The programme includes the IDRC Davos 2016 agenda of sessions, plenary sessions, special panels and workshops. Click on the session title for more details.

Please send minor changes and corrections (in affiliations, presentation order, or spelling) to



Session 10: Organizational Resilience and Business Risk Management
Monday, 29/Aug/2016:
6:00pm - 7:30pm

Session Chair: Ghadeer Rashed ALFANDI, Ministry of Electricity and Water
Room: Schwarzhorn

Show help for 'Increase or decrease the abstract text size'

Defining Resilience: Trends in Continuity


Disaster Recovery Institute International, United States of America

Cyber security, globalization, effective communications across industries and countries. The list of challenges continues to grow almost exponentially annually. Chloe Demrovsky, a respected expert in the continuity industry will present her views on these issues as well as providing attendees an opportunity to discuss and examine her experiences towards events that may impact the industry in 2016. Topics will range from the very real and growing cyber threat against critical infrastructure to the growing challenge of globalization Discussion questions include how practitioners around the globe address incremental and complex interdependencies between organizations and associated emerging risks; which risks exist across borders and markets, and how that knowledge can be utilized to gain strategic advantage; as well as how clear communication is critical to effective continuity and crisis management. Another unique aspect to DRI’s continuity development and standardization is how a group of DRI-led volunteers pulled industry terminology from multiple reference documents, professional glossaries, standards and regulations from around the world to create a comprehensive global lexicon. Chloe will showcase this useful resource, maintained by DRI International in collaboration with a wide number of international industry leaders, and describe why it is now the industry’s most comprehensive BCM glossary.

Organizational Learning from Disastrous Events: A Case Study of a Multi-Utility Company Learning through 2012 Northern Italy Earthquakes

Shanshan ZHOU, Massimo BATTAGLIA

Scuola Superiore Sant'Anna, Italy

The case of the multi-utility company AIMAG handled it’s interruptions generated by the Northern Italy Earthquakes in 2012 provides a starting point for our exploration of how an organization can learn from interruptions. On May 20 and May 29, 2012, two major earthquakes of 5.9 and 5.8 magnitude each hit the Emilia Romagna region. AIMAG provides water, gas, waste management and public illumination to the area. It had no business continuity plan and earthquake was considered a rare event and therefore was never taken into consideration by the management. With the effort of AIMAG and its external parties, it manged the interruptions with an impressive speed and restarted its service rapidly after the earthquakes. We are curious to know why they were able to manage the interruptions and how they managed the interruption. To answer these questions, we conducted an case study grounded on 11 interviews with top managers and important external stakeholders. We also collected archival material about AIMAG and earthquakes to triangulate the data.

We find that AIMAG is able to learn through rare events. It applied the knowledge learnt from previous emergencies into managing the interruption caused by the earthquakes. AIMAG was able to generate knowledge during the interruptions, retain it, transfer and apply it to the interruptions occurred after the earthquakes. AIMAG is capable to do so because it has particular environment context and organization context. AIMAG has almost all local employees with very low turnover rate. Working for AIMAG means working for their territory and their homes. AIMAG has a functional and flexible organization structure which allows employees to make autonomous decision during the interruptions. As a company of public ownership which provides utility, AIMAG has good relationship and natural ties with local entities. Therefore they are more willing to both receive and give help.

Thailand Business Risk Assessment for Disaster Management

Patcharavadee THAMARUX1, Natt LEELAWAT2, Masashi MATSUOKA3

1Graduate Student, Interdisciplinary Graduate School of Science and Engineering, Tokyo Institute of Technology, Japan; 2International Research Institute of Disaster Science, Tohoku University 468-1-E305 Aramamaki-Aza Aoba, Aoba-ju, Sendai 980-0845 Japan; 3Associate Professor, Department of Architecture and Building Engineering, School of Environment and Society, Tokyo Institute of Technology, Japan

Because 89% of businesses in Thailand are Small and Medium Enterprises (SME), how well those businesses are doing impacts to overall country’s GDP highly. The disaster events in Thailand had shown that SME in Thailand had yet been prepared for disaster well enough. Especially, the great flood in 2011 suggested that the SME was affected highly and recovered difficulty. With the fact that the number of new startups in Thailand is increasing rapidly, it is very important that the SME should be able to make the assessment and understand their own risk.

