Operational Resilience Audit Series
Bg Bann_OR_Audit and Review Questionnaires

ORA [Plan] Questionnaires: Analyse Gap for Incident and Crisis Management

This section is the "Plan" phase of the Operational Resilience Planning Methodology.  This is the start of the operational resilience project or program if you review it.

These questionnaires serve as an initial audit checklist to review the second stage of the Plan phase.  This stage is to "Analyse Gap" for Incident and Crisis Management.

Caution from Author: Remember that each blog or set of questionnaires and checklists should be used independently.  The reason is extensive content overlapping for all three phases and its 15 stages.  As a reviewer or auditor, you will never use all 15 sets of blogs concurrently.

Moh Heng Goh
Operational Resilience Audit-Specialist-Expert

New call-to-action

Analyse the Gap 

OR_Plan_Update Diagram

 
What is Incident and Crisis Management?

Incident Management or IM refers to an organisation's activities to identify, analyze and correct threats.

Crisis Management or CM is the overall coordination of an organization's response to a crisis in an effective, timely manner, intending to avoid or minimize damage to the organization's profitability, reputation, or ability to operate.

New call-to-actionOR Plan Phase Questionnaires: Analyse GapThis section is the "Plan" phase of the Operational Resilience Planning Methodology.  It is the second stage of the Plan phase: Analyse Gap.

Audit Checklist for Analysing the Gap for Incident and Crisis Management

 

1. Crisis Management Structure
  • Is there a documented crisis management structure in place?
  • Are the structure's roles, responsibilities, reporting lines, and chain of command clearly defined?
  • Have alternates been designated for primary representatives in case of unavailability?
  • Are there regular training and awareness programs for personnel involved in the crisis management structure?

Checklist
  • Check if there is a documented crisis management structure.
  • Verify if roles, responsibilities, reporting lines, and chain of command are clearly defined within the structure.
  • Assess if alternates have been designated for primary representatives.
  • Review training and awareness programs for personnel involved in the crisis management structure.

2. Triggers and Activation Criteria
  • Are there pre-defined triggers and criteria for activating the crisis management structure?
  • Are these triggers and criteria reviewed and updated periodically to reflect organisational risk landscape changes?
  • Is there a mechanism for timely monitoring and identification of triggers to activate the crisis management structure?
  • Has the effectiveness of the triggers and activation criteria been tested through simulations or exercises?

Checklist
  • Determine if there are pre-defined triggers and criteria for activating the crisis management structure.
  • Verify if these triggers and criteria are reviewed and updated periodically.
  • Assess the mechanism for monitoring and identifying triggers to activate the crisis management structure.
  • Review simulations or exercises to test the effectiveness of the triggers and activation criteria.

3. Crisis Management Plans and Procedures
  • Are there comprehensive crisis management plans and procedures in place to guide actions and decisions during a crisis?
  • Have the crisis plans been developed based on a thorough assessment of potential risks and scenarios?
  • Are the plans regularly reviewed, updated, and tested for their effectiveness?
  • Are there clear guidelines on the roles and responsibilities of senior management during a crisis?
  • Is there a process for post-crisis evaluation and improvement of the crisis plans and procedures?

Checklist
  • Check if comprehensive crisis plans and procedures are in place to guide actions and decisions during a crisis.
  • Verify if the crisis plans are based on a thorough assessment of potential risks and scenarios.
  • Assess whether the plans are regularly reviewed, updated, and tested for effectiveness.
  • Review guidelines on the roles and responsibilities of senior management during a crisis.
  • Determine if there is a process for post-crisis evaluation and improvement of the crisis plans and procedures.

4. Tools and Processes for Situation Assessment
  • Are there tools and processes in place to facilitate timely updating and assessment of the latest situation during a crisis?
  • Is there a dedicated team responsible for gathering, analysing, and disseminating information to support decision-making?
  • Are the tools and processes regularly tested and updated to ensure their effectiveness?
  • Is there a mechanism to integrate information from various sources and stakeholders for a comprehensive situational assessment?

Checklist

  • Determine if tools and processes are in place to facilitate timely updating and assessment of the latest situation during a crisis.

  • Assess if a dedicated team is responsible for gathering, analysing, and disseminating information to support decision-making.

  • Verify if the tools and processes are regularly tested and updated.

  • Determine if there is a mechanism to integrate information from various sources and stakeholders for a comprehensive situational assessment.

5. Stakeholder Communication
  • Is there a list of internal and external stakeholders to be informed when a critical business service is disrupted?
  • Are communication plans and requirements documented for each stakeholder group?
  • Do the communication plans include criteria for determining the severity and timing of notifications?
  • Are there predefined communication channels for efficient stakeholder communication, such as email distribution lists or notification systems?
  • Are alternative communication channels identified and documented in case the primary channels are unavailable?

Checklist

  • Verify if there is a list of internal and external stakeholders to be informed when a critical business service is disrupted.

  • Review communication plans and requirements documented for each stakeholder group.

  • Assess if the communication plans include criteria for determining the severity and timing of notifications.

  • Verify if there are predefined communication channels, such as email distribution lists or notification systems, for efficient communication with stakeholders.

  • Determine if alternative communication channels have been identified and documented in case the primary channels are unavailable.

6. Mainstream and Social Media Communication
  • Are communication channels effectively established to reach stakeholders through mainstream and social media platforms?
  • Are designated personnel responsible for managing communications on these channels during a crisis?
  • Are there guidelines or protocols to ensure consistent and accurate messaging through mainstream and social media?

Checklist
  • Assess if there are established communication channels to effectively reach stakeholders through mainstream and social media platforms.
  • Verify if designated personnel manage communications on these channels during a crisis.
  • Review guidelines or protocols to ensure consistent and accurate mainstream and social media messaging.
  • Assess if there are mechanisms to monitor and respond to public sentiment and feedback during a crisis.
 

Do note that some steps may overlap or appear similar in the other stages of the OR planning phases.  If this occurs, the questionnaires and checklists must be contextualised to the topic under review.

 

New call-to-action

Questionnaires and Checklist "Plan" Phase

 Assess Capability and Maturity Analyse Gap

Develop Strategy Roadmap

Confirm Risk Appetite

Develop and Embed Governance
New call-to-action New call-to-action OR Plan Phase Questionnaires: Analyse Gap New call-to-action New call-to-action New call-to-action

 

Find out more about Blended Learning ORA-5000 [BL-ORA-5] & ORA-300 [BL-ORA-3]

New call-to-action Tell Me More About BCM- 8030 New Call-to-action
New call-to-action New call-to-action New call-to-action
New call-to-action

Please feel free to send us a note if you have any of these questions.

Email to Sales Team [BCM Institute]

 New call-to-action

For Your Comments:

 

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2024