Description
Comprehensive, extensively classroom-tested business continuity textbook and risk management textbook plus extensive, proven instructor materials.
- Holistic coverage of both business continuity and risk management and how these two growing fields interface.
- Chapter objectives, discussion topics, review questions, case studies, bibliography; numerous charts and graphs.
- Flexible,modular textbook design that allows inclusion of topics based on your course objectives:
- Ten chapters to serve as a core course.
- Three additional chapters with greater detail on information technology and emergency management for use depending on class focus.
- Four additional chapters on risk modeling can be incorporated into a comprehensive risk management approach to business continuity management (BCM) or serve as a separate course at the upper undergraduate or graduate level.
- Two of the many case studies are integrated throughout the text to give students experience in applying chapter principles to a service company and a manufacturer.
- Instructor Materials, including syllabi; test bank; PowerPoint slides; and sample solutions to case studies, discussions, and end-of-chapter questions. All materials available to instructors when book is adopted as a classroom text.
- Authors include a college professor, who is also editor-in-chief of the International Journal of Business Continuity and Risk Management, and a management consultant with 20+ years of experience in business continuity and emergency management.
This book is your core business continuity textbook covering the body of knowledge for this growing field.
Although business continuity management (BCM) has matured as a distinct discipline and more colleges are offering courses in the subject, instructors had to choose books written for practitioners to serve as classroom texts. Since books for practitioners books were written with students in mind, most also lack instructor resource materials.
The Authors of this groundbreaking textbook have sought to provide the first academically-structured, student-friendly approach to preparing for a career in the interconnected fields of business continuity and risk management. If you’ve been thinking about starting a new course in Business Continuity Management (BCM), this comprehensive package will expedite your course design and implementation.
If you’ve been searching for student-oriented materials for the classes you already teach, then you’ll find that the chapter discussion topics, review questions, and case studies will give your students an accessible, readable blend of academic principles and practical applications.
This book can serve as a primary text in an undergraduate or graduate level course that focuses on business continuity and risk management or as a supplemental text in a closely related field. Business students majoring in any concentration, including operations, information technology, management science, finance, accounting, marketing, human resources, management and international business, will also find this book both interesting and useful. Emergency management and management engineering students will also find this book a valuable resource.
Comprehensive licensed instructional materials are available to qualified faculty upon confirmed course adoption.
Contents
Section I. Introduction
Chapter I. Fundamentals of Business Continuity Management
Objectives
Business Continuity and Risk Management
BCM Responsibility
BCM Development Process
Project Management
Professional Standards
Professional Terminology
Information Technology and Business Continuity
Green BCM
Review Topics
Case Studies
Bibliography
Chapter II. Business Continuity Management Organization
Objectives
Overview of BCM Organization
Key BCM Individuals and Groups
Review Topics
Case Studies
Bibliography
Chapter III. Business Impact Analysis
Objectives
Organization Objectives and Business Impact Analysis
Recovery Time Objective
Recovery Point Objective
Operations
Interdependencies
Single-Points-of-Failure
Support Infrastructure and Physical Environmental Requirements
BIA Provides Direction for BCM
Review Topics
Case Studies
Bibliography
Chapter IV. Risk Assessment
Objectives
Risk
Threat Identification
Controls Identification and Evaluation
Event Probability Estimation
Impact Estimation
Risk Measure Evaluation and Risk Prioritization
Risk Treatment
Review Topics
Case Studies
Bibliography
Chapter V. Strategy Development
Objectives
Developing Strategies
Selecting Strategies
Specific Strategies
Implementing Strategies
Review Topics
Case Studies
Bibliography
Chapter VI. Disaster Recovery for Information Technology
