and resources. Determining the Return on Investment Recall, there are two key factors that need to be considered when determining an organization’s Return on Investment. These factors are the tangible and intangible benefits, or measurable and “unmeasurable” benefits, which support decisions. Most often, an organization measures only the tangible components, for example, justifying a new piece of production equipment with reduced power requirements, decreased waste generated, and a smaller production footprint with greater output capacity. Additionally, an organization might justify investing in an Information Technology infrastructure that requires less cooling capacity, occupies fewer racks and provides faster processing, allowing more transactions. This analysis provides a direct relationship of cost versus revenue and the go / no-go analysis for funding the purchase of new equipment. Both examples provide a measurable effect on revenue, productivity, environmental impact, infrastructure and profitability, etc.
Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 5 More recently, organizations have more actively begun to consider and incorporate how plans would respond to new and emerging risks or historical events in a “what if” scenario. The findings and outcomes can force the organization to measure the impact and provide justification for funding improvements. This became reality during the March 2011 earthquake and tsunami followed by a nuclear crisis occurring in Japan. The outcome was a negative economic impact on the country and the world economy. Reports have shown wide-ranging business disruptions, including reductions to 25% of the world’s silicon water supply, 400,000 fewer vehicles produced in the US, a shutdown of the GM Shreveport plant due to the inability to source airflow sensors and the need for Nissan to import engines from its plant in Tennessee (7) . This event highlighted the need for parallel channels for sourcing materials/components due to the concentration of suppliers in a geographic region exposed to natural hazards. According to recent surveys, boards of directors are increasingly considering business continuity management (BCM) as an avenue that provides value to an organization. One survey of 541 respondents indicated their preference for at least one (8) of the following reasons:  BCM protects value and reputation in a crisis through effective management of a major incident.  BCM delivers competitive advantage through operational resilience.  BCM supports effective corporate governance through its ability todeliver objective and transparent information on risk. None of these preferences are quantifiable in the traditional sense, but each carries significant weight throughout the business continuity management process. Another recent study captured the responses of 1,418 risk decision makers from 28 industry sectors that highlighted the risk ranking of their top risks. Of the top 20 risks, many do not have a direct correlation to decisive impact figures prior to an incident but impacts are definitely measurable afterwards. Business Continuity Management addresses many of these risks and provides the protocols around decisions and mitigation. Risks and protocols which business continuity address out of the top 20 include Damage to Brand and Reputation, Regulatory / Legislative Changes, Business Interruption, Computer Crime, Property Damage, Technology Failure / System Failure, Disruption or Supply Chain Failure, Political Risk / Uncertainties and Weather / Natural Disasters (9) . How Organizations Drive ROI through the BCM Process Each of the aforementioned planning components provides an organization with the opportunity to identify risk, qualify impact, remediate hazards and/or increase resiliency into operations. The following are some project related examples where the business continuity management process provided an opportunity to measure the ROI and reduce risk.
Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 6 As can be seen from these examples, a measurable outcome is not always achievable, but throughout the process, a clear path allows these organizations to identify, determineor understand their impacts and plan for resiliency from known and unknown incidents. http://thoughtleadership.aonbenfield.com/Documents/20120314_impact_forecasting_thailand_flood_ event_recap.pdf(1) Building Resilience in Supply Chains, WorldEconomic Forum, January 2013(2) http://www.fema.gov/blog/2012-11-05/hurricane-sandy-recovery-efforts(3)
Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 7 References http://thoughtleadership.aonbenfield.com/Documents/20120314_impact_forecasting_thailand_flood_ event_recap.pdf(1) Building Resilience in Supply Chains, WorldEconomic Forum, January 2013(2) http://www.fema.gov/blog/2012-11-05/hurricane-sandy-recovery-efforts(3) The Top 10 Reputation Crises of 2013(4) By Suzanne Woolley and Ben Steverman - Nov15, 2013 1:07 PM ET http://www.bloomberg.com/slideshow/2013-11-15/the-top-10-reputation-crises-of-2013.html#slide1 Top 10 List Of The Worst Reputations In Crisis For 2014(5) Mike Paul is the Reputation Doctor® at ReputationDoctor LLC http://reputationdoctor.com/2014/12/top-10-list-of-the-worst-reputations-in-crisis-for-2014/ NFPA 1600 – Standard on Disaster / Emergency Management and Business Continuity Programs, 2013 Edition(6) Japan’s 201 Earthquake and Tsunami: Economic Effects and Implications for the United States(7) By: Congressional Research Service 7-5700 “2011 Thailand Floods Event Recap Report”, Impact Forecasting, March2012, Aon Benfield “Engaging & Sustaining theInterest of the Board in BCM” by Business Continuity Institute and Sponsored by Deloitte, 2011(8) “Aon Global Risk Management Survey” surveyed, analyzed and developed by Aon Risk Solutions 2015(9) Additional Readings: Insight Magazine “10 Worst Business Decision Ever Made” by Judy Giannetto, Spring 2014 “Building a Case for Business Continuity” by Axcient, 2013 “Global supply chain resilience: Lessons learned from the 2011 earthquakes”, March 2012, Business Continuity Institute “Does preparedness have an ROI”, May 21, 2012, by David Lindstedt, PhD “Drive Return on Business Continuity Investments”, April 8, 2014, by Frank Travato “ROI Calculations A Rarity in Business Continuity Planning”, by John Robinson “Final Thoughts – The Real Return on Investment for BCP”, December 31, 2006, by John Stagl
Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 8 Contact Information Kieran Stack Managing Director Business Continuity Management 1.312.381.4778 kieran.stack@aon.com JamesPinzari Director Business Continuity Management 1.781.878.3546 james.pinzari@aon.com Gregory Cybulski Associate Director Business Continuity Management 1.973.463.6075 greg.cybulski@aon.com Tony Adame Senior Consultant Business Continuity Management 1.949.823.7202 tony.adame@aon.com
Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 9 About Aon Aon plc is the leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 72,000 colleagues worldwide, Aonunites to empower results for clients in over 120 countries via innovative and effective risk and people solutions and through industry-leading global resources and technical expertise. Aon has been named repeatedly as the world’s best broker, best insurance intermediary, best reinsurance intermediary, best captives manager, and best employee benefits consulting firm by multiple industry sources. Visit aon.com for more information on Aon and aon.com/manchesterunited to learn about Aon’s global partnership with Manchester United. Copyright 2016 AonInc.

