from compliance to capability - entry point north · 2017. 10. 27. · assurance, risk, incident...
TRANSCRIPT
FROM COMPLIANCE TO
CAPABILITY
©4C STRATEGIES, 2017
Jonas Jonsson
Managing Director International, 4S Strategies
Continuation Training Seminar
Malmö, October 26, 2017
ASSURING OPERATIONAL READINESS
THE WORLD AT LARGE
READINESS
KNOWN KNOWNS KNOWN UNKNOWNS UNKNOWN UNKNOWNS
THE STATE OF BEING PREPARED,
READY FOR ACTION,
READY TO WITHSTAND,
READY TO RECOVER
POSSESSING THE CONFIDENCE THAT
PROVEN CAPABILITIES PROVIDE TO DELIVER THE
REQUIRED OUTCOMES IN RESPONSE TO A COMPLEX
OPERATIONAL ENVIRONMENT
READINESS
https://www.4cstrategies.com/
WARMINSTER2014
Founded in 2000, based in Stockholm, London, and Washington DC
Delivers world class consultancy services and ExonautTM software solutions for training, quality assurance, risk, incident and crisis management
Trusted provider of major multinational companies, international organizations government agencies and armed forces
Aviation clients include Copenhagen Airport, London Gatwick, Virgin Atlantic and Thomas Cook Group
LONDON2010
STOCKHOLM2003
MALMÖ2000
WASHINGTON2016
ABOUT 4C STRATEGIESNAVIGATING UNCERTAINTY
COMMON READINESS CONCERNS
Fragmented and Ac Hoc activities
Inability to allocate and trackinvestments in capabilities
Lack of visible status Of capabilities
??
Copyright 4C Group 2017
The value at stake…
Source: “The Impact of Catastrophes on Shareholder Value,” Rory F. Knight & Deborah J. Pretty, Templeton College, University of Oxford, p. 3.
Trading days after the event
Response from the market
InefficientManagement
EfficientManagement
THE VALUES AT STAKE
Copyright 4C Group 2017
Exercise AURORA 17
Multiple Scenarios played out in different areas at the
same time
Distributed networked Exercise planning
2 Years detailed planningEstablishment of training
objectivesOngoing tracking
Exercise evaluation
5 Years of planning20 000 Exercise participants
40 different Agencies21 days of Exercise
8 participating Nations
??
Copyright 4C Group 2017
A European Central Bank
Multiple StakeholdersTraditional approach to
ComplianceUnclear status of different
teams
Analysis of current statusCreation of maturity model
With clear measurable objectivesCapability development model
High public profile4000 Employees
Ongoing Crisis mgmttrainings
??
Copyright 4C Group 2017
A European Capitol City
Multiple StakeholdersDecentralised Governance
Regulatory Compliance
Long term training commitmentMeasure and ensure lowest
common denominatorExtensive lessons learned projects
Changing securityLandscapesHigh SafetyAmbitions
??
Copyright 4C Group 2017
CONTROL THE RISK
AUDIT AND COMPLIANCE
INCIDENT AND CRISIS
MANAGEMENTREADINESS
TRAINING AND EXERCISE MANAGEMENT
RISK MANAGEMENT
BUSINESSINTELLIGENCE
BUSINESS CONTINUITY
MANAGEMENT
CREATE NEW OPPORTUNITIES
CAPABILITY DEVELOPMENT
IN ACCORDANCE WITH ISO 22301
IN ACCORDANCE WITH ISO 31000
AUDIT &COMPLIANCE
CRISIS MANAGEMENT
RISK MANAGEMENT
BUSINESS CONTINUITY
BUILD,VERIFYTRACK
&
BY INTEGRATING THE SILOS
ASSURING COMPLIANCE
AND READINESSCAPABILITY
PROCESS AND SYSTEMS
ORGANISATION AND CULTURE
GOVERNANCE AND CONTROL
MANAGING RISKS
PROTECTING AND SUSTAINING
PRIORITISED BUSINESS
MANAGING INCIDENTS AND CRISES
Copyright 4C Group 2017
BUSINESS & REGULATORY REQUIREMENT
RISK MANAGEMENT
INCIDENT MANAGEMENT
BUSINESS CONTINUITY
MANAGEMENT
SECURITY MANAGEMENT
IT DISASTER RECOVERY
QUALITY MANAGEMENT ETC.
