westpac group - protective services
TRANSCRIPT
Westpac Banking Corporation ABN 33 007 457 141.
FULL YEAR RESULTS2012PRESENTER’S NAME
DD Month YYYY
GROUP PROTECTIVE SERVICESPROTECTING PEOPLE
PROTECTING THE BRAND
2
Contents
1. Team Structure & approach to BC
2. Industry Benchmark – Risk Appetite vs BC
Capability Maturity
3. Enhancing Resilience through Business
Disruption Risk Management
Structure
Paul Maihi Head of
Leanne Herrett
Executive Manager
Group Investigations
Nicolas Stramilos
Executive Manager
Physical Security
Paul Goodsir
Executive Manager
Business Continuity
Craig Moroz
Executive Manager
Emergency and Crisis Management
Gareth Bone
Executive Manager
Strategy and Change
Team Assistant
3
Westpac Group
Group Services
Technology
Operations and Property
Investment and Business
Partnering
Westpac Institutional
Australian Financial Services
BTFG
RBB
SGB
Risk Finance HR
WESTPAC GROUP
GROUP PROTECTIVE SERVICES
BC Lifecycle Approach
Group Protective Services is NOT accountable for the delivery of the Business
Continuity Cycle
Group Protective Services IS accountable for ensuring an effective programme is in
place to facilitate the completion of the Business Continuity Cycle
General Performance Measures
• Ensure BCM Framework is current and reflects organisational requirements
• A project plan is in place to execute the BC Cycle
• Consistent and accurate BC Cycle status reporting
• Effective engagement with key stakeholders
Key Performance Measures
• Process Improvement – Quality Assessment
• Efficient Programme Delivery – more efficient (reduce number of plans, bring
forward completion date)
4
Discovery Content TestingMethods & Controls
Agree Date Ranges
Agree Testing Strategy
Commit resources to Desktop
Endorse Plan
Business Manager Meetings
Research &
Preparation
Complete BIA
Complete BC Plan
Prepare Test Cases
Supplier & 3rd
Parties
Combine with LRT Exercises (if OK)
Conduct Desktop
Walkthrough
Conduct UAT (alternate site test)
Conduct Desktop Walkthrough (if not completed in Step 2 or If material change)
Review & Sign off of plan
QA, Training, Governance & Compliance
BC Lifecycle Approach
A change in thinking
Westpac
Retail and
Business
Banking
Westpac
Institutional
Bank
BT
Products
and
Operations
TechnologyCorporate
Core
Business Continuity Requirements
Business
Owner
Business
Owner
Business
Owner
Business
Owner
Business
Owner
Business
Owner
Customers
Service / Product Service / Product Service / Product
Westpac Retail and
Business BankingWestpac Institutional Bank BT
Products and Operations
Technology
Corporate Core
Business Continuity Requirements
Business
Owner
Business
Owner
Business
Owner
Customers
Service / Product Service / Product Service / Product
6
8
Contents
1. Team Structure & approach to BC
2. Industry Benchmark – Risk Appetite vs BC
Capability Maturity
3. Enhancing Resilience through Business
Disruption Risk Management
BCM Benchmarking
A summary of the scope and key
facts of the survey.
•35 organisations participated from
10 countries
•20 organisations from Australia
•15 international participants
•Organisation participated from
across 7 business sectors
•Average earnings of participating
organisations was $2.8 billion
(AUD)
•Average headcount of participants
was 38,791
In February 2013, GPS conducted a
benchmarking survey of Westpac Group’s
business continuity maturity. The objective of the
survey was to determine if Westpac is at an
appropriate level of maturity based on
organisational risk appetite.
9
Relationship between risk
appetite for business
disruption and business
continuity capability
maturity.
BCM and Risk Appetite
10
BCM programme influence on risk appetite and vice versa risk appetite influence on BCM.
