A Study Investigating the Design and Development of Components of a Comprehensive Tool Incorporating Characteristics of Continuity Management, Knowledge Harvesting, and Knowledge Management

Pierson, Mary Ellen

09 March 2011

This study explored the design and development of the knowledge harvesting and knowledge management components of a comprehensive tool which incorporates characteristics of continuity management, knowledge harvesting, and knowledge management. While tools exist to support restoring continuity in the aftermath of a disastrous event, little is done to address maintaining continuity through the non-disastrous events. Employee separation is one such non-disastrous event, and one that all organizations face. Knowledge harvesting is suggested as a means to address collecting the knowledge of employees within an organization so that it can be reused by new employees or temporary replacements. The combination of the attributes of continuity management, knowledge harvesting, and knowledge management resulted in five characteristics of a comprehensive tool. These characteristics were operationalized in the design of a comprehensive tool and provided contextual information for the design and development of the knowledge harvesting and knowledge management components. Findings of the evaluations of the components indicated that the developed components complied with the design-based specifications. Lessons learned from the implementation and evaluations of the knowledge harvesting component suggest that the right questions for the knowledge harvesting process should be determined by the organization based on the need for the information and the nature of the information needed; that the tool should incorporate terminology, prompting questions, and a structure that are right for the organization and that the users will understand; that users may benefit from time to respond and having options to submit responses in various formats; and that users may benefit from encouragement and support throughout the knowledge harvesting process. Lessons learned from the implementation and evaluations of the knowledge management components suggest that the ability to provide a prompt follow-up to a user's response could improve the effectiveness of the tool; that the structure and development of the database requires precision; and that while the database must be precise, it must also be flexible and accurately accommodate changes to the content. / Ph. D.

continuity management

knowledge management

prompting questions

knowledge harvesting

continuity

Problematika RTO a RPO v riadení kontinuity / The issue of RTO and RPO in business continuity management

Salai, Viktor

January 2011

This thesis is concerned about Business Continuity Management with the focus on determination of the RTO and RPO parameters. The work is divided into two main parts. The first section briefly describes theoretical issues of Business Continuity Management in conjunction with IT Service Continuity Management. Then there are described various technologies that are currently used to ensure continuity and recovery of IT systems. In conclusion of the theoretical part, the work focuses on the process of Business Impact Analysis. This thesis thus offers a comprehensive view of main principles and benefits that these concepts have for company and how they should be integrated with each other. It provides an overview of various technologies, their link to RTO and RPO parameters and also the definition of steps of disaster recovery procedure. The work also briefly defines the basic procedure for determination of the RTO and RPO parameters, subsequent steps needed to design recovery solutions and analyzes various aspects which need to be considered when defining the parameters of continuity. The second practical part is based on the previous theoretically defined procedure and its aim is to analyze the data acquired during the questionnaire investigation in chosen company to determine the parameters of continuity for the applications in use and then suggest appropriate ways of addressing their backup and recovery. The result of this thesis is therefore a description of the analysis and practical application of methods for setting the parameters for continuity of information systems and the subsequent establishment of necessary measures.

När hemmet blir viktigare än någonsin : En fallstudie om IKEA:s risk- och krishantering under pandemin / When the home becomes more important than ever