Objectives
Overview of Disaster Recovery Planning
IT Alternate Site
IT Alternate Site Provider
IT Alternate Site Location
DataCenterControls
DataCenterRecovery
Information Management
Information Security
Review Topics
Case Studies
Bibliography
Chapter VII. Information Systems Security
Objectives
The Control Environment
Information Systems Auditing Considerations
Information Technology and Security Considerations
Conclusion
Review Topics
Bibliography
Section II. Implementation
Chapter VIII. Emergency Response
Objectives
Emergency Response Overview
Pre-Crisis Activities
Actions during the Pre-Strike Phase
Actions during the Strike Phase
Interfacing with Civil Authorities
Review Topics
Case Studies
Bibliography
Chapter IX. Enhancing Coordination with External Agencies
Objectives
External Relations Overview
External Relations throughout the Four Phases Overview
Opportunities to Develop Relationships in the Mitigation and Preparedness Phases
External Relations throughout the Four Phases
State and Local Government Agencies
Review Topics
Bibliography
Chapter X. Business Continuity Plan
Objectives
Business Continuity Plan Overview
Objectives
Organization
Requirements
Strategies
Activation
Actions
Communication
Maintenance
Review Topics
Case Studies
Bibliography
Chapter XI. Crisis Communication
Objectives
Crisis Communication Overview
Crisis Communication Team
Media Communications
Systems and Equipment – Key Features
Systems and Equipment – Evaluation
Crisis Communication Procedures and Protocols
Review Topics
Case Studies
Bibliography
Chapter XII. Crisis Information Management Systems
Objectives
Systems for Crisis Information Management
Information Management during Crisis
How Information Technology is Used
Institutional Initiatives
Review Topics
Bibliography
Section II. Maintenance
Chapter XIII. Sustaining Organizational Resilience
Objectives
Making BCM Effective
Awareness and Training
Testing and Exercising
Maintaining and Updating
Review Topics
Case Studies
Bibliography
Section IV. Risk Modeling
Chapter XIV. Fundamentals of Probability and Statistics
Objectives
Fundamentals of Probability and Statistics
Graphical Presentation of Data
Stem and Leaf Plot
Frequency Distributions
Measures of Central Tendency
Basic Probability Concepts
Discrete Probability Distributions
Continuous Probability Distributions
Review Topics
Bibliography
Chapter XV. Statistical Applications in Risk Management
Objectives
Forecasting Techniques
Regression Analysis
Maintenance Modeling
Reliability Modeling
Review Topics
Bibliography
Chapter XVI. Simulation Modeling and Supply Chain Risk
Objectives
Introduction
Case 1: Supply Chain Analysis
Case 2: A Three Tier Supply Chain
Conclusions
Review Topics
Bibliography
Chapter XVII. Risk and Decision Modeling
Objectives
Introduction
Decision Making Environments
Decision Making under Certainty
Decision Making under Risk
Decision Making under Uncertainty
Other Decision Making Models under Uncertainty
Recent Approaches
Other Decision Making Models
Dealing with Imprecise Information
Decision making under Uncertainty and Imprecise Information
Review Topics
Bibliography
Section V. Case Studies
Case Study A: Alpha Investment Services
Operations
Resource Requirements
Information Technology
Revised Recovery Time Objectives
Crisis Communication
Case Study B: Beta Widget Makers
Operations
Resource Requirements
Information Technology
Revised Recovery Time Objectives
Crisis Communication
Case Study C: Supply Chain Analysis
Case Study D: Sample Risk Assessment
Introduction
Risk Analysis
Risk Assessment Illustration
Probability
Expected Disruption
Impact
Risk Evaluation
Review Topics
Bibliography
Case Study E: Phased Pre-Positioning of Employees
Objectives
Employee Release Groups
Plan of Action
Review Topics
Bibliography
Case Study F: Tabletop Exercise
Tabletop Exercise Overview
Alpha Investment Services Tabletop Exercise
Beta Widget Makers Tabletop Exercise
Section VI. Additional Information
Glossary
Appendices
Appendix A: Organizational Functions
Appendix B: Disaster Assistance Plan
Appendix C: Building Fortification
Appendix D: Pandemic Outbreak Planning and Response
Appendix E: EmergencyOperationsCenter(EOC)
Appendix F: Evacuation Procedures
Appendix G: Shelter-in-Place Procedures
Appendix H: Hurricane Preparation Steps
Appendix I: Tornado Preparation Steps
Appendix J: Severe Winter Storm Preparation Steps
Appendix K: DHS Advisory Code System
Appendix L: Assigning Actions by Department
Appendix M: National Weather Service Terms
Appendix N: Seismic Terms
Index
Contact Rothstein Associates Inc. to request a complimentary copy to evaluate for classroom use.
