annual - Maxis
annual - Maxis
annual - Maxis
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
This chart needs a title<br />
Risk Rating Scale – 5 x 5 Matrix<br />
IMPACT<br />
1. CATASTOPHIC<br />
HIGH<br />
IMPACT<br />
1. CATASTROPHIC<br />
<strong>Maxis</strong> BERHAD Annual Report 2009 | 87<br />
HIGH<br />
2. MAJOR<br />
2. MAJOR<br />
3. MODERATE<br />
MED.<br />
3. MODERATE<br />
MED.<br />
4. MINOR<br />
4. MINOR<br />
12.3<br />
5. UNLIKELY<br />
Managing Operational Risks –<br />
Business Continuity<br />
LIKELYHOOD OF<br />
OCCURENCE<br />
1. UNLIKELY<br />
2. LOW PROBABILITY<br />
In addition to the risk management function, <strong>Maxis</strong> has put<br />
in place disaster recovery and business continuity plans which<br />
are tested regularly to ensure prompt recovery of critical<br />
business functions in the event of major business and/or system<br />
disruptions. This is carried out via the establishment of a Crisis<br />
Management Team (“CMT”) to ensure uninterrupted service to<br />
our customers in Malaysia. To preserve shareholder value, <strong>Maxis</strong><br />
is committed to ensuring the timely recovery of its core business<br />
and its continuity in the event of a disaster at any of it locations.<br />
21.3<br />
Business Continuity (“BC”) is of paramount importance to<br />
42.1<br />
the<br />
company and its focus is maintained by a dedicated team of<br />
21.3<br />
certified BC practitioners. <strong>Maxis</strong> is certified under the British<br />
42.1<br />
Standard BS 25999 ( Business Continuity Management)<br />
therefore key BC disciplines such as risk evaluation, development<br />
of BC strategies and infrastructure plus testing of response plans<br />
18.5<br />
18.5<br />
are in line with international BC best practices.<br />
22.3<br />
TOTAL ASSETS<br />
7.6<br />
LOW<br />
3. POSSIBLE<br />
4. HIGH PROBABILITY<br />
7.6<br />
5. ALMOST CERTAIN<br />
12.3<br />
22.3<br />
5. INSIGNIFICANT<br />
LIKELIHOOD OF<br />
OCCURENCE<br />
For the financial LOW year, the Group spent more than RM20 million<br />
in building additional redundancies in network infrastructure<br />
and establishing alternate sites, where key operational activities<br />
1. 2. 3. 4. 5.<br />
can be resumed UNLIKELY in LOW case of any POSSIBLE disruption HIGH to our ALMOST operations. In<br />
PROBABILITY<br />
PROBABILITY CERTAIN<br />
addition during the financial year, critical areas as identified<br />
by risk priority were tested to assess the effectiveness of the<br />
implemented BCP initiatives.<br />
Annually, company-wide crisis simulation exercises involving core<br />
divisions of operations are conducted whereby the response of<br />
the CMT members 7.6 are put to the test. In addition, 7.6 an average<br />
of<br />
21.3<br />
fifty simulation tests of various complexities are conducted<br />
<strong>annual</strong>ly on core divisions and their respective critical equipment. 42.1<br />
On going awareness programs are also being conducted for CMT<br />
21.3<br />
coordinators and staff nationwide.<br />
12.3<br />
The progress of these initiatives are reported monthly<br />
18.5 to management and presented twice yearly to the BCP Steering<br />
18.5<br />
Committee which is chaired by the Chief Financial Officer. 22.3 In<br />
addition, key 22.3 risks are highlighted to the Audit 12.3Committee in<br />
conjunction with the Enterprise-wide Risk Management process.<br />
Where appropriate, the Group mitigates risk of high impact loss<br />
events by appropriate insurance coverage.<br />
T OTAL EQUITY & LIABILITIES<br />
HIGH MEDIUM LOW<br />
42.1<br />
Business Community Continuity Process Flow Flow<br />
PHASE 1<br />
PROGRAMME JUSTIFICATION<br />
AND AUTHORISATION<br />
PHASE 2<br />
PLAN, DEVELOPMENT, TESTING AND TRAINING<br />
PHASE 3<br />
MAINTENANCE<br />
1. PROJECT INITIATION<br />
RISK ASSESSMENT<br />
DEVELOP BCP<br />
CAPABILITIES<br />
2. RISK IDENTIFICATION<br />
4. RECOVERY<br />
STRATEGIES<br />
Risk avoidance<br />
Risk reduction<br />
Risk transfer<br />
BUSINESS<br />
5. RECOVERY<br />
IMPACT<br />
INFRASTRUCTURE<br />
ANALYSIS<br />
1<br />
Network facilities<br />
IT infrastructure<br />
Office facilities<br />
and others<br />
8. TESTING 9. PLAN MAINTENANCE<br />
3. BUSINESS IMPACT<br />
ANALYSIS<br />
6. RESPONSE PLAN<br />
7. AWARENESS/TRAINING 10. AUDIT REVIEW<br />
6