FROM COMPLIANCE TO

CAPABILITY

©4C STRATEGIES, 2017

Jonas Jonsson

Managing Director International, 4S Strategies

Continuation Training Seminar

Malmö, October 26, 2017

ASSURING OPERATIONAL READINESS

THE WORLD AT LARGE

READINESS

KNOWN KNOWNS KNOWN UNKNOWNS UNKNOWN UNKNOWNS

THE STATE OF BEING PREPARED,

READY FOR ACTION,

READY TO WITHSTAND,

READY TO RECOVER

POSSESSING THE CONFIDENCE THAT

PROVEN CAPABILITIES PROVIDE TO DELIVER THE

REQUIRED OUTCOMES IN RESPONSE TO A COMPLEX

OPERATIONAL ENVIRONMENT

READINESS

https://www.4cstrategies.com/

WARMINSTER2014

Founded in 2000, based in Stockholm, London, and Washington DC

Delivers world class consultancy services and ExonautTM software solutions for training, quality assurance, risk, incident and crisis management

Trusted provider of major multinational companies, international organizations government agencies and armed forces

Aviation clients include Copenhagen Airport, London Gatwick, Virgin Atlantic and Thomas Cook Group

LONDON2010

STOCKHOLM2003

MALMÖ2000

WASHINGTON2016

ABOUT 4C STRATEGIESNAVIGATING UNCERTAINTY

COMMON READINESS CONCERNS

Fragmented and Ac Hoc activities

Inability to allocate and trackinvestments in capabilities

Lack of visible status Of capabilities

??

Copyright 4C Group 2017

The value at stake…

Source: “The Impact of Catastrophes on Shareholder Value,” Rory F. Knight & Deborah J. Pretty, Templeton College, University of Oxford, p. 3.

Trading days after the event

Response from the market

InefficientManagement

EfficientManagement

THE VALUES AT STAKE

Copyright 4C Group 2017

Exercise AURORA 17

Multiple Scenarios played out in different areas at the

same time

Distributed networked Exercise planning

2 Years detailed planningEstablishment of training

objectivesOngoing tracking

Exercise evaluation

5 Years of planning20 000 Exercise participants

40 different Agencies21 days of Exercise

8 participating Nations

??

Copyright 4C Group 2017

A European Central Bank

Multiple StakeholdersTraditional approach to

ComplianceUnclear status of different

teams

Analysis of current statusCreation of maturity model

With clear measurable objectivesCapability development model

High public profile4000 Employees

Ongoing Crisis mgmttrainings

??

Copyright 4C Group 2017

A European Capitol City

Multiple StakeholdersDecentralised Governance

Regulatory Compliance

Long term training commitmentMeasure and ensure lowest

common denominatorExtensive lessons learned projects

Changing securityLandscapesHigh SafetyAmbitions

??

Copyright 4C Group 2017

CONTROL THE RISK

AUDIT AND COMPLIANCE

INCIDENT AND CRISIS

MANAGEMENTREADINESS

TRAINING AND EXERCISE MANAGEMENT

RISK MANAGEMENT

BUSINESSINTELLIGENCE

BUSINESS CONTINUITY

MANAGEMENT

CREATE NEW OPPORTUNITIES

CAPABILITY DEVELOPMENT

IN ACCORDANCE WITH ISO 22301

IN ACCORDANCE WITH ISO 31000

AUDIT &COMPLIANCE

CRISIS MANAGEMENT

RISK MANAGEMENT

BUSINESS CONTINUITY

BUILD,VERIFYTRACK

&

BY INTEGRATING THE SILOS

ASSURING COMPLIANCE

AND READINESSCAPABILITY

PROCESS AND SYSTEMS

ORGANISATION AND CULTURE

GOVERNANCE AND CONTROL

MANAGING RISKS

PROTECTING AND SUSTAINING

PRIORITISED BUSINESS

MANAGING INCIDENTS AND CRISES

Copyright 4C Group 2017

BUSINESS & REGULATORY REQUIREMENT

RISK MANAGEMENT

INCIDENT MANAGEMENT

BUSINESS CONTINUITY

MANAGEMENT

SECURITY MANAGEMENT

IT DISASTER RECOVERY

QUALITY MANAGEMENT ETC.

