  • 7/31/2019 Hisham Moustafa & Simon Doherty


  • 7/31/2019 Hisham Moustafa & Simon Doherty


    H is h a m M o u s t a fa , R is k M a n a g e m e n t A d v is e r , V M I AS im o n D o h e r t y , R i s k M a n a g e 'm e n t A d v is e r, V M I A

    T h e B C j o u r n e y i n t h e V P S

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    Todayrs themes 2010 VMIA survey results - A snap shot of the Victorian Public

    Sector Be maturity 'Awork in progress' - assisting the public sector to build Be

    maturity Observations, common chaLLenges, learnings and themes from

    sector work to-date.

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    W h o a r e t h e ' V M I A ?The YMIA offers a comprehensive range of risk management and insurance services to morethan 4,500 clients including:

    Redu ;CO T0 1 II C i il il j i- fR l ii k10 GOVER .NMEN I iI '

    Victorian Government departments Statutory authorities and agencies Public health institutions Community service organisations.

    To meet this diverse qroup of clients' needs, the YMIA has adopted an operating model thatseeks to reduce the total cost of risk (TCoR)to the State and to its clients.This model leverages the combined strength of the VMIA's three integrated roles of being:

    Adviser to Government Risk management adviser State insurer.

    Reodu;C8Total COSlofRlskto CLiEto'S

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    V M I A B C M s u r v e y : W h a t d id i t s h o w u s ?C o n d u c t e d la t e N o v e m b e r 2010

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    (1" '11 BO The l8 I . dne ! ls { ( ]n t in u iW t~'a~iaDernerrt S!J~ zen(1" '11 BO The l&. !s i ness { ( ]n t i nu iW t lanaDernerrt S!J~ ~(il~

    The support is there: 61 % EW BCM alre ad y an e stablis he d priority. 90% adequate Snr Mgt involvement and commitment 35% BCM es tablish e d Sy+ (27% 8 (112), 26% in place 3-4y (2.2% 8CI12). 66% EW BCM activities we lll s u pporte d by sn r management's commitment.

    Plan s in place but n o t c omp re h e n s iv e: 58% BCPs developed & EW (73% BCll1&12(Gov)). 35% clearly articulated and current plan

    C ris is M an a'gem en t P la n. Some BCP e lemen ts are a lre ady in p lace as part of BAU , e.q, DRP , ERM p ro ce d ure s , off-site

    of records etc

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    CM ,l ll lC l T h e B 'u s ir ne s s ( on tt in : ui ty M a :n o ,g :e m en t S u rv e y 2 0 11eM,! sc I T h ~ B 'u s ir n e ss ( on t ri n ui ty M a n ., g, eme n t S u rv e y 2012

    2010 V M IA B C M s u r v e y : W h a t d id i t s h o w u s ? ( r o n ' t )The quality and understanding:

    On ly 59.5% had a comprehensive understandinq of their key interruption risks 45% indicated the ability of HCM to support the org was 'Somewhat effective'

    BCM pro fe ss iona ls : In-house development of BCPs (69% ) BCM part of job d escrip tion (38%) 52% have no SCM FT or PT professlonals within their org BCM faUs within RM corp function (39%).

    A shinning Light: For the most recent business interruption, recovery objectives were completely met by48% of respondents and service LeveLswere completely maintained by 47% ofrespondents (BCI 74% 2011 79% 2012).

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    V P S o r g a n is a tio n s t h a t h a v e a c t i v a te d B C P s o r C M P s in l a s t 12 m o n t h s ( t o s u rv e y ) .54%

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    2010 V M I A B C M s u r v 1 e y : W h a t d i d i t s h o w u s ? (cent)Tech related:Commun i ca ti on f ai lu r IT/technology (hardware, software fa~LLJre)Security breach

    Suitt environment:Serv ice provider/supply chain fai lureUt il it y outage (power , gas, water )~a.cilities fa ilure/rnove

    VMIA 2010 BCI 2011 BCI 201234.5% 20% 24%32.,8% 34% 39%3.4% 4% 6%

    VMIA 2010 BCI 2 01 :1 1. BC 12 0J 1. 26.9%



    Natural envi ronment :Human error/man-made disaster (e.g. f ire, accidents)External ernerqencles/natural disaster {e.g. bush fires" f lood}

    VMI,A 20106. .9%


  • 7/31/2019 Hisham Moustafa & Simon Doherty


    2010 V M I A B C M s u r v e y : W h c

    T ech re La te d:Communication failureIT /te ch noLogy (h ard ware , s oftw are fa ilu re )S ecu rity bre ach

    VM IA 2010 BC I 2011 BC I 201234.5% 20% 24%32.8% 34% 39%3.4% 4% 6%

  • 7/31/2019 Hisham Moustafa & Simon Doherty



    l012%~%1 %

    Natural environment:Human error/man-made disaster (e.g. fire, accidents)E xte rn aL em erg en cie s/n atu ra L d is as te r (e .g. bu sh fire s, flood )

