Add to collection(s) Add to saved
  1. Business
  2. Management

4 MB - Department of Finance

advertisement 
Comcover
COMCOVER CONNECT
2015 I ISSUE 03
From Robert’s desk …
Welcome to Comcover Connect.
During September, I was invited to present
at the Security in Government 2015
conference at the National Convention
Centre in Canberra.
Building a positive risk culture was a key
theme in several presentations. Whether
that involves looking at an entity’s security
risk, or any other category of risk, unless an organisation gets
its culture right, risk will rarely move beyond a ‘tick a box’
approach.
A positive risk culture promotes a proactive approach to
managing risk that looks at threats and opportunities. Getting
the culture right is about making risk management integral to
your daily work.
Defence’s award is not only a game changer but a life saver.
Defence established the Counter Improvised Explosive
Devices (IED) Taskforce, which developed a risk management
methodology to identify and treat the most likely IED threats
in operational environments.
The next issue will include a case study of the other joint
award winner, the Australian Maritime Safety Authority
(AMSA). AMSA’s award is another life-saving example of
risk management. Managing the risk of ore liquefaction
in bulk carriers, one of the largest groups of Australia’s
trading vessels, has been challenging and involves many
stakeholders.
The annual awards are just one element of Comcover’s risk
management services, which also include:
If the culture is right, when challenges emerge, the focus
does not move to blame but to examining the underlying
causes and applying controls to lessen the impact of that
risk in the future. Blame is replaced with identification,
investigation, mitigation and learning.
• the annual benchmarking programme (see pages 6-7)
Results from Comcover’s benchmarking programme this year
show 60 per cent of entities rated themselves between
Fundamental and Systematic against element five Developing a positive risk culture. However, more than a third
(38 per cent) of those entities aspired to be more mature than
they were, a positive signal that they are aware more needs to
be done.
• support for entities through tailor-made projects and
developing better practice guidance material on risk
management.
It is therefore appropriate that the topic of our next Comcover
seminar is: The challenges of building a positive risk culture
in your organisation – myths and realities. The seminar is on
8 October 2015 at the National Portrait Gallery of Australia.
I encourage you and your colleagues to attend and learn
more about strategies you may be able to draw on to build a
positive risk culture in your entity.
This issue highlights a great example of a positive risk
culture. It includes a case study of the Department of Defence
(see pages 2-4), which was a winner at the 2014 Comcover
Risk Management Awards for Excellence.
Comcover, the Australian Government’s selfmanaged insurance fund, provides insurance and
risk management services to the government
sector. Comcover was established in 1998 and is
administered by the Department of Finance.
• training and education services—including e-learning
courses and a dedicated course for the Senior Executive
Service of the public sector, developed in collaboration with
the Australian Public Service Commission
Also in this issue, we examine the steps Comcover is taking
to counter cyber security threats (see page 4). In the face of
growing cyber attacks, and the costs they entail, attention
is turning to insurance as a tool for understanding and
quantifying the risk.
We are working with experts to assess and improve the
cyber cover available to Fund Members. Cyber risk can
have very expensive consequences, including reputational
damage and loss of confidence from stakeholders. That’s why
risk management and having a positive risk culture are so
important.
Finally, I have been asked to present at the Risk Management
Institution of Australasia’s annual conference on
11-13 November in Adelaide, which I am looking forward to.
Attending for the first time last year, I found the conference
a great opportunity to promote learning and foster creative
thinking. If you are attending, feel free to catch up with me at
the conference.
Happy reading.
Robert Antich | Assistant Secretary
Risk, Insurance and Special Claims (Comcover)
Department of Finance
W: www.comcover.com.au E: comcover@comcover.com.au
T: 1800 651 540
COMCOVER CONNECT
2014 Comcover Risk Management Awards for Excellence
Winner – Department of Defence
Improvised explosive devices (IEDs) are often the weapon of choice for insurgents and terrorists.
They are an unconventional explosive weapon that can take
any form, be activated in many ways, and target soldiers and
civilians alike.
To combat IEDs, the Department of Defence – Army developed
a highly agile decision-making process that integrates
risk management into critical thinking, assessments and
planning. The process saw Defence win an award in the
risk initiative category at the 2014 Comcover Awards for
Excellence.
Defence established a special Counter IED Taskforce within
the Australian Defence Force (ADF), which developed a risk
management methodology to identify and treat the most likely
IED threats in operational environments. It also implemented
a predictive risk assessment model to enhance and tailor its
IED risk management. That removed adversaries’ reliance on
strategic surprise and allowed a tactical approach to evolve
and adapt to meet changing and advancing threats.
