Foreign Office travel warning to British Nationals

Please consider sharing the following information with tenants, that conduct foreign travel.

The government regularly reviews and updates its travel advice to make sure it provides the most up to date information and advice for British nationals. Given coalition action in Syria and Iraq and the threat to countries involved, we have decided today to update our travel advice to reflect this.

The government is adding the following information and advice to all of its travel advice pages:

There is considered to be a heightened threat of terrorist attack globally against UK interests and British nationals from groups or individuals motivated by the conflict in Iraq and Syria. You should be vigilant at this time.

This change is being made to travel advice globally in response to the generalised threat. The government will continue to reflect any specific credible threats in travel advice in the usual way.

Link to Foreign and Commonwealth Office website:

https://www.gov.uk/government/news/update-to-travel-advice-on-the-global-threat-from-terrorism

Posted in London Olympic Games 2012 | Leave a comment

Strategy

Link to 3 myths that kill strategic planning attributed to Nick Tasler

http://blogs.hbr.org/2014/05/3-myths-that-kill-strategic-planning/

In its simplest form, strategic thinking is about deciding on which opportunities to focus your time, people, and money, and which opportunities to starve. One of history’s greatest strategic thinkers, Napoleon Bonaparte summed it up this way: “In order to concentrate superior strength in one place, economy of force must be exercised in other places.” If dead, despotic French emperors are not really your style, Michael Porter said it like this: “The essence of strategy is choosing what not to do.”

At the highest level, this usually means deciding to sell off one company in order to buy another one. More often it simply means deciding to move some initiatives to the back burner in order to concentrate the bulk of your resources in a single key area.

Sounds simple enough. Yet, three pervasive myths continue to make strategic thinking an elusive skill set in today’s organizations.

Myth 1: Productivity is the goal.

Productivity is about getting things done. Strategic thinking is about getting the right things done well. The corollary of that truth is that strategy requires leaving some things undone, which stirs up a potent cocktail of unpleasant emotions. When you leave projects undone or only half-completed, you must sacrifice that feeling of confidence and control that comes from pursuing a concrete goal (PDF). You will have to fight through the universal psychological phenomenon of loss aversion that results from saying goodbye to a cherished project in which you have already poured heaps of time and money. You will also have to deal with the social pain and feelings of rejection that come from telling some people on your team that their big idea or entire functional area has been demoted in favor of something else more valuable.

In the face of all that unpleasantness, it is tempting to continue striving for productivity. After all, what’s wrong with being productive?

The problem is that productivity is strategically agnostic. Producing volume is not the same as pursuing excellence. Without a strategy, productivity is meaningless. As Peter Drucker famously said: “There is nothing quite so useless as doing efficiently that which should not be done at all.” So the next challenge is figuring out which things are the right things.

Myth 2: The leader’s job is to identify what’s “important.”

Here’s a quick exercise: Make a list of every project and initiative your team is working on right now. When you finish the list, draw a line through all of the things that are not important.

If you’re like 99% of teams, not one project on your list will get crossed out. That’s because every project your team is working on is “important” to someone somewhere somehow. They all “add value” in some vague way. That’s why debating about what’s important is futile. Strategic thinkers must decide where to focus, not merely what’s “important.” Strategic leaders must consciously table some “important” projects or ignore some “important” opportunities.

While productive teams log overtime hours in order to knock out one important project after another on a first come, first serve basis, strategic teams decide which projects will contribute most to the declared strategy of the organization, and put the rest of the “important” projects on hold.

Myth 3: Strategic thinking is only about thinking.

Strategic leadership is not a math problem or a thought experiment. Ultimately, strategic thoughts must yield strategic action. Thorough cost/benefit analyses replete with mesmerizing forecasts, tantalizing linear trends, and 63-tab spreadsheets beautiful enough to make a newly minted MBA weep with joy are utterly useless without an actionable decision. In spite of the uncertainty, complexity, and the ever-present possibility of failure, a strategic leader must eventually step up and make the call about what the team will and will NOT focus on.

Tipping his bicorne cap to this truth, Napoleon once said, “Nothing is more difficult, and therefore more precious, than to be able to decide.” Perhaps that’s also why this precious ability to decide is the defining feature of those deemed worthy to hold the highest leadership positions.

Posted in London Olympic Games 2012 | Leave a comment

Article on BCMS auditing

GETTING THE BUSINESS CONTINUITY MANAGEMENT SYSTEM AUDIT RIGHT
The following article is attributed to Continuity Central

By Hilary Estall.
You are implementing a business continuity management system (BCMS) for the first time and you discover that one of the requirements is to conduct ‘internal audits’. What do you do? Who should be the auditor? Do they need to be trained? All valid questions (along with scores of others which you will doubtless ask yourself) which invariably will be rushed through without much thought into what is trying to be achieved (apart from a tick in the BCMS/certification box).

