management of disruption related risk slides final - for...
TRANSCRIPT
Management of Disruption Related Risk for Complex Organisations Business Continuity Awareness Week19 March 2012
2
• Introduction
• Integration with risk management
• Integration with incident Management
• Organisational environment
• What is important & what is not
• Practical application.
Overview
3
Disruption-related Risk Management: What is it?
• A discipline that specifically addresses the management of risks that will have
a disruptive impact on the organisation (examples)
• It is all about the availability of processes and resources in order to ensure the
continued achievement of critical business objectives
• It is most effective when it exists in a tightly bound interrelationship with risk
management.
• A stand-alone discipline
• About just having a nice series of printed plans / documents (outputs)
• A ‘one time project’ with a defined end point
• A ‘Tick the Box’ Activity to Satisfy Legal / Compliance Requirements.
What is NOT Disruption-related Risk Management
4
What is NOT Disruption-related Risk Management
5
Integration with Risk Management
6
RISK MANAGEMENT
DISRUPTION RELATED RISKS
R I S K M A N A G E M E N T
Integration with Risk ManagementIntegration Across Disciplines: Risk Management
7
Integration with Risk Management
• Proactive approaches involving prevention and protection measures i.e. resistance (robustness & hardening)
• Prevent or minimise operational impacts through:
• Building contingent capability i.e. reliability, redundancy, flexibility / modifications to process, workarounds,
insurance, etc.
• Development of Contingency plans that: stabilise,
continue and restore.
• NOT JUST ABOUT HAVING A PLAN as shelf ware!!
Control Options
8
IM & BCM(building capability)
PREVENTION
PREPAREDNESS
RESPONSE
RECOVERY
INCIDENT MGT(managing incidents)
RISK MGT(managing uncertainty)
CONTINUITY of process
REACTIVE
Incident (& detection)
TIME
PROACTIVE
RESTORATION of resources
• Policy, plans & procedures• Organisation / structure• Personnel & training
• Facilities• Major equipment
• Support & supplies
Integration with Incident ManagementEMA Methodologies: Comprehensive Approach
Tra
nsit
ion
Cri
ticality
/ N
eed
9
Integration with Incident Management
• Used to highlight (and validate) potential high level disruptive-related risks
• Based on a notional organisation (within the same sector)
• Used to highlight the importance of the Comprehensive Approach
• Attendees divided into nominal groupings:
• Crisis Management Team
• Control Effectiveness
• Risk Management Leadership
• Key Improvement Areas.
• Time jump to highlight the ongoing impact & resumption / restoration activities
• Scenario informs maturity and status of applicable disruptive-related risks & associated control effectiveness.
Exercises
10
Organisational Environment Requirements
• Good business practice
• Contractual / Legislative / Policy requirements:
– Accreditation as a railway operator and railway manager
– Transport Services Contracts (TSC)
– Service level agreements (SLA)
– Acts
– Critical Infrastructure Protection (CIP).
11
What is Important and What is Not: Activity CriticalityIntegration Across Disciplines: Business Planning
12
Practical Application
• SE Qld Network:
– Approximate 700 kilometres of track
– 140+ stations
– Associated Infrastructure
– Train Control Centres
– Fleet of modern A/C electric trains
– Estimated 65+ million passenger journeys / year
– Estimated daily average of 170,000+ journeys.
13
Practical Application1. SEQ Qld Network Disruption
14
Practical Application
Variables
• Date and time of day
• Location on network (line / position)
• Related activities (external)
• Other Railway Operators
• Historical disruptive data
• Customer perception & expectations
Management
• Event specific.
1. SEQ Qld Network Disruption
15
Practical Application2. Loss of Access to Key Building
Preventative Controls
Mitigating Controls
Detective Controls
Management
• Focus on preventative controls
• Security a key focus area
• Investment in a redundant facility.
16
Practical Application3. Loss of Access to Key Facilities
Preventative Controls
Mitigating Controls
Detective Controls
Management
• Proactive supply chain management
• Focus on Safety critical activities
• Re-allocate work to other depots
• Re-direct existing workforce.
17
• Targeted effort (invest where the NEED is)
• Early detection (slow burn & fast burn events)
• Consistency of terminology & approach
• Integration with other disciplines (using stealth):
• Business Planning: determination of Business activities, their criticality & the associated time sensitivity
• Risk Management: not a stand-alone discipline
• Incident Management: more than just stabilise / contain & control / preservation of life and property
• Develop workforce flexibility and activity flexibility
• Learn from disruptions (continual improvement)
• Restore to a higher, more resilient state.
Practical Application: Key Takeaways
18
B C A W
BUSINESS CONTINUITY AWARENESS WEEK
CONTEXT CRITICALITY UNDERSTANDING 52
QUESTIONS?