Excerpts
Below is the brief full text of the FOREWORD. Please note that it is followed by links to PDFs of selected chapters, preface and glossary.
FOREWORD
Business Continuity and Risk Management:Essentials of Organizational Resilience
As a business continuity professional serving New York’s Wall Street firms, I have been an active part of how the profession has evolved. Not that long ago, business continuity was viewed as an afterthought by many organizations — a form to complete and a box to check off. The defining moment, however, for me and for many senior managers now leading business resiliency and risk programs in major corporations — as well as our firms’ senior leaders — was the crucible of the World Trade Center disaster on September 11th. This unimagined tragedy of unimaginable proportions taught us that no threat is impossible. Planning and preparation for both the possible and impossible, we learned, are essential for any organization.
Many of us learned business continuity and risk management by doing it, strengthened along the way by a growing international body of experience and knowledge drawn from practitioners and academicians. Kurt Engemann and Douglas Henderson have made a fundamental contribution with their focus on resiliency issues. In an “open source” format, they have assembled a core curriculum spanning a discipline that traditionally took major portions of a career to experience and understand. A blend of theory, common sense, best practice and cases, this versatile textbook provides a structured learning tool and encyclopedic reference guide for business continuity and risk management students, teachers, practitioners, and executives.
One of my favorite chapters focuses on awareness and exercises. In March 2001, at the Wall Street firm where I headed Business Continuity at the time, we completed a major disaster recovery exercise for a scenario covering the complete loss of our primary data center near the World Trade Center. This scenario and much worse was realized six months later. On that day our preparation and exercises rewarded us with the restoration of key information processing capabilities at a backup location in just over two hours. Through resilient operations and people, these efforts played a key role in helping restore basic functionality to the markets and the financial services industry affected by 9/11.
No one can foresee the future. But I believe that this can be no excuse for lack of preparation, management support or exercises that improve awareness and continuously sharpen our organizational and technical response to adversity. We repeatedly experience the unimaginable — whether Mumbai terror attacks, tornado clusters, earthquakes or tsunamis. Crises will continue to arise, as will our need to understand and practice the essentials of organizational resilience.
Roseann McSorley
Managing Director
Global Business Resiliency Head
JPMorgan Chase & Co.
New York City
NOTE: The writer is not necessarily representing the views or opinions of JPMorgan Chase & Co.
Below are links to PDFs to selected chapters, preface and glossary. Please note that only 5 pages of each are displayed to provide a sense of the content and style. Each is copyrighted and permission is granted to use this material for textbook adoption evaluation only.
Contact Rothstein Associates Inc. to request a complimentary copy to evaluate for classroom use.
Authors
About the Authors
Kurt J. Engemann, PhD, CBCP
Kurt J. Engemann is the Director of the Center for Business Continuity and Risk Management and Professor of Information Systems in the Hagan School of Business at Iona College. He has consulted professionally over the past thirty years in the area of risk management decision modeling for major organizations and has been instrumental in the development and implementation of comprehensive business continuity management programs.
Dr. Engemann is a Certified Business Continuity Professional (CBCP) with the Disaster Recovery Institute International. Professor Engemann is the editor-in-chief of the International Journal of Business Continuity and Risk Management and the International Journal of Technology, Policy and Management. He teaches courses in the areas of Business Continuity and Risk Management, Systems Analysis and Design, Operations Management, Statistics and Decision Analysis. He has a PhD in Operations Research from New York University and has published extensively in the area of risk management and decision modeling. Professionals from a number of Wall Street banking firms and Fortune 500 companies attend his graduate courses in business continuity and risk management.