Gustavsson, Ellen, Spetz, Oskar

January 2021

Bakgrund: Med anledning av att externa risker är oundvikligt för företag krävs det en beredskap för mitigera och mildra dess effekter. Likväl om en risk realiseras leder det till en kris som också måste besvaras av organisationen. Detta innebär att företag måste ha utvecklade styrverktyg för att hantera detta. Ett sätt är med hjälp av risk och krishantering likväl Business Continuity Management BCM.  Syfte: Syftet med studien är att få djupare förståelse för hur IKEA som organisation arbetar med risk och krishantering utifrån faserna före, under och efter krisen samt hur organisationen har agerat och anpassat sig under pandemin specifikt på den svenska marknaden. Studien avser även att analysera om IKEA:s tillvägagångssätt efterliknar BCM-strategier genom att jämföra teori med praktik. Metod: Genom att bruka en kvalitativ forskningsmetod har materialinsamlingen till empirin möjliggjorts via semistrukturerade intervjuer. En abduktiv forskningsansats har nyttjats likväl en fallstudie som forskningsdesign som möjliggjort att få djupare förståelse över IKEA:s risk- och krishantering. Slutsats: Studien visar på att IKEA har en välutvecklad risk- och krishantering inom organisationen utifrån krisens tre faser. Vidare kan det konstateras att IKEA inte har tillämpat BCM enhetligt inom organisationen. Däremot dras slutsatser om att organisationen mer under pandemin har tillämpat strategier som går i linje med BCM. Ytterligare kan slutsatser dras om vilka åtgärder för att anpassa varuhusen mot verksamhetsstörningar, där social distansering och utökad e-handel har varit väsentliga åtgärder. / Background: Due to the fact that external risks are inevitable for companies, a readiness is required to mitigate its effects. Nevertheless, if a risk is realized, it leads to a crisis which must be answered by the organization. This means companies must develop control tools to handle the effect. One way is with the help of risk and crisis management, also, Business Continuity Management. Purpose: The purpose of the study is to gain a deeper understanding of how IKEA as an organization works with risk and crisis management based on the phases before, during and after the crisis and how the organization has acted and adapted during the pandemic specifically in the Swedish market. The study also intends to analyze whether IKEA's approach mimics BCM strategies by comparing theory with practice. Method: By using a qualitative research method, the collection of material for the empirical data has been made possible via semi-structured interviews. An abductive research approach has been used as well as a case study as research design which made it possible to gain a deeper understanding of IKEA's risk and crisis management. Conclusion: The study shows that IKEA has a well-developed risk and crisis management within the organization based on the crisis three phases. Furthermore, it can be stated that IKEA has not applied BCM uniformly within the organization. On the other hand, conclusions are drawn the organization has during the pandemic applied strategies which are in line with BCM. Furthermore, conclusions can be drawn about which measures to adapt the department stores to operational disruptions, where social distancing and increased e-commerce have been significant measures.

Risk

Risk Management

Crisis

Crisis Management

Business Continuity Management

Business Continuity Planning

Risk

Riskhantering

Kris

Krishantering

Business Continuity Management

Business Continuity Planning

Business Administration

Företagsekonomi

Business continuity management for an agribusiness company: a case study from west Africa

Mouphtaou, Tene

January 1900

Master of Agribusiness / Department of Agricultural Economics / Vincent Amanor-Boadu / The overall objective of this research is to develop a business continuity plan for a relatively large livestock company located in Francophone West Africa. This is very important in an environment when both internal and external risks can lead to significant disruptions in the business processes. The research, thus, focuses on developing a process that can be applied to establish a business continuity management process in this firm and provides the framework for implementing such a plan successfully. The livestock company, let us call it Livestock Co. to protect its identity, wants to define strategies for recovery, resumption of business and other key activities under the potential scenarios. Its managers desire to formulate crisis response strategies that would be implemented quickly when these disasters hit. The thesis envisages the potential conditions that may trigger these crises and develops the management systems to mitigate them, returning the business to it activities as quickly as possible. Some of the natural disasters that may be considered are fire, accidents and political upheavals. Some technical disasters that may be imagined may be related to infrastructure, labor crisis, and grain dust explosions. Unlike natural disasters, which often are uncertain, technical disasters can be predicted based on careful assessment of the environment or the assets. The research evaluates the process for developing a business continuity management plan and offers an implementation process to ensure its smooth execution.

Business continuity management

Emergency response

Risk

Crisis management

Economics (0501)

Economics, Agricultural (0503)

Management (0454)

