Posts

What is Organisational Resilience?

A holistic view of risk management in the context of ‘better practice’ is now viewed as ‘organisational resilience’ and is built around a framework that incorporates financial, operational and strategic risk.

A fully integrated risk model is achieved by intelligently fusing the disciplines of risks management, crisis management, emergency management, security, business continuity and other key areas.

The Janellis resilience model incorporates four key focus areas of Risk, Readiness, Response and Assurance. The model forms the basis by which Janellis reviews and builds an organisations resilience capability. An effective resilience framework ensures organisations can rapidly adapt and respond to internal or external change, risks, opportunities, demands, disruptions or threats; and continue operations with limited impact to the business.

An organisation with a mature resilience capability is able to demonstrate the following:

  • Integration of strategic, operational and financial risks
  • Response capability built against known catastrophic risks through training and exercising
  • High levels of confidence to respond to emerging threats
  • Embedded critical thinking across the organisation
  • Alignment of resilience capability with key inter-dependencies
  • Regular assurance to the board and other key stakeholders

About the Janellis Enterprise Resilience Framework

Developed in collaboration with leading Australian organisations operating in high risk industries both nationally and internationally, this framework is based on the International Benchmarking on Organisational Resilience.

The framework is aligned with International and Australian standards including: ISO 31000, the Australasian Inter-service Incident Management System (AIIMS), the Prevention, Preparedness, Response and Recovery (PPPR) principles, AS/NZS 5050 and the Australian Federal Governments Critical Infrastructure Resilience Strategy for owners and operators of critical infrastructure.

Key elements of the framework have been embedded in leading organisations and government agencies.

The framework has four areas of focus which include RISK; READINESS; RESPONSE and ASSURANCE.

RISK

– ISO 31000 is the cornerstone of the framework and requires an integrated and consistent approach to managing strategic operational and financial risks across the enterprise. In addition to traditional enterprise-wide risk management, it entails a greater focus on: the identification, management and reporting of ‘catastrophic risks’; understanding the dependencies and vulnerabilities related to critical suppliers and other third parties; the identification and management of emerging threats and using scenario based modelling to build situational awareness and adaptability.

“The capability to respond to extreme events is an essential part of building and maintaining organisational resilience”.

READINESS

– The readiness components of the framework includes a more strategic approach to pre-planning for disruptions and ‘shocks’ through: the development and alignment of plans; training and awareness; implementing appropriate technology and having alternate site arrangements. Advanced readiness capabilities include: the alignment of plans with critical suppliers or external agencies; ensuring that all communications mechanisms are in place to receive and distribute information; the development and use of tools including a decision making framework and response handbook as an aide memoire.

RESPONSE

– The response components of the framework encompass the capability to respond to specific known strategic, operational or financial ‘catastrophic’ risks or emerging threats that the organisation is managing. The response aspects involve a robust exercising and testing process that builds and maintains capability. An effective exercise development process will highlight vulnerabilities and identify strengths within the organisation. The response elements of the framework build crisis management leadership as well as critical thinking capabilities.

“An organisation may have exhaustive risk management processes, detailed plans and experienced individuals but; if a team comes together in a crisis and they are unable to demonstrate critical thinking capabilities, they may not be effective. Critical thinking skills developed at all levels within an organisation – and evident during BAU – is one of the leading indicators of organisational resilience.”

ASSURANCE

– Higher levels of assurance are being sought to ensure that organisations can effectively respond to a wide range of potential threats. Traditional governance frameworks are being improved with targeted ‘readiness’ reporting, robust post-incident reviews, benchmarking and audits. Benchmarking is used to highlight areas of capability as well as areas of vulnerability and this can be done nationally and internationally.

The internal and external audit process is a recognised and effective way to provide assurance and there is a growing requirement in the areas of risk, organisational resilience, emergency and crisis management. Whilst it may not be possible to predict or mitigate the full range of unknown risks, assurance can be provided to key stakeholders if the organisation can demonstrate: an acceptable level of pre-planning; a robust exercising program and an effective and auditable decision making process.

Download the Harvard Business Review submission containing case study examples including: NSW State Emergency Service; Qantas; Lend Lease Group, Transfield Services and Westpac Banking Corporation. Or the technical version here.


 

Strategies to build resilience in Australia’s national critical infrastructure

Following the recent Government announcement, there is a renewed focus on the ownership and resilience of Australia’s national critical infrastructure. A joint media release with Senator The Hon George Brandis QC stated:

“With increased privatisation, supply chain arrangements being outsourced and offshored, and the shift in our international investment profile, Australia’s national critical infrastructure is more exposed than ever to sabotage, espionage and coercion.

We need to manage these risks by adopting a coordinated and strategic framework. This challenge is not something the Commonwealth can address alone”.