Douglas M. Henderson, FSA, CBCP
Douglas M. Henderson, President of Disaster Management, Inc., has 20 years of experience in management with major consulting firms. In August of 1992, Mr. Henderson was the key associate of the Emergency Response Team for a consulting firm located in South Miami-Dade County. Inspired by the real life business experience with Hurricane Andrew and concerned about the lack of preparation within the business community, Mr. Henderson founded Disaster Management, Inc. in 1993.
Mr. Henderson’s clients include Bombardier Capital Group, CP Ships, Discovery Channel Latin America, Intek Plastics, Kemper-NATLSCO, Professional Golfers’ Association (PGA), University of Miami, United Educators Insurance Company and numerous other organizations of all sizes. The activities he has undertaken on behalf of these organizations includes conducting site inspections and writing Risk Assessment reports, Business Impact Analysis reports, Business Continuity Plans, Emergency Response Plans and the facilitating of tabletop exercises.
Mr. Henderson has a degree in mathematics from the Universityof Arizona. His professional credentials include Fellow, Society of Actuaries (FSA) and Certified Business Continuity Professional (CBCP). He is the author of the book Is Your Business Ready for the Next Disaster? and has developed a number of CD-based templates, including the Comprehensive Business Continuity Management Program, the Continuity of Operations Plan for Colleges and Universities, and the Hurricane and Flood Plan.
Contact Rothstein Associates Inc. to request a complimentary copy to evaluate for classroom use.
Instructional Materials
Upon classroom adoption, this textbook is accompanied by a comprehensive package of instructor materials that include the following six classroom aids. This listing is followed by a display of samples from each aid file to give you a sense of their content, level of difficulty, style, etc.
Five Syllabi to Choose from Based on Your Course Objectives
The modular design of the textbook allows it to be used in a variety of courses emphasizing particular subject coverage. Five primary courses are suggested and a sample syllabus can be conveniently customized.
Each syllabus includes the following:
- Description of the Course
- Course Objectives
- Chapters for the Course
- Method of Evaluation
- Selected Bibliography
- Selected Websites
Suggested courses and sample syllabus
Various courses using the text can be designed to accommodate programs emphasizing particular subject coverage. Some suggested courses and the associated text chapters to include are:
BUSINESS CONTINUITY and RISK MANAGEMENT (See sample syllabus below)
Chapters 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
BUSINESS CONTINUITY MANAGEMENT
Chapters 1,2,3,4,5,6,8 10,11,13
RISK MODELING and BUSINESS CONTINUITY
Chapters 1,2,3,4,5,14,15,16,17
INFORMATION TECHNOLOGY and BUSINESS CONTINUITY
Chapters 1,2,3,4,5,6,7,8,10,11,12
BUSINESS CONTINUITY AND EMERGENCY MANAGEMENT
Chapters 1,2,3,4,5,6,8,9,10,11,13
SAMPLE SYLLABUS: BUSINESS CONTINUITY and RISK MANAGEMENT
Course Description:
This course explores the area of Business Continuity and Risk Management in a comprehensive manner to provide for organizational resilience. Particular emphasis is placed on assessing threats which may lead to disastrous events, evaluating control alternatives and implementing strategies. Practical solutions to enable an organization to mitigate risk, manage crisis and recover after a disaster are discussed. The course is designed to expose the student to all aspects of a holistic Business Continuity and Risk Management program and to determine the most appropriate requirements.
Objectives:
- Overview the essential components of business continuity and risk management.
- Analyze the organizational structure that needs to be in place to effectively prepare for, respond to and recover from a crisis event.
- Determine the importance of the organization’s activities by assessing the impact over time of their interruption and establish continuity and recovery objectives
- Examine threats and prioritize planning by assessing the likelihood of events and their potential impact on critical functions.
- Examine strategy identification, selection and implementation necessary for an organization to effectively respond to a crisis event.
- Examine alternate site selection, data center controls, information management procedures and information technology principles to provide continuation and recovery of the systems and communication capabilities of an organization.