INITIAL
BASIC
DEVELOPED
INTEGRATED
BENCHMARK
BUILD ORGANISATIONAL READINESS THROUGH THE DESIGN AND DEVELOPMENT OF RISK, BUSINESS CONTINUITY, INCIDENT & CRISIS MANAGEMENT AND ANY OTHER CAPABILITIES NECESSARY TO DELIVER READINESS.
BOARD OF DIRECTORS
CEO
GROUP SHARED SERVICES
GROUP FUNCTIONS
X Y
Z T
A B
C
D
E
F G
K
ML
O
P
H
I
J
BUILDING READINESS
CREATE TRAIN EMBED
READINESS DISCIPLINE LEVEL OF MATURITY ACROSS THE ORGANISATION
Copyright 4C Group 2017
VERIFY ORGANISATIONAL READINESS THROUGH THE DELIVERY OF RIGOROUS COMPLIANCE TESTING AT ALL LEVELS WITHIN
THE ORGANISATION AND ACROSS SUPPLY CHAIN AND SECTORS.
VERIFYING READINESS
ASSESS REPORT
INITIAL
BASIC
DEVELOPED
INTEGRATED
BENCHMARK
TRADITIONAL
WALK-THROUGHS
TTX
SIMX
D-SIMXTARGET
AUDIENCEICM3-LEVEL
PURPOSE
SELF ASSESSMENT INTERNALASSESSMENT
THIRDPARTY
ASSESSMENT
1 A
2 A-B B
3 B-C B-C
4 C C-D
5 E
LEVEL OF MATURITY ASSESSMENT OF CAPABILITY TYPE OF VERIFICATION
Copyright 4C Group 2017
TRACK PROGRAM KPIs
INITIAL
BASIC
DEVELOPED
INTEGRATED
BENCHMARK
TRACK REAL-TIME ORGANISATIONAL READINESS AGAINST REQUIRED TARGET MATURITY LEVELS USING BESPOKE REPORTING DASHBOARDS.
TRACKING READINESS
ANALYSE VISUALISE
PRESCRIBED LEVEL OF MATURITY AUTOMATED VALIDATION
Copyright 4C Group 2017
Analysis
Design
Develop
Deliver
Evaluate
Exploit
The Training Wheel
What are my Key
objectives
How do I ensure I can assess them
How did we perform
What do we do next?
Copyright 4C Group 2017
Current status Report and Roadmap
Workshops
Assesment
Review
Initial Training based on Assessment
Initial Exercise to test results of Training
Continued training based on results from Exercise
Verification Exercise based on results from training
Additional verification Exercises
Build Verify Track
Ensure Training Progression
Self Asses Internal Assess External Verification
Copyright 4C Group 2017
The Exploitation of data
EXONAUT Readiness Dashboard
Copyright 4C Group 2017
IT PLATFORMS THATENHANCE
PERFORMANCE
WELL TRAINEDSTAFF +
RESPONSIBILITY CANNOT BE OUTSOURCED
CONTINUITY OF CRITICAL SERVICES AND PROCESSES REQUIRES MANAGEMENT
COMMITMENT, ORGANISATIONAL EFFORT AND AN EMBEDDED CULTURE.
REQUIREMENTS NEED TO BE BUSINESS-DRIVEN
A CONSISTENT AND COHESIVE APPROACH TO RISK MANAGEMENT IS AN INDISPENSABLE PART OF AN ORGANISATION’S MANAGEMENT CULTURE.
WE HELP YOU THINK INSIDE
THE BOX
SO YOU CAN ACT OUTSIDE OF IT