Hisham Moustafa & Simon Doherty

  • View
    219

  • Download
    0

Embed Size (px)

Text of Hisham Moustafa & Simon Doherty

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    1/37

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    2/37

    H is h a m M o u s t a fa , R is k M a n a g e m e n t A d v is e r , V M I AS im o n D o h e r t y , R i s k M a n a g e 'm e n t A d v is e r, V M I A

    T h e B C j o u r n e y i n t h e V P S

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    3/37

    Todayrs themes 2010 VMIA survey results - A snap shot of the Victorian Public

    Sector Be maturity 'Awork in progress' - assisting the public sector to build Be

    maturity Observations, common chaLLenges, learnings and themes from

    sector work to-date.

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    4/37

    W h o a r e t h e ' V M I A ?The YMIA offers a comprehensive range of risk management and insurance services to morethan 4,500 clients including:

    Redu ;CO T0 1 II C i il il j i- fR l ii k10 GOVER .NMEN I iI '

    Victorian Government departments Statutory authorities and agencies Public health institutions Community service organisations.

    To meet this diverse qroup of clients' needs, the YMIA has adopted an operating model thatseeks to reduce the total cost of risk (TCoR)to the State and to its clients.This model leverages the combined strength of the VMIA's three integrated roles of being:

    Adviser to Government Risk management adviser State insurer.

    Reodu;C8Total COSlofRlskto CLiEto'S

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    5/37

    V M I A B C M s u r v e y : W h a t d id i t s h o w u s ?C o n d u c t e d la t e N o v e m b e r 2010

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    6/37

    (1" '11 BO The l8 I . dne ! ls { ( ]n t in u iW t~'a~iaDernerrt S!J~ zen(1" '11 BO The l&. !s i ness { ( ]n t i nu iW t lanaDernerrt S!J~ ~(il~

    The support is there: 61 % EW BCM alre ad y an e stablis he d priority. 90% adequate Snr Mgt involvement and commitment 35% BCM es tablish e d Sy+ (27% 8 (112), 26% in place 3-4y (2.2% 8CI12). 66% EW BCM activities we lll s u pporte d by sn r management's commitment.

    Plan s in place but n o t c omp re h e n s iv e: 58% BCPs developed & EW (73% BCll1&12(Gov)). 35% clearly articulated and current plan

    C ris is M an a'gem en t P la n. Some BCP e lemen ts are a lre ady in p lace as part of BAU , e.q, DRP , ERM p ro ce d ure s , off-site

    of records etc

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    7/37

    CM ,l ll lC l T h e B 'u s ir ne s s ( on tt in : ui ty M a :n o ,g :e m en t S u rv e y 2 0 11eM,! sc I T h ~ B 'u s ir n e ss ( on t ri n ui ty M a n ., g, eme n t S u rv e y 2012

    2010 V M IA B C M s u r v e y : W h a t d id i t s h o w u s ? ( r o n ' t )The quality and understanding:

    On ly 59.5% had a comprehensive understandinq of their key interruption risks 45% indicated the ability of HCM to support the org was 'Somewhat effective'

    BCM pro fe ss iona ls : In-house development of BCPs (69% ) BCM part of job d escrip tion (38%) 52% have no SCM FT or PT professlonals within their org BCM faUs within RM corp function (39%).

    A shinning Light: For the most recent business interruption, recovery objectives were completely met by48% of respondents and service LeveLswere completely maintained by 47% ofrespondents (BCI 74% 2011 79% 2012).

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    8/37

    V P S o r g a n is a tio n s t h a t h a v e a c t i v a te d B C P s o r C M P s in l a s t 12 m o n t h s ( t o s u rv e y ) .54%

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    9/37

    2010 V M I A B C M s u r v 1 e y : W h a t d i d i t s h o w u s ? (cent)Tech related:Commun i ca ti on f ai lu r IT/technology (hardware, software fa~LLJre)Security breach

    Suitt environment:Serv ice provider/supply chain fai lureUt il it y outage (power , gas, water )~a.cilities fa ilure/rnove

    VMIA 2010 BCI 2011 BCI 201234.5% 20% 24%32.,8% 34% 39%3.4% 4% 6%

    VMIA 2010 BCI 2 01 :1 1. BC 12 0J 1. 26.9%

    60.3%12.1%19%16%26%

    15%14%20%

    Natural envi ronment :Human error/man-made disaster (e.g. f ire, accidents)External ernerqencles/natural disaster {e.g. bush fires" f lood}

