7/31/2019 Ross Wilkinson
1/21
Business Continuity Managementfor the Public Services
Integrating BCM with other organisational functions
10 May 2012
7/31/2019 Ross Wilkinson
2/21
Ross Wilkinson BBus CPRM MRMIA
Risk Manager Operational & Organisational
Enterprise Risk Services Branch
Department of Transport
7/31/2019 Ross Wilkinson
3/21
Department of Transport
Objectives*:
Ensuring a transport system is provided consistent with the visionstatement and the transport system objectives
Determining Strategic Policies for transport priorities that address
current and future challenges
Ensure in collaboration with other transport bodies that policies
and plans for an integrated and sustainable transport system are
developed, aligned and implemented
* Section 33 Transport Integration Act 2010
7/31/2019 Ross Wilkinson
4/21
How does the Department deliver to its Objectives?
Determines the necessary functions
Determines the resources required
Builds a structure to manage the functions and
resources
Develops the policies and strategies to guide
the functions and use of resources
7/31/2019 Ross Wilkinson
5/21
Department of Transport Structure
Secretary
DepSec
Strategic Transport
Planning
Gen Mgr
Vic. Taxi
Directorate
Ex Dir
People
& Org Dev.
Ex Dir
Bus & Ex Serv
Ex Dir
Pol& Comm
DirectorAudit & Ass.
Ex Dir
Sec & Em Mgt
Ex Dir
Trpt Planning
& Programs
Ex Dir
I/Gov Rel
Ex Dir
Com & Place
CFO
Finance
Ex Dir
IntPrograms
Development
Ex Dir
Regn, Go vn
& Law
CEO
RRLA
Ex Dir
Trpt Projects
Ex Dir
Freight Logistics
& Marine
DepSec
Programs
Chair
Reg Rail Link
Authority
Strategic Planning
Programs
7/31/2019 Ross Wilkinson
6/21
How does it do this?
Corporate PlanDetails the Objectives, Policies, Strategies and Structure
Business Plan
Details the Functions, allocates the Resources and establishes the Timelines
7/31/2019 Ross Wilkinson
7/21
The Business Cycle
Risk
Management
Business
Continuity
Management
Corporate
&
Business Plans
Plan and Build
Understand
and Protect
Manage
7/31/2019 Ross Wilkinson
8/21
What is Risk?
The effect of uncertainty on objectives
AS/NZS ISO 31000: Risk Management Principles and Guidelines
7/31/2019 Ross Wilkinson
9/21
Risk Management Process
AS NZS ISO 31000:2009
7/31/2019 Ross Wilkinson
10/21
Context
The critical common component of the Business Cycle
Basis of the Corporate Plan what do we need to do and
achieve and what we need to do this
Necessary for the understanding of the what and why of Risks
Business Impact Analysis for the Business Continuity Plan
7/31/2019 Ross Wilkinson
11/21
Risk is unavoidable!
Taking risks is a normal unavoidable everyday necessity
Risk management is not about risk avoidance. It is about being
aware of where the risks are and managing them appropriately
Taking controlled, informed risks is a sensible and everydayessential part of life
Taking uninformed, uncontrolled risks is plain stupid
We take risks not to avoid harm, but to achieve benefits and
gains
Risk taking is positive, not implicitly negative
7/31/2019 Ross Wilkinson
12/21
Risk Registers
Strategic Risk Register
Failure to recruit and retain key people
Loss of operating budget
Fraud
Information Security
Divisional Risk Register Failure to recruit and retain key people
Loss of operating capability
Project budget overrun
Business Impact Analysis
Loss of key people/resources
Loss of operating capability Criticality
7/31/2019 Ross Wilkinson
13/21
Integration of Risk Management and BCM
Context understanding of What and Why
Risks what is Critical
Controls enable adequate Prevention and timely Recovery
All parts of an organisation should know and understand what they do, what theyneed and the criticality of their activities
All should be measured against the organisational risk appetite to enable correctallocation of resources and effort not only in a crisis but during normal business
Failing to Prepare is Preparing toFail
Benjamin Franklin
7/31/2019 Ross Wilkinson
14/21
Integration of Risk Management and BCM
In reality we are all managers of Risk
Preparing for the unexpectedenables
1. Quick response and recovery
2. Minimisation of disruption and costs
3. Ability to capitalise on any opportunities presented
7/31/2019 Ross Wilkinson
15/21
Planning and Operation
Remember Newtons Third Law
For every action there is an equal and opposite reaction
Whether it arises from a planned function, or it is a risk management control
or a BCP activity, options should be tested for any unwanted reactions or
risks that they may introduce to the process:
What can happen?
Who can be affected by this?
Is this a benefit or barrier to my desired outcome?
7/31/2019 Ross Wilkinson
16/21
How does it do this?
In Pure Terms
Business Continuity Management is a risk management control
process
Business Continuity Plan is the actual risk control
In Real TermsBusiness Continuity Management is a valuable aid to the Business
Planning process in understanding what is required to make the
business work
7/31/2019 Ross Wilkinson
17/21
Business Assurance
Attestation requires a management assurance as to the
effectiveness of organisational risk management activities
Enterprise Risk Services Branch annually seeks this from each
Division to present a corporate view to the Secretary for his
Attestation statement.Critical documents sought from each Division to support this include:
Divisional Business Plan
Divisional Risk Register
Divisional Business Continuity Plan
7/31/2019 Ross Wilkinson
18/21
Patron Saint of Enterprise Risk Services
Saint Murphy
Whatever can go wrong, will!
7/31/2019 Ross Wilkinson
19/21
Final thoughts..
7/31/2019 Ross Wilkinson
20/21
Any Questions
7/31/2019 Ross Wilkinson
21/21
Workshop Close