Background[ edit ] In andstudents across the University of California occupied campus buildings in protest against budget cuts, tuition hikes, and staff cutbacks that had resulted from the Great Recession of According to Dissent Magazine"It was in the context of the California student movement that the slogan 'Occupy Everything, Demand Nothing' first emerged. He wrote enthusiastically for Adbusters about the "revolutionary potential of [the students] struggle.
Risk Assessment Action Summary The risk assessment is the second step in the business continuity planning process. Evaluating the BIA assumptions using various threat scenarios; Analyzing threats based upon the impact to the institution, its customers, and the financial market it serves; Prioritizing potential business disruptions based upon their severity, which is determined by their impact on operations and the probability of occurrence; and Performing a "gap analysis" that compares the existing BCP to the policies and procedures that should be implemented based on prioritized disruptions identified and their resulting impact on the institution.
The risk assessment step is critical and has significant bearing on whether business continuity planning efforts will be successful.
During the risk assessment step, business processes and the BIA assumptions are evaluated using various threat scenarios. Refer to Appendix F: This will result in a range of outcomes that may require changes to the BCP.
Threats can take many forms, including malicious activity, natural and technical disasters, and pandemic incidents. Refer to Appendix C: For example, the effects of certain threat scenarios can include business disruptions that affect only specific personnel, work areas, systems, facilities i.
Additionally, the magnitude of the business disruption should consider a wide variety of threat scenarios based upon practical experiences and potential circumstances and events.
If the threat scenarios are not comprehensive, the resulting BCP may be too basic and omit reasonable steps that are needed for a timely recovery after a disruption. Threat scenarios should consider the severity of the disaster, which is based upon the impact and the probability of business disruptions resulting from identified threats.
Threats may range from those with a high probability of occurrence and low impact to the institution, such as brief power interruptions, to those with a low probability of occurrence and high impact to the institution, such as hurricanes or terrorist attacks.
The most difficult threats to address are those that have a high impact on the institution but a low probability of occurrence.
However, through the use of non-specific, all-risk planning, the BCP may be more flexible and adaptable to all types of disruptions. When assessing the probability of a disruption, financial institutions and technology service providers should consider the geographic location of all facilities, their susceptibility to threats e.
Worst-case scenarios, such as destruction of the facilities and loss of life, should be considered. As part of this process, external factors should also be closely monitored to determine the probability of occurrence.
External factors can be monitored through constant communication with community and government officials and regulatory authorities.
For example, institutions should monitor alerts issued by such organizations as the Department of Homeland Security and the World Health Organization, which provide information regarding terrorist activity and environmental risks, respectively.
After analyzing the impact, probability, and the resulting severity of identified threats, the institution can prioritize business processes and estimate how they could be disrupted under various threat scenarios.
The resulting probability of occurrence may be based on a rating system of high, medium, and low. At this point in the business continuity planning process, the financial institution should perform a "gap analysis.
The difference between the two highlights additional risk exposure that management should address when developing the BCP.Overview.
The Office of the Comptroller of the Currency (OCC) recently issued a Notice of Proposed Rulemaking to establish formal guidelines incorporating thirteen standards for a bank’s risk governance framework, and six standards for a bank’s board of directors (Guidelines).
Small Business Fact Sheet.
The Federal Acquisition Regulation Part 19 governs the Small Business Program. In Congress passed the Small Business Act which created the Small Business Administration (SBA) which is charged with overseeing the small business program.