Recomendados

Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
Business Risk
Business RiskBusiness Risk
Business RiskMark Garratt
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Andrew Smart
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementJorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 

Recomendados

Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
Business Risk
Business RiskBusiness Risk
Business RiskMark Garratt
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Andrew Smart
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementJorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Alexander Larsen
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementSiteshUpadhyay
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM caseAlexey Chekanov
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
Operational risk management a strategic tool
Operational risk management a strategic toolOperational risk management a strategic tool
Operational risk management a strategic toolEneni Oduwole
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 
McLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalMcLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalVamsi Srinivas
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management GAURAV SHARMA
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
ERM overview
ERM overviewERM overview
ERM overviewHisham Haridy MBA, PMP®, RMP®, SP®
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesGlobalStrategyTribe
 
Risk Management Frameworks
Risk Management FrameworksRisk Management Frameworks
Risk Management FrameworksDaniel Kapellmann Zafra
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCPRon Andrews
 
HSP Risk Management_25 Dec 2016
HSP Risk Management_25 Dec 2016HSP Risk Management_25 Dec 2016
HSP Risk Management_25 Dec 2016Irawan Herwidjojoadi Haditomo
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxBUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxJayLloyd8
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
 

Más contenido relacionado

La actualidad más candente

Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Alexander Larsen
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementSiteshUpadhyay
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
Operational risk management a strategic tool
Operational risk management a strategic toolOperational risk management a strategic tool
Operational risk management a strategic toolEneni Oduwole
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 
McLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalMcLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalVamsi Srinivas
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management GAURAV SHARMA
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesGlobalStrategyTribe
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCPRon Andrews
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 

