Date post: | 10-Apr-2017 |
Category: |
Business |
Upload: | tristan-wiggill |
View: | 502 times |
Download: | 0 times |
Heading heading heading Date
RISK MANAGEMENT IN THE TRANSPORT VALUE CHAIN
TRANSPORT FORUM
Presenter: Mr Vincent Matabane : Transnet Freight Rail 3 March 2016
2
ENTERPRISE RISK MANAGEMENT IN THE TRANSPORT VALUE CHAIN
• Enterprise Risk Management refers to the management of risks
across the enterprise or value chain.
• Definition of Risk
ISO 31000:2008
“The effect of uncertainty on
objectives”
DESCRIBING “A RISK”
Some event to occur … leading to … caused by …
3
Transnet Freight Rail 4
ERM FRAMEWORK AND EMBEDMENT PROCESS
Commit and Mandate
Policy Statement
Risk Management Plan
Assurance plan
Standards
Procedures/Guidelines
Communicate and
Train
Communications and
reporting plan
Training strategy
RM Network
Allocate and Organise
Risk and Audit Committee
Exec RM Committee
RM Working Group
Manager, RM
RM Champions
Risk and Control Owners
Measure and Review
Control assurance
RM Plan progress
Governance reporting
Benchmarking
Performance criteria Strategic Process
Str
ate
gic
Pro
cess
Stra
teg
ic Pro
cess
RM Information
System
Risk Registers
Treatment Plan
Assurance Plan
Reporting templates
Tactical Process
Strategic Process
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monito
r and R
evi
ew
Com
munic
atio
nRisk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monito
r and R
evi
ew
Com
munic
atio
n
Commit and Mandate
Policy Statement
Risk Management Plan
Assurance plan
Standards
Procedures/Guidelines
Communicate and
Train
Communications and
reporting plan
Training strategy
RM Network
Allocate and Organise
Risk and Audit Committee
Exec RM Committee
RM Working Group
Manager, RM
RM Champions
Risk and Control Owners
Measure and Review
Control assurance
RM Plan progress
Governance reporting
Benchmarking
Performance criteria Strategic Process
Str
ate
gic
Pro
cess
Stra
teg
ic Pro
cess
RM Information
System
Risk Registers
Treatment Plan
Assurance Plan
Reporting templates
Tactical Process
Strategic Process
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monito
r and R
evi
ew
Com
munic
atio
nRisk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monito
r and R
evi
ew
Com
munic
atio
n
Risk Assessment Tactical Process
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context SettingM
onito
r and
Rev
iew
Com
mun
icat
ion
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monitor and R
eview
Com
munication
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context SettingM
onito
r and
Rev
iew
Com
mun
icat
ion
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monitor and R
eview
Com
munication and C
onsultation
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context SettingM
onito
r and
Rev
iew
Com
mun
icat
ion
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monitor and R
eview
Com
munication
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context SettingM
onito
r and
Rev
iew
Com
mun
icat
ion
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monitor and R
eview
Com
munication and C
onsultation
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context SettingM
onito
r and
Rev
iew
Com
mun
icat
ion
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monitor and R
eview
Com
munication
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context SettingM
onito
r and
Rev
iew
Com
mun
icat
ion
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Context Setting
Monitor and R
eview
Com
munication and C
onsultation
6
What are considered to be controls?
Existing processes, devices or practices that act to minimise
negative risks or enhance positive opportunities
PROACTIVE VS REACTIVE CONTROLS
7
Risk evaluation
Risk evaluation involves three steps: 1. Does the risk fall into the below criteria?
- As set in context
- Too high a risk (or too low a risk) in relation to other risks identified
2. What is the priority for attention?
- Based on residual or inherent risk level
- Difference between Perceived RCE and Desired RCE also relevant
3. Can we justify treatment?
- Cost Benefit Analysis
- Risk Appetite
100%
90%
80%
70%
60%
50%
40%
30%
20%
B 10%
A 1%
Points 5 10 20 30 40 50 60 70 80 90 100
Category 7 6 5 4 3 2 1
E
D
C
Consequence Rating
Strategic risk heat map - Inherent Risk Rating
9
3
8 6
7
4 5
1
2
10
8
Lik
elih
ood R
ating
100%
90%
80%
70%
60%
50%
40%
30%
20%
B 10%
A 1%
Points 5 10 20 30 40 50 60 70 80 90 100
Category 7 6 5 4 3 2 1
E
D
C
Lik
elih
ood R
ating
Consequence Rating
Strategic risk heat map – Residual Risk Rating
9
3
8
6
7 4
5 1
2
10
9
+ve Consequences
•Benefit
•Happiness
•Advantage
Likelihood
Likelihood
Risk/Opportunity
• Event
• Change in circumstances
• Change in situation
-ve Consequences
•Harm•Injury•Detriment
Likelihood -ve Consequences
•Harm•Injury•Detriment
Likelihood
Treatment
Risk and Opportunity Treatment
10
11
Risk and Opportunity Treatment and Controls Risk Treatment Explore Opportunity
Avoidance
Avoiding a (detrimental
consequence) risk by
deciding not to proceed
with the activity likely to
create risk (where this is
practicable).
Enhance
Intensify, increase, or
further improve the quality,
value, or extent of an
opportunity’s impact.
Toleration
Involving an explicit
decision to retain risk,
without further treatment.
Accept
Informed decision to take a
particular opportunity
without additional action.
Sharing
Sharing the burden of a
risk with third party, this
may include outsourcing or
insurance.
