Resilient risk management: veilige veerkrachtige processen NVVK Veiligheidscongres 16 en 17 maart 2011 (N)iemand verantwoordelijk voor Veiligheid?! Dolf van der Beek Raphaël Gallis Niek Steijger Johan van der Vorm Gerard Zwetsloot
1 Opbouw presentatie Waarom resilience? Welke elementen zijn nodig voor resilient risk management? Hoe meet je resilience? Samen ontwikkelen: resilience innovation lab.
2 Meer veerkracht, wendbaarheid en weerbaarheid nodig Complexere systemen, organisaties, netwerken, ketens Snellere verandering in organisaties: aanpassingsvermogen nodig Lineair denken en traditioneel risicomanagement voldoen niet meer Behalve leren ook anticiperen: mindful Meer gaan sturen op positieve indicatoren, versterken wat goed gaat Sector overstijgen
3 Een nieuwe fase in veiligheidsdenken Bron: TNO, Groeneweg 2010
4 Elementen resilient risk management Enkele visies: Hollnagel: Vier vermogens Gifun: High reliable resilient risk management Jackson: Architecting resilience Weick: Mindfulness, 5 kwaliteiten van HRO CERT: Resilience management model (security/business continuity)
5 Hollnagel: vier vermogens voor resilience Bron: Hollnagel, 2008
6 Jackson: framework for resilience Measure System resilience Metrics Can be threatened by Is enabled by Is enabled by Is enabled by Can be threatened by Determines improvements in Infrastructure Capabilities Culture Disruptions Is enhanced by include include Can be mitigated by Managerial capabilities Is enhanced by Technical Capabilities include include include include include include Managerial oversight Governance Risk Management Cultural initiatives Analytic Methods Holistic Methods Bron: Jackson 2010
7 Gifun: waarden die resilience vormen High Reliable resilient organization Culture Risk management Governance Safety Planning & preparation Objectives& Strategic Direction Analysis Testing & acceptance Solution design Maintenance Implementation Emergency & Incident response & business recovery Organizational learning & quality improvement Flexibility Internal practices Policies, Rules& operation procedures Decision making process Communication Bron: Gifun 2010 Monetary and no monetary support
8 strategic define Organizational drivers influence align with Risk assumption & tolerances inform Resilience goals & objectives establish Resilience requirements High value Business/ services Protection strategies define define Sustainment strategies define Growing strategies influences influences influences Protection controls Sustainment controls Developing abilities define applied to applied to adjust functioning People Facilities Technology Information tactical Manage conditions Manage consequences of risk Enables growth Bron: bewerking CERT 2010
9 Kenmerken RRM Aspecten Jackson Gifun Weick Hollnagel Structuur Infrastructuur Governance Resources Risk management Risk management Cultuur Culture Culture Culture Culture Vermogens Managerial Mindfulness Learning Monitoring Responding Anticipation Technical Fasen Reactief, integrerend, proactief
Resilience? Bronnen risico management structuur beschermen lerende organisatie leren reageren actueel feiten potentieel kritisch anticiperen resilience groeien aanpassen opbrengsten genereren monitoren cultuur Veiligheids ruimte duurzaam ontwikkelen continuïteit Bron: TNO 2010
11 Voorbeeld anticiperen op organisatieniveau Element Guiding question Effort How large an effort does the organization put into what may happen in the near future? Time horizon Has been made explicit how far ahead the organization does plan? Frequency Expertise Aetiology Model Communication Acceptability Culture Management How often are future threats and opportunities assessed? Is made explicit and organized the right kind of expertise relied upon to look into the future? (In-house, outsourced) Have the assumed nature of future threats been stated? Has the company a model to make sense of developments, threats etc. made explicit? Qualitative or quantitative? How are the expectations about future events communicated or shared within the organization? Is clear which risks are considered acceptable and which unacceptable? On what basis? Is organization open for receiving relevant signals to learn from Is plan for anticipation of risk and opportunities periodically updated?
12 Voorbeeld anticiperen op teamniveau Element Situational awareness Early warning Mindfulness, sensitivity Use of different sources of information Transformational leadership Listen in communication channels Team of teams coordination and communication Talk free about anticipated problems Spotting potential trouble is rewarded Diverse knowledge
Resilience analysis grid 13
14 Schade beperken of sterkte benutten? Resilience risk management: Visie en ambitie gericht op toekomst Managet variabiliteit Ondersteunt aanpassingsvermogen Richt zich op positieve kenmerken functioneren organisatie Teams en individuele competenties versterken Maakt gebruik van sterke eigenschappen mens
15
Doet u mee? http://www.resilience-innovationlab.org/