La actualidad más candente (20)

Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
 
Operational risk management a strategic tool
Operational risk management a strategic toolOperational risk management a strategic tool
Operational risk management a strategic tool
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
 
McLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_finalMcLagan_HR_RiskBasedCompensation_final
McLagan_HR_RiskBasedCompensation_final
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
 
ERM overview
ERM overviewERM overview
ERM overview
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
 
Risk Management Frameworks
Risk Management FrameworksRisk Management Frameworks
Risk Management Frameworks
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
 
HSP Risk Management_25 Dec 2016
HSP Risk Management_25 Dec 2016HSP Risk Management_25 Dec 2016
HSP Risk Management_25 Dec 2016
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 

Similar a Business Continuity ROI

BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxBUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxJayLloyd8
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMLibcorpio
 
A Proactive Approach to Business Continuity
A Proactive Approach to Business ContinuityA Proactive Approach to Business Continuity
A Proactive Approach to Business ContinuityDiana DePaola
 
The Revere Group - Making A Case For Disaster Recovery
The Revere Group - Making A Case For Disaster RecoveryThe Revere Group - Making A Case For Disaster Recovery
The Revere Group - Making A Case For Disaster Recoverycadavis22
 
A laypersons guide to business continuity management richard (2)
A laypersons guide to business continuity management richard (2)A laypersons guide to business continuity management richard (2)
A laypersons guide to business continuity management richard (2)leemond25
 
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIESBUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIESMark Evans
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Free Guide for Businesses Concerned about Business Continuity, Crisis Managem...
Free Guide for Businesses Concerned about Business Continuity, Crisis Managem...Free Guide for Businesses Concerned about Business Continuity, Crisis Managem...
Free Guide for Businesses Concerned about Business Continuity, Crisis Managem...Taylo999
 
Bussiness continuity
Bussiness continuityBussiness continuity
Bussiness continuityatharabbas
 
Operational resilience presentation 1 (1)
Operational resilience presentation 1 (1)Operational resilience presentation 1 (1)
Operational resilience presentation 1 (1)Ebere Ikerionwu
 
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016CBIZ, Inc.
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
White paper pragmatic safety solutions
White paper pragmatic safety solutionsWhite paper pragmatic safety solutions
White paper pragmatic safety solutionsCraig Tappel
 
Planning For Long-Term Success Of A Business
Planning For Long-Term Success Of A BusinessPlanning For Long-Term Success Of A Business
Planning For Long-Term Success Of A BusinessLiz Sims
 
Business Continuity
Business ContinuityBusiness Continuity
Business ContinuityNorm Brien
 
Planning for any disaster
Planning for any disasterPlanning for any disaster
Planning for any disasterNorm Brien
 
Business continuity & disaster recovery
Business continuity & disaster recoveryBusiness continuity & disaster recovery
Business continuity & disaster recoveryGeorge Coutsoumbidis
 

Similar a Business Continuity ROI (20)

BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptxBUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
 
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
 
BUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRMBUSINESS IMPACT ‎ANALYSIS- DRM
BUSINESS IMPACT ‎ANALYSIS- DRM
 
A Proactive Approach to Business Continuity
A Proactive Approach to Business ContinuityA Proactive Approach to Business Continuity
A Proactive Approach to Business Continuity
 
The Revere Group - Making A Case For Disaster Recovery
The Revere Group - Making A Case For Disaster RecoveryThe Revere Group - Making A Case For Disaster Recovery
The Revere Group - Making A Case For Disaster Recovery
 
A laypersons guide to business continuity management richard (2)
A laypersons guide to business continuity management richard (2)A laypersons guide to business continuity management richard (2)
A laypersons guide to business continuity management richard (2)
 
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIESBUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
BUSINESS RISK IN MEDIUM & LARGE SCALE CORPORATE ENTITIES
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Risk management
Risk managementRisk management
Risk management
 
Free Guide for Businesses Concerned about Business Continuity, Crisis Managem...
Free Guide for Businesses Concerned about Business Continuity, Crisis Managem...Free Guide for Businesses Concerned about Business Continuity, Crisis Managem...
Free Guide for Businesses Concerned about Business Continuity, Crisis Managem...
 