- Review security controls and auditing considerations and apply these concepts to various information technology applications.
- Define the immediate actions taken during a crisis event with the prioritized objectives of life-safety, environmental protection and asset protection.
- Examine how an organization should interface with external agencies during disaster mitigation, preparation, response and recovery phases.
- Discuss the central plan documentation that defines continuity and recovery procedures for crisis events.
- Investigate the importance of emergency communication, media communication plus the devices and systems used to conduct crisis communication.
- Review the role that information systems play in the process of managing emergency information before, during and after an event.
- Discuss the importance of awareness and training, testing and exercising, and maintaining and updating to ensure that plans remain operable and current.
- Develop a foundation in probability and statistics that is very useful in business continuity and risk management.
- Explore forecasting techniques, regression analysis and reliability modeling.
- Examine simulation modeling in business continuity and risk management with application to supply chain analysis.
- Examine decision making techniques under risk and uncertainty.
Methods of Evaluation:
- Examinations – 50%
- Case Studies – 20%
- Paper and Presentation – 20%
- Participation – 10%
Students must complete all required readings as assigned. Students are to be prepared to discuss the readings, review topics, case studies, previous lecture topics, and assignments during each meeting.
And more…
Selected Bibliography:
- Anderson, D., Sweeney, D., and Williams, T., Statistics for Business and Economics, South- Western Cengage Learning, 2011.
- Aven, T., “A New Scientific Framework for Quantitative Risk Assessments,” International Journal of Business Continuity and Risk Management, Vol. 1, No. 1, pp. 67-77, 2009.
- Aven, T., Risk Analysis-Assessing Uncertainties Beyond Expected Values and Probabilities, John Wiley and Sons, 2008.
- Borodzicz, E., Risk, Crisis and Security Management, John Wiley and Sons, 2005.
Burtles, J., Principles and Practices of Business Continuity: Tools and Techniques, Rothstein Associates, 2007.
- Coyle, D. and Meier, P., “New Technologies in Emergencies and Conflicts: The Role of Information and Social Networks,”Washington,D.C.andLondon,UK: UN Foundation- Vodafone Foundation Partnership, 2009.
- Dhillon, G., Principles of Information Systems Security, John Wiley, 2007.
- Easttom, C., Computer Security Fundamentals, Pearson Prentice-Hall, 2006.
- Engemann, K. J., and Miller, H. E., “Critical Infrastructure and Smart Technology Risk Modeling using Computational Intelligence,” International Journal of Business Continuity and Risk Management, Vol. 1, No. 1, pp. 91-111, 2009.
And more…
Selected Websites:
American Red Cross, www.redcross.org
Business Continuity Institute, www.thebci.org
Department of Homeland Security, www.dhs.gov
Disaster Recovery Institute International, www.drii.org
Emergency Management Institute, www.training.fema.gov/emi
Federal Emergency Management Agency, www.fema.gov
Power Point Slides
Sample Solutions to Case Studies
CASE STUDY: CONDUCTING A BUSINESS IMPACT ANALYSIS (BIA)
Business Impact Analysis
Case Study A-3: Alpha Investment Services (AIS) conducts BIA
Based on the Operations and Resource Requirements information provided in Case Study A, consider the following:
A-3.1 For AIS, what are the most critical operations for each operational group and support department?
Type: Application Difficulty: Moderate/Hard
Suggested Solution:
A. Operational Groups
With 40% of the total revenue and 50% of the total profits, Custom Research is the most critical operational group. With 30% of the total revenue and 25% of the total profits, Equity Selection Services is the second most critical operational group. Customer service and ongoing contact with customers by all Operational Groups is considered to be critical to the business.
B. Support Departments
Although the various operational groups of AIS can function independently, all operational groups are dependent on Data Operations (data acquisition, data verification and data analysis) providing accurate data. Information Technology (system applications and communications) services are also critical to all aspects of AIS business operations.