    VMIA 2 0 1 06.9%37.9%

    B C I 2 0 1 14%64%

    B C I 2 0 1 26%


  • 7/31/2019 Hisham Moustafa & Simon Doherty


    Built environment:Service provider/supply chain failureUtility outage (power, gas, water)Facilities failure/move

    V M I A 2 0 1 06.9%60.3%12.1%

    S C I 2 0 1 119%16%26%

    N cH lEx

    B C I 2 0 1 215%14%20%

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    W h a t s h o u l d b e k e e p in g t h e V P S u p a t n ig h t ?

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    BCI survey: Horizon Scan 2012Sector Top three' threats

    Financial Services 1. Unplanned IT/Telecom outage ( 8 0 % ) , 2. Cyber attack (7'1%) & 3. Databreach (68% ) .Information & 1. Unplanned IT/Telecom outage (8110/0).,2.,ata breach (77%,) & 3. CyberCommunication attack (750/0).Professional services 1. Data breach (66%), 2. Unplanned IT/Telecom outage (65%) & 3. Cyberattack (60%).Public administration 1..Adverse weather (74 % ),2., Unplanned ITlTelecom outage ( 6 0 % ) &Human illness (60%)Manufacturing 1. Supply chain disruption (76%), 2. Unplanned IT/telecom outage (7'1%) &3. Product safety incident (53%).Health & sociiallcare 1.Adverse weather ( 6 9 % ) , 2. Data breach (69%) & 3. Unplanned IT!telecom outaqs ( 6 3 % ) .Utilities 1. Cyber attack (820/0),2. Adverse weather (81% ) & Interruptiion to utilities

    supply (77%).CM I B cl The Business CcntinLlity t - teneqemem Siul"Y'e'j1Mi

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    B C I i m e l h e

    bsi. . -. ! M I' 1! ~ . , . _

  • 7/31/2019 Hisham Moustafa & Simon Doherty


  • 7/31/2019 Hisham Moustafa & Simon Doherty


  • 7/31/2019 Hisham Moustafa & Simon Doherty


  • 7/31/2019 Hisham Moustafa & Simon Doherty


    '~ ~~/' b } " ' ( , "i l ''.'.. ,'

    ' .j'

  • 7/31/2019 Hisham Moustafa & Simon Doherty


  • 7/31/2019 Hisham Moustafa & Simon Doherty


    -2002 2003 2004 2005 2006

  • 7/31/2019 Hisham Moustafa & Simon Doherty


  • 7/31/2019 Hisham Moustafa & Simon Doherty


    2005 2006 2007 2008 2009

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    Victorian GovernmelltRisk ManagementframeworkMar(h2.oU

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    'Vict,orian GovernmentR.lskManagementFrillilleworl{MardJ 2011

    Intem'at ionalO rg an iiza Uo n fo rStandardizat ion

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    B C I i m e l h e

    bsi. . -. ! M I' 1! ~ . , . _

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    C h a l l e n g e s r e m l a i n i n g

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    M a n d a te a n d c D m m i t m e n t

    1UtJl!!~~! ! ~~~ :: : . "" In"",

    I n t e g ra ti n g B C M

    E x e r c i s i n g

    F it ti n g i t i n> The Compliance, Risk, Quamy,

    Busine5; Co"ti~uity, OHS Mar"gr"> A 'busynes culture

    Keep the plans alive!

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    M a n d a t e a n d c o m m i t m e n t

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    The busiiness continuity plan (Marsh)http://Www..nstghts_mlarsh_coml


    Crisis management!communication plan

    Time objective

  • 7/31/2019 Hisham Moustafa & Simon Doherty


    F i t t i n g i t i n The Compliance, Risk, Quality,

    Business Continuity, OHS Manager A 'busyness' culture

  • 7/31/2019 Hisham Moustafa & Simon Doherty


  • 7/31/2019 Hisham Moustafa & Simon Doherty



  • 7/31/2019 Hisham Moustafa & Simon Doherty


    Keep the pLans aLive !

  • 7/31/2019 Hisham Moustafa & Simon Doherty


  • 7/31/2019 Hisham Moustafa & Simon Doherty


    K e y m e s s a g e s Orgs should monitor their key interruption risks 90% said senior mngt commitment was adequate BCM listed as an accountability in position descriptions - 38% Shift from zilch or compliance to quality and sustainabiUty isrequired P olicy environment progressing, as are Standards and Guidelines Support and networks is out there Lack of capability and/or resources though some maturity Mandate, integrate, fit it in, keep it simple, exercise, keep it alive

  • 7/31/2019 Hisham Moustafa & Simon Doherty