Gestão de Continuidade de Negócios : o caso de uma empresa de telecomunicações

Souza, Diego Müller Cardeal de

January 2010

Em um movimento iniciado principalmente nos Estados Unidos na década de 90, a governança corporativa surgiu para superar o chamado conflito de agência, decorrente da separação entre a propriedade e a gestão empresarial, criando um conjunto de instrumentos para assegurar que as decisões dos executivos estejam sempre alinhadas com os interesses dos acionistas. Dentre esses mecanismos, destaca-se com grande relevância o gerenciamento de riscos corporativos, que possibilita aos administradores tratar com eficácia as incertezas, bem como as oportunidades a elas associadas, a fim de melhorar a capacidade de agregar valor às organizações. Os esforços de prevenção e tratamento de riscos operacionais geraram boa experiência no gerenciamento de interrupções de atividades essencias das organizações, constituindo a disciplina atualmente denominada como Gestão da Continuidade de Negócios (GCN). No desenvolvimento e promoção de boas práticas de GCN, destacam-se as normas da série 25999, partes 1 e 2, do BSI (British Standards Institution) que tratam, respectivamente, sobre um modelo de ciclo de vida de GCN e de um Sistema de Gestão de Continuidade de Negócios (SGCN). Partindo-se de uma revisão bibliográfica sobre governança corporativa, gestão de riscos, gestão de continuidade de negócios e sistemas de gestão, além da análise do contexto de GCN em uma empresa de telecomunicações, foi desenvolvida uma proposta de estrutura de apoio à implantação de um sistema de gestão de continuidade de negócios aplicada àquela organização e concluiu-se que essa implantação é facilitada devido ao fato de ser concebida a partir do PDCA – Plan, Do, Check, Act, modelo mundialmente conhecido e aplicável a outros sistemas de gestão. Concluiu-se também que o SGCN, além de estabelecido, precisa ser implementado, mantido e melhorado continuamente e, para isso, o patrocínio e o comprometimento da alta direção é muito importante. / In a movement initiated primarily in the United States in the 90s, corporate governance has emerged to overcome the agency conflict resulting from the separation of ownership and management business, creating a powerful set of mechanisms in order to ensure that the behavior of executives is always aligned with the interests of stakeholders. Among these mechanisms, stands out with high importance the business risk management, enabling administrators to deal effectively with the uncertainties and opportunities associated with them in order to improve the ability to provide value to organizations. Efforts to prevent and reduce operational risks introduced good experience in management of interruptions to the critical operations of organizations developing the discipline called Business Continuity Management (BCM). In the development and promotion of best practices GCN, there are the standard series 25999, parts 1 and 2 of the BSI (British Standards Institution) dealing, respectively on a BCM model life cycle and a Business Continuity Management System (SGCN). Starting from a literature review on corporate governance, risk management, business continuity management and management systems, and form the context of GCN in a telecommunications company, has developed a proposed structure to support the implementation of a business continuity management system applied to that organization and found that this deployment is further facilitated by the fact that it is designed from the PDCA – Plan, Do, Check, Act and world-renowned model applicable to other management systems. However, it was felt that the SGCN, and deployed, must be established, improved and maintened continuously and, therefore, sponsorship and commitment from top management is very important.

Governança corporativa

Gestão de riscos

Business continuity management

Management system

Risk management

Corporate governance

Optimalizace BCP ve vztahu k systému krizového řízení ČR / Optimalization of BCP in accordance with a system of crisis management in CR

Peštová, Aneta

January 2011

Companies are during their operation impacted many risks from inside or outside. Business Continuity Management is a managerial discipline that deals with providing resistance against operation company risks and was developed due to the increasing requirement to save against unforseen incidents. The goal of this thesis is to optimize the Business Continuity Plan of particular company in accordance with a system of crisis management in Czech Republic.