Defence’s approach is recognised as global best practice by
Australia’s allies and has reduced military casualties from
IED events.
In combating the IED risk, Defence identified several issues,
including:
• the need for greater access to global IED data to support
evidence-based decision making
• supporting operational requirements through well-informed
intelligence on IED threats
• expanding the capacity to recover and exploit IED-related
materials for useable intelligence.
The taskforce, comprising personnel from Defence groups and
the Australian intelligence community, developed a CounterThreat Functions Approach (CTFA) to improve the focus on
assessing, predicting and treating future IED threats.
Previously, the best practice approach to countering IEDs was
continual evolution to enhance and tailor risk management,
based on a retrospective, rather than predictive, risk
assessment model.
CTFA uses the previous retrospective analysis but has a
greater focus on assessing, predicting and appropriately
treating future IED threats.
CTFA shifts the risk management focus from specifics (what
adversaries have done) to broader scenarios that consider
what adversaries may do globally, including likelihood ratings.
The approach is being used to significantly enhance training
activities across the three services, and by Joint Operations
Command to help plan and deploy operations.
CTFA allows commanders to quickly harness all possible
measures available and make informed decisions on
protecting their forces and attacking adversaries’ IED systems
and networks.
Assess, predict and treat
The enormous range of IED threats and tactical
considerations mean only a limited range of measures can
be practically applied in any scenario. Risk management
principles therefore focus efforts on assessing, predicting and
appropriately treating future threats.
CTFA supports all elements of the taskforce’s operational
2 | COMCOVER CONNECT
business. Historic inputs to the risk assessment are retained
and the model presents risk management outputs consistent
with ADF’s operational risk management methodology.
That ensures counter-IED risk assessment outcomes can be
easily integrated with risk assessments of other operational
threats. Commanders at all levels are fully informed and
equipped to manage and address all their risks.
Engaging CTFA in operational mission planning and attaching
IED experts to deployed forces have enabled ongoing and
timely risk management in operational areas.
Intelligent intelligence
At the heart of any responsive and defendable risk
management approach is a robust understanding of the
threat environment and readily available, relevant, verified
data. The knowledge must be accurate and immediate. Input
from experts, experienced operatives and on-the-ground
intelligence is critical.
To ensure CTFA’s ongoing effectiveness, a related Australian
initiative is underscoring efforts to ensure threat environment
data from operational deployment areas is available globally.
ADF has developed and is trialling Project Axon, through
which participating nations exchange and share IED event
data in a standardised format. That means data is easy to
search, share and use for various assessment processes,
underscoring more coordinated and targeted international
efforts to counter IED risks.
After the trial, Project Axon will eventually be transferred to
an international body such as the United Nations or Interpol.
International endorsement
CTFA has been recognised by Australia’s closest military allies
and partners as global best practice in counter IED risk
methodology.
However, the initiative is not without challenges. Project
Axon’s global exchange of IED data has been testing, mostly
because of national data classification restrictions and
cultural resistance to sharing sensitive information.
The taskforce presented CTFA to an Australia, United States,
United Kingdom, Canada and New Zealand Counter IED
working group and secured agreement to adopt it as the
standardised counter IED risk mitigation model.
Combatting IEDs on a global scale
The brief was simple – save soldiers’ lives.
The Australian Defence Force’s (ADF) Counter Improvised
Explosive Devices (IED) Taskforce was established in 2006
with that key goal in mind.
Taskforce member Lieutenant Colonel Craig Jolly, in an
interview with Comcover Connect, described the IED problem
as being ‘like a medical pandemic. The only way to combat it
is on a global scale’.
The genesis of the Counter-Threat Functions Approach (CTFA)
was at a counter IED conference in New Zealand when taskforce
members were ‘chewing over the idea’ of how to achieve their
goal. It was an Australian idea, but with input from New Zealand,
Canadian and United Kingdom Defence personnel.
An initial, simple diagram evolved into the more complex, yet
highly effective, CTFA.
It starts with intelligence, which Lieutenant Colonel Jolly
describes as the ‘fuel’ for CTFA. ‘There is more information
than you can deal with. It needs to be filtered down into
what’s important and what’s rubbish.’
Once filtered through the intelligence process, the counter IED
assessment (risk analysis) identifies critical vulnerabilities,
both friendly and enemy. To continue Lieutenant Colonel
Jolly’s analogy, the assessment process is the engine. ‘It
drives everything that happens in the counter- IED area and
it’s new. It’s a big change from what we were doing before,’ he
told Comcover Connect.
