När hemmet blir viktigare än någonsin : En fallstudie om IKEA:s risk- och krishantering under pandemin / When the home becomes more important than ever

Gustavsson, Ellen, Spetz, Oskar

January 2021

Bakgrund: Med anledning av att externa risker är oundvikligt för företag krävs det en beredskap för mitigera och mildra dess effekter. Likväl om en risk realiseras leder det till en kris som också måste besvaras av organisationen. Detta innebär att företag måste ha utvecklade styrverktyg för att hantera detta. Ett sätt är med hjälp av risk och krishantering likväl Business Continuity Management BCM.  Syfte: Syftet med studien är att få djupare förståelse för hur IKEA som organisation arbetar med risk och krishantering utifrån faserna före, under och efter krisen samt hur organisationen har agerat och anpassat sig under pandemin specifikt på den svenska marknaden. Studien avser även att analysera om IKEA:s tillvägagångssätt efterliknar BCM-strategier genom att jämföra teori med praktik. Metod: Genom att bruka en kvalitativ forskningsmetod har materialinsamlingen till empirin möjliggjorts via semistrukturerade intervjuer. En abduktiv forskningsansats har nyttjats likväl en fallstudie som forskningsdesign som möjliggjort att få djupare förståelse över IKEA:s risk- och krishantering. Slutsats: Studien visar på att IKEA har en välutvecklad risk- och krishantering inom organisationen utifrån krisens tre faser. Vidare kan det konstateras att IKEA inte har tillämpat BCM enhetligt inom organisationen. Däremot dras slutsatser om att organisationen mer under pandemin har tillämpat strategier som går i linje med BCM. Ytterligare kan slutsatser dras om vilka åtgärder för att anpassa varuhusen mot verksamhetsstörningar, där social distansering och utökad e-handel har varit väsentliga åtgärder. / Background: Due to the fact that external risks are inevitable for companies, a readiness is required to mitigate its effects. Nevertheless, if a risk is realized, it leads to a crisis which must be answered by the organization. This means companies must develop control tools to handle the effect. One way is with the help of risk and crisis management, also, Business Continuity Management. Purpose: The purpose of the study is to gain a deeper understanding of how IKEA as an organization works with risk and crisis management based on the phases before, during and after the crisis and how the organization has acted and adapted during the pandemic specifically in the Swedish market. The study also intends to analyze whether IKEA's approach mimics BCM strategies by comparing theory with practice. Method: By using a qualitative research method, the collection of material for the empirical data has been made possible via semi-structured interviews. An abductive research approach has been used as well as a case study as research design which made it possible to gain a deeper understanding of IKEA's risk and crisis management. Conclusion: The study shows that IKEA has a well-developed risk and crisis management within the organization based on the crisis three phases. Furthermore, it can be stated that IKEA has not applied BCM uniformly within the organization. On the other hand, conclusions are drawn the organization has during the pandemic applied strategies which are in line with BCM. Furthermore, conclusions can be drawn about which measures to adapt the department stores to operational disruptions, where social distancing and increased e-commerce have been significant measures.

Risk

Risk Management

Crisis

Crisis Management

Business Continuity Management

Business Continuity Planning

Risk

Riskhantering

Kris

Krishantering

Business Continuity Management

Business Continuity Planning

Business Administration

Företagsekonomi

Business continuity management for an agribusiness company: a case study from west Africa

Mouphtaou, Tene

January 1900

Master of Agribusiness / Department of Agricultural Economics / Vincent Amanor-Boadu / The overall objective of this research is to develop a business continuity plan for a relatively large livestock company located in Francophone West Africa. This is very important in an environment when both internal and external risks can lead to significant disruptions in the business processes. The research, thus, focuses on developing a process that can be applied to establish a business continuity management process in this firm and provides the framework for implementing such a plan successfully. The livestock company, let us call it Livestock Co. to protect its identity, wants to define strategies for recovery, resumption of business and other key activities under the potential scenarios. Its managers desire to formulate crisis response strategies that would be implemented quickly when these disasters hit. The thesis envisages the potential conditions that may trigger these crises and develops the management systems to mitigate them, returning the business to it activities as quickly as possible. Some of the natural disasters that may be considered are fire, accidents and political upheavals. Some technical disasters that may be imagined may be related to infrastructure, labor crisis, and grain dust explosions. Unlike natural disasters, which often are uncertain, technical disasters can be predicted based on careful assessment of the environment or the assets. The research evaluates the process for developing a business continuity management plan and offers an implementation process to ensure its smooth execution.

