building business continuity through risk management, presented by kimberley hart, 10th oct 2016,...

Building business continuity through risk management

The resilience myth?

Kimberley HartRisk and Resilience Lead, Internal Audit and Risk ManagementCorporate Services

Session Objectives

• To consider the impact of risk perception on the achievement of objectives

• To explore the relationship between effective risk management, project management and organisational resilience

Kimberley HartInternal Audit and Risk Management

Slide 2

My current role• Risk and Resilience Lead• Directorate for Children & Families support

and thematic lead for building resilience• Chair of the Manchester Business

Continuity Forum

Slide 3Kimberley HartRisk and Resilience Lead, Internal Audit and Risk ManagementCorporate Services

Responsibilities• Incident Management: co-ordinating response in a Council-

wide incident, communication, triage, prioritising service recovery council-wide

• Risk Management: assisting services through support and challenge in developing practical mitigation of their risks enabling them to deliver their objectives

• Business Continuity Planning: production and testing of corporate and service business continuity plans for critical Council services

• Advice and Assistance Programme: information and support to businesses & voluntary organisations

• Consultancy work: a charged service for the provision of advice on risk and business continuity management


Slide 4

Let’s play a game…

Slide 5

Perception of reality


Background

Slide 6

Miss Hart


Your perception is your reality!

Slide 7

“Reality is merely an illusion, albeit a very persistent one.”

Albert Einstein


Perception of risk….


• Risk can be defined as the element of uncertainty of which affects decision making and planned outcomes.

• Risk factors may be either positive opportunities or negative threats.

• Essentially, they are the factors that help or hinder the achievement of our objectives.

The Rumsfeld Effect“There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know….”


What is business continuity?


‘The strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level’

Business continuity planning process…

ISO 22301

• Identify and manage current and future threats to your business

• Take a proactive approach to reduce the impact of incidents

• Keep critical functions up and running during times of crisis

• Minimise downtime during incidents and improve recovery time

• Demonstrate resilience to customers, suppliers and other stakeholders


BC planning as ‘First Aid’ for the business?

• Protects reputation• Protects people and services• Prevents incident deterioration• Maintains the most essential/time critical services• Promotes efficient service recovery• No panic – reduces stress


Slide 12

What is resilience?


Resilient adj. the ability (of an organisation) to recover quickly from any incident that prevents it from delivering its services

What are the risks affecting business continuity?


National Risk Register of Civil EmergenciesAn assessment of the likelihood and potential impact of a range of different risks that may directly affect the UK.

It is designed to:• Increase awareness of the kinds of risks the UK faces• Encourage individuals and organisations to think about their own preparedness.

The register also includes details of what the Government and emergency services are doing to prepare for emergencies.


Slide 15

What kind of risks would you expect to see on the National Risk Register?


Highest Priority Risks

• Risk of terrorist and other malicious attacks• Pandemic Influenza• Coastal flooding• Widespread electricity failure• Major transport accidents• Major industrial accidents• Disruptive industrial action• Severe weather


Slide 17

• Do you create a risk register for your projects or programmes?

• Do you maintain and review a risk register? How often?

• Who is involved in the production of project/programme risk registers?

• How are risks identified?• Are the risks specific to the project or do they take

into account the broader context? • How are risks reported and escalated?

Slide 18

Risk Management in action


A world in which all projects succeed?• Understanding uncertainty and risk in order to

make informed decisions is at the heart of the management of planned change through project-based working.

• Once understood, risks can be taken in pursuit of value with eyes open. Other risks can be avoided or contingency plans put in place, or existing plans can be reviewed and revised.


Manchester Business Continuity Forum (MBCF)

• Aims to reduce the economic and social impact of emergencies and speed up the subsequent recovery through partnership working.

• Offers a forum through which businesses, voluntary sector and emergency responders can co-ordinate and integrate emergency preparedness arrangements.

• Sharing good practice information to promote effective business continuity and emergency planning.

• Will share information about incidents where possible.

www.manchester.gov.uk/businesscontinuity

Session Objectives

• To consider the impact of risk perception on the achievement of objectives

• To explore the relationship between effective risk management, project management and organisational resilience


Slide 21

Further information

Email: [email protected]

www.manchester.gov.uk/emergencies


Slide 22

mailto:[email protected]

http://www.manchester.gov.uk/emergencies

This presentation was delivered at an APM event

To find out more about upcoming events please visit

our website www.apm.org.uk/events

http://www.apm.org.uk/events