Title: Deutsche Bank Corporate Security
1Deutsche Bank Corporate Security Business
ContinuityBusiness Continuity Metrics
March 19th 2008
2- What is measured and why?
- How is it measured?
- How is the information used?
- What is next?
3- What is measured and why?
- Readiness Capability
- Readiness Business Impact Analysis (BIA)
Business Recovery Plan (BRP) - Capability Call Tree Site Testing
- Business Continuity Management (BCM) Compliance
as a Key Risk Indicator
4- How is it measured?
- Business unit scorecard
- Business group scorecard
- Global business group scorecard
5Scorecard by Business Unit
Sample Data
6Scorecard by Business Group
Sample Data
7- How is the information used?
- Control by the BCM group and senior management
- Compliance information is reviewed by the Audit
Group - The information is part of the Economic Capital
Calculation
8- Economic Capital Calculation
- The amount of equity capital needed at any given
time to absorb unexpected losses arising from
current exposures.
9Operational Risk Coverage of Special Risk Types
Risk Types and Control Groups
AssessmentApproach and Organization Level
Fiduciary ServiceRisk
Orig. Execution Risk
FRRR
TPR
ITR
Staff Risk
Vendor Risk
Regula-tory Risk
Real Estate Risk
Security Risk
Business Continuity Risk
Front Office
Front Office
Control-ling
GTO
ITRC
HR
Sourcing
Compli-ance
CRES
CSBC
CSBC
Control Group
Use ORM db-SAT process
Use ORM db-SAT process
Use results from SOx Workflow assessment
Use results from existing assessment process
Use results from existing dbRAMM process
Use ORM db-SAT process
Use ORM db-SAT process
Use results of existing SA in db-SAT
Data provided by CRES for all relevant buildings
Use ORM db-SAT process
Use ORM db-SAT process
Detailed Reviews Bottom Up by ProductGMGTBCF
CI PBC AM PWM LEMG
?
?
?
?
?
?
?
?
IB TPR (Starc)Q1/08
Waived for 2007
Q1/08
10 - What is next?
- New Metrics based on Calculation of Potential Loss
11Potential Loss Based Key Risk Indicator (KRI)
- New Metrics based on Calculation of Potential
Loss
Total Revenue ()
Adjusted Revenue ()
Revenue at Risk ()
Used to derive KRI ()
Total Revenue ()
Recovery Capability
Adjusted Revenue ()
Compliance
Planned recovery based on - Recovery Seats -
Work from Home - Pass the Book
Compliance w/ BCM Lifecycle - BIA, BRP -
Testing
12 - Questions?
- Thank you!
- Oscar Menendez