The City of Edmonton. Enterprise Risk Management and Business Continuity Management

Transcription

1 The City of Edmonton Enterprise Risk Management and Business Continuity Management Presenters: Ken Baker, CPA, CMA, ARM-E, Corporate Manager, Enterprise Risk Management Butch Brennan, MBA, CBCP, Business Continuity Planning Coordinator NorQuest College Street NW Edmonton, Alberta, Canada T5J 1L6 May 17, 2018

2 About the City of Edmonton (the City) The City: - covers an area of approximately 700 square kilometres - is home to approximately 932,546 1 people - administers departments, agencies, boards and commissions which operate over 300 lines of business and provide thousands of different service offerings - supports a Metropolitan Region of approximately 1.3 Million 2 people (many of whom rely on the programs and services provided by the City) - employs approximately 15,180 3 people in provision of those services 1 City of Edmonton 2016 Annual Report (page 96) 2 Ibid., (page 5) 3 Ibid., (page 96)

3 City of Edmonton Strategic Plan Edmontonians understand that safety and prevention are entwined. They take responsibility for social order and crime prevention. They appreciate and support public education to raise awareness of individual and community contribution to safety. 4 The City of Edmonton works on several fronts to ensure public health and safety through preventive programs as well as emergency response services. 5 4 City of Edmonton Strategic Plan; The Way We Live; Safety; Goal Four: Edmonton is a safe city 5 City of Edmonton Strategic Plan; The Way We Live; Safety; Goal Four: Edmonton is a safe city

4 Traditional definitions of Risk The Oxford English Dictionary defines: risk as - a chance or possibility of danger, loss, injury or other adverse consequences at risk as - exposed to danger CSA Z defines: risk as the combination of the likelihood and the consequence of a specified hazard(s) being realized, with reference to the vulnerability, proximity, or exposure to the hazards, which affects the likelihood of adverse impact. ISO Guide 73, defines: Risk as - Uncertainty on Objectives

5 Traditional definitions of Continuity Management The Oxford English Dictionary defines: continuity as - 1 The unbroken and consistent existence or operation of something over time. 1.1 A state of stability and the absence of disruption CSA Z defines: Continuity management as - an integrated process involving the development and implementation of activities that provides for the continuation and/or recovery of critical service delivery and business operations in the event of a disruption.

6 Traditional definitions of Continuity Management ISO defines: business continuity as - capability of the organization to continue delivery of products or services at acceptable predefined levels following disruptive incident business continuity management as - holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and valuecreating activities

7 Glossary of Definitions Further information about the International Glossary for Resiliency is available from DRI International at

8 ERM and BCP Together Enterprise Risk Management and Business Continuity Management combine efforts to: provide consistency, provide integral organizational support, reduce operational risks, ensure the continued delivery of essential services, and facilitate the prompt resumption of services interrupted due to disruption or emergency events.

9 Cause vs. Effect Risk Management Identifies, Anticipates and Reduces Causes of Risks Business Continuity Deals with Effects and Implications of failures in mitigation or prevention

10 How is it Managed? City Bylaws, Policies and Procedures provide the guidance to the Programs which are utilized to develop, administer and operationalize the Plans which are created to support of the Bylaws, Policies and Procedures.

11

12

13 ERM / BCP Programs and Plans: - Are NOT a project or a one-time task - Are NOT undertaken for a fixed length of time - Are NOT Insurance - Are NOT self maintaining It is our job to see that these Programs and Plans remain current, are maintained and communicated across our organization.

14 The City has multiple plans Branch and Unit Risk Registers (BURR) Climate Change and Adaptation Plan (CCAP) Contingency Plan - Resourcing (CP-R) Continuity of Operation Plan (COOP) Crisis Management Plan (CMP) Disaster Recovery Plan (DRP) Emergency Management Plan (EMP) Enterprise Risk Management Plans (ERMP) Facility Emergency Response Plans (FERP) Pandemic Incident Response Plan (PIRP) and the list goes on.

15 How do we do that? By developing and maintaining Risk and Contingency plans to: identify and assess our risks, help mitigate and minimize potential damage or loss, and help ensure continuity in the provision of essential City functions and services

16 The Business Continuity Program Concept is supported by Senior Management and ties to the overall Enterprise Risk Management undertaking Facilitates continuous operations, ensuring essential services and functions can continue to be performed during a wide range of disruptions or emergencies Provides guidelines which address all hazards and enable the recovery of normal operations, programs and services Helps reduce / mitigate risks faced by our operations

17

18 Business Continuity Planning Ensures that City unit(s) are prepared for, can respond to and recover from a business disruption, disaster or emergency event and can continue to operate and provide essential functions and services to their stakeholders It is an on-going business activity, not a one-time commitment, nor a project with an established start and end date.

19 Enterprise Risk Management The process of identifying, assessing, and managing risks on an enterprise-wide basis.

20 Enterprise Risk Management Levels of ERM in the City of Edmonton

21 Enterprise Risk Management Holistic Coordination of Key Areas of Risk ENTERPRISE RISK MANAGEMENT

22 Enterprise Risk Management Risk Maturity Model ERM GOVERNANCE RISK MANAGEMENT ACTIVITIES ADOPTION OF ERM-BASED APPROACH ERM PROCESS MANAGEMENT UNCOVERING RISKS MITIGATION OF RISKS RISK TOLERANCE MANAGEMENT ROOT CAUSE DISCIPLINE PERFORMANCE MANAGEMENT BUSINESS RESILIENCY AND SUSTAINABILITY

23 Enterprise Risk Management Risk Maturity Model - First Draft

24 THE KEY IS COMMUNICATION It is essential that the Risk and Continuity Management Programs we develop are shared with all staff and stakeholders, as it will help us prepare.

25

26

27 for change. It is inevitable. The only constant is change! Some can be planned Some are imposed Some are unplanned and just happen Some might even be self inflicted...

28

29

30 IN SUMMARY We don t wait for events to occur - because they will! We try to be prepared by: - identifying and assessing our risks - mitigating those risks where possible and practical - maintaining emergency / contingency programs - regularly reviewing and exercising our plans - Photo by Curtis Comeau

31 QUESTIONS???

32 THANK YOU! Ken Baker, CPA, CMA, ARM-E Corporate Manager, Enterprise Risk Management Butch Brennan, MBA, CBCP Business Continuity Planning Coordinator