Facilities (environmental controls and utility services), Finance and Accounting (crisis communication), and Security (facility protection and threat monitoring) are all critical operations. A safety and/or security failure will create a dangerous environment and shutdown business operations immediately.
Also note the following very important business activities include Finance and Accounting (public communications, insurance services) and Human Resources (payroll* and certain benefit services).
* Human Resources (Payroll) is ranked as ‘very important’ and not as ‘critical.’ Although some professionals rank Human Resources (Payroll) as ‘critical,’ actual payroll services are typically outsourced and, in any event, processed a few days in advance of the actual pay date — this extra time ensures that employees will not experience an immediate cessation of paychecks.
A-3.2 Identify the major interdependencies within AIS business operations.
Type: Application Difficulty: Moderate
Suggested Solution:
Although the various operational groups of AIS can function independently, all operational groups are dependent on Data Operations (data acquisition, data verification and data analysis) providing accurate data. All aspects of AIS business operations are dependent upon Information Technology (system applications and communications) services.
A-3.3 What are the Recovery Time Objectives for the following operations?
Type: Application Difficulty: Moderate/Hard
Suggested Solution:
[table id=1 /]
A-3.4 Is it logical to set initial Recovery Time Objectives for support operations equal to something less than 100% for certain responsibilities?
Type: Application Difficulty: Easy/Moderate
Suggested Solution:
Yes. Support operations often render services to both critical and non-critical business operations. It is quite possible that adequate support can be rendered to critical business operations with less than 100% recovery capabilities.
A-3.5 Identify the major single-points-of-failure in the supply chain and process flow.
Type: Application Difficulty: Moderate
Suggested Solution:
Data Operations and Information Technology are both a single-point-of failure that are absolutely essential to all revenue-generating operations. The print shop is also a single-point-of-failure at least for certain deliverables. However, print shop operations are not critical to revenue-generating operations and this work could be outsourced if necessary. Although not normally classified as a single-point-of-failure, certain environmental controls and security controls are also single-points-of-failure.
Sample Solutions to Chapter Discussion Topics
Discussion: The “Smoking Hole” Scenario
A worst case scenario commonly considered is the “smoking hole” scenario. The “smoking hole” scenario assumes that without warning on Monday morning the entire workplace is a smoking hole–complete destruction of the physical structure and all building contents. What actions should the organization take? Clearly this is a useful exercise to consider but also consider the following:
Is this really the worst case?
Will BCM that responds well to the ‘smoking hole’ scenario also respond well to all types of crisis events?
Type: Application Difficulty: Moderate/Hard
Suggested Solution:
As bad as this crisis event sounds, it is not the worst case scenario. The “smoking hole” scenario assumes that there are no injuries or fatalities; moreover, the workforce is unaffected and the community-wide infrastructure is not damaged.
Although not the worst case scenario, the “smoking hole” scenario is obviously a very major crisis event. If the BCM responds well to the “smoking hole” scenario it will likely respond to most crisis events. Crisis events that could create an even worse situation would be any major community-wide natural crisis (earthquake, hurricane, etc.) or a pandemic outbreak where (unlike the 2009 “Swine Flu” Pandemic) there is an extremely high mortality rate and no effective vaccine available.
5. SAMPLE SOLUTIONS TO CHAPTER REVIEW QUESTIONS
1. What are some approaches to assess event probabilities?
Type: Knowledge Difficulty: Moderate Suggested Solution:
Estimating the probability of events involves reviewing historical data and discussing the events with relevant groups such as the fire department, weather bureau, utility companies, computer virus incident monitoring agencies, police departments, building engineers, reliability engineers and government agencies. Collecting data from a variety of sources, including: interviews, questionnaires, workshops, documents, observation, data repositories and internal audit.
2. Identify the logistical problems associated with using a distant IT alternate site location during a major community-wide crisis event.
Type: Knowledge Difficulty: Easy/Moderate Suggested Solution:
Although the IT alternate site is removed from the damaged area, employees may have families that are stranded in a damaged and possibly dangerous area. Employees may also want to return home to repair damaged personal properties.
