Hisham Moustafa & Simon Doherty
Transcript of Hisham Moustafa & Simon Doherty
-
7/31/2019 Hisham Moustafa & Simon Doherty
1/37
-
7/31/2019 Hisham Moustafa & Simon Doherty
2/37
H is h a m M o u s t a fa , R is k M a n a g e m e n t A d v is e r , V M I AS im o n D o h e r t y , R i s k M a n a g e 'm e n t A d v is e r, V M I A
T h e B C j o u r n e y i n t h e V P S
-
7/31/2019 Hisham Moustafa & Simon Doherty
3/37
Todayrs themes 2010 VMIA survey results - A snap shot of the Victorian Public
Sector Be maturity 'Awork in progress' - assisting the public sector to build Be
maturity Observations, common chaLLenges, learnings and themes from
sector work to-date.
-
7/31/2019 Hisham Moustafa & Simon Doherty
4/37
W h o a r e t h e ' V M I A ?The YMIA offers a comprehensive range of risk management and insurance services to morethan 4,500 clients including:
Redu ;CO T0 1 II C i il il j i- fR l ii k10 GOVER .NMEN I iI '
Victorian Government departments Statutory authorities and agencies Public health institutions Community service organisations.
To meet this diverse qroup of clients' needs, the YMIA has adopted an operating model thatseeks to reduce the total cost of risk (TCoR)to the State and to its clients.This model leverages the combined strength of the VMIA's three integrated roles of being:
Adviser to Government Risk management adviser State insurer.
Reodu;C8Total COSlofRlskto CLiEto'S
-
7/31/2019 Hisham Moustafa & Simon Doherty
5/37
V M I A B C M s u r v e y : W h a t d id i t s h o w u s ?C o n d u c t e d la t e N o v e m b e r 2010
-
7/31/2019 Hisham Moustafa & Simon Doherty
6/37
(1" '11 BO The l8 I . dne ! ls { ( ]n t in u iW t~'a~iaDernerrt S!J~ zen(1" '11 BO The l&. !s i ness { ( ]n t i nu iW t lanaDernerrt S!J~ ~(il~
The support is there: 61 % EW BCM alre ad y an e stablis he d priority. 90% adequate Snr Mgt involvement and commitment 35% BCM es tablish e d Sy+ (27% 8 (112), 26% in place 3-4y (2.2% 8CI12). 66% EW BCM activities we lll s u pporte d by sn r management's commitment.
Plan s in place but n o t c omp re h e n s iv e: 58% BCPs developed & EW (73% BCll1&12(Gov)). 35% clearly articulated and current plan
C ris is M an a'gem en t P la n. Some BCP e lemen ts are a lre ady in p lace as part of BAU , e.q, DRP , ERM p ro ce d ure s , off-site
of records etc
-
7/31/2019 Hisham Moustafa & Simon Doherty
7/37
CM ,l ll lC l T h e B 'u s ir ne s s ( on tt in : ui ty M a :n o ,g :e m en t S u rv e y 2 0 11eM,! sc I T h ~ B 'u s ir n e ss ( on t ri n ui ty M a n ., g, eme n t S u rv e y 2012
2010 V M IA B C M s u r v e y : W h a t d id i t s h o w u s ? ( r o n ' t )The quality and understanding:
On ly 59.5% had a comprehensive understandinq of their key interruption risks 45% indicated the ability of HCM to support the org was 'Somewhat effective'
BCM pro fe ss iona ls : In-house development of BCPs (69% ) BCM part of job d escrip tion (38%) 52% have no SCM FT or PT professlonals within their org BCM faUs within RM corp function (39%).
A shinning Light: For the most recent business interruption, recovery objectives were completely met by48% of respondents and service LeveLswere completely maintained by 47% ofrespondents (BCI 74% 2011 79% 2012).
-
7/31/2019 Hisham Moustafa & Simon Doherty
8/37
V P S o r g a n is a tio n s t h a t h a v e a c t i v a te d B C P s o r C M P s in l a s t 12 m o n t h s ( t o s u rv e y ) .54%
-
7/31/2019 Hisham Moustafa & Simon Doherty
9/37
2010 V M I A B C M s u r v 1 e y : W h a t d i d i t s h o w u s ? (cent)Tech related:Commun i ca ti on f ai lu r IT/technology (hardware, software fa~LLJre)Security breach
Suitt environment:Serv ice provider/supply chain fai lureUt il it y outage (power , gas, water )~a.cilities fa ilure/rnove
VMIA 2010 BCI 2011 BCI 201234.5% 20% 24%32.,8% 34% 39%3.4% 4% 6%
VMIA 2010 BCI 2 01 :1 1. BC 12 0J 1. 26.9%
60.3%12.1%19%16%26%
15%14%20%
Natural envi ronment :Human error/man-made disaster (e.g. f ire, accidents)External ernerqencles/natural disaster {e.g. bush fires" f lood}
VMI,A 20106. .9%
37.9%
-
7/31/2019 Hisham Moustafa & Simon Doherty
10/37
2010 V M I A B C M s u r v e y : W h c
T ech re La te d:Communication failureIT /te ch noLogy (h ard ware , s oftw are fa ilu re )S ecu rity bre ach
VM IA 2010 BC I 2011 BC I 201234.5% 20% 24%32.8% 34% 39%3.4% 4% 6%
-
7/31/2019 Hisham Moustafa & Simon Doherty
11/37
112
l012%~%1 %
Natural environment:Human error/man-made disaster (e.g. fire, accidents)E xte rn aL em erg en cie s/n atu ra L d is as te r (e .g. bu sh fire s, flood )
VMIA 2 0 1 06.9%37.9%
B C I 2 0 1 14%64%
B C I 2 0 1 26%
49%
-
7/31/2019 Hisham Moustafa & Simon Doherty
12/37
Built environment:Service provider/supply chain failureUtility outage (power, gas, water)Facilities failure/move
V M I A 2 0 1 06.9%60.3%12.1%
S C I 2 0 1 119%16%26%
N cH lEx
B C I 2 0 1 215%14%20%
-
7/31/2019 Hisham Moustafa & Simon Doherty
13/37
W h a t s h o u l d b e k e e p in g t h e V P S u p a t n ig h t ?
