How can you improve your ability to identify, respond and adapt to - - PowerPoint PPT Presentation

how can you improve your ability to identify respond and
SMART_READER_LITE
LIVE PREVIEW

How can you improve your ability to identify, respond and adapt to - - PowerPoint PPT Presentation

Jul 21, 2023 561 likes •859 views

How can you improve your ability to identify, respond and adapt to significant operational interruptions? Agenda I Introductions and objectives II Why is resilience important III Typical issues be aware IV What do you need to do V

slide-1
SLIDE 1

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

slide-2
SLIDE 2

Page 2 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Agenda

Introductions and objectives I Why is resilience important II Typical issues — be aware III What do you need to do IV Summary and questions V

slide-3
SLIDE 3

Page 3 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Introductions and objectives

Objectives for this session

To understand why resilience is important

To understand common challenges amongst building societies, mutuals and the wider FS sector

To explore the path towards operational and cyber resilience

Ali Kazmi

Executive Director — IT Risk Transformation

Please feel free to ask questions throughout this session

John Milne

Director — IT Risk Transformation

James Turpie

Senior Manager — IT Risk Transformation

slide-4
SLIDE 4

Page 4 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Defining resilience

► Operational Risk is defined in Basel II as the ‘risk of loss

resulting from inadequate or failed internal processes, people and systems or from external events’.

► Operational Risk functions are tasked with identifying,

measuring and assessing these operational risks.

► Operational Resilience is the organisation’s set of people,

processes and technology marshalled to reduce

  • perational risks down to an acceptable level and react

effectively when they do crystallise.

slide-5
SLIDE 5

Page 5 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Polling question 1

We regularly read about service disruptions and cyber attacks which bring down critical services. Taking proactive preventative action now can reduce the risk of disruption. Polling question: How hot a topic is resilience within your organisation?

  • What is resilience?
  • Resilience is occasionally discussed.
  • We have an active resilience programme.
  • Resilience is discussed at senior management and board levels on a regular

basis. How aware of resilience are you?

slide-6
SLIDE 6

Page 6 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Resilience is in the mind of the consumer

slide-7
SLIDE 7

Page 7 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Media headlines

► There are many famous and infamous examples of

when systems outages and cyber attacks affect customers and hit the headlines.

slide-8
SLIDE 8

Page 8 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Agenda

Introductions and objectives I Why is resilience important II Typical issues — be aware III What do you need to do IV Summary and questions V

slide-9
SLIDE 9

Page 9 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Why does resilience matter to you?

Complex operating environments Customer expectations Systematic IT failures Increased regulatory focus Economic upturns Elections and governance challenges Supply chain disruption Competitive forces Digitalisation and emerging technology Cyber crime Legacy IT systems Emerging competition Competing successfully Protecting brand and reputation Meeting rising customer expectations Regulatory compliance

slide-10
SLIDE 10

Page 10 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

The regulatory dimension

Main regulatory focus

► Governance - resilience is a

Board issue

► Critical Economic Functions –

identifying “crown jewels”

► Risk Appetite - clear

statement of tolerance for loss

  • f key business capabilities

against a wider range of criteria

► Accountability – individual

responsibilities should be clearly defined and set against an unambiguous chain of command

► 3 Lines of Defence – each line

should be independent and be equipped to provide effective challenge

► Resilience culture –

continuous improvement not “fix on fail”

► Resilient behaviours –

effective and proactive training and awareness Industry response

► Recognition that resilience is

a mainstream risk

► Increasing application of

traditional risk-management techniques

► Increasing senior

management engagement and oversight up to and including Board

► Better articulation of Risk

Appetite against not just quantitative but also qualitative criteria

► Clearer definition of roles and

responsibilities (SMR)

► More disciplined application of

3 Lines of Defence

► Improved and more regular

MI

► Increased investment in

training to promote resilient behaviours

► Promoting a resilience culture ► Enhanced testing/simulation

Main regulatory drivers

► High profile operational

events and follow-up

► Prevalence of legacy IT

systems

► Emergence of cyber attack as

an increasing threat

► Progress on financial

resilience Recovery and Resolution Planning (“Living Wills”)

► More aggressive regulatory

culture (“prove it to me”) Main regulatory tools

► Forensic testing (CBEST) ► More “deep dives” ► Wider use of skilled persons

reports (s166)

► Improved operational data -

benchmarking

► Regular collective exercises ► Non-binding Guidance/Dear

CEO

► SMR

slide-11
SLIDE 11

Page 11 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Advantages held by resilient organisations