Done well, audits are an excellent way for your business to learn what’s working and what needs to be improved but done badly they soon become robotic and worse, potentially divisive. Internal audits are a requirement of any management system standard so if you are committed to implementing a meaningful BCMS you might as well do it properly from the outset.

Who should read this article?

Whether you are responsible for identifying and training the soon to be in post auditor or you have just found out that your role has been extended to include internal audits then this article is written with you in mind. Over and over again I come across situations where internal audits have been tagged onto someone’s existing job description (for a variety of reasons) and after a few days on a training course the ‘internal auditor’ has been let loose on the company. A terrifying prospect for most first time auditors and a very naive approach by management.

If you haven’t already guessed it, this is a subject close to my heart and with the recent publication of ISO 22301 and renewed thoughts of BCMS implementation on many organizations’ agenda, a timely reminder that there is more to internal BCMS audits than simply attending a training course.

What is an audit and why do we conduct them?

An audit (in the eyes of management systems) is defined as a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. This definition is taken from BS EN ISO 9000:2005 ‘Quality management systems – Fundamentals and vocabulary’ and used in ISO 22301 amongst other management system standards (MSS) and why not? It’s succinct (for a MSS definition) and is understood across a number of MSS disciplines. I could write paragraphs on what an audit should look like but taking this definition literally we understand that:

It must be systematic, in other words, repeatable in form. This will provide a consistent approach to auditing and ensure that whoever conducts the audit, the approach used will be constant.
It must be independent. To be of use, the auditor must be impartial and have no direct link to the area being audited. Independence also extends to being unbiased and fair in judgement.
And finally, the audit must be documented. To be a complete process the documentation starts with the planning phase (agreeing the scope of the audit), continues with the evidence obtained during the audit and does not complete its documentary obligation until the actions from the final (documented) report have been carried out, reviewed and closed by the auditor, at some predetermined date in the future. Thereafter, we are told that the audit evidence must be evaluated objectively in order to determine whether the requirements of the standard (audit criteria) have been met. Taken literally, you will agree, the internal auditor is being given responsibility for assessing the performance of the business and taking a tactical stance in operational improvement. Not something assigned to an individual without careful thought, you would hope.
The fundamentals of a well-executed audit

Conducting an audit requires having a clear brief (audit scope) as well as asking pertinent questions in the right way. Planning the audit and communicating its scope and intent to the auditor beforehand is crucial if they are to understand what it is they are expected to assess; this doesn’t mean having a checklist of pre prepared questions which must be rattled off as quickly as possible.

The auditor must be given the authority to ask searching questions of those who may be senior to them. In turn, the auditor must be confident to do this as well as judge whether the response (and supporting evidence) meets the audit criteria and, where it doesn’t, to raise the issue in the appropriate manner. Having asked a question the auditor must wait for a response. They shouldn’t be tempted to fill silences with suggested answers or move on to the next question until the respondent has had both time to think or the question asked of them in a different way, if necessary. In short, it is down to the auditor to look and listen and ensure that the auditee understands what is being asked of them. Misunderstandings are a common cause of nonconformities and subsequent bad feeling between parties and are easily avoidable.

The extent to which an auditor should sample an activity comes with experience. Never continue sampling on the pretext that sooner or later you’ll find something wrong. Judge what seems to be a fair sample and form an opinion from there. A competent auditor will soon know whether a problem exists.

Communication between auditor and auditee is vital. I’ve already said that misunderstandings can result in the raising of unnecessary nonconformities and the auditor needs to be able to communicate their expectations to the person they are auditing in a clear and non-confrontational way. If they can see the auditee is struggling they have a duty to ask the question in a different way, not simply mark it down as a failure. The same goes for feeding back audit findings afterwards. Not only should these be backed up by specific examples but they should be accepted by the auditee and communicated to relevant management. Commitment to taking appropriate corrective action is necessary and should be agreed between parties before the audit is concluded.

Timely review of actions remains the responsibility of the auditor, even if this is several weeks or months after the original audit. This can be a challenge when fitting audits in around other workloads but should not be left until the next audit, which could be a year away. Ongoing focus and importance placed on audit actions will make sure appropriate commitment and ownership is maintained.