BCM and Risk Appetite
11
Resources - Time Spent
12
BC Plan
Development &
Maintenance versus
Continual
Improvement or
innovation projects
15
Contents
1. Team Structure & approach to BC
2. Industry Benchmark – Risk Appetite vs BC
Capability Maturity
3. Enhancing Resilience through Business
Disruption Risk Management
Resilience - A balanced approach
WBCGroup
Line of Business
Department
Unit
16
Recovery
Focus
Business Continuity
Management
More focus on Disruption Risk Mgmt to balance Recovery
Prevention
Focus
Business Disruption
Risk Management
Business Disruption Risk Management - Objectives
Leverage a risk based approach
Define the risk appetite for disruption in far greater detail and
extent within the organisation
Create a measure for Resilience
Assess resilience against a set of subjective and objective
resilience measures
Establish a set of resilience auditable controls
Put a $ Value on Resilience
Establish a $ value on the resilience gaps and costs to improve
resilience (previously un-costed)
17
Business Disruption Risk Management - Objectives
18
Break down Silos around shared risk
Break down silos in a federated organisation by identifying and
sharing the resilience gaps and opportunities, including the
associated costs.
Allow upstream and downstream dependent stake holders to better
understand their dependent risk
Facilitate the opportunity for stake holders to have a say in
resilience investments
Business Disruption Risk Management - Objectives
19
Reduce costs
Allow reduction in recovery infrastructure (Seats) by identifying and
implementing preventative measures to reduce impact or the need for
recovery measures.
Provide a balance to BCM Recovery Focus
Support business continuity management by addressing disruption
prevention to balance out a recovery only approach
Measuring Resilience - Resources
Resource
• A resource is used by the business to achieve its objectives.
• Westpac has four types of resources – People, Processes,
Technology and Property.
• Resources can be defined as either an individual resource or a pool
of resources.
− Individual resources tend to be complex, e.g. Property -
Westpac Plaza
− Resources with the same characteristics may be pooled, e.g.
People - Job Family
• Each organisation unit uses various resources to achieve its
objectives.
People
Process
Technology
Property20
Measuring Resilience - Resource Attributes
• Resilience assessments are based on Objective & Subjective measures of
resource attributes.
• Business resilience may be improved by activities and initiatives focused on
these resource attributes.
• Westpac may align the assessments, as relevant to its data, resources and
business strategies, policies & project initiatives
Resource Attributes – Objective & Subjective Measures
People Attitude, Aptitude, Skills, Knowledge
Process Flexible, Transferrable, Intuitive, Contextual
Technology Architecture, Channels, Learning, Adapting
Property Design, Layout, Location, Services
21
Example Measures - Resilience Assessment Questions
Level Resource
Type
Attribute Data
Collection
Query
Group People Attitude Objective Query the frequency of formally acting
up in promoted roles for short periods.
Group People Attitude Subjective Are staff willing to help out in a crisis
Line of
Business
Process Flexible Objective Query the organisation unit change
system to establish the speed,
frequency and success of process
changes.
Line of
Business
Process Flexible Subjective Are processes easy to change?
Group Technology Architecture Objective Query technology certification
documentation. Establish that systems
are certified to design standards that
include resilience.
Group Property Design Objective Query the organisation unit property
database. Establish whether the risk
profile is based on design attributes.
22
23
BDRM Process Steps
Establish Business Context
Establish Resource
Scope
Identify Inherent
Risks
Identify & Assess
Resilience
Assess Residual
Risk
Identify Resilience
Gaps
Identify Resilience Initiatives
Aggregate Initiatives
Determine Return on Resilience Investment
Select Delivery
Approach
Align with Westpac Projects
Determine Ease of
Execution
Determine Priority
Develop Initiatives Roadmap
BDRM Process Overview
• The BDRM process includes current BC activities and new activities specific to the business resilience
model.
• A typical end-to-end process flow is illustrated below, however:
− Process steps do not have to be performed in the sequence illustrated.
− Process steps can be repeated as many times as required.
24
Best Sourcing – Offshore Risk http://www.preventionweb.net/english/maps/index.php
1. Disruption
Risk Profile