Business continuity management

Emergency response

Risk

Crisis management

Economics (0501)

Economics, Agricultural (0503)

Management (0454)

Gestão de Continuidade de Negócios : o caso de uma empresa de telecomunicações

Souza, Diego Müller Cardeal de

January 2010

Em um movimento iniciado principalmente nos Estados Unidos na década de 90, a governança corporativa surgiu para superar o chamado conflito de agência, decorrente da separação entre a propriedade e a gestão empresarial, criando um conjunto de instrumentos para assegurar que as decisões dos executivos estejam sempre alinhadas com os interesses dos acionistas. Dentre esses mecanismos, destaca-se com grande relevância o gerenciamento de riscos corporativos, que possibilita aos administradores tratar com eficácia as incertezas, bem como as oportunidades a elas associadas, a fim de melhorar a capacidade de agregar valor às organizações. Os esforços de prevenção e tratamento de riscos operacionais geraram boa experiência no gerenciamento de interrupções de atividades essencias das organizações, constituindo a disciplina atualmente denominada como Gestão da Continuidade de Negócios (GCN). No desenvolvimento e promoção de boas práticas de GCN, destacam-se as normas da série 25999, partes 1 e 2, do BSI (British Standards Institution) que tratam, respectivamente, sobre um modelo de ciclo de vida de GCN e de um Sistema de Gestão de Continuidade de Negócios (SGCN). Partindo-se de uma revisão bibliográfica sobre governança corporativa, gestão de riscos, gestão de continuidade de negócios e sistemas de gestão, além da análise do contexto de GCN em uma empresa de telecomunicações, foi desenvolvida uma proposta de estrutura de apoio à implantação de um sistema de gestão de continuidade de negócios aplicada àquela organização e concluiu-se que essa implantação é facilitada devido ao fato de ser concebida a partir do PDCA – Plan, Do, Check, Act, modelo mundialmente conhecido e aplicável a outros sistemas de gestão. Concluiu-se também que o SGCN, além de estabelecido, precisa ser implementado, mantido e melhorado continuamente e, para isso, o patrocínio e o comprometimento da alta direção é muito importante. / In a movement initiated primarily in the United States in the 90s, corporate governance has emerged to overcome the agency conflict resulting from the separation of ownership and management business, creating a powerful set of mechanisms in order to ensure that the behavior of executives is always aligned with the interests of stakeholders. Among these mechanisms, stands out with high importance the business risk management, enabling administrators to deal effectively with the uncertainties and opportunities associated with them in order to improve the ability to provide value to organizations. Efforts to prevent and reduce operational risks introduced good experience in management of interruptions to the critical operations of organizations developing the discipline called Business Continuity Management (BCM). In the development and promotion of best practices GCN, there are the standard series 25999, parts 1 and 2 of the BSI (British Standards Institution) dealing, respectively on a BCM model life cycle and a Business Continuity Management System (SGCN). Starting from a literature review on corporate governance, risk management, business continuity management and management systems, and form the context of GCN in a telecommunications company, has developed a proposed structure to support the implementation of a business continuity management system applied to that organization and found that this deployment is further facilitated by the fact that it is designed from the PDCA – Plan, Do, Check, Act and world-renowned model applicable to other management systems. However, it was felt that the SGCN, and deployed, must be established, improved and maintened continuously and, therefore, sponsorship and commitment from top management is very important.

