Professional Documents
Culture Documents
10 May 2012
Department of Transport
Objectives*: Ensuring a transport system is provided consistent with the vision statement and the transport system objectives Determining Strategic Policies for transport priorities that address current and future challenges Ensure in collaboration with other transport bodies that policies and plans for an integrated and sustainable transport system are developed, aligned and implemented
* Section 33 Transport Integration Act 2010
Determines the necessary functions Determines the resources required Builds a structure to manage the functions and resources Develops the policies and strategies to guide the functions and use of resources
CEO RRLA
CFO Finance
Strategic Planning
Programs
Corporate Plan
Details the Objectives, Policies, Strategies and Structure
Business Plan
Details the Functions, allocates the Resources and establishes the Timelines
Manage
What is Risk?
Context
The critical common component of the Business Cycle Basis of the Corporate Plan what do we need to do and achieve and what we need to do this Necessary for the understanding of the what and why of Risks Business Impact Analysis for the Business Continuity Plan
Risk is unavoidable!
Taking risks is a normal unavoidable everyday necessity Risk management is not about risk avoidance. It is about being aware of where the risks are and managing them appropriately Taking controlled, informed risks is a sensible and everyday essential part of life Taking uninformed, uncontrolled risks is plain stupid We take risks not to avoid harm, but to achieve benefits and gains Risk taking is positive, not implicitly negative
Risk Registers
Strategic Risk Register Failure to recruit and retain key people Loss of operating budget Fraud Information Security Divisional Risk Register Failure to recruit and retain key people Loss of operating capability Project budget overrun Business Impact Analysis Loss of key people/resources Loss of operating capability Criticality
Context understanding of What and Why Risks what is Critical Controls enable adequate Prevention and timely Recovery
All parts of an organisation should know and understand what they do, what they need and the criticality of their activities All should be measured against the organisational risk appetite to enable correct allocation of resources and effort not only in a crisis but during normal business
Integration of Risk Management and BCM In reality we are all managers of Risk
Preparing for the unexpectedenables 1. Quick response and recovery 2. Minimisation of disruption and costs 3. Ability to capitalise on any opportunities presented
Remember Newtons Third Law For every action there is an equal and opposite reaction
Whether it arises from a planned function, or it is a risk management control or a BCP activity, options should be tested for any unwanted reactions or risks that they may introduce to the process: What can happen? Who can be affected by this? Is this a benefit or barrier to my desired outcome?
In Pure Terms
Business Continuity Management is a risk management control process Business Continuity Plan is the actual risk control
In Real Terms
Business Continuity Management is a valuable aid to the Business Planning process in understanding what is required to make the business work
Business Assurance
Attestation requires a management assurance as to the effectiveness of organisational risk management activities Enterprise Risk Services Branch annually seeks this from each Division to present a corporate view to the Secretary for his Attestation statement. Critical documents sought from each Division to support this include: Divisional Business Plan Divisional Risk Register Divisional Business Continuity Plan
Final thoughts..
Any Questions
Workshop Close