Ross Wilkinson

7/31/2019 Ross Wilkinson

1/21

Business Continuity Managementfor the Public Services

Integrating BCM with other organisational functions

10 May 2012


2/21

Ross Wilkinson BBus CPRM MRMIA

Risk Manager Operational & Organisational

Enterprise Risk Services Branch

Department of Transport


3/21

Department of Transport

Objectives*:

Ensuring a transport system is provided consistent with the visionstatement and the transport system objectives

Determining Strategic Policies for transport priorities that address

current and future challenges

Ensure in collaboration with other transport bodies that policies

and plans for an integrated and sustainable transport system are

developed, aligned and implemented

* Section 33 Transport Integration Act 2010


4/21

How does the Department deliver to its Objectives?

Determines the necessary functions

Determines the resources required

Builds a structure to manage the functions and

resources

Develops the policies and strategies to guide

the functions and use of resources


5/21

Department of Transport Structure

Secretary

DepSec

Strategic Transport

Planning

Gen Mgr

Vic. Taxi

Directorate

Ex Dir

People

& Org Dev.

Ex Dir

Bus & Ex Serv

Ex Dir

Pol& Comm

DirectorAudit & Ass.

Ex Dir

Sec & Em Mgt

Ex Dir

Trpt Planning

& Programs

Ex Dir

I/Gov Rel

Ex Dir

Com & Place

CFO

Finance

Ex Dir

IntPrograms

Development

Ex Dir

Regn, Go vn

& Law

CEO

RRLA

Ex Dir

Trpt Projects

Ex Dir

Freight Logistics

& Marine

DepSec

Programs

Chair

Reg Rail Link

Authority

Strategic Planning

Programs


6/21

How does it do this?

Corporate PlanDetails the Objectives, Policies, Strategies and Structure

Business Plan

Details the Functions, allocates the Resources and establishes the Timelines


7/21

The Business Cycle

Risk

Management

Business

Continuity

Management

Corporate

&

Business Plans

Plan and Build

Understand

and Protect

Manage


8/21

What is Risk?

The effect of uncertainty on objectives

AS/NZS ISO 31000: Risk Management Principles and Guidelines


9/21

Risk Management Process

AS NZS ISO 31000:2009


10/21

Context

The critical common component of the Business Cycle

Basis of the Corporate Plan what do we need to do and

achieve and what we need to do this

Necessary for the understanding of the what and why of Risks

Business Impact Analysis for the Business Continuity Plan


11/21

Risk is unavoidable!

Taking risks is a normal unavoidable everyday necessity

Risk management is not about risk avoidance. It is about being

aware of where the risks are and managing them appropriately

Taking controlled, informed risks is a sensible and everydayessential part of life

Taking uninformed, uncontrolled risks is plain stupid

We take risks not to avoid harm, but to achieve benefits and

gains

Risk taking is positive, not implicitly negative


12/21

Risk Registers

Strategic Risk Register

Failure to recruit and retain key people

Loss of operating budget

Fraud

Information Security

Divisional Risk Register Failure to recruit and retain key people

Loss of operating capability

Project budget overrun

Business Impact Analysis

Loss of key people/resources

Loss of operating capability Criticality


13/21

Integration of Risk Management and BCM

Context understanding of What and Why

Risks what is Critical

Controls enable adequate Prevention and timely Recovery

All parts of an organisation should know and understand what they do, what theyneed and the criticality of their activities

All should be measured against the organisational risk appetite to enable correctallocation of resources and effort not only in a crisis but during normal business

Failing to Prepare is Preparing toFail

Benjamin Franklin


14/21

Integration of Risk Management and BCM

In reality we are all managers of Risk

Preparing for the unexpectedenables

1. Quick response and recovery

2. Minimisation of disruption and costs

3. Ability to capitalise on any opportunities presented


15/21

Planning and Operation

Remember Newtons Third Law

For every action there is an equal and opposite reaction

Whether it arises from a planned function, or it is a risk management control

or a BCP activity, options should be tested for any unwanted reactions or

risks that they may introduce to the process:

What can happen?

Who can be affected by this?

Is this a benefit or barrier to my desired outcome?


16/21

How does it do this?

In Pure Terms

Business Continuity Management is a risk management control

process

Business Continuity Plan is the actual risk control

In Real TermsBusiness Continuity Management is a valuable aid to the Business

Planning process in understanding what is required to make the

business work


17/21

Business Assurance

Attestation requires a management assurance as to the

effectiveness of organisational risk management activities

Enterprise Risk Services Branch annually seeks this from each

Division to present a corporate view to the Secretary for his

Attestation statement.Critical documents sought from each Division to support this include:

Divisional Business Plan

Divisional Risk Register

Divisional Business Continuity Plan


18/21

Patron Saint of Enterprise Risk Services

Saint Murphy

Whatever can go wrong, will!


19/21

Final thoughts..


20/21

Any Questions


21/21

Workshop Close

Ross Wilkinson

Documents

Transcript of Ross Wilkinson