The Best Practice Network

• Compliance
  • Compliance Regulations
    • Security Compliance
    • Federal Rules of Civil Procedures
    • Sox Compliance
    • Legal Compliance
    • Basel II Compliance
    • Pillars of Basel II
    • Basel II Challenges and Solution Frame Work
    • Operational Risk Management: Basel II Compliance
    • The Importance of Compliance with CAPA system
    • Best Practices for Increasing Information Security Compliance
    • Asset Management
    • Four Best Practices for Improving ER Results
    • IT Data Security: ISO 17799
    • Five Compliance Challenges for Insurers in 2012
    • Compliance Best Practices
  • Compliance Management
    • Compliance Officer
    • Basel II Governance and Risk Manager
    • Laying the Foundation
    • Enterprise Quality and Compliance
    • Compliance Management In 2011
    • Dealing with Corporate Governance Issues in Asia
    • SaaS Compliance Management
    • Compliance Management System: An Overview
    • Compliance with Payment Card Industry (PCI)
    • Managing Security with Compliance Management
    • How to Successfully Manage Suppliers and Ensure Safety and Compliance
    • Security Compliance Management
    • Commercial Business Realities and Government Compliance Requirements
    • Need for Government Regulation in Business
    • Four Best Practices for CIOs Ensuring Cloud Compliance
    • Looking at Five Compliances In 2012
    • Security Management
    • Best Practices in IT Security
    • Internet Security Best Practices
  • Financial Compliance
    • Bank Compliance
    • Advantages
    • Foreign Account Tax Compliance – FATCA
    • Sarbanes Oxley 404 Compliance Standards
    • Regulation CC
    • Financial Compliance Software
    • Implementation of Value Added Tax (VAT)
    • How to Balance a Budget
  • Corporate Compliance
    • Corporate Governance
    • Corporate Governance Guidelines
    • Board Member Duties
    • Email Archiving
    • Directors Compliance
    • IT Compliance
    • Board Members Remuneration
    • Procurement Compliance
    • Requirements for Corporate Compliance
    • Establishing an Effective Corporate Compliance Program
    • Federal Government Requirements for Marketing
    • The Vital Impact of Employment Law
    • Acquisitions and Mergers – Changing Without Damage
    • Best Practices in Procurement Compliance
    • Laws and Regulations for Human Resources
    • Top 10 Best Practices For HR
    • Internationalization Best Practices: Simship
    • Recovery Planning to Stay in Business
    • Recommended Best Practices in HR Department
    • Basics of Corporate Governance
    • Golden Principles of Effective Corporate Governance
    • Best Practices for Investments in Africa
    • Compliance Reporting
  • Healthcare Compliance
    • Health Care Compliance Association
    • HHS OIG Compliance Program
    • Fraud Risk
    • Fraud Investigation
    • Hazards Associated with Technology
    • Purpose of Guidance for Healthcare Compliance
    • Coding Component Is an Important Feature of Compliance Plan
    • The Healthcare Laws Coming Up Soon
    • Mitigating Risk of Employees’ Illness
    • Benefits of Healthcare Programs in the Workplace
  • Government Compliance
    • Best Practices in Budget Management for Governments
    • State Regulation on Budget Deficit
    • Golden Rules: Making Balanced Budgets a Constitutional Obligation
    • Government Information Compliance
    • The Positive Consequences of Best Practices in Budget Balancing
    • What Happens When Best Practices in Budget Balancing Are Not Respected
    • Essential Governance Best Practices
    • IT Governance Best Practices
    • Budget Development and Management within Departments
  • Government Budgets
    • 2010 Best Country budgets
    • 2010 Worst Country Budget
  • State Budgets
    • 2011 Best State Budgets
    • 2011 Worst State Budgets
• Risk Management
  • Risk Management Standards