The diverse number of threats and the need for an ‘all hazards’ approach presents significant challenges to owners and operators of critical infrastructure. In 2006 Janellis pioneered an integrated organisational resilience framework with critical infrastructure providers and key elements of the framework continue to be embedded in industries including: aviation; banking and finance; energy; transport; water and government agencies.

Areas of focus:

  • Clarity on the role of the Executive and Board in a crisis, including their role in ensuring the organisation is prepared for an incident, emergency or crisis.
  • Scenario-based planning at the Executive and Strategic level to uncover and mitigate against ‘catastrophic’ risks the organisation may face.
  • Crisis Communications and its effective integration within the crisis emergency and incident management framework.
  • Multi-agency Emergency Management Capability Awareness Programs providing multi-faceted resilience protection for key assets.
  • The effective use of decision support tools for Emergency and Crisis Management Teams to enhance integrated critical thinking and decision making.
  • Exercise development process to facilitate scenario-based exercises that build capability, highlighting areas for improvement and provide assurance to key stakeholders.
  • Resilience reporting to provide assurance to the Executive, Board and other key stakeholders.

The ‘all hazards’ approach to building resilience is growing in awareness and acceptance due to increasingly complex and unpredictable impacts. Developing and maintaining capability is a key requirement for critical infrastructure owners and operators and; non-critical infrastructure organisations who are operating in higher risk industries.

Greater levels of assurance are being sought by key stakeholders that teams and organisations have the capability to respond and resilience reporting is being used to assess the capacity and capability for specific assets and across the enterprise.

For more information on the Critical Infrastructure Resilience Assessment and Assurance Tools or the Organisational Resilience Framework, please email Harrison Orr – Harrison.orr@janellis.com.au

Organisational resilience in the face of a severe heatwave forecast

There are serious industry concerns New South Wales could be hit with blackouts from tomorrow afternoon due to record high energy demand, as the state grapples with some of the worst heatwave conditions that NSW has ever seen over the next three days.

The Australian Energy Market Operator (AEMO) has issued an alert predicting a tightening balance between supply and demand with forecast electricity demand to reach around 14,700 megawatts (MW), the highest ever demanded in NSW.

The AEMO said it was working to reduce the need for so-called “load shedding events”, like the one which saw 90,000 properties lose power in Adelaide on 8 February 2017. “Load shedding could occur instantly if the demand supply balance changed rapidly.”

Blackouts could happen instantly to protect supply. The resultant consequence for critical infrastructure owner/operators and other business though, could be catastrophic, resulting in widespread business and operating disruptions.

Business Resilience Advice

The key to effective business resilience in times of severe weather forecasts, such as the one NSW is facing over the next 72 hours is not to be REACTIVE. Organisations and businesses need to be PROACTIVE. Pre posture your readiness and response arrangements and activate your incident, emergency and crisis planning before the potential business impact.

The following key readiness initiatives have been provided to assist your organisational readiness in the face of this potential severe heatwave emergency;

1.    Avoid a delayed organisational response. Ensure relevant staff and managers are aware of your internal notification and escalation triggers and processes that will activate pre determined levels of response, as and if required.

2.    Ensure you have nominated and confirmed ‘on call’ membership of your incident, emergency and crisis teams, and that relevant contact details are current and tested.

3.    Conduct an Operational Readiness Check of both your automated incident/emergency notification systems and Incident Control Centres/Rooms.

4.    Situational Awareness. Convene a team briefing (face to face or virtual) with your IMT, EMT and/or CMT to establish situational awareness of potential environmental and business risks and threats. Develop and agree upon pre response plans to mitigate potential business impacts of excessive heat conditions.

5.    Staff and customer safety is priority. Ensure staff and customer welfare plans have been established to mitigate potential adverse health effects as a result of the forecast heatwave conditions. Reference state agency health alerts and warnings.

6.    Ensure key staff are aware of established business continuity plans and what their associated roles and responsibilities within these plans are.

7.    Reduce single supply point vulnerability. Seek assurance from key critical service providers that they have enacted operational and business readiness plans to ensure business continuity.

8.    Catastrophic bushfire forecast. For those businesses that have close proximity to, or are located on the bushland urban interface, ensure you maintain situational awareness via the accessing of the NSW Rural Fire Service website and Apps.

Finally, it is a lot easier to escalate and activate early, then de-escalate if not required, rather than explain to your key stakeholders why the impact of your business disruption may have been mitigated if only you had acted early.

If you require any assistance, advice or support relating to business readiness and resilience, please have no hesitation in contacting myself on 0498 853 736.

What is the 100 Resilient Cities movement?

100 Resilient Cities—Pioneered by the Rockefeller Foundation (100RC) is dedicated to helping cities around the world become more resilient to the physical, social and economic challenges that are a growing part of the 21st century.