Core competencies of a management system auditor

The competency requirements of an internal auditor are no more or less relevant when determining BCMS competencies, required by ISO 22301 (and BS 25999-2) but it’s surprising how often this role is overlooked by organizations. It’s up to the business to determine such competencies but you can see from what I’ve said in this article, that there are certain ‘soft’ skills which are as necessary (and sometimes more so) than a knowledge of auditing or business continuity management specifically.

Whilst the size and complexity of the organization might dictate, in part, the competency requirements of the auditor, this is not an excuse to hold back on making sure the best person is allocated the role.

Setting aside for a moment professional training requirements, personal qualities indicating a potential candidate include a tendency towards diplomacy, pragmatism, decisiveness and having an open mind to what is being discussed. Many more exist but to some extent these may be driven by the culture of the organization.

As for professional training, the organization (and prospective auditor) should be clear what it is they wish to gain from this. So often new auditors are sent on the wrong training course and come away bewildered, demoralised or simply unclear how they will translate what they have been taught into practical auditing skills. How many auditors have heard of, let alone read, BS EN ISO 19011:2011 ‘Guidelines for auditing management systems’? It should be on the pre course reading list of every auditor course but it’s not!

The International Register of Certificated Auditors (IRCA) is where every professional auditor should aim to be professionally approved. It’s the only independent assessment process for auditors, be they internal auditors, auditors or lead auditors and demands an ongoing commitment by the individual to develop their auditing skills through continual practice and professional development. Membership of IRCA means you can be taken seriously as an auditor, and not before, in my opinion.

Does ISO 22301 demand more from the audit process?

Those of you already familiar with ISO 22301 will know that greater emphasis is placed on managing the results of internal audits than in BS 25999-2. As with other new or revised requirements in the international standard, the weight of a BCMS now focuses more on the effectiveness and relevance of it both in terms of meetings the organization’s objectives as well as the needs and expectations of interested parties. What better way of determining this than by conducting your own internal assessment of your performance? Any third party auditor worth their salt should be assessing an organization’s internal audit capability in a slightly different light, going forward.

Are you getting what you want from your third party auditor?

Talking of external auditors, those jolly people who turn up to audit your management systems from certification bodies (I am one of them), have a lot to live up to. Since the launch of BS 25999-2 there have been several ‘issues’ between client and auditor with expectations not being met. Many third party auditors do not conduct BCMS audits very often, are not business continuity professionals (understandably) and can come across as indifferent to the nuances that every BCMS displays. They too would do well to read this article!

If you only take one message away from reading this it should be: make sure you know what you want from your internal audits and you have the best people carrying them out for your business.

The author

This article presents just the tip of the auditing iceberg. If you think you could be getting more from your BCMS audits, the author, Hilary Estall SBCI of Perpetual Solutions Limited, will be pleased to carry out an Audit Health Check on your auditing arrangements and work with you to maximise the benefits of internal audits on your BCMS.

For more information or to find out where you can buy a copy of Hilary’s practical and insightful book ‘Business Continuity Management Systems; Implementation and Certification to ISO 22301’ contact Hilary at hilary.estall@pslinfo.co.uk or http://www.pslinfo.co.uk

Hilary is an IRCA registered BCMS Lead Auditor. For more information about becoming a certificated auditor visit http://www.irca.org

Posted in London Olympic Games 2012 | Leave a comment

Cyber security guidance

On 5 September 2012, the government published advice to business on measures that they can take to raise the levels of cyber security within their organisations and their supply chains. Although advice on how businesses can better secure their networks and data already exists, for the first time this brings together in one place government advice for the private sector. The new guidance publications are available from the cyber security downloads page.
The new guidance provides advice from security and intelligence experts across government about how to defeat most cyber attacks. A company’s data, its intellectual property, needs to be protected. With basic cyber security systems in place, at least 80 per cent of cyber attacks will bounce off. The guidance is aimed at company boards and their Chairs and Chief Executive Officers to embed the idea that this is a strategic risk that needs to be managed at board level.
http://www.bis.gov.uk/policies/business-sectors/cyber-security/downloads
Posted in London Olympic Games 2012 | Leave a comment

UK Market Wide Ex 2011

On 22 November 2011 the UK Financial Authorities carried out the sixth in a series of Market-wide Exercises (MWE’s) designed to assess and improve the UK financial sector’s ability to deal with major operational disruption.

In total, 87 organisations (including 15 for the first time) and over 3,500 people from across the financial sector took part.

A report detailing the outcomes and findings from the exercise has now been published and will provide the main focus of a participants-only conference on 23 February 2012.Link to report MWE_2011_Report123

Posted in London Olympic Games 2012 | Leave a comment