Confidence Coherence Competition Agility Competitive advantage

slide-12
SLIDE 12

Page 12 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Agenda

Introductions and objectives I Why is resilience important II Typical issues — be aware III What do you need to do IV Summary and questions V

slide-13
SLIDE 13

Page 13 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Polling question 2

Polling Question: Who is ultimately responsible for resilience within your

  • rganisation?
  • Chief Executive Officer
  • Chief Risk Officer
  • Chief Information Officer
  • Chief Operating Officer
  • Head of Risk
  • Board
  • Chief Resilience Officer / Head of Resilience
  • Other

The ownership challenge

slide-14
SLIDE 14

Page 14 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Resilience challenges

Dynamic landscape Cost Poor leadership Piecemeal approach Skills gap and resource limitations Inconsistency of technology Inaccessible information Limited strategy Organisational change Customer expectations Underinvestment Ineffective controls

Security & risk management IT disaster recovery Business continuity Information security Crisis management Reputation risk Cyber security Supply chain resilience HSSE CIO COO CRO CEO CTO CFO

slide-15
SLIDE 15

Page 15 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Agenda

Introductions and objectives I Why is resilience important II Typical issues — be aware III What do you need to do IV Summary and questions V

slide-16
SLIDE 16

Page 16 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Polling question 3

Polling Question: Does your organisation have a resilience strategy in place?

  • Yes
  • No

Resilience strategy

slide-17
SLIDE 17

Page 17 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Strategic approach to resilience

Sense, Resist and React to disruptive events, while Adapting and Reshaping operations in environments characterised by both foreseeable and unforeseeable risk

Sense Resist React Adapt Reshape

Lead

slide-18
SLIDE 18

Page 18 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Polling question 4

Polling Question A: How often do you test your resilience capabilities?

  • Monthly
  • Bi-annually
  • Annually
  • Occasionally
  • Never

Testing your readiness Polling Question B: What is the nature of the testing that you perform?

  • Only single functions
  • End to end business processes
  • Including suppliers
  • Cross-industry
  • We do not test our resilience capabilities
slide-19
SLIDE 19

Page 19 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

How much resilience is enough resilience?

Investment in resilience is informed by a number of factors including: Customer expectations Nature and type

  • f services

provided Competitive landscape Cost vs. risk appetite Regulations

slide-20
SLIDE 20

Page 20 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Components of an effective resilience strategy

  • 1. Strategy needs to be dynamic
  • 2. Strategy needs to include key dependencies
  • 4. People are key
  • 5. Have a resilient culture
  • 3. Have the right governance in place
slide-21
SLIDE 21

Page 21 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Three key steps to reduce risk

Identify your critical assets Perform simulations and assessments Define your strategy

slide-22
SLIDE 22

Page 22 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Agenda

Introductions and objectives I Why is resilience important II Typical issues — be aware III What do you need to do IV Summary and questions V

slide-23
SLIDE 23

Page 23 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Key take-aways

Readiness

Do we have the relevant skills and experience on the Board to know if we’re doing enough?

Do the risk committee and Board sufficiently debate the cyber agenda and resilience of the organisation?

How do we compare to peer organisations?

Have we exercised our ability to respond to a cyber attack – up to Board level?

Re-shape the agenda and set-up an effective strategy

Do we know understand our ‘crown jewels’ that are at greatest risk of cyber attack?

Have we defined a cyber risk appetite which is meaningful for our organisation?

Is our cybersecurity strategy aligned with your business objectives? Is cyber security embedded in our digital transformation agenda?

Skills and resources

Is our cyber security function appropriately organised, trained, equipped, staffed and funded?

Do we have a cyber security strategy that covers people, processes and technology AND identify, protect, detect, respond and recover aspects ? Is Governance clear and does this cover 3rd parties?

Assurance

How do we measure the effectiveness of our cyber capabilities?

How quickly would we know if we were being attacked and if our assets were compromised?

slide-24
SLIDE 24

Page 24 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Polling question 5

Polling Question: Considering everything we have discussed today, how confident are you in the resilience position of your organisation?

  • Not at all confident
  • Unconfident
  • Confident
  • Absolutely confident
  • Not sure

Wrap-up

slide-25
SLIDE 25

Page 25 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Did we meet our objectives … ?

To understand why resilience is important

To understand the path to resilience

To understand common challenges in the market If you have any questions then please feel free to contact us: Ali Kazmi — akazmi@uk.ey.com John Milne — jmilne1@uk.ey.com James Turpie — jturpie@uk.ey.com Finally — we would like to request your feedback!

slide-26
SLIDE 26

Page 26 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Thank you

slide-27
SLIDE 27

Page 27 3 May 2017

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Important information

Accordingly, Ernst & Young accepts no responsibility for loss arising from any action taken

  • r not taken by anyone using this pack.

The information in this pack will have been supplemented by matters arising from any oral presentation by us, and should be considered in the light of this additional information. If you require any further information or explanations, or specific advice, please contact us and we will be happy to discuss matters further.