GRCCS International conference & exhibition 2019
ORGANISATIONAL RESILIENCE: THE MISSING LINK
29th July 2019
Pullman Kuala Lumpur City Center Hotel & Residence Malaysia
Another Malaysian GRCCS International Conference has come and gone.
The one-day conference, which featured the theme “Organisational Resilience: The Missing Link”, saw the gathering of an impressive number of speakers. I was proud to see some of my colleagues, who took the December 2015 CBCI exam with me - including Richard Ong of Sime Darby and Azmani Syah from Senai Airport Teminal - presenting their papers at the conference.
Welcome Address and Opening Remark
David Window delivered the welcome address acknowledging the conference’s international attendance as well as a platform for professionals to share knowledge. This is especially crucial in an age where there is the need to prepare, respond and adapt to disruptive events.
To further develop Business Continuity in Malaysia, it was proposed for BC corporate governance to be a permanent element in the board room agenda, which will enhance stakeholder confidence and provide a competitive edge.
Keynote Address & Opening Ceremony
The keynote speaker for the conference was Yang Berbahagia Dato Mohd Izzat Emir, President of the Asean Chamber of Commerce. He stressed the importance of being prepared for unexpected disruptions and building resilience within organisations. He also used examples such as the Hong Kong protest - which impacted the former British colony’s retail and tourism sector -as well as the cyber attack on a Singapore Hospital where patients’ medical records were stolen.
The cyber incident highlights organizations’ dependency on IT systems and the importance of having recognised standards and frameworks in place such as ISO 22301:2012 and BCI Good Practice Guidelines 2018.
Business Continuity Management needs to be embraced by organizations, from Business Impact Assessment to Exercising, organizations need to to identify priorities, recovery requirements and ensure preparation for disasters.
Guest of Honor Address: Organizational Resilience –The Missing Link
Mr Glen Redstall MBCI, took to the stage and addressed the opportunities that are around us to enhance each other’s knowledge through different business continuity perspectives and cultures.
He also underlined how organisational resilience is a collective responsibility which should be leveraged in various professional bodies and disciplines.
General Session 1: How Supply Chain Resilience can help to close the Missing Link in Organizational Resilience
David Window FBCI, Director, Tutor & Course Author for Continuity Shop, Continuity 22301 Ltd, UK kicked off the first session. Touching on Supply Chain Resilience, he stressed the importance of due diligence when signing Supply Chain Management (SCM) contracts as they don’t always provide realistic information on suppliers’ business continuity. This is because business continuity solutions are often contracted out and not well detailed within contracts.
David recommended to check on the number of supply tiers, decide service level agreements and how much to invest ON Risk Management orr Business Continuity. Finally, David concluded that:
- Priority suppliers should be included in the Business Continuity Policy
- Business Continuity documentation should be embedded into the Supply Chain risk and response strategy
- BIA’s and Threat and Risk Assessments should detail Business Continuity impacts
- Consider and include in the business continuity plan any solutions, mitigations, outsourced service providers and priority suppliers
General Session 2: Managing Diversity in Organizational Resilience
RICHARD ONG, Head, Group Risk Management of Sime Darby Berhad, underlined how we must not consider Business Continuity practices as ‘one size fits all’.
He explained that Sime Darby existing BCM programme was inherited from before the merger and had not been reviewed since its initial implementation in 2012. This meant that the BIA and Recovery Strategy were practically invalid.
This was to underline that diverse demography, location, nature of business and CVB (Culture, Value and Beliefs) are challenges that impact recovery priorities. These need to be addressed through empowerment, localization, automation and collaboration. In order to have all parties speak the same BCM language, Sime Darby is developing an emphatic BCM-centric KPI index that is based on policy, framework and risk appetite.