3. An intercom message is received stating that a hostile intruder situation exists in the building and that a shelter-in-place should be performed. Subsequently, a fire alarm is heard indicating the need to perform a building evacuation. Faced with this conflicting information, what would you do and why?
Type: Application Difficulty: Hard Suggested Solution:
There is not a single answer that will be correct in every circumstance. Since there is no way of knowing who activated the fire alarm, the suggested solution is not to evacuate unless:
- You have firsthand knowledge that there is a fire in the building, or
- You have been advised by Police/Security to evacuate the building, or
- There is imminent danger in the immediate area.
Sample Solutions to End-of-Chapter Review Questions
1. What are some approaches to assess event probabilities?
Type: Knowledge Difficulty: Moderate Suggested Solution:
Estimating the probability of events involves reviewing historical data and discussing the events with relevant groups such as the fire department, weather bureau, utility companies, computer virus incident monitoring agencies, police departments, building engineers, reliability engineers and government agencies. Collecting data from a variety of sources, including: interviews, questionnaires, workshops, documents, observation, data repositories and internal audit.
2. Identify the logistical problems associated with using a distant IT alternate site location during a major community-wide crisis event.
Type: Knowledge Difficulty: Easy/Moderate Suggested Solution:
Although the IT alternate site is removed from the damaged area, employees may have families that are stranded in a damaged and possibly dangerous area. Employees may also want to return home to repair damaged personal properties.
3. An intercom message is received stating that a hostile intruder situation exists in the building and that a shelter-in-place should be performed. Subsequently, a fire alarm is heard indicating the need to perform a building evacuation. Faced with this conflicting information, what would you do and why?
Type: Application Difficulty: Hard Suggested Solution:
There is not a single answer that will be correct in every circumstance. Since there is no way of knowing who activated the fire alarm, the suggested solution is not to evacuate unless:
- You have firsthand knowledge that there is a fire in the building, or
- You have been advised by Police/Security to evacuate the building, or
- There is imminent danger in the immediate area.
Test Bank
Sample True/False Question
1. ‘Risk Transfer’ is defined as the establishment of procedures or physical controls that will reduce the probability of the risk occurring and/or reduce the impact of the risk.
Type: Vocabulary Difficulty: Moderate Answer: False
Sample Multiple Choice Question
1. Regarding evacuation and shelter-in-place procedures, which one of the following statements is true?
A. Employees should automatically conduct a building evacuation during a hostile intruder threat.
B. The procedures for evacuating a hospital are similar to the procedures for evacuating a high-rise building.
C. Most organizations can conduct a silent evacuation correctly without any practice.
D. There are important differences in the procedures for conducting a shelter-in-place that depend on the type of crisis event.
Type: Knowledge Difficulty: Moderate Answer: D
Sample Short Essay Question
1. Identify indirect financial losses that can result from loss of operations.
Type: Knowledge Difficulty: Moderate Suggested Solution:
Indirect financial losses can result from the following:
- Decrease in customer and client satisfaction.
- Decrease in investor confidence.
- Damage to reputation and brand.
- Adverse media coverage.
- Reduction of competitive capabilities.
- Legal exposures.
- Missed filing and reporting deadlines.
- An increase in risk rating by financial institutions.
- Loss of business opportunities.
Contact Rothstein Associates Inc. to request a complimentary copy to evaluate for classroom use.
Excerpt from the Preface
Objective
The viability of an organization can be seriously challenged by a disaster. Numerous recent events have focused attention on the need to be prepared for such events. The objective of this text is to provide a comprehensive study of the critical field of business continuity and risk management with particular emphasis on decision making using a holistic approach. The coverage of the book is derived from the growing body of knowledge of practical methods, experiences and research to lead an organization in the process of systematic decisions to protect people, the environment, assets and operations from disastrous events.
Because business continuity and risk management often deals with events that are improbable, analyzing these risks is challenging. Risks come in many varieties, and there is a growing concern and associated effort for organizations to respond to the challenge. Organizational resiliency can be accomplished through an effective program in business continuity and risk management based on an understanding of risk methodologies and technologies.