    • ISO 31000:2009 Risk Management – Principles and Guidelines
    • ISO/IEC 27000
    • COSO ERM 2004
    • The OSHA Inspection
    • ISO 31000 Risk Management
    • Risk Management Standards For Best Practices
    • Risk Management Standards (RMS)
  • Project Risk Management
    • Important Tips
    • Risks vs. Issues
    • Project Management: Risk Vs Issue
    • Risk versus Issue Management
    • Risk Vs Issue
  • Fundamentals of Risk Management
    • Steps Required for Risk Management
    • Financial Risks Faced by Banks
    • Summary
    • Risk Management Techniques
    • Operational Risk Management
    • Best Practices for Risk Management
    • Risk Management Action Plan
    • 5 Steps to Risk Management
    • Introduction to Risk Management
    • Types of Risk Management in Today’s Industrial Sphere
    • Risk Decision
  • Financial Risk Management
    • The Basics
    • GARP FRM Certificate
    • SOX 404 TDRA
    • ORM for Banks and Financial Institutions
    • Policies for Financial Risk Management
    • Credit Risk Management Overview
    • Credit Rating and Risk Management
    • The Important Role of Financial Risk Management
    • Best Practice In Public Debt Management
    • Sovereign Debt Risk Management
    • Calculating Gear Ratio or Debt/ Capital Ratio
    • Monitoring Credit Risks
    • Scrutinizing Country Credit Risk
    • Types
      • Business Risks
      • Audit Risks
      • Financial Investment
  • Risk Assessment
    • The Basics of Risk Assessment
    • COSO IC – Integrated Framework
    • Risk Management Strategies for Financial Institutions Using Social Media
    • Security Audit Assessment
    • Calculating Risk Assessment Values
    • Evaluating Risk in Your Business
    • Risk Assessment
    • Goals and Techniques of Risk Management
    • BS 25999
  • Risk Control
    • Performance Improvement
    • Overview
    • Perspectives on Risk Control Models for Best Practices
    • Risk Control For Best Practices
    • Best Practice In Credit Risk Control
    • The Historic Role of Credit Risk
• Regulation
  • Bank Regulations
    • Basel III Certification
    • Basics
      • Principles
      • Requirements
      • Tips
      • Objectives
    • Mobile Banking Security Regulations
    • Bank Account Entry with Best Practices
    • New Compliance Regulations for US Banks
    • New Compliance Regulations for European Banks
    • Basel II
    • Basel III
    • The Banking Conduct Regime
  • Financial Regulations
    • General Objectives
    • Fundraising
    • Business Regulations
    • Detecting Vulnerabilities in Regulations with Best Practices
    • The Latest on Developments in Best Practice Regulations
    • Preparing a Regulation Impact Statement (RIS) for Best Practices
    • Financial Reforms of 2011
    • Regulations Update for Best Practices in 2012
    • Usury Regulations in the US
    • AIFMD
    • Solvency II
    • Sarbanes-Oxley Act
  • Health and Safety Regulations
    • Health and Safety at Work etc. Act 1974
    • Occupational Safety and Health Act
    • Responsibilities of Employers
    • 10 best practices in Value Analysis for Healthcare
    • Health and Safety Commission (HSC) Regulations
    • ADA (Americans with Disabilities Act) for Best Practices
    • Challenges of Medical Device Regulations and 21 CFR Part II
    • 4 Best Practices for Healthcare Marketers Using YouTube
    • New Healthcare Regulations: 2012
    • Impact of Regulation Best Practices on Social Media Healthcare
    • Government Regulations on Pharma – Social Media
    • Healthcare Regulations on Pharmaceutical Sales
• Reporting
  • The Accounting Process
    • The Accounting Cycle
    • 10 Important Accounting Terms
    • Managing Cash Flow
    • Top Trends for Small Accounting Firms
    • The Payback Accounting Formula
    • Ten Crucial Accounting Principles
    • Audit
      • An Introduction to Internal Auditing
  • Valuation Best Practices
    • What is the fair price of a private company?