Janellis became a Global Platform Partner or 100RC in 2016.

Watch this video to learn more about the 100 Resilient Cities Movement…

CBD Response leads the way

Significant events have occurred within Sydney’s CBD Zones in recent years. They have highlighted the difficulties in moving large groups of people, the need for rapid communication and the reliance on key decisions to be made by business leaders.

If you work in the Sydney or North Sydney CBD and you are responsible for the safety of others, you have a role to play in preparing for a major emergency.

New Role for Business Leaders in CBD Emergency Management

In the event of an emergency in NSW a ‘significant and coordinated response’ will require businesses, government, critical infrastructure companies, service providers and the broader community to work together.

Organisations operating within the CBD cannot rely on emergency services agencies and building managers alone to ensure the safety of their staff and the continuity of their business.

In an emergency, business leaders may be faced with incomplete or conflicting information. The complexity of an effective response requires the most experienced and capable leaders to make decisions that could affect the safety of many people and the continuity of their business.

In order to successfully work together business leaders need to be aware of how the police, the other emergency services and the local authority will respond.

New challenges lead to a new plan and revised requirements for business

In June 2015, NSW Police published the new Sydney and North Sydney Central Business Districts Evacuation Management Subplan [Subplan]. You can view the full plan here.

The key changes to the plan are:

More than ever there is a need to ensure that organisations operating within these zones are self-reliant, that they understand the key components and concepts of the Subplan – at an executive level – and that they have exercised and tested their capability.

CBD Response helps organisations get prepared

CBD Response has translated the NSW Government’s plan specifically for businesses operating in the Sydney CBD Zones. It provides all the information and tools organisations need to get prepared and be assured on their readiness and ability to respond to a CBD-wide emergency.

It has been designed for business leaders, business response teams, property managers, building owners plus audit and risk professionals.

If you are unsure of how well aligned your capability is to these guidelines please use the Assurance Assessment Tools to check that your organisation has the ability to respond to a CBD-wide emergency.

If you work in the CBD and are not aware of your role in an emergency or the key concepts within this site we recommend you complete the Assurance Assessment for Business Leaders on that page and forward the results to the most appropriate person within your organisation.

For more information on CBD emergency management reviews and health checks please contact Janellis.

Creating a Business Resilience Vision for Qantas

Janellis were engaged by Qantas to begin a Resilience Improvement Program in 2007. Qantas were one of the first companies to fully embrace the concept of Organisational Resilience and to make major investments into improving their resilience capability.

Qantas selected Janellis on the basis of our Enterprise Resilience Model that incorporated four key areas of Risk, Readiness, Response and Assurance. The program objectives included aligning and embedding key tools across the business.

Qantas now has a resilience capability that has been robustly tested and applied as part of their ongoing business operations.
Qantas have won the Australian ‘Risk Enterprise of the Year Award’ recognising the enterprise that has most successfully integrated risk management to business partner status within their organisation, making it an integral part of organisation-wide strategy and process. Significant disruptions to their business have resulted in Qantas as now being regarded as having a world class capability in crisis management.

The Janellis tools that Qantas have been using for the past ten years are also embedded in a number of other complex organisations in other industries.

Chief Risk Officer, Qantas:

“I would like to thank Janellis who started this journey with us. We may not have been the easiest Client to have worked with but you stuck with us and we appreciate that. We are grateful for the opportunities to continue to build our resilience by working with our critical suppliers and other leading Australian companies”

For more information, please contact Harrison Orr at Harrison.orr@janellis.com.au

Cosgrove leads CBD executives to stirring realisation

I recently wrote about working with Governor-General Peter Cosgrove on defining organisational resilience at the executive and board level. In the article titled ‘What is organisational resilience?’ I told the story of how we collaborated with Peter who had recently retired as General of the Armed Forces.

Working in the still-emerging area of organisational resilience over the past ten years has created unique opportunities to share the thinking with some of the brightest and most experienced people in both public and private sectors.

It was through one of these shared thinking events that we were able to work with then retired General Peter Cosgrove to capture his insights and experience in the complex area of emergency management, specifically for business leaders.

In recalling the diverse range of events, training sessions and exercise activities involved in building organisational resilience, including the ones where Peter worked directly with executive teams with Janellis, there was one stand-out moment that had the greatest impact – Convergence, a National Emergency Summit held in Sydney in November 2006.

A gathering of experts, executives and media

I was standing at the back of the room and Peter was on centre stage flanked by key members of the IAG crisis management team and a panel of experts from police, fire, ambulance, transport and media.

The audience was made up of several hundred executives and subject matter experts, with media crews set-up at the back of the room. The intensity of the discussions taking place was palpable and when Peter spoke, the room was so quiet you could hear a pin drop.