Bussiness continuity
Bussiness continuityBussiness continuity
Bussiness continuity
 
Operational resilience presentation 1 (1)
Operational resilience presentation 1 (1)Operational resilience presentation 1 (1)
Operational resilience presentation 1 (1)
 
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
 
White paper pragmatic safety solutions
White paper pragmatic safety solutionsWhite paper pragmatic safety solutions
White paper pragmatic safety solutions
 
Planning For Long-Term Success Of A Business
Planning For Long-Term Success Of A BusinessPlanning For Long-Term Success Of A Business
Planning For Long-Term Success Of A Business
 
Business Continuity
Business ContinuityBusiness Continuity
Business Continuity
 
Planning for any disaster
Planning for any disasterPlanning for any disaster
Planning for any disaster
 
bu
bubu
bu
 
Business continuity & disaster recovery
Business continuity & disaster recoveryBusiness continuity & disaster recovery
Business continuity & disaster recovery
 

Business Continuity ROI

  • 1. ` Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Risk. Reinsurance. Human Resources. Business Continuity Management Return on Investment Gregory T Cybulski, CBCP, ARM Associate Director Aon Global Risk Consulting Business Continuity Management
  • 2. Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 1 Increasingly, organizations are looking to integrate business continuity as a strategy to drive operational resiliency and preparedness. However, risk and financial stakeholders are often faced with a dilemma of providing a case for return on investment to the C-Suite and board leadership. This paper identifies a number of areas where the development and implementation of a sound business continuity management program can provide both short-and long-term benefits and better align business objectives to ensure a Return on Investment (ROI). Making the Case for Business Continuity As organizations strive to drive operational efficiency in the face of an increasingly competitive business environment, risk leaders need to make a solidbusiness case to procure financial resources from corporate boards and financial leaders. Exacerbating the issue is a host of external challenges including an aggressive regulatory landscape, complicated supplier/contractor relationships, and the increasing need to devote resources to mitigate potential data and cyber breaches, just to name a few. Organizations that focus on short-term profitability may miss opportunities and the long-term benefits of a well-developed business continuity program. As with all new initiatives, stakeholders require adequate time and resources to effectively embed practices and processes and ensure they abide by the organization’s culture and mission. The media reports countless episodes where organizations experienced financial or reputational issues that could have been diverted if for some wise and proactive planning. This is in full evidence in the following examples:  Thailand floods. Supply chain disruptions affecting the automotive and high-tech industries during the Thailand floods of 2011 have made it one of the top five costliest natural disaster events in modern history (1) . More than 1,000 factories were impacted, resulting in insurance claims reaching US$ 20 billion (2) . The concentration of suppliers within a geographic region created the global impact.  Hurricane Sandy. Millions of Americans from North Carolina to Maine were not well prepared for the impact of Hurricane Sandy. Wind, storm surge, and flooding impacted communities (3) , and in many cases, business activity was at a standstill for an extended period. The continuous frequency and cost of large hurricanes, cyclones and storms (Hurricane Wilma in 2005, Hurricane Katrina in 2005, Hurricane Ike in 2008) should have alerted communities and businesses to act swiftly and with purpose.  Reputational crises. A natural catastrophe can wreak as much havoc on your organization’s reputation as it does on its physical property. Over the past few years there were many reputational crisis incidents requiring organizations to redirect efforts as well as funding to halt or reverse negative effects - both perceived and actual - to remove themselves from the negative spotlight. Some of these reputational crisis incidents included the BangladeshRana Plaza factory collapse, the Barilla Pasta remarks (4) , Malaysia Airlines Flight MH370 (5) , and the General Motors ignition recall (5) . In each case, a mature crisis management team, aware of its risks, could have pre-emptively managed the negative effects by properly managing internal communications and getting out in front of the media with effective press strategies. What is the ROI of BCM? Determining if a financial decision will produce positive results is typically done by calculating the ROI, a performance measure used to evaluate the efficiency of an investment, or by comparing the efficiency of