    • Best Practices for Customer Relationship Management
    • Five Key Best Practices to Improve Your Customers’ Experience
    • Best Practice for a Good E-Reputation
    • Best Practices in CRM via Social Networks
    • Best Practices in Content Management for Social Networks
    • Best Practices in Brand Management on Social Networks
    • Why Businesses Choose LinkedIn
    • 5 Simple Steps to Determine ROI via Social Media
    • Five Best Practices for Businesses on Social Media
    • How to Gauge Your Social Marketing Strategy
    • Best Practices to Increase Speed and Performance of Your Business Website
    • Best Practices in Public Affairs
    • SEO Best Practices
  • Performance Monitoring
    • Performance calculations – Three levels of IRR
    • Cost Control
    • Crowd Sourcing Is a Best Practice
    • A Guide with Best Practices for Indirect Costing
    • Highly Effective Balance Sheet Reconciliation
    • A Guide for Indirect Costing
    • Best Practice in Monitoring Public Expenses
    • Best Practices for Public Tenders
  • Audit Committee Best Practices
    • Audit Committees Fiduciary Duties
    • Audit Committee Exposure to Liability
    • Audit Committee Members Qualifications
    • Principal Functions of the Audit Committee
    • Quarterly Review and Discussion of Financial Statements and Disclosures
    • External Audit Monitoring Best Practice
    • Quarterly Review of Accounting Policy
    • Risk of Fraudulent Reporting
    • Conduct and Timing of Meetings
    • Monitor the Company's Internal Audit Function
    • Quarterly Review of the Adequacy of Internal Controls
    • Assess the Audit Committee's Role
    • Policies Regarding Notifications to Audit Committee
    • Best Practices – Monitoring Accounting
    • Audit Committee Charter and Proxy Statement Disclosures
    • Advantages of Lean
    • Best Practices in the Lending and Loan Administration
  • Types of Accounting
    • Cost Accounting
    • Forensic Accounting
    • The U.S. Department of Labor’s Four Types of Accounting
  • Best Practices in Accounting
    • Generally Accepted Accounting Principles – GAAP
    • International Financial Reporting Standards – IFRS
    • Best Practices in Target Costing
    • Financial Reporting for Best Practices in Accounting
    • Accounting Hosting: A New Accounting Trend
    • Importance of Financial Statements for Best Practice
    • Best Practices for Accounts Payable
    • Best Practice in Credit Rating
    • An Important Accounting Term: “Accounting Cycle”
    • Best Practices in Revenue Recognition
    • Analysis of Net Present Value
    • Best Practices for Small Businesses with Online Accounting
    • Three Crucial Accounting Terms
    • Accounting Regulation in Emerging Capital Markets
    • Starting an Accounts Department with Best Practices
    • Best Practices for Hedge Accounting
• Best Practice Software
  • Compliance Software
    • Regulatory Compliance Software
    • Tax Compliance Software
    • Email Archiving
    • Regulations and Licensing
    • List of Best Compliance Software Applications
    • Financial Compliance Software
    • Software Compliance: Computing and Auditing
    • Policy Management Software Is Your Need
    • Quality Compliance Software for Business Challenges
    • SIIA Software Metering
    • Best Practices for Software Testing
    • Return of CRM Software
    • HR Software to Ensure Regulation Compliance
    • Best Practices for SOA Governance Software
  • Regulation Software
    • Medical Pedigree Software
    • Data Entry
    • Protecting Private and Sensitive Data with Software Regulations
  • Accounting Software
    • For NPOs
    • Key Features
    • For Businesses
    • Categories
    • Right Accounting Software Applications
    • Best Practices
  • Healthcare Software
    • Recommended Software for Healthcare on Social Media
  • Risk Management Software
    • Benefits
    • For Banks
    • How-to-Choose Guide