Sharing
Form of treatment involving
agreed distribution benefit
of the opportunity with other
parties.
Changing
Likelihood
Enhance the likelihood of
beneficial outcomes and
reduce the likelihood of
negative outcomes.
Exploit Likelihood
Eliminate uncertainty with
the upside of the
opportunity by increasing
the likelihood of outcomes.
Changing
Consequence
Increase the gains and
reduce the losses. This
may include emergency
response, contingency and
disaster recovery plans.
Exploit
Consequence
Eliminate uncertainty with
the upside of the
opportunity by increasing
the consequence of
outcomes.
12
MATURED RISK CULTURE MANAGAMENT IN THE TRANSPORT VALUE CHAIN
Priority for attention
Risk
ranking Suggested action Suggested timing
Authority for continued
toleration of residual risk.
I
Action Plan within a month, take
action to reduce residual risk to II
or below. Notify Transnet Group
Risk Management within 1
month of risk identification with a
treatment plan.
Short term. Normally within
1 month. Group CE
II Plan to deal with in keeping with
the business plan.
Medium term. Normally
within 3 months. Business CEOs
III Plan in keeping with all other
priorities. Normally within 1 year General Managers
IV Will still require attention within
existing operations.
Ongoing control as part of a
management system. Manager
V Lower priority. Will still require
attention.
Ongoing control as part of
operational management Employees
13
14 Transnet Freight Rail is a division of Transnet SOC Ltd Reg no.: 1990/000900/30
An Authorised Financial Services Provider – FSP 18828
BUSINESS CONTINUITY IN THE TRANSPORT VALUE CHAIN – CHANGING CONSEQUANCE
What is BCM?
BCM is a holistic risk management process that provides a framework
for building organizational resilience.
What is a Disaster?
Any unforeseen event that renders critical business processes
unavailable for a period of time which is unacceptable
What is Business Continuity Focus on?
The ability to perform defined business functions, MISSION
CRITICAL ACTIVITIES and/or CRITICAL POINT OF FAILURE to
the survival of the ORGANISATION or VALUE CHAIN, in the event of a
disaster.
Transnet Limited
Stage 1
BCM Policy and Program
Management
Stage 5
Building
BCM
Culture
Stage 6
Exercising
Maintenance
Audit
Stage 4
BCM
Response
Stage 3
Business
Continuity
Strategy
Stage 2
Understanding
Your
Business
BUSINESS CONTINUITY MANAGEMENT LIFE CYCLE
Benefits of an effective BCM Programme
www.transnet.net
16
Benefits of BCM : Why do it???
Protecting revenue, market share, reputation and infrastructure (sometimes including national infrastructure)
Protecting the interests of stakeholders
Competitive advantage
– Pre-incident - demonstrate preparedness
– Post-incident – demonstrating an effective response
Achieving regulatory compliance
Achieving customer demands
Insurance implications
Increasing organisational understanding
Increasing supply chain resilience (upstream and downstream)
Increasing customer satisfaction
Sending a positive message to staff
www.transnet.net
17
Drivers for BCM
www.transnet.net
18
Business Impact Assessment (BIA) Process
BCM CONTINUITY PLAN
www.transnet.net
20
Business Continuity Management
Some questions… to ponder …
Does many transport the value chains have a fully tested and robust framework of business continuity in place today?
If BCM champions of the value chain arrive a their places of work after this meeting and it was inaccessible, damaged or destroyed – would they you know what to do?
If your building was evacuated tomorrow, people were hurt, and you found yourself in charge, would you know what to do?
What would be the effect of your business within the value chain if there has been a significant disruption to production or supply of goods or services?
How would an inability to supply your customers for an extended period affect your brand, reputation and market share?
How bad would it be for your business if an incident made national or international news and it was perceived to be your fault that the entire value chain collapsed?
Do you know which of your suppliers can affect your business the most?
www.transnet.net
22
VARIOUS RISK INSURANCE PRODUCTS IN THE TRANSPORT VALUE CHAIN
Assets All Risks
Protection of all assets against losses (e.g. fire, theft, accidental damage, vandalism
and derailments).
Liability Insurance
Third parties (e.g. veld fires, level crossing accidents, damage to third party
properties.)
Principal Controlled Insurance (PCI)
PCI is a concept whereby the insurance is arranged for own Contractors and sub-
contractors.
Freight Protection Facility (FPF)
Insurance cover for freight whilst in transit.
Injury on Duty (Governed by The Compensation for Occupational Injuries &
Diseases Act,1993)
Injuries accidentally sustained in the normal course of work., covering Occupational
diseases, and death arising from a workplace accident or occupational disease.
23
Value Chain Processes interact
with the Ecosystems, adversely or
positively
CONSIDER POSSIBLE ENVIRONMENTAL LEGISLATIVE REQUIREMENTS AND IMPACTS
ROLE OF HAZMAT FIRE AND EMERGENCY SERVICES
Provide Emergency Response Services
Conduct Fire Equipment Maintenance
1. First response to fire & dangerous substances
2. Fire prevention
3. Fire protection and maintenance
4. Fire Training
5. Route Risk Profile
6. Fire Risk Assessments
7.Fire Safety Compliance Audits
8. Conduct Incident simulation exercises with various role players.
24 Transnet Freight Rail is a division of Transnet SOC Ltd Reg no.: 1990/000900/30
An Authorised Financial Services Provider – FSP 18828
Questions? Questions
???
IS THERE A RISK HERE..............?