General Session 3: Delivering a Business Continuity capability - Case Study
GUNA PALANIVELLO, Continuity Services Consultant at RHB Bank Berhad touched on their Service Delivery Excellence Program (SDEP) an exercise undertaken to improve IT Service Continuity Management in order to support the Business Operations of an organisation as part of Business Continuity Capabilities. Guna shared SDEP’s key success factors which are the systematic execution of :
- Deployment. and
General Session 4: Ready to Respond Lessons from Oil & Gas Company –A Mubadala Experience
NUTTAWUT KRITTAPHOL, HSSE & AIM Manager of Mubadala Petroleum Thailand (MPT) shared MPT’s BC Solution for Upstream Oil and Gas, which are:
- Replication (for Head Office - using BC Recovery Centre and BC Recovery Team)
- Diversification (for Warehousing - by using another Warehouse to support the offshore operation during the disruption events), and
- Standby (for Offshore Operation : Hybrid-Stand by (Temp out of service)/ Post incident acquisition (Permanent out of service)).
Nuttawut ended by sharing how Mubadala Petroleum Thailand has adopted BC management by following NCEMA and the GPG guideline at all business levels to enhance organisational resilience against foreseeable disruptive events. Experiencing real disruptive events in the past has provided MPT with a certain level of confidence in business continuity design.
General Session 5: Lessons Learned from the Port Operator – A Case in point from Johor Port
CAPT. SAADON A. SHUKOR, General Manager in Marine Services Department at Johor Port Berhad showcased a ship collision event between the cargo vessels APL Denver and Wan Hai 301 that shows how oil spill incidences aren’t exclusive to oil tankers. His presentation also impressed upon the delegates how BC crises and its committees needs to be a cross border responsibility, as the shipping lane involved is also one that is shared with neighbouring Singapore. Among the types of challenges faced during this incident were :
- Operational (midnight collision with poor visibility, inadequate booms to cover the spill, boom shape changes due to tide movement)
- Reputational (perception that it was the port management’s fault, all governments’ eyes focused on Johor Port Berhad)
- Compliance (delay in ship owner’s decision making, pressure by government official to act fast), and
- Financial (uncertainty of ability to claim full insurance amount, early claim exposure).
Captain Saadon shared the improvement areas that will be undertaken to be better prepared in future, including:
- Standby of adequate oil spill equipment to cater for the oil spill
- Pursue having a mutual agreement between oil spill contractor and port management in future crisis for consultation & resources support
- Avoiding claim to port by having contract agreement directly with the ship representative.
- Update the Port’s ERP database with the actual resources available
- Activate drills with CMT (Crisis Management Team) to be involved in the exercise, and
- Establish close rapport with the relevant authorities such as Marine Department and Department of Environment
General Session 6: The (REAL) power of Organizational Resilience is Tremendous! But how could your organisation get it?
HOLGER KUNZMANN, Director and Managing Fellow of FinGlaS Human Factors, Germany presented on the need to improve the success rate of change projects and the need for it to be more robust and flexible by changing how and what you do. He added instead of normally putting focus on things that went wrong, why not allocate focus on things that went right…a ‘SUCCESS’ investigation. It was impressed upon the delegates that we need to address the inability to identify all risks, and shift analysis from ‘work as imagined’ to ‘work as it is done’. Holger ended with his take and tips on what constitutes a good design, which are :
• Define system boundaries
• Identify core system properties
• Run a simulation (check system understanding)
• Locate your problem in the system
• Implement a small change initially
• Design principles: Watch out for delayed effects + unintended side-effects
• Don’t rush ; and
General Session 7: Airport Emergency Exercises – Preparing for The Unthinkable
MD AZMANI SYAH MUHAMMAD ALI, Manager Compliance & Process Improvement, Senai Airport Terminal Services Sdn Bhd shared a Disaster Recovery Planning scenario of a crash landing. It imparted a realisation that simulation and exercises are important to generate the sense of familiarity should the disaster event ever came to past. It also proves that even experts in their respective fields would require training as they would have to leverage their expertise with others in the field during emergencies. This is especially true to cut down on the use of jargon which may hinder communication and thus the effective recovery and business resumption. The post-mortem assessment and comments resulting from the disaster exercise would then be used for the betterment of future collaboration between all parties and effectiveness in the event of emergencies. The lessons learnt shared by Azmani on the Airport Emergency Exercise are as follows:
- Crowd control is KEY
- Always work with Nature (e.g. wind direction)
- Even experts require training
- If communication can break down, it WILL
- Always coordinate with the relevant agencies
- Take criticisms for improvement
General Session 8: Uncertainty is The New Certainty – EPF Real Success Story in BCM
CINDY TAN LER CHIN, Head of Risk Management Department of Employees Provident Fund (EPF) shared the fund’s experience in handling the fire at EPF’s Petaling Jaya office. Among the challenges they had to overcome was the fake news being spread that the fire would affect the contributors’ savings. Cindy stressed that EPF understood that it was a continuous challenge to anticipate BC events, which is why BCM was always a top priority at the fund, which translated into great teamwork when the fire incident happened i.e. uncertainty is the new normal. Cindy iterated that the EPF’s success in handling the fire incident was due to
• Good Business Continuity Plan
• Effective Crisis Management
• Minimal impact because of preparedness
• Full Support from management
• Frequency of disaster training
• Smooth Transition Factors –business resumed seamlessly
• People/Infrastructure/System readiness
General Session (Plenary Session) 9: How can we use critical communications planning to create BC champions across an organisation?