  • 3. Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 2 a number of different investments. To calculate ROI, the benefit (return) of an investment is divided by the cost of the investment; the result is expressed as a percentage or a ratio. Return on Investment = (Gain from Investment - Cost of Investment) X 100 Cost of Investment The formula measures and compares the tangible benefits of expenditures and discounts those that are intangible, such as qualifying alternate suppliers or well-developed teams who can pre-emptively identify and remediate risk or have been trained to execute recovery. Many organizations implement ROI procedures to quantify success, in financial terms, and justify the necessary expenditures. Business continuity management can drive relevant ROI results and tangible benefits by understanding how “intangible” areas can influence business decision, e.g., when an organization suffers a production facility disruption, that is so extreme, the senior management team decides rebuilding the facility is simply not financially feasible, thereby eliminating the entire product line produced in the facility from its portfolio. Deciding factors to exit the business couldhave been elevated by understanding and measuring the impact to their reputation and image, and not just the immediate inability to qualify and contract duplicate production or contract manufacturers. Thus, ROI calculations used for making a case for investment in a Business Continuity Management program may be understated. The full range of benefits is not recognized until the planning and implementation processes have been completed. By reviewing the business continuity objectives and planning components, there is a clear path to understanding both tangible and intangible benefits. Prior to providing examples of both in terms of your own organization, it is important to review the business continuity management objectives and planning components. Business Continuity Objectives The objective of a business continuity management program is to define the process, protocols and benchmarks for organization to develop plans ensuring the safety of employees, its community and the continuity of time-sensitive operations. The definition of business continuity is an ongoing process to ensure the necessary steps are taken to identify the impacts of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services (6) . By this definition, business continuity provides tools to measure impacts on productivity, customers, market share and reputation. Business Continuity Planning Components A well-executed business continuity plan follows defined standards/codes and best practices (NFPA 1600 – Standard on Disaster/Emergency Management and Business Continuity Programs and /or ISO 22301 – Societal Security, Business Continuity Management Systems) and best practices (DRII – Disaster Recovery Institute International) to yield benefits. The following three phases are critical when developing a compliant Business Continuity Management program: 1) the Discovery phase (Business Impact Analysis and Risk Assessment), 2) the Planning phase (Emergency Response and Management, Crisis Management and Communications) and 3) the Governance phase (Plan Auditing, Updating and Exercising). Adhering to these standards, codes and best practices during the planning phases, ensures
  • 4. Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 3 these planning components generate both tangible and intangible benefits. The diagram (below) provides a depiction of the planning components, along with descriptions: Discovery Process The Discovery Process phase provides the opportunity to identify potential risks and measure the amount of disruption an organization can withstand or those which must be addressed, either by reduction / remediation or through tactical and strategic planning. The following two planning components are the baseline for a business continuity plan, These tools also help organizations measure ROI on the business continuity program:  The Business Impact Analysis (BIA) identifies and qualifies the time-sensitive business functions and processes. This measurement enables the organization to understand the point in time when an impact starts to drive negative consequences. The measured impact is not just a financial calculation but also measures when the impact begins to affect customer service, legal / regulatory and contractual issues, operational performance, organizational image and reputation, and leadership / management. The BIA can be designed to accommodate additional impacts by quantifying and evaluating the output. Once these impacts are understood, the organization can develop the framework to accept, remediate or develop planning strategies to support organizational recovery.  The Risk Assessment and Remediation (RA) should yieldmeasurable results by quantifying and qualifying those risks and threats that can disrupt the organizations ability to continue time-sensitive business functions and processes. Determining the organization’s optimal risk acceptancelevel and implementing a consistent assessment process provides the means for measuring and replicating the process throughout all locations. Dozens of RA methodologies exist and range from very simplistic Heat Maps to highly complex formula-based methodologies. Whichever process is selected, implementation across the organizationneeds to be consistent to ensure proper and accurate risk measurement and remediation.