INITIAL

BASIC

DEVELOPED

INTEGRATED

BENCHMARK

BUILD ORGANISATIONAL READINESS THROUGH THE DESIGN AND DEVELOPMENT OF RISK, BUSINESS CONTINUITY, INCIDENT & CRISIS MANAGEMENT AND ANY OTHER CAPABILITIES NECESSARY TO DELIVER READINESS.

BOARD OF DIRECTORS

CEO

GROUP SHARED SERVICES

GROUP FUNCTIONS

X Y

Z T

A B

C

D

E

F G

K

ML

O

P

H

I

J

BUILDING READINESS

CREATE TRAIN EMBED

READINESS DISCIPLINE LEVEL OF MATURITY ACROSS THE ORGANISATION

Copyright 4C Group 2017

VERIFY ORGANISATIONAL READINESS THROUGH THE DELIVERY OF RIGOROUS COMPLIANCE TESTING AT ALL LEVELS WITHIN

THE ORGANISATION AND ACROSS SUPPLY CHAIN AND SECTORS.

VERIFYING READINESS

ASSESS REPORT

INITIAL

BASIC

DEVELOPED

INTEGRATED

BENCHMARK

TRADITIONAL

WALK-THROUGHS

TTX

SIMX

D-SIMXTARGET

AUDIENCEICM3-LEVEL

PURPOSE

SELF ASSESSMENT INTERNALASSESSMENT

THIRDPARTY

ASSESSMENT

1 A

2 A-B B

3 B-C B-C

4 C C-D

5 E

LEVEL OF MATURITY ASSESSMENT OF CAPABILITY TYPE OF VERIFICATION

Copyright 4C Group 2017

TRACK PROGRAM KPIs

INITIAL

BASIC

DEVELOPED

INTEGRATED

BENCHMARK

TRACK REAL-TIME ORGANISATIONAL READINESS AGAINST REQUIRED TARGET MATURITY LEVELS USING BESPOKE REPORTING DASHBOARDS.

TRACKING READINESS

ANALYSE VISUALISE

PRESCRIBED LEVEL OF MATURITY AUTOMATED VALIDATION

Copyright 4C Group 2017

Analysis

Design

Develop

Deliver

Evaluate

Exploit

The Training Wheel

What are my Key

objectives

How do I ensure I can assess them

How did we perform

What do we do next?

Copyright 4C Group 2017

Current status Report and Roadmap

Workshops

Assesment

Review

Initial Training based on Assessment

Initial Exercise to test results of Training

Continued training based on results from Exercise

Verification Exercise based on results from training

Additional verification Exercises

Build Verify Track

Ensure Training Progression

Self Asses Internal Assess External Verification

Copyright 4C Group 2017

The Exploitation of data

EXONAUT Readiness Dashboard

Copyright 4C Group 2017

IT PLATFORMS THATENHANCE

PERFORMANCE

WELL TRAINEDSTAFF +

RESPONSIBILITY CANNOT BE OUTSOURCED

CONTINUITY OF CRITICAL SERVICES AND PROCESSES REQUIRES MANAGEMENT

COMMITMENT, ORGANISATIONAL EFFORT AND AN EMBEDDED CULTURE.

REQUIREMENTS NEED TO BE BUSINESS-DRIVEN

A CONSISTENT AND COHESIVE APPROACH TO RISK MANAGEMENT IS AN INDISPENSABLE PART OF AN ORGANISATION’S MANAGEMENT CULTURE.

WE HELP YOU THINK INSIDE

THE BOX

SO YOU CAN ACT OUTSIDE OF IT