-
7/31/2019 Hisham Moustafa & Simon Doherty
14/37
BCI survey: Horizon Scan 2012Sector Top three' threats
Financial Services 1. Unplanned IT/Telecom outage ( 8 0 % ) , 2. Cyber attack (7'1%) & 3. Databreach (68% ) .Information & 1. Unplanned IT/Telecom outage (8110/0).,2.,ata breach (77%,) & 3. CyberCommunication attack (750/0).Professional services 1. Data breach (66%), 2. Unplanned IT/Telecom outage (65%) & 3. Cyberattack (60%).Public administration 1..Adverse weather (74 % ),2., Unplanned ITlTelecom outage ( 6 0 % ) &Human illness (60%)Manufacturing 1. Supply chain disruption (76%), 2. Unplanned IT/telecom outage (7'1%) &3. Product safety incident (53%).Health & sociiallcare 1.Adverse weather ( 6 9 % ) , 2. Data breach (69%) & 3. Unplanned IT!telecom outaqs ( 6 3 % ) .Utilities 1. Cyber attack (820/0),2. Adverse weather (81% ) & Interruptiion to utilities
supply (77%).CM I B cl The Business CcntinLlity t - teneqemem Siul"Y'e'j1Mi
-
7/31/2019 Hisham Moustafa & Simon Doherty
15/37
B C I i m e l h e
bsi. . -. ! M I' 1! ~ . , . _
-
7/31/2019 Hisham Moustafa & Simon Doherty
16/37
-
7/31/2019 Hisham Moustafa & Simon Doherty
17/37
-
7/31/2019 Hisham Moustafa & Simon Doherty
18/37
-
7/31/2019 Hisham Moustafa & Simon Doherty
19/37
'~ ~~/' b } " ' ( , "i l ''.'.. ,'
' .j'
-
7/31/2019 Hisham Moustafa & Simon Doherty
20/37
-
7/31/2019 Hisham Moustafa & Simon Doherty
21/37
-2002 2003 2004 2005 2006
-
7/31/2019 Hisham Moustafa & Simon Doherty
22/37
-
7/31/2019 Hisham Moustafa & Simon Doherty
23/37
2005 2006 2007 2008 2009
-
7/31/2019 Hisham Moustafa & Simon Doherty
24/37
Victorian GovernmelltRisk ManagementframeworkMar(h2.oU
-
7/31/2019 Hisham Moustafa & Simon Doherty
25/37
'Vict,orian GovernmentR.lskManagementFrillilleworl{MardJ 2011
Intem'at ionalO rg an iiza Uo n fo rStandardizat ion
-
7/31/2019 Hisham Moustafa & Simon Doherty
26/37
B C I i m e l h e
bsi. . -. ! M I' 1! ~ . , . _
-
7/31/2019 Hisham Moustafa & Simon Doherty
27/37
C h a l l e n g e s r e m l a i n i n g
-
7/31/2019 Hisham Moustafa & Simon Doherty
28/37
M a n d a te a n d c D m m i t m e n t
1UtJl!!~~! ! ~~~ :: : . "" In"",
I n t e g ra ti n g B C M
E x e r c i s i n g
F it ti n g i t i n> The Compliance, Risk, Quamy,
Busine5; Co"ti~uity, OHS Mar"gr"> A 'busynes culture
Keep the plans alive!
-
7/31/2019 Hisham Moustafa & Simon Doherty
29/37
M a n d a t e a n d c o m m i t m e n t
-
7/31/2019 Hisham Moustafa & Simon Doherty
30/37
The busiiness continuity plan (Marsh)http://Www..nstghts_mlarsh_coml
EmergencyII"spo:r1lselan
Crisis management!communication plan
Time objective
-
7/31/2019 Hisham Moustafa & Simon Doherty
31/37
F i t t i n g i t i n The Compliance, Risk, Quality,
Business Continuity, OHS Manager A 'busyness' culture
-
7/31/2019 Hisham Moustafa & Simon Doherty
32/37
-
7/31/2019 Hisham Moustafa & Simon Doherty
33/37
xernsms
-
7/31/2019 Hisham Moustafa & Simon Doherty
34/37
Keep the pLans aLive !
-
7/31/2019 Hisham Moustafa & Simon Doherty
35/37
-
7/31/2019 Hisham Moustafa & Simon Doherty
36/37
K e y m e s s a g e s Orgs should monitor their key interruption risks 90% said senior mngt commitment was adequate BCM listed as an accountability in position descriptions - 38% Shift from zilch or compliance to quality and sustainabiUty isrequired P olicy environment progressing, as are Standards and Guidelines Support and networks is out there Lack of capability and/or resources though some maturity Mandate, integrate, fit it in, keep it simple, exercise, keep it alive
-
7/31/2019 Hisham Moustafa & Simon Doherty
37/37