  • 5. Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 4 Planning Process The Planning Process phase collates three separate but integrated plans to coordinate activities, authorities and responsibilities. These plans draw from the information captured and analyzed during the Discovery Process phase to ensure theorganization not only survives catastrophic events, but can more effectively manage the situation, drive operational resiliency, and possibly project a better public image. These three integrated plans are as follows:  The Emergency Management & Response component outlines the initial strategies for responding to, and stabilizing an event. First responders are responsible for life safety, stabilizing the incident, qualifying and remediation of damage, and communicating to authorities and the Crisis Management Team.  The Crisis Management & Communications plan bridges theresponsibility and coordination between the emergency management / response team and business restoration and operational recovery; providing the leadership, decision-making and communications structure to support recovery time objectives, while restoring or maintaining critical functions.  The development of Business Restoration and Operational Recovery plans includes the strategy development, documentation and deployment of activities required to restore and recover functional operations to meet or exceed the recovery time objective. Governance The Governance phase provides the organization with the ability to keep the business continuity plans fresh and accurate. This phase includes three distinct processes:  Plan Auditing provides a formalized method for measuring how business continuity processes are being managed and determining the effectiveness of the organizations objectives an understanding of capabilities or maturity of the plans.  Plan Updating to ensure accurate and up to date strategies, resources and agreements have been documented in compliance with the business continuity policy.  Plan Exercising is conducted on a preset schedule allowing the teams to practiceplan implementation, strengthen responsibilities and capabilities while identifying improvements to strategies and resources. Determining the Return on Investment Recall, there are two key factors that need to be considered when determining an organization’s Return on Investment. These factors are the tangible and intangible benefits, or measurable and “unmeasurable” benefits, which support decisions. Most often, an organization measures only the tangible components, for example, justifying a new piece of production equipment with reduced power requirements, decreased waste generated, and a smaller production footprint with greater output capacity. Additionally, an organization might justify investing in an Information Technology infrastructure that requires less cooling capacity, occupies fewer racks and provides faster processing, allowing more transactions. This analysis provides a direct relationship of cost versus revenue and the go / no-go analysis for funding the purchase of new equipment. Both examples provide a measurable effect on revenue, productivity, environmental impact, infrastructure and profitability, etc.
  • 6. Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 5 More recently, organizations have more actively begun to consider and incorporate how plans would respond to new and emerging risks or historical events in a “what if” scenario. The findings and outcomes can force the organization to measure the impact and provide justification for funding improvements. This became reality during the March 2011 earthquake and tsunami followed by a nuclear crisis occurring in Japan. The outcome was a negative economic impact on the country and the world economy. Reports have shown wide-ranging business disruptions, including reductions to 25% of the world’s silicon water supply, 400,000 fewer vehicles produced in the US, a shutdown of the GM Shreveport plant due to the inability to source airflow sensors and the need for Nissan to import engines from its plant in Tennessee (7) . This event highlighted the need for parallel channels for sourcing materials/components due to the concentration of suppliers in a geographic region exposed to natural hazards. According to recent surveys, boards of directors are increasingly considering business continuity management (BCM) as an avenue that provides value to an organization. One survey of 541 respondents indicated their preference for at least one (8) of the following reasons:  BCM protects value and reputation in a crisis through effective management of a major incident.  BCM delivers competitive advantage through operational resilience.  