Efficient risk assessment enables the taskforce to predict
some events and therefore take action to prevent them from
occurring. Action can be at a whole-of-government level,
for example imposing sanctions on shipping, advising other
nations of knowledge gained, or it can be at ‘the pointy end’—
direct ‘kinetic actions’ against IED networks in war zones.
‘If we can’t attack the network, we can look at new equipment
or training or R&D to develop a new “thing” to mitigate the
risk,’ Lieutenant Colonel Jolly said. ‘Technology we have
developed means we have not lost lives in situations where
other nations have.’
The taskforce is now focused on sharing its information with
partners. While there are ‘lots of walls’ with classified
information, there is plenty of information that can be shared
globally.
Project Axon is one tool the ADF has developed, in conjunction
with Interpol and the United Nations. It is an unclassified
IED global information-sharing architecture to break down
barriers and enable information to be shared rapidly and
effectively.
‘You can have all the information in the world, but it must be
searchable and discoverable,’ Lieutenant Colonel Jolly said.
‘We need to be able to exploit it, and share it with partners.’
For example, in Afghanistan, the taskforce went back over
12-18 months of technical intelligence to link seemingly
unrelated events. ‘We could see development paths and
provide advice into the theatre to save troops on the ground.’
Lieutenant Colonel Jolly says ADF also uses the taskforce’s
CTFA model to build partner nation capability. ‘The goal
is to enable nations to assess risk to save lives, be it law
enforcement, military or innocent civilians in their home
environments.
‘We’re continuing with information management and
exchange to develop CTFA more widely and share more
rapidly between nations and departments.’
Selling CTFA was a challenge because it was ‘breaking new
ground’ and forced those using the approach to ‘rethink how
we do business’.
But the benefits were never in doubt. CTFA is saving the lives
of soldiers and civilians.
COMCOVER CONNECT | 3
Cyber security threatens
entities
Cyber security is an existing and developing risk for
Fund Members.
Governments, businesses and individuals worldwide are
experiencing financial, operational and reputational losses
arising from adverse cyber events.
The insurance industry has responded to cyber events by
developing coverage to protect entities from cyber exposures
and encouraging them to mitigate potential exposures.
Comcover provides cyber cover through property and liability
classes in the Statement of Cover for first and third-party
losses. Comcover is also reviewing Fund Members’ potential
exposure to cyber risk to develop a range of insurance options
for them.
The review will consider findings from several concurrent
government cyber projects, including the Department of the
Prime Minister and Cabinet’s Cyber Security Review, which is
scheduled to report to the Prime Minister this year.
Comcover anticipates an enhanced cyber insurance
programme will be available to Fund Members from 1 July
2016.
Inquiries about Comcover’s cyber cover can be directed to
comcover@comcover.com.au.
Using data and analytics
to manage complex risks
Complex risks, such as those identified by
the Counter Improvised Explosive Device
(IED) Taskforce, are affected by many
variables and inputs.
Often the source, relevance and interdependencies of
different data sources will not be readily apparent. In
many cases, a simple estimate of risk likelihood and
consequence will not be adequate to understand the
risks and how they evolve.
The threat posed by IEDs to Australian Defence Force
and allied personnel is a good example. This case
study highlights how significant effort was required
to understand the risk associated with the threat and
how it was evolving. In many cases, when considering
risks of a complex nature, it is necessary to identify,
collect, collate and analyse the data that can provide
insight into the risk.
In many cases the data comes from numerous
sources and can be both forensic (recovery and
exploitation of IED materials) and predictive (analysis
of emerging threats in other contexts).
Sometimes the data exchange is complicated by
stakeholder relationships and constraints to open
sharing. Defence illustrates that, by highlighting
the mutual benefits to all concerned, data sharing
restrictions can be overcome. The mutual benefit
outweighs any perceived risk of making Australian
data available to other participating nations.
4 | COMCOVER CONNECT
Early notification speeds claims management
The roof of the building you work in has just been ripped off by a cyclone.
The car behind you hasn’t braked in time, causing damage to
your government vehicle.
You’ve been notified about the possibility of legal proceedings
being brought against you or your entity.
What do all these scenarios have in common? They can all be
notified to Comcover in accordance with the Statement of Cover.
Notification of a claim, event or loss may initially be recorded
as an incident, which may then become a claim.
Comcover’s Statement of Cover defines a claim as:
• a demand by a third party against a Fund Member for
compensation, or
• a request by a Fund Member for indemnity in accordance
with the entity’s Schedule of Cover and the Statement of
Cover.
