AURIMS CONFERENCE 2011 TOWARDS RESILIENCE MANAGEMENT David Martin 12 th May 2011 CHAIR CORPORATIONS RISK SYDNEY MANAGEMENT ROUNDTABLE.

AURIMS CONFERENCE 2011

TOWARDS RESILIENCE MANAGEMENT

David Martin 12th May 2011 CHAIR CORPORATIONS RISK SYDNEYMANAGEMENT ROUNDTABLE

TOWARDS RESILIENCE MANAGEMENT 0VERVIEW

New generation of thinking and actions Concept of resilience What are the current and emerging

challenges? What are the ‘wild” risks What is effective Resilience Management Building Resilient & Sustainable Organisations Approach and methodologies for new

challenges What is the “value-add” from good Resilience

Management Where to from here – Beyond Resilience to

Sustainable Businesses Key Points

A A CRISISCRISIS ISISNOW BECOMING NOW BECOMING PREDICTABLYPREDICTABLYPREDICTABLEPREDICTABLE

Last 6 MonthsLast 6 Months• Unprecedented Unprecedented

natural disastersnatural disasters• Terrorist attacksTerrorist attacks• Volcanic eruptionsVolcanic eruptions• Brisbane FloodsBrisbane Floods• North Queensland North Queensland

CyclonesCyclones• Bush fires Bush fires • Christchurch Christchurch

EarthquakeEarthquake• Auckland TornadoAuckland Tornado• US TwistersUS Twisters• Japan Earthquake, Japan Earthquake,

Tsunami, Nuclear Tsunami, Nuclear PlantPlant

• What Next?What Next?

DEFINING RESILIENCE

• A Resilient Organisation is one that is able to achieve its business objectives and realise opportunities, even in the face of adversity.

• Resilience Management is the ability of an Organisation to survive an unscheduled disruption or major crisis from its ability to adapt using proven and integrated Risk Management, Crisis Management and Business Continuity Management processes

using a single line of sight.

TOWARDS RESILIENCE - EMERGING RISKS

AVAILABILTY OF

CREDIT/LIQUIDITY

SYSTEMATICCYCLICAL

RISK

SUSTAINABILITY

NEW STANDARDS &COMPLIANCE

GEN Y

CARBON CONSTRAINED

WORLD

GREEN IT

CULTURE& ETHICS

CHANGING WORKFORCE

RESILIENCE

THE RESILIENCE CHALLENGE

• Forward thinking Leaders are experiencing wake up calls with wider ranges of complex and compound ‘wild’ risks and vulnerabilities creating the need to develop proactive and a robust Business Resilience strategy supported by a Resilience Management Framework

• To create a culture which encourages ideas and knowledge to be brought together, coalesced, and acted upon

RESILIENCE MANAGEMENT FRAMEWORK

Pla

nn

ing

Pla

nn

ing

Emergency ManagementEmergency Management

Business Continuity ManagementBusiness Continuity Management

Risk ManagementRisk Management

Adaptive CapabilityAdaptive Capability

Testi

ng

Testi

ng

“A Resilient Organisation is one that is able to achieve its business objectives and realise opportunities – even in the face of adversity”

“A Resilient Organisation is one that is able to achieve its business objectives and realise opportunities – even in the face of adversity”

Increasing situational awareness will provide greater understanding of vulnerabilities that can critically undermine performance.

Increasing situational awareness will provide greater understanding of vulnerabilities that can critically undermine performance.

Decision makers learn about underlying values systems and key individuals - relying on the culture

Decision makers learn about underlying values systems and key individuals - relying on the culture

Testing of plans and people response is essential to ensure realism

Testing of plans and people response is essential to ensure realism

Resilience IndicatorsSituation Awareness Manage Key Threats Adaptive Capacity

Roles & Responsibilities

Understanding Hazards &Consequences

Connectivity Awareness

Insurance Awareness

Recovery Priorities

Planning Strategies

Participation in Exercises

Capability & capacity ofInternal Resources

Capability & capacity ofExternal Resources

Organisational Connectivity

Silo Mentality

Communications and Relationships

Strategic Vision and Outcome Expectancy

Information & Knowledge

Leadership, Management &Governance Structures

Aware of total operating system, including threats, opportunities, connectivity and internal and external stakeholders

Those components of an organisation that have the potential to cause the greatest negative impact

The culture of the organisation allowing it to make decisions in a timely and appropriate manner in a crisis.