Gestão de Continuidade de Negócios : o caso de uma empresa de telecomunicações

Souza, Diego Müller Cardeal de

January 2010

Em um movimento iniciado principalmente nos Estados Unidos na década de 90, a governança corporativa surgiu para superar o chamado conflito de agência, decorrente da separação entre a propriedade e a gestão empresarial, criando um conjunto de instrumentos para assegurar que as decisões dos executivos estejam sempre alinhadas com os interesses dos acionistas. Dentre esses mecanismos, destaca-se com grande relevância o gerenciamento de riscos corporativos, que possibilita aos administradores tratar com eficácia as incertezas, bem como as oportunidades a elas associadas, a fim de melhorar a capacidade de agregar valor às organizações. Os esforços de prevenção e tratamento de riscos operacionais geraram boa experiência no gerenciamento de interrupções de atividades essencias das organizações, constituindo a disciplina atualmente denominada como Gestão da Continuidade de Negócios (GCN). No desenvolvimento e promoção de boas práticas de GCN, destacam-se as normas da série 25999, partes 1 e 2, do BSI (British Standards Institution) que tratam, respectivamente, sobre um modelo de ciclo de vida de GCN e de um Sistema de Gestão de Continuidade de Negócios (SGCN). Partindo-se de uma revisão bibliográfica sobre governança corporativa, gestão de riscos, gestão de continuidade de negócios e sistemas de gestão, além da análise do contexto de GCN em uma empresa de telecomunicações, foi desenvolvida uma proposta de estrutura de apoio à implantação de um sistema de gestão de continuidade de negócios aplicada àquela organização e concluiu-se que essa implantação é facilitada devido ao fato de ser concebida a partir do PDCA – Plan, Do, Check, Act, modelo mundialmente conhecido e aplicável a outros sistemas de gestão. Concluiu-se também que o SGCN, além de estabelecido, precisa ser implementado, mantido e melhorado continuamente e, para isso, o patrocínio e o comprometimento da alta direção é muito importante. / In a movement initiated primarily in the United States in the 90s, corporate governance has emerged to overcome the agency conflict resulting from the separation of ownership and management business, creating a powerful set of mechanisms in order to ensure that the behavior of executives is always aligned with the interests of stakeholders. Among these mechanisms, stands out with high importance the business risk management, enabling administrators to deal effectively with the uncertainties and opportunities associated with them in order to improve the ability to provide value to organizations. Efforts to prevent and reduce operational risks introduced good experience in management of interruptions to the critical operations of organizations developing the discipline called Business Continuity Management (BCM). In the development and promotion of best practices GCN, there are the standard series 25999, parts 1 and 2 of the BSI (British Standards Institution) dealing, respectively on a BCM model life cycle and a Business Continuity Management System (SGCN). Starting from a literature review on corporate governance, risk management, business continuity management and management systems, and form the context of GCN in a telecommunications company, has developed a proposed structure to support the implementation of a business continuity management system applied to that organization and found that this deployment is further facilitated by the fact that it is designed from the PDCA – Plan, Do, Check, Act and world-renowned model applicable to other management systems. However, it was felt that the SGCN, and deployed, must be established, improved and maintened continuously and, therefore, sponsorship and commitment from top management is very important.

Governança corporativa

Gestão de riscos

Business continuity management

Management system

Risk management

Corporate governance

Gestão de Continuidade de Negócios : o caso de uma empresa de telecomunicações

Souza, Diego Müller Cardeal de

January 2010

Em um movimento iniciado principalmente nos Estados Unidos na década de 90, a governança corporativa surgiu para superar o chamado conflito de agência, decorrente da separação entre a propriedade e a gestão empresarial, criando um conjunto de instrumentos para assegurar que as decisões dos executivos estejam sempre alinhadas com os interesses dos acionistas. Dentre esses mecanismos, destaca-se com grande relevância o gerenciamento de riscos corporativos, que possibilita aos administradores tratar com eficácia as incertezas, bem como as oportunidades a elas associadas, a fim de melhorar a capacidade de agregar valor às organizações. Os esforços de prevenção e tratamento de riscos operacionais geraram boa experiência no gerenciamento de interrupções de atividades essencias das organizações, constituindo a disciplina atualmente denominada como Gestão da Continuidade de Negócios (GCN). No desenvolvimento e promoção de boas práticas de GCN, destacam-se as normas da série 25999, partes 1 e 2, do BSI (British Standards Institution) que tratam, respectivamente, sobre um modelo de ciclo de vida de GCN e de um Sistema de Gestão de Continuidade de Negócios (SGCN). Partindo-se de uma revisão bibliográfica sobre governança corporativa, gestão de riscos, gestão de continuidade de negócios e sistemas de gestão, além da análise do contexto de GCN em uma empresa de telecomunicações, foi desenvolvida uma proposta de estrutura de apoio à implantação de um sistema de gestão de continuidade de negócios aplicada àquela organização e concluiu-se que essa implantação é facilitada devido ao fato de ser concebida a partir do PDCA – Plan, Do, Check, Act, modelo mundialmente conhecido e aplicável a outros sistemas de gestão. Concluiu-se também que o SGCN, além de estabelecido, precisa ser implementado, mantido e melhorado continuamente e, para isso, o patrocínio e o comprometimento da alta direção é muito importante. / In a movement initiated primarily in the United States in the 90s, corporate governance has emerged to overcome the agency conflict resulting from the separation of ownership and management business, creating a powerful set of mechanisms in order to ensure that the behavior of executives is always aligned with the interests of stakeholders. Among these mechanisms, stands out with high importance the business risk management, enabling administrators to deal effectively with the uncertainties and opportunities associated with them in order to improve the ability to provide value to organizations. Efforts to prevent and reduce operational risks introduced good experience in management of interruptions to the critical operations of organizations developing the discipline called Business Continuity Management (BCM). In the development and promotion of best practices GCN, there are the standard series 25999, parts 1 and 2 of the BSI (British Standards Institution) dealing, respectively on a BCM model life cycle and a Business Continuity Management System (SGCN). Starting from a literature review on corporate governance, risk management, business continuity management and management systems, and form the context of GCN in a telecommunications company, has developed a proposed structure to support the implementation of a business continuity management system applied to that organization and found that this deployment is further facilitated by the fact that it is designed from the PDCA – Plan, Do, Check, Act and world-renowned model applicable to other management systems. However, it was felt that the SGCN, and deployed, must be established, improved and maintened continuously and, therefore, sponsorship and commitment from top management is very important.