This study presents the idea of implementation knowledge in disaster management for Thai SME startups both from business management integrated with engineering point of view. The disaster management is highly important topic for supporting Thailand’s economic development with easy-to-use analysis tools with engineering data for analysis that had yet been introduced in Thailand. In order to reduce lost and prevent obstacle of development, this study suggests SME startups to conduct business with cautions for unexpected disaster.

Business Risk Assessment (BRA) system is the useful tool that suggests startups what should be considered and how much should be considered and invested to prevent lost due to disaster. It is 3 times cheaper to prepare than to recover. This study explains the development stages of BRA system, which is the internet-based-platform for risk assessment for young SME in Thailand. It suggests SME startup for disaster preparation by determines the risks, vulnerability, and analyzes the suitable preparation suggestion for before, during, and after the disaster. This study conducts under the goal to minimum risk management investment of resources for lost prevention and fast recovery for the SME startups. With the fast and easy to access platform, by inputting business's information, the system will output risk score and suggest the possible disaster preparation for SME startups. The result from this tool can be used for Business Continuity Plan (BCP) to result the necessary measures for high-prioritized business activity. BCP standard and suggestion for implementation is available in Thailand, but the practical execution is still under limitations.

Toward Integrative Organizational Risk Management: Total Exposure Management


Boston University, United States of America

Two decades passed since the pioneering work embodied in the AS/NZS 4360 Risk Management Standard, and in spite of the refinements offered by the subsequent COSO (US) and ISO 31000 frameworks, attainment of enterprise-wide risk management remains an elusive target for most business organizations, as philosophical and practical obstacles remain: As used in business context, the scope and practices that comprise the domain of ‘risk management’ tend to focus on known risks that also exhibit mathematically-estimable distributional properties, effectively sidestepping emerging and non-estimable threats. Furthermore, different facets of the broadly defined organizational risk management efforts continue to function as stand-alone, largely independent disciplines such as ‘risk management’, ‘business continuity planning’, ‘emergency management’, and ‘change management’, which clearly impedes development of true enterprise-wide risk management efforts. The research described here, detailed in the recent book – Total Exposure Management: Risk, Resilience, Change – outlines an integrative framework the goal of which is to expressly amalgamate the now-distinct domains of ‘risk management’, ‘organizational resilience’ (itself comprised of ‘business continuity planning’ and ‘organizational emergency management’) and ‘change management’ into a singular conceptual and management structure supported by three core enabling capabilities of ‘knowledge’, ‘agility’, and ‘communication’. The ultimate goal of the Total Exposure Management framework is to take a step toward the development of a conceptual blueprint enabling and guiding true enterprise-wide threat abatement efforts. A key step toward meeting that goal is evolving of the currently expense-minimization focused, distinct organizational functions of risk management, organizational resilience and change management into a singular, integrated organizational function focused on competitive advantage.

Qualitative Risk Assessment for Business Continuity Management in University

Jeong Hwan KWON, Hong Sik YOON, Moon Su SONG, Min Kyung CHO

Sungkyunkwan University, Korea, Republic of (South Korea)

2001 World Trade Center 9/11 was sufficient to recognize the concept of a business continuity management in the organization. Black Swan theory, Nassim Nocholas Taleb claimed that events difficult to imagine occur, has been proven by the Fukushima nuclear incident just five years.

Korea mainly introduced a Business Continuity Management such as IT and financial company and has established a policy to introduce business continuity management in small and medium-sized businesses and public facilities in accordance with the international precedents, such as the government of the United States NIPP. However, the range has a limit that is restricted to public facilities by law.

Universities have many research reports and population and have social responsibility to keep the property and lives. In addition, the University is open to outsiders and exposed to large quantities of chemical gas and radiation. A number of universities in other countries have identified these issues and fostered secure areas of the university to take advantage of introduction of business continuity management. Since universities in Korea don’t introduce Business Continuity Management, it is necessary to establish a business continuity management in the university.

Accordingly, this study tried a qualitative risk assessment to establish business continuity management of the university. This study identified possible risks occurring in universities and analyzed each of the risks. In the process, this study suggested Impact, frequency, mitigation index which is a factor of risk assessment. The results of risk assessment was classified three of level each of the risk level risk by Fault Tree Analysis.

Contact and Legal Notice · Contact Address:
Conference: IDRC Davos 2016
Conference Software - ConfTool Pro 2.6.100+TC
© 2001 - 2017 by H. Weinreich, Hamburg, Germany