The NSW Government had recently launched the Sydney CBD Emergency Subplan and Janellis had also launched our Guidelines for Business to help organisations interpret the plan and build capability.

Many organisations had told us they wanted to see “how it would actually work in practice” so we set about achieving the ambitious goal of developing a hypothetical scenario to test the current plans and the thinking that surrounded them.

The hypothetical scenario

We identified key response agencies that would be involved, critical infrastructure service providers, plus a range of organisations that wanted to be involved and who would be directly impacted. With more than 400,000 people identified within the Subplan zones, the participant numbers kept growing.

In considering who would be the best person to lead this landmark event for Australia, there was no better candidate than then Retired General Peter Cosgrove. Peter spoke at the time of his immediate attraction to working with the business community. This was as a result of his professional experience in emergency situations, as well as his “profound belief that there is a pressing need for the business community to prepare to cope with disaster”. He commented on our “new reality” and the need to factor the capability to respond to major disruptions into the highly necessary column of our busy lives.

The hypothetical involved a gas explosion in a building site within the Sydney CBD and the Subplan included elements of emergency management that were new to Australian organisations, such as SydneyAlert and directions to the public, including ‘shelter-in-place’ and nominated ‘safety’ sites that were different to normal fire evacuation sites.

The discussions were building up to a peak point when it became clear that the unique characteristics of the Sydney CBD would require a significant and coordinated response for an emergency event of this nature.

Stirring realisation for executives

Key questions were being asked about the reliance on security staff from building management to interpret the directions to public, as detailed in the new plan.

Concerns were raised about how quickly the SydneyAlert messages would be sent out and how organisations affected would actually respond to the shelter-in-place command and what did it actually mean. Business leaders wanted to know how reliable the information provided was and how they should respond to incomplete or conflicting information.

Peter mentioned the yin and yang of media being the best source of information and the worst. He spoke of the skill required to ‘cut through the noise’ and to demonstrate critical thinking at key decision points.

As this was the first time the private sector and the public sector had come together in this format, the discussions were exhaustive and we were running well over time. There was a mini-crisis occurring in the kitchen, as hundreds of beef dishes were waiting to come out and the venue manager was getting agitated.

The venue manager was unaware of the magnitude of the discussions underway and I asked him to hold off a little while longer because we had reached a defining moment of dawning where business leaders realised that in an event of this scale within the CBD, they could not expect to get a response from a 000 call and they had to become self-reliant.

The moment the IAG crisis management team reached their [hypothetical] decision to continue to advise staff to ‘shelter-in-place’ and disregard the information from the media was the highlight of the day. The conflicting information presented to them captured the complexity of the decisions they would face and; the need for the most senior and most capable crisis management team, to make decisions that would ensure the safety of many people.

In Peter’s own words:

Australia has some of the best men and women leaders of any country in the world who can deal with business shocks standing on their feet and they have already demonstrated this. However, the new set of challenges needs more work. Some organisations are very advanced and responsible – and there are a lot who are not. In running through the hypothetical today, we can start to imagine the dimensions to the problem.

New role for business leaders

Both the National Emergency Summit and more recent significant CBD events have highlighted the difficulties in moving large groups of people, the need for timely communication and the reliance on key decisions to be made.

Organisations operating within the CBD cannot rely on emergency services agencies and building managers alone to ensure the safety of their staff and the continuity of their business.

The reality is, in an emergency, business leaders may be faced with incomplete or conflicting information. The complexity of an effective response requires the most experienced and capable leaders to make decisions that could affect the safety of many people and the continuity of their business.

Revisions to the Sydney Subplan

Earlier this year, a revision of the 2006 plan was completed and the new Sydney and North Sydney Central Business Districts Evacuation Management Subplan was published on the Emergency NSW website. In recent months, Janellis has facilitated another executive-level exercise to build capability to respond to a range of disruptive events, including an event occurring in the CBD.

While there have been many advances in technology in the past decade and the risk profile continues to change, surprisingly, many of the emergency management issues for organisations operating in the Sydney and North Sydney CBD today are the same issues that were raised at the National Emergency Summit.

Key strategies that are being used and tools that have been developed to address the issues highlighted at Convergence have proven to be effective – many organisations now have a measurable capability in emergency management at the executive level.  

With the expanded zones now including approximately 700,000 people, there is an even greater need to ensure that organisations operating within these zones are self-reliant, that they understand the key components and concepts of the Subplan – at an executive level – and that they have exercised and tested their capability.

Download the full Convergence Report here.


Janellis is an enterprise consulting firm working with leading organisations across many industry sectors and government agencies. Janellis helps organisations execute their strategy and are specialists in transformation and change management; organisational resilience; risk, compliance and assurance; crisis and emergency management; and portfolio and project management.