Governança corporativa

Gestão de riscos

Business continuity management

Management system

Risk management

Corporate governance

Optimalizace BCP ve vztahu k systému krizového řízení ČR / Optimalization of BCP in accordance with a system of crisis management in CR

Peštová, Aneta

January 2011

Companies are during their operation impacted many risks from inside or outside. Business Continuity Management is a managerial discipline that deals with providing resistance against operation company risks and was developed due to the increasing requirement to save against unforseen incidents. The goal of this thesis is to optimize the Business Continuity Plan of particular company in accordance with a system of crisis management in Czech Republic.

Gestão de Continuidade de Negócios : o caso de uma empresa de telecomunicações

Souza, Diego Müller Cardeal de

January 2010

Em um movimento iniciado principalmente nos Estados Unidos na década de 90, a governança corporativa surgiu para superar o chamado conflito de agência, decorrente da separação entre a propriedade e a gestão empresarial, criando um conjunto de instrumentos para assegurar que as decisões dos executivos estejam sempre alinhadas com os interesses dos acionistas. Dentre esses mecanismos, destaca-se com grande relevância o gerenciamento de riscos corporativos, que possibilita aos administradores tratar com eficácia as incertezas, bem como as oportunidades a elas associadas, a fim de melhorar a capacidade de agregar valor às organizações. Os esforços de prevenção e tratamento de riscos operacionais geraram boa experiência no gerenciamento de interrupções de atividades essencias das organizações, constituindo a disciplina atualmente denominada como Gestão da Continuidade de Negócios (GCN). No desenvolvimento e promoção de boas práticas de GCN, destacam-se as normas da série 25999, partes 1 e 2, do BSI (British Standards Institution) que tratam, respectivamente, sobre um modelo de ciclo de vida de GCN e de um Sistema de Gestão de Continuidade de Negócios (SGCN). Partindo-se de uma revisão bibliográfica sobre governança corporativa, gestão de riscos, gestão de continuidade de negócios e sistemas de gestão, além da análise do contexto de GCN em uma empresa de telecomunicações, foi desenvolvida uma proposta de estrutura de apoio à implantação de um sistema de gestão de continuidade de negócios aplicada àquela organização e concluiu-se que essa implantação é facilitada devido ao fato de ser concebida a partir do PDCA – Plan, Do, Check, Act, modelo mundialmente conhecido e aplicável a outros sistemas de gestão. Concluiu-se também que o SGCN, além de estabelecido, precisa ser implementado, mantido e melhorado continuamente e, para isso, o patrocínio e o comprometimento da alta direção é muito importante. / In a movement initiated primarily in the United States in the 90s, corporate governance has emerged to overcome the agency conflict resulting from the separation of ownership and management business, creating a powerful set of mechanisms in order to ensure that the behavior of executives is always aligned with the interests of stakeholders. Among these mechanisms, stands out with high importance the business risk management, enabling administrators to deal effectively with the uncertainties and opportunities associated with them in order to improve the ability to provide value to organizations. Efforts to prevent and reduce operational risks introduced good experience in management of interruptions to the critical operations of organizations developing the discipline called Business Continuity Management (BCM). In the development and promotion of best practices GCN, there are the standard series 25999, parts 1 and 2 of the BSI (British Standards Institution) dealing, respectively on a BCM model life cycle and a Business Continuity Management System (SGCN). Starting from a literature review on corporate governance, risk management, business continuity management and management systems, and form the context of GCN in a telecommunications company, has developed a proposed structure to support the implementation of a business continuity management system applied to that organization and found that this deployment is further facilitated by the fact that it is designed from the PDCA – Plan, Do, Check, Act and world-renowned model applicable to other management systems. However, it was felt that the SGCN, and deployed, must be established, improved and maintened continuously and, therefore, sponsorship and commitment from top management is very important.