This book can serve as a primary text in an undergraduate or graduate level course that focuses on business continuity and risk management or as a supplemental text in a closely related field. Business students majoring in any concentration, including operations, information systems, management science, finance, accounting, marketing, human resources, management and international business will find the material both interesting and useful. In addition, emergency management students and management engineering students will also find this book very valuable.
A wide range of educational and training needs are addressed by the book. In addition to being a text for college courses, this book is also intended for use in professional training programs and as a self-study manual.
Reviews
Given the importance of both Business Continuity and Risk Management in an increasingly risky world and their relative maturity as business disciplines, it is strange that little has been done to structure the subject in a way that is accessible to students and the wider academic community. Most relevant books and professional journals are targeted at either the professional practitioner or those with general interest in the topic. What has been missing is a college core textbook that covers the basic body of knowledge for aspiring students wishing to gain academic qualifications en route to a professional career in Business Continuity or Risk Management. This new book by Kurt Engemann and Douglas Henderson does much to redress this deficiency in our arsenal of published literature. Written at a level which is very comprehensive but still easily readable it provides a route-map through the terminologies, methodologies and philosophies of the subject….The Business Continuity Institute welcomes this book and wishes the authors well in their efforts to engage with both the business and academic communities in a language that both will understand.”
~ Lyndon Bird, Technical Development Director, Board Member and Fellow since 1994, The Business Continuity Institute
As our world becomes ever more turbulent the field of business continuity and risk management increases in importance, often warranting Board-level attention. Organisations must proactively prepare for the future by mitigating risk whilst managing uncertainty through well considered policies, procedures, structure, systems and business culture to react to potentially harmful events as they unfold. In this way, their survival is less likely to be threatened and it will be more likely that their goals will be attained. Too many times we have witnessed business disaster because an organisation failed to fully recognise the importance of business continuity and risk management or simply adopted a piecemeal and unsystematic approach. Practitioners constantly emphasise the necessity of a holistic approach and I am pleased to see this new book by Kurt Engemann and Douglas Henderson does just that. It is also important to blend theory with practice in this hands-on field; again this is accomplished by the authors of this book who have extensive academic and business continuity and emergency management experience. They bring the subject to life with rich teaching and learning features, making it an essential read for students and practitioners alike.”
~ Phil Kelly, DBA, Fellow of the Higher Education Academy (FHEA), Fellow of the Institute of Risk Management (FIRM); Senior Lecturer, Liverpool (UK) Business School; Lead Examiner, Risk Decisions, The Institute of Risk Management (IRM)
The book cements the notion that BCP professionals will achieve greater success if they collaborate with external resources. This is a book that will inform the novice, support the expert and enhance every business continuity planner’s efforts to create a resilient organization. The book is well organized as an instructional tool, a reference guide, and a toolkit for practitioners. Students at both the undergraduate and graduate levels will find what they need to build a strong foundation for business resiliency, regardless of the nature of the business career they seek. Adult learners, and those already BCP practitioners, will find solid support and proven practices to enhance and improve their work. Most of all, an executive, a student, or a practitioner who absorbs the content of this book will be better prepared to function in a field where preparedness is absolutely essential. Keep this book. It will serve you well in your education and practice.”
~ Thomas D. Phelan, PhD, Program Director, Emergency and Disaster Management and Fire Science at American Public University System; Founding Member of the U.S. Department of Homeland Security; member, Advisory Board of the Canadian Centre for Emergency Preparedness (CCEP)
This book is a state-of-the-art addition to the field of business continuity management and allied subjects. It is difficult to write a book that serves both academia and practitioners, but the editors and contributors have accomplished this. Business Continuity and Risk Management provides a firm foundation for novices and a valuable reference for experienced professionals.”
~ Mayer Nudell, Certified Security Consultant (CSC) and Adjunct Professor of Security Management, Webster University
Contact Rothstein Associates Inc. to request a complimentary copy to evaluate for classroom use.