Governança corporativa

Gestão de riscos

Business continuity management

Management system

Risk management

Corporate governance

A lens towards reality : A comparison between theory and reality regarding employees IT-risk awareness at B2B-companies

Hörndahl, Magda, Dervisevic, Sebila

January 2015

The development of IT-resources today has reached a level towards making companies,especially B2B-companies, depend on the use of IT-resources to a certain level.This contributes to a large scope of important data being used on a daily basis, as a result thisdata becomes an important factor that can help a company succeed or lead them the otherway. The use of IT-risk planning becomes a great factor that can help direct the company inthe correct route. Nevertheless, the amount of time that is put on IT-risk planning today isquite high due to the development of IT-resources. Still there are some human factors thatcontinually get forgotten about that could help make this IT-risk planning even morerighteous. Underlying reasons to why every company within B2B slows down their processeswhen handling a crisis varies pretty often and there is really no consensus to which the mainreasons are. For this cause we’ve had the intent to study the most important factor withinevery business, the human factor e.g. the employees of the business. Thus this study treats thesubject of B2B-employees information security awareness. This work intends to research ifB2B-companies follow information security frameworks that have been developed in thesubject of information security awareness. The aim is to summarize existing theory and createan understanding of different key elements that are needed for an operative business and see ifthese key elements can be recognized within B2B-companies. To be able to investigate thisarea an empirical study has been created and conducted with six different B2B-companies.The primary data consists of semi-structured interviews with employees within both Swedishand European B2B-companies. The collected theory comes from published materials andprevious studies done about IT-risks and employees awareness. Comparison between theoryand empiricism will give answers about B2B-employees information security awareness andwhat can be improved. As result of the research findings it was concluded that there are somekey elements developed about how to improve IT-risk awareness. It has also been empiricallyproven that B2B-employees have lack of knowledge about how to handle IT-risks andmajority of the key elements in information security framework have not been adapted in theinterviewed B2B-companies.

Business continuity management

IT-awareness

information security

B2Bemployees

Computer and Information Sciences

Data- och informationsvetenskap

An investigation into business continuity plan (BCP) failure during a disaster event

Sambo, Mogamat Fadeel

January 2014

Magister Commercii (Information Management) - MCom(IM) / This thesis examines what a Business Continuity Plan (BCP) should comprise off, as well as the difference between a BCP and a Disaster Recovery Plan (DRP) and the key elements of an effective BCP as well as the different types of disasters. It also investigates why companies that have BCP in place and conducts testing of their plan on a regular basis, either quarterly or bi-annually, still experience prolonged downtime during a disaster resulting in Service Level Agreements (SLA) not being met or major financial loses. It also inspects acceptable processes within a BCP to determine whether there are ways of improving these processes to prevent companies from experiencing prolonged downtime. The objective of this research is to determine and understand: • Why organisations within the Western Cape experience prolonged downtimes during a disaster event • The potential deficiencies in a BCP and how they can be amended.

Business continuity plan

Business continuity management

Enterprise risk management

Disaster risk management