BCM supports effective corporate governance through its ability todeliver objective and transparent information on risk. None of these preferences are quantifiable in the traditional sense, but each carries significant weight throughout the business continuity management process. Another recent study captured the responses of 1,418 risk decision makers from 28 industry sectors that highlighted the risk ranking of their top risks. Of the top 20 risks, many do not have a direct correlation to decisive impact figures prior to an incident but impacts are definitely measurable afterwards. Business Continuity Management addresses many of these risks and provides the protocols around decisions and mitigation. Risks and protocols which business continuity address out of the top 20 include Damage to Brand and Reputation, Regulatory / Legislative Changes, Business Interruption, Computer Crime, Property Damage, Technology Failure / System Failure, Disruption or Supply Chain Failure, Political Risk / Uncertainties and Weather / Natural Disasters (9) . How Organizations Drive ROI through the BCM Process Each of the aforementioned planning components provides an organization with the opportunity to identify risk, qualify impact, remediate hazards and/or increase resiliency into operations. The following are some project related examples where the business continuity management process provided an opportunity to measure the ROI and reduce risk.
  • 7. Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 6 As can be seen from these examples, a measurable outcome is not always achievable, but throughout the process, a clear path allows these organizations to identify, determineor understand their impacts and plan for resiliency from known and unknown incidents. http://thoughtleadership.aonbenfield.com/Documents/20120314_impact_forecasting_thailand_flood_ event_recap.pdf(1) Building Resilience in Supply Chains, WorldEconomic Forum, January 2013(2) http://www.fema.gov/blog/2012-11-05/hurricane-sandy-recovery-efforts(3)
  • 8. Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 7 References http://thoughtleadership.aonbenfield.com/Documents/20120314_impact_forecasting_thailand_flood_ event_recap.pdf(1) Building Resilience in Supply Chains, WorldEconomic Forum, January 2013(2) http://www.fema.gov/blog/2012-11-05/hurricane-sandy-recovery-efforts(3) The Top 10 Reputation Crises of 2013(4) By Suzanne Woolley and Ben Steverman - Nov15, 2013 1:07 PM ET http://www.bloomberg.com/slideshow/2013-11-15/the-top-10-reputation-crises-of-2013.html#slide1 Top 10 List Of The Worst Reputations In Crisis For 2014(5) Mike Paul is the Reputation Doctor® at ReputationDoctor LLC http://reputationdoctor.com/2014/12/top-10-list-of-the-worst-reputations-in-crisis-for-2014/ NFPA 1600 – Standard on Disaster / Emergency Management and Business Continuity Programs, 2013 Edition(6) Japan’s 201 Earthquake and Tsunami: Economic Effects and Implications for the United States(7) By: Congressional Research Service 7-5700 “2011 Thailand Floods Event Recap Report”, Impact Forecasting, March2012, Aon Benfield “Engaging & Sustaining theInterest of the Board in BCM” by Business Continuity Institute and Sponsored by Deloitte, 2011(8) “Aon Global Risk Management Survey” surveyed, analyzed and developed by Aon Risk Solutions 2015(9) Additional Readings: Insight Magazine “10 Worst Business Decision Ever Made” by Judy Giannetto, Spring 2014 “Building a Case for Business Continuity” by Axcient, 2013 “Global supply chain resilience: Lessons learned from the 2011 earthquakes”, March 2012, Business Continuity Institute “Does preparedness have an ROI”, May 21, 2012, by David Lindstedt, PhD “Drive Return on Business Continuity Investments”, April 8, 2014, by Frank Travato “ROI Calculations A Rarity in Business Continuity Planning”, by John Robinson “Final Thoughts – The Real Return on Investment for BCP”, December 31, 2006, by John Stagl
  • 9. Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 8 Contact Information Kieran Stack Managing Director Business Continuity Management 1.312.381.4778 kieran.stack@aon.com JamesPinzari Director Business Continuity Management 1.781.878.3546 james.pinzari@aon.com Gregory Cybulski Associate Director Business Continuity Management 1.973.463.6075 greg.cybulski@aon.com Tony Adame Senior Consultant Business Continuity Management 1.949.823.7202 tony.adame@aon.com
  • 10. Aon Risk Solutions Risk Consulting, Americas | Business Continuity Management Business Continuity Management 9 About Aon Aon plc is the leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 72,000 colleagues worldwide, Aonunites to empower results for clients in over 120 countries via innovative and effective risk and people solutions and through industry-leading global resources and technical expertise. Aon has been named repeatedly as the world’s best broker, best insurance intermediary, best reinsurance intermediary, best captives manager, and best employee benefits consulting firm by multiple industry sources. Visit aon.com for more information on Aon and aon.com/manchesterunited to learn about Aon’s global partnership with Manchester United. Copyright 2016 AonInc.