BS 25999 – The Standard for Business Continuity Planning and Risk Assessment

Tweet

The British Standards Institution (BSI), which is a non-profit organization that produces standards in the U.K., had brought forth the BS 25999 in 2003 to replace the Publicly Available Specification (PAS) 56. Though both standards are used in Business Continuity Management, the main purpose of creating them is risk assessment.

The Purpose of BS 25999

Basically, the BS 25999 was developed to help organizations counter the following problems which reduce its efficiency:

• Service disruptions
• Delays in tending to clients’ requests and queries
• Processing transaction in an untimely manner
• Inability to jump back and resume work after a risk or disaster that had affected the organization’s processes

With the help of the BS 25999, even natural disasters and terrorist attacks won’t be able to affect the business operations of the organization implementing this best practice.

The Contents of the BS 25999

The BS 25999 is divided into two parts, each of which has its own contents. The first part is the BS 25999 – 1. This is a Code of Practice for Business Continuity Management. Within it, the following sections have been specified:

Section 1: Scope and Applicability – This part describes the general framework of the standard. Organizations will need to tailor this based on their needs.

Section 2: Terms and Definitions – This section defines the terms used throughout the standard.

Section 3: Overview of Business Continuity Management – This section describes the processes of the standard and how it is related to risk management.

Section 4: The Business Continuity Management Policy – This part focuses on highlighting the need of having and implementing a clear policy.

Section 5: BCM Program Management – This part defines the approach to be used while handling the BCM process.

Section 6: Understanding the Organization – This section emphasizes on the need to understand the organization’s processes, resources, threats and risks to apply the right business continuity strategy.

Section 7: Determining BCM Strategies – This sector follows understanding the organization, and defines the right business continuity strategies.

Section 8: Developing and implementing a BCM response – This section defines the tactics needed to deliver business continuity, such as incident management structures.

Section 9: Exercising, maintenance, audit, and self-assessment of the BCM culture – This section defines a way to test the effectiveness of BCM, and ensure that it continues to meet a company’s aims.

Section 10: Embedding BCM into the organization culture – This sector explains how BCM should be implemented in every aspect of the company’s management.

As for BS 25999-2, this is a Specification for a Management Scheme. Launched in 2007, the following sections are included in this practice:

Section 1: Scope – This part defines the scope of BS 25999, and the requirements of a business continuity management system (BCMS).

Section 2: Terms and definitions – This part defines the terms used in the standard.

Section 3: Planning the business continuity management system – From this point onwards, the standard Plan-Do-Check-Act model is followed. This section plans the BCMS, how to initiate it, and how to add it to the organization.

Section 4: Implementing and operating the BCMS – This section continues by providing ways of implementing the contents of the previous section.

Section 5: Monitoring and reviewing the BCMS – This sector highlights the need to monitor the BCMS and perform audits and management reviews.

Section 6: Maintaining and improving the BCMS – This part shines the light on the need to make sure that the BCMS is maintained and improved regularly.

Risk Assessment

Tweet

Risk assessment is a process that evaluates the negative impact of associated risk. There is risk involved in every form of business, whether it is health related or financial business. Therefore, managers must implement certain best practices to assist them in controlling negative consequences of risks.

Definition of Risk Assessment

It is defined as an important process in business management, aimed at protecting the business and people related to it. Risk assessment is an important aspect of risk management.

Business managers and investors use risk assessment to measure the profit that will result from a particular investment. This helps in controlling financial losses to the business. In order to succeed with this, managers have to ensure compliance best practices with laws governing the business.

Importance of Risk Assessment

Risk assessment helps with implementing controls to ensure risk management. Once managers assess risk, they can foresee the negative impact of risk on assets and people related to the business. This allows them to implement necessary strategies (best practices) to mitigate and control risk.

Examples of Risk Assessment

When a lender receives a request from a creditor, there are certain protocols (best practices) that must be followed. The lender must make sure that the money lent returns on time. This means that the credit history of the person in question has to be assessed. This will tell the lender whether the applicant will return the money or not. Based on the assessment, the lender will then decide on how much interest to charge to ensure risk management. If the lender doesn’t think the creditor will pay off on time, he/she might as well decide not to give the loan at all.

Another example is risk assessment in a health care facility. Medical practitioners have to assess the risk associated with diseases. There are some diseases that are contagious and transmittable via aerosols. This means that people around the sufferer are at risk. To control this risk doctors must have a setup where people are safe and the spread of disease is controlled. This means medical practitioners have implement measures (best practices) to protect their employees and customers. This is compliance with risk management.

In simple terms, risk assessment means evaluating the extent of damage or threat imposed by failure to impose controls. Hazards must be identified to be able to decide on what measures will be appropriate.

How to Assess Risk?

Regardless of what form of business institution it is, there are five standard strategies that managers must use. These are:

1. Identify hazards/risks
2. Conclude where the impact of the hazard will be (e.g. employees, customers, assets)
3. Evaluate the impact of the risk and precautions or backups needed
4. Document the conclusion and implement control measures
5. Review the assessment based on the outcome and document updates if necessary

There are best practices to think about when risk assessment is being conducted. First of all, define the threat or hazard. This can be ANYTHING that harms the business, employees and customers. Secondly, understand that risk can never be eliminated, but mitigated and controlled.

In this section we will discuss:

• BS 25999
• The Basics of Risk Assessment
• Goals and Techniques of Risk Management
• COSO IC – Integrated Framework
• Risk Management Strategies for Financial Institutions Using Social Media
• Security Audit Assessment
• Calculating Risk Assessment Values
• Evaluating Risk in Your Business
• Risk Assessment