The panel made up of GLEN REDSTALL, HOLGER KUNZMANN, DR. DAVID KIRKHAM and DAVID WINDOW surmised that in addition to being able to deal with the stress, centralised communications were crucial in order to keep up with the events unfolding, and exercise adequate control over the fake news and rumours that are spread via social media. It also shows the importance in ensuring the consistency of message when faced with crises (and be able to ‘clarify’ certain statements when you say something wrong), to be prepared with pre-meditated responses, and ensure proper training for people to ‘face the cameras’.
General Session 10: Understanding the 21st Century Risks Facing Your Organisation and how it impacts your Organisational Resilience
KUNIYUKI TASHIRO, Senior Consultant, Minerva Veritas Co., Ltd. Tokyo Office touched on how 21st century risks are impacting organisational resilience. Relating the subject matter to two books, namely ‘The Black Swan’ and ‘The Grey Rhino’, he highlighted how future risks for trends are interconnected and to look out for those risks that have high impact even though their occurrence probability are low. The BCI Horizon Scan Report was quoted as a good trend reference indicator. The delegates were also briefed on potential future shocks such as quantum computing (which would make cryptography all but obsolete), advanced pervasive biometric surveillance, water, Artificial Intelligence that would soon recognize and respond to emotions, protectionist impulses and non-consequential human rights breaches.
General Session 11: Prevent incidents from becoming a full-scale business disruption and or crisis
DR. DAVID KIRKHAM, Executive Director, Calistro Consultant Ltd and London School of Fire Engineering Ltd. (UK) gave a very animated talk contending that crises are generally incubated events that result from the ‘concatenation’ of smaller events finally bursting through the seams. David stressed that the ultimate aim of crisis management is to secure the organisations’ future through the mitigation of pressure and emotion, which would not be easy as any decisions made would be quite uncomfortable due to inadequate knowledge and the need to back up your own judgement based on the limited information.
General Session 12: Building Organisational Resilience for 2020s and beyond
GLEN REDSTALL, talked about need to look backwards in order to move forward and establishing key organisation linkages as the better we know about the past, the better prepared for the future we will be. The benefit of a debrief should never be underestimated. Glen mentioned that better preparation is required such as knowing more about one’s organisation before using the tools for conducting Business Continuity, one of which is the Good Practice Guidelines 2018 together with the Business Impact Analysis and Risk/Threat Assessment. Thought should also be given about one’s actual needs from BC, and not just what they see in order to understand the effect of disruptions. BC practitioners should come in at the very beginning of any project and not the end-stage. It is also important that all business dependencies are crosschecked in order to ensure that information is captured correctly, and for risk assessment to be comprehensive to identify all events that can go awry.
The conference concluded with a gala dinner which encompassed the CBCI graduation and certificate presentation ceremony, and the BCI Asia Awards 2019.
Winners of the BCI Asia Awards and CBCI Graduates
The author with GRCCS staff members
About the author
Head, Business Continuity Management
An IT & operational internal auditor with experience in auditing automotive manufacturing/assembly/distribution,logistics,services,property,hospitality,education through past employment with DRB-HICOM BHD & NCB HOLDINGS BHD. Proficient in ACL CAATS use and certified in Business Continuity (MBCI) and is a Certified Information Systems Auditor (CISA)