Governança corporativa

Gestão de riscos

Business continuity management

Management system

Risk management

Corporate governance

Gestão de Continuidade de Negócios : o caso de uma empresa de telecomunicações

Souza, Diego Müller Cardeal de

January 2010

Em um movimento iniciado principalmente nos Estados Unidos na década de 90, a governança corporativa surgiu para superar o chamado conflito de agência, decorrente da separação entre a propriedade e a gestão empresarial, criando um conjunto de instrumentos para assegurar que as decisões dos executivos estejam sempre alinhadas com os interesses dos acionistas. Dentre esses mecanismos, destaca-se com grande relevância o gerenciamento de riscos corporativos, que possibilita aos administradores tratar com eficácia as incertezas, bem como as oportunidades a elas associadas, a fim de melhorar a capacidade de agregar valor às organizações. Os esforços de prevenção e tratamento de riscos operacionais geraram boa experiência no gerenciamento de interrupções de atividades essencias das organizações, constituindo a disciplina atualmente denominada como Gestão da Continuidade de Negócios (GCN). No desenvolvimento e promoção de boas práticas de GCN, destacam-se as normas da série 25999, partes 1 e 2, do BSI (British Standards Institution) que tratam, respectivamente, sobre um modelo de ciclo de vida de GCN e de um Sistema de Gestão de Continuidade de Negócios (SGCN). Partindo-se de uma revisão bibliográfica sobre governança corporativa, gestão de riscos, gestão de continuidade de negócios e sistemas de gestão, além da análise do contexto de GCN em uma empresa de telecomunicações, foi desenvolvida uma proposta de estrutura de apoio à implantação de um sistema de gestão de continuidade de negócios aplicada àquela organização e concluiu-se que essa implantação é facilitada devido ao fato de ser concebida a partir do PDCA – Plan, Do, Check, Act, modelo mundialmente conhecido e aplicável a outros sistemas de gestão. Concluiu-se também que o SGCN, além de estabelecido, precisa ser implementado, mantido e melhorado continuamente e, para isso, o patrocínio e o comprometimento da alta direção é muito importante. / In a movement initiated primarily in the United States in the 90s, corporate governance has emerged to overcome the agency conflict resulting from the separation of ownership and management business, creating a powerful set of mechanisms in order to ensure that the behavior of executives is always aligned with the interests of stakeholders. Among these mechanisms, stands out with high importance the business risk management, enabling administrators to deal effectively with the uncertainties and opportunities associated with them in order to improve the ability to provide value to organizations. Efforts to prevent and reduce operational risks introduced good experience in management of interruptions to the critical operations of organizations developing the discipline called Business Continuity Management (BCM). In the development and promotion of best practices GCN, there are the standard series 25999, parts 1 and 2 of the BSI (British Standards Institution) dealing, respectively on a BCM model life cycle and a Business Continuity Management System (SGCN). Starting from a literature review on corporate governance, risk management, business continuity management and management systems, and form the context of GCN in a telecommunications company, has developed a proposed structure to support the implementation of a business continuity management system applied to that organization and found that this deployment is further facilitated by the fact that it is designed from the PDCA – Plan, Do, Check, Act and world-renowned model applicable to other management systems. However, it was felt that the SGCN, and deployed, must be established, improved and maintened continuously and, therefore, sponsorship and commitment from top management is very important.

Governança corporativa

Gestão de riscos

Business continuity management

Management system

Risk management

Corporate governance

A lens towards reality : A comparison between theory and reality regarding employees IT-risk awareness at B2B-companies

Hörndahl, Magda, Dervisevic, Sebila

January 2015

The development of IT-resources today has reached a level towards making companies,especially B2B-companies, depend on the use of IT-resources to a certain level.This contributes to a large scope of important data being used on a daily basis, as a result thisdata becomes an important factor that can help a company succeed or lead them the otherway. The use of IT-risk planning becomes a great factor that can help direct the company inthe correct route. Nevertheless, the amount of time that is put on IT-risk planning today isquite high due to the development of IT-resources. Still there are some human factors thatcontinually get forgotten about that could help make this IT-risk planning even morerighteous. Underlying reasons to why every company within B2B slows down their processeswhen handling a crisis varies pretty often and there is really no consensus to which the mainreasons are. For this cause we’ve had the intent to study the most important factor withinevery business, the human factor e.g. the employees of the business. Thus this study treats thesubject of B2B-employees information security awareness. This work intends to research ifB2B-companies follow information security frameworks that have been developed in thesubject of information security awareness. The aim is to summarize existing theory and createan understanding of different key elements that are needed for an operative business and see ifthese key elements can be recognized within B2B-companies. To be able to investigate thisarea an empirical study has been created and conducted with six different B2B-companies.The primary data consists of semi-structured interviews with employees within both Swedishand European B2B-companies. The collected theory comes from published materials andprevious studies done about IT-risks and employees awareness. Comparison between theoryand empiricism will give answers about B2B-employees information security awareness andwhat can be improved. As result of the research findings it was concluded that there are somekey elements developed about how to improve IT-risk awareness. It has also been empiricallyproven that B2B-employees have lack of knowledge about how to handle IT-risks andmajority of the key elements in information security framework have not been adapted in theinterviewed B2B-companies.

