You are on page 1of 21

Business Continuity Management for the Public Services

Integrating BCM with other organisational functions

10 May 2012

Ross Wilkinson BBus CPRM MRMIA


Risk Manager Operational & Organisational Enterprise Risk Services Branch Department of Transport

Department of Transport

Objectives*: Ensuring a transport system is provided consistent with the vision statement and the transport system objectives Determining Strategic Policies for transport priorities that address current and future challenges Ensure in collaboration with other transport bodies that policies and plans for an integrated and sustainable transport system are developed, aligned and implemented
* Section 33 Transport Integration Act 2010

How does the Department deliver to its Objectives?

Determines the necessary functions Determines the resources required Builds a structure to manage the functions and resources Develops the policies and strategies to guide the functions and use of resources

Department of Transport Structure


Secretary

Dep Sec Strategic Transport Planning

Gen Mgr Vic. Taxi Directorate

Ex Dir People & Org Dev.

Ex Dir Regn, Govn & Law

Dep Sec Programs

Chair Reg Rail Link Authority

Director Audit & Ass.

CEO RRLA

CFO Finance

Ex Dir Int Programs Development

Ex Dir Com & Place

Ex Dir Freight Logistics & Marine

Ex Dir Trpt Planning & Programs

Ex Dir I/Gov Rel

Ex Dir Pol & Comm

Strategic Planning

Ex Dir Trpt Projects

Ex Dir Sec & Em Mgt

Ex Dir Bus & Ex Serv

Programs

How does it do this?

Corporate Plan
Details the Objectives, Policies, Strategies and Structure

Business Plan
Details the Functions, allocates the Resources and establishes the Timelines

The Business Cycle


Plan and Build Corporate & Business Plans

Manage

Understand and Protect Risk Management

Business Continuity Management

What is Risk?

The effect of uncertainty on objectives


AS/NZS ISO 31000: Risk Management Principles and Guidelines

Risk Management Process

AS NZS ISO 31000:2009

Context
The critical common component of the Business Cycle Basis of the Corporate Plan what do we need to do and achieve and what we need to do this Necessary for the understanding of the what and why of Risks Business Impact Analysis for the Business Continuity Plan

Risk is unavoidable!

Taking risks is a normal unavoidable everyday necessity Risk management is not about risk avoidance. It is about being aware of where the risks are and managing them appropriately Taking controlled, informed risks is a sensible and everyday essential part of life Taking uninformed, uncontrolled risks is plain stupid We take risks not to avoid harm, but to achieve benefits and gains Risk taking is positive, not implicitly negative

Risk Registers
Strategic Risk Register Failure to recruit and retain key people Loss of operating budget Fraud Information Security Divisional Risk Register Failure to recruit and retain key people Loss of operating capability Project budget overrun Business Impact Analysis Loss of key people/resources Loss of operating capability Criticality

Integration of Risk Management and BCM

Context understanding of What and Why Risks what is Critical Controls enable adequate Prevention and timely Recovery
All parts of an organisation should know and understand what they do, what they need and the criticality of their activities All should be measured against the organisational risk appetite to enable correct allocation of resources and effort not only in a crisis but during normal business

Failing to Prepare is Preparing to Fail


Benjamin Franklin

Integration of Risk Management and BCM In reality we are all managers of Risk
Preparing for the unexpectedenables 1. Quick response and recovery 2. Minimisation of disruption and costs 3. Ability to capitalise on any opportunities presented

Planning and Operation

Remember Newtons Third Law For every action there is an equal and opposite reaction

Whether it arises from a planned function, or it is a risk management control or a BCP activity, options should be tested for any unwanted reactions or risks that they may introduce to the process: What can happen? Who can be affected by this? Is this a benefit or barrier to my desired outcome?

How does it do this?

In Pure Terms
Business Continuity Management is a risk management control process Business Continuity Plan is the actual risk control

In Real Terms
Business Continuity Management is a valuable aid to the Business Planning process in understanding what is required to make the business work

Business Assurance
Attestation requires a management assurance as to the effectiveness of organisational risk management activities Enterprise Risk Services Branch annually seeks this from each Division to present a corporate view to the Secretary for his Attestation statement. Critical documents sought from each Division to support this include: Divisional Business Plan Divisional Risk Register Divisional Business Continuity Plan

Patron Saint of Enterprise Risk Services Saint Murphy

Whatever can go wrong, will!

Final thoughts..

Any Questions

Workshop Close

You might also like