REFLECTIONS OF A RESILIENT BUSINESS ASK THESE QUESTIONS

Do we have the right

infrastructure & processes to

manage risk?• Is the CRO empowered?

• Is our risk management process aligned with our strategic decision-making process and existing performance measures?

Is our risk management process coordinated and consistent across the entire enterprise? Does everyone use the same definition of risk?

Is our risk management process cost effective?

Am I taking the right risks?

• How are the risks we take related to our strategies and objectives?

Do we know the significant & emerging risks we are taking?

Do the risks we take give us a competitive advantage?

How are the risks we take related to activities that create value?

Do we recognize that business is about taking risks and do we make conscious choices concerning these risks?

Are we taking the right amount of

risk?

Are we getting a return that is consistent with our overall level of risk?

Does our organizational culture promote or discourage the right level of risk taking activities leading to resilience?

Do we have a well defined organizational risk appetite?

Is our actual risk level consistent with our risk appetite including emerging risks in a rapidly changing environment?

RESILIENT AND SUSTAINABLE ORGANISATIONS

• AVAILABILITY OF CREDIT/LIQUIDITY New paradigm• STRATEGY EXECUTION/MANAGEMENT Implementation/failure to execute good strategy Management in rapidly changing environment and

changing culture• STANDARDS & REGULATIONS Compliance obligations ASX/Principles 3, 4 & 7 ISO 31000:2009 International Risk Management

standard AS/NZ 5050:2010 Australian Business Continuity

Management standard APRA prudential standards

THE RESILIENT ORGANISATION

BEYOND RESILIENCE - SUSTAINABILITY

CORPORATE CULTURE

ENVIRONMENT

COMMUNITY

SOCIAL

GOVERNANCE

COMPLIANCE

RISK MANAGEMENT

RESILIENCE

SUSTAINABILITY

DEFINING SUSTAINABILITY

• A sustainable organisation is one that effectively manages, reports and maintains it’s corporate, social, environmental and community responsibilities, where risks and opportunities are effectively identified and managed

• Sustainable organisations are built on ideals, values and resilience

• Value to shareholders, community and employees

• Framework of the environment & social issues – the need for external benchmarking

• Corporate social responsibility ratings – reputation/brand

WHERE WILL FOCUS BE IN 2012/2013

Focus on expedient and cost effective “end to end” value-add recovery solutions which have been tested

New era Data Centres/Cloud computing Combination of the International ISO 31000:2009 Risk

Management Standard & Australian AS/NZ 5050:2010 Business Continuity Management Standard

Supply Chain risks increasing concerns and impact on Business Continuity and Resilience

Increased uncertainty driving Resilience Management focus and assurance for Boards that Management is addressing key risks , business recovery and resumption, testing of recovery plans and integration into the organisations corporate governance

Closer alignment of Risk Management, Business Continuity Management, Resilience Management and Sustainability

JAPAN – HIDDEN RISKSBENEATH THE ICEBERG

RECENT DISASTER – TOYOTA’s RESILIENCE

In the face of the recent MAJOR disaster in Japan and the “compound wild” risks of a massive earthquake, combined with a tsunami, and failure of a nuclear power plant I will present a scenario for discussion on:

• How you might adapt to such a situation• What are some of the lessons learned• Given the likelihood of further

earthquakes and tsunamis what are the key actions you would do to address Resilience and Sustainabilty?

RESILIENCE MANAGEMENT CONTINUUM

AURIMS PARTICIPANTS

WHERE ARE YOU AT WITH RESILIENCE READINESS?

10

? 9

8

7

6

5

4

? 3

2

1

Times have significantly changed and we are facing increasing risks, uncertainty and unprecedented disasters in peoples’ lives and businesses

New challenges driving new ways of thinking

An embedded top down/bottom up Resilience Management Program and culture is about

“doing business better” in managing opportunities, mitigating risks and

becoming more resilient in a rapidly changing operating environment.

SUMMARY

Statistically 1 in 5 organisations willsuffer a major incident every 5 years

Now more about survival requiring simpler, practical, faster and tested solutions towards the focus on resilience

TOWARDS RESILIENCE MANAGEMENT& SUSTAINABLE ORGANISATIONS

• Thank you for your participation

• Questions and Answers

AURIMS CONFERENCE 2011