Business continuity management

IT-awareness

information security

B2Bemployees

Computer and Information Sciences

Data- och informationsvetenskap

An investigation into business continuity plan (BCP) failure during a disaster event

Sambo, Mogamat Fadeel

January 2014

Magister Commercii (Information Management) - MCom(IM) / This thesis examines what a Business Continuity Plan (BCP) should comprise off, as well as the difference between a BCP and a Disaster Recovery Plan (DRP) and the key elements of an effective BCP as well as the different types of disasters. It also investigates why companies that have BCP in place and conducts testing of their plan on a regular basis, either quarterly or bi-annually, still experience prolonged downtime during a disaster resulting in Service Level Agreements (SLA) not being met or major financial loses. It also inspects acceptable processes within a BCP to determine whether there are ways of improving these processes to prevent companies from experiencing prolonged downtime. The objective of this research is to determine and understand: • Why organisations within the Western Cape experience prolonged downtimes during a disaster event • The potential deficiencies in a BCP and how they can be amended.

Business continuity plan

Business continuity management

Enterprise risk management

Disaster risk management

Analýza stavu Disaster Recovery Managementu v konkrétní firmě, rozbor incidentů a návrh opatření / Analysis of the state of Disaster Recovery Management in a particular company, analysis of incidents and suggestion of measures

Novák, Martin

January 2017

This thesis focuses on the topics of Business Continuity Management and Disaster Recov-ery Management in the context of small and medium sized businesses which offer or use IT services in the cloud. The aim of this thesis is to carry out a theoretical research of BCM and DRM in the aforementioned context and to analyze situation in a specific company based on the results of the research. This includes analysis of specific incidents that hap-pened in the company, analysis of how the company reacts to the incidents and how are the incidents logged and reported. The analysis identifies weak spots in the company and their potentials of improvement. The most serious weak spot discovered is that BCM and DRM are not implemented in the company. In the last part this thesis suggests measures to im-prove the situation in the specific company. That includes both specifying general goals and procedures and also defining specific policies, plans and reaction schemes. Specifically those are politics handling the incidents categorization, warning and communication, inci-dent reporting and performing maintenance.

Towards a framework for business continuity management : an IT governance perspective

Wessels, Eugene

06 April 2007

The concept of business continuity management has gained wide acceptance in recent years. Recent natural disasters such as the 2004 tsunami and terrorist activities such as the 911 World Trade Centre bombing, has emphasised the importance of business continuity management. Many of these events had catastrophic consequences, which left most executives faced with the challenge of improving the continuity of their organisation. Not to long ago, these executives were also faced with the challenge of managing their IT investments in such a way that it is aligned with the strategic goals of the organisation. An initiative referred to as IT governance was developed and IT governance frameworks instantly assisted executives to obtain direct business value from IT investments. The problem statement addressed in this research is the lack of a generally accepted business continuity management framework. This research aims to leverage of the success of IT governance in an attempt to establish the beginnings of a framework for business continuity management. In addition, the research also illustrates a paradigm shift where the enterprise continuity of a typical organisation has evolved from disaster recovery to business continuity management. The research approach executed is based on the interpretivism paradigm and is used to interpret the results of the research methodology and research method. The research methodology consists of a literature survey and empirical study whereas a content analysis is used as the research method. / Dissertation (M.Com (Informatics))--University of Pretoria, 2007. / Informatics / unrestricted

Content analysis

Cobit

It governance

Disaster recovery

Business continuity management

Itil

UCTD