    VMI,A 20106. .9%

    37.9%

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    10/37

    2010 V M I A B C M s u r v e y : W h c

    T ech re La te d:Communication failureIT /te ch noLogy (h ard ware , s oftw are fa ilu re )S ecu rity bre ach

    VM IA 2010 BC I 2011 BC I 201234.5% 20% 24%32.8% 34% 39%3.4% 4% 6%

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    11/37

    112

    l012%~%1 %

    Natural environment:Human error/man-made disaster (e.g. fire, accidents)E xte rn aL em erg en cie s/n atu ra L d is as te r (e .g. bu sh fire s, flood )

    VMIA 2 0 1 06.9%37.9%

    B C I 2 0 1 14%64%

    B C I 2 0 1 26%

    49%

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    12/37

    Built environment:Service provider/supply chain failureUtility outage (power, gas, water)Facilities failure/move

    V M I A 2 0 1 06.9%60.3%12.1%

    S C I 2 0 1 119%16%26%

    N cH lEx

    B C I 2 0 1 215%14%20%

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    13/37

    W h a t s h o u l d b e k e e p in g t h e V P S u p a t n ig h t ?

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    14/37

    BCI survey: Horizon Scan 2012Sector Top three' threats

    Financial Services 1. Unplanned IT/Telecom outage ( 8 0 % ) , 2. Cyber attack (7'1%) & 3. Databreach (68% ) .Information & 1. Unplanned IT/Telecom outage (8110/0).,2.,ata breach (77%,) & 3. CyberCommunication attack (750/0).Professional services 1. Data breach (66%), 2. Unplanned IT/Telecom outage (65%) & 3. Cyberattack (60%).Public administration 1..Adverse weather (74 % ),2., Unplanned ITlTelecom outage ( 6 0 % ) &Human illness (60%)Manufacturing 1. Supply chain disruption (76%), 2. Unplanned IT/telecom outage (7'1%) &3. Product safety incident (53%).Health & sociiallcare 1.Adverse weather ( 6 9 % ) , 2. Data breach (69%) & 3. Unplanned IT!telecom outaqs ( 6 3 % ) .Utilities 1. Cyber attack (820/0),2. Adverse weather (81% ) & Interruptiion to utilities

    supply (77%).CM I B cl The Business CcntinLlity t - teneqemem Siul"Y'e'j1Mi

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    15/37

    B C I i m e l h e

    bsi. . -. ! M I' 1! ~ . , . _

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    16/37

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    17/37

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    18/37

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    19/37

    '~ ~~/' b } " ' ( , "i l ''.'.. ,'

    ' .j'

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    20/37

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    21/37

    -2002 2003 2004 2005 2006

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    22/37

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    23/37

    2005 2006 2007 2008 2009

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    24/37

    Victorian GovernmelltRisk ManagementframeworkMar(h2.oU

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    25/37

    'Vict,orian GovernmentR.lskManagementFrillilleworl{MardJ 2011

    Intem'at ionalO rg an iiza Uo n fo rStandardizat ion

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    26/37

    B C I i m e l h e

    bsi. . -. ! M I' 1! ~ . , . _

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    27/37

    C h a l l e n g e s r e m l a i n i n g

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    28/37

    M a n d a te a n d c D m m i t m e n t

    1UtJl!!~~! ! ~~~ :: : . "" In"",

    I n t e g ra ti n g B C M

    E x e r c i s i n g

    F it ti n g i t i n> The Compliance, Risk, Quamy,

    Busine5; Co"ti~uity, OHS Mar"gr"> A 'busynes culture

    Keep the plans alive!

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    29/37

    M a n d a t e a n d c o m m i t m e n t

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    30/37

    The busiiness continuity plan (Marsh)http://Www..nstghts_mlarsh_coml

    EmergencyII"spo:r1lselan

    Crisis management!communication plan

    Time objective

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    31/37

    F i t t i n g i t i n The Compliance, Risk, Quality,

    Business Continuity, OHS Manager A 'busyness' culture

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    32/37

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    33/37

    xernsms

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    34/37

    Keep the pLans aLive !

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    35/37

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    36/37

    K e y m e s s a g e s Orgs should monitor their key interruption risks 90% said senior mngt commitment was adequate BCM listed as an accountability in position descriptions - 38% Shift from zilch or compliance to quality and sustainabiUty isrequired P olicy environment progressing, as are Standards and Guidelines Support and networks is out there Lack of capability and/or resources though some maturity Mandate, integrate, fit it in, keep it simple, exercise, keep it alive

  • 7/31/2019 Hisham Moustafa & Simon Doherty

    37/37

Search related