Early notification of claims, or events and losses likely to give
rise to claims, is crucial to Comcover’s ability to protect Fund
Members’ interests and minimise subsequent losses.
It is Fund Members’ responsibility, through their insurance
contacts, to advise Comcover of events or losses even if, at the
time of notification, there have been no third-party demands.
It is also Fund Members’ responsibility to notify Comcover
when an incident becomes a claim.
Once Comcover accepts a claim, it assumes responsibility for
managing it, including managing any litigation.
For technical and specialised issues, Comcover engages
firms under Comcover’s Legal Services Parcelling
Arrangement. Using panel providers ensures quality, timely
legal advice from firms with extensive experience in dealing
with Commonwealth entities and reflects value for money.
Throughout a claim’s process, the Fund Member is regularly
updated by phone and email and progress reports are
provided, when necessary, on more complex matters.
An entity’s insurance contact can access claims reports
through the Comcover Launchpad
www.comcoverlaunchpad.com.au.
What to do when an
incident occurs
Take the following steps when a claim is likely to be
made or has been made:
• Contact your entity’s insurance contact, who will
notify Comcover.
• Preserve evidence of the incident (take photos
where relevant). You could also:
- ask staff and contractors who witnessed the
incident to prepare written notes, or
statements, dealing with the facts as observed
by them. Ensure you make no attempt to
attribute blame
- where property is lost or stolen, take
reasonable steps to recover it. Report thefts to
police immediately
- prevent public access to the site where the
incident occurred (or take other actions to
prevent further loss) until it can be visited by an
assessor and made safe.
• If the incident eventuates into a claim, complete
the claim form (found at http://www.finance.gov.
au/comcover/claim-forms.html).
• Provide supporting documentation and
information to Comcover.
• Do not make any statements to possible
claimants or witnesses.
• Do not take any action that could be construed as
an admission of liability.
• Refer all communications about the incident to
Comcover.
For more information, contact your entity’s
insurance contact or your Client Relationship
Manager.
COMCOVER CONNECT | 5
Support risk management capability through benchmarking
The Comcover Risk Management Benchmarking Programme (the Programme) supports the promotion of
better practice risk management in the Commonwealth public sector.
The 2015 Programme was aligned with the Commonwealth
Risk Management Policy (the Policy) and demonstrates
contemporary risk management practice.
The Programme is based on a six-level maturity model
(see Figure 1):
In 2015, 109 entities (70 per cent) achieved risk maturity
levels of Systematic or Integrated, and 33 entities (21 per
cent) achieved Advanced or Optimal maturity.
The results indicate a significant number of entities have risk
management practices that are aligned with the principles
outlined in the Policy (See Figure 2).
In 2015, the Programme measured maturity against the nine
elements of the Policy. The elements where entities excelled
were:
Figure 1: Six-level maturity model
Figure 2: Maturity levels achieved by entities
6 | COMCOVER CONNECT
• Element 1 – Establishing a risk management policy
• Element 4 – Embedding systematic risk management into
business processes
• Element 3 – Defining responsibility for managing risk.
It is encouraging to see that the principles, processes
and application of risk management are generally well
established across the Commonwealth.
However, there is still room for improvement. The elements
entities found most challenging included:
• Element 5 – Developing a positive risk culture
• Element 7 – Understanding and managing shared risk
• Element 8 – Maintaining risk management capability.
Those elements traditionally take more time to establish
within entities.
The diagram (below) shows further insights into the results for the highest and lowest performing elements.
Next steps – what your entity can do
Benchmarking your entity’s risk management framework
and capability provides an opportunity to review and measure
how successfully risk management has been integrated into
business operations from an enterprise-wide perspective.
The Programme identifies areas for improvement. To
maximise your entity’s benefits from participating in
the Programme, you may wish to implement some of
the following suggestions to improve your entity’s risk
management capability:
• Conduct a gap analysis of your entity’s current and target
maturity levels to identify opportunities for improving your
entity’s risk maturity and help prioritise resource allocation
to build risk management capability.
• Use the Benchmarking Interactive Reporting Tool on the
Comcover Launchpad to conduct a customised analysis of
your entity’s results. The tool identifies top performers and
enables comparisons using organisational metrics.
• Compare results with community of practice and self-select
groups. Identify and talk to other high-performing entities
on risk management approaches.
• Provide your entity’s results to senior management
and committees (such as audit and risk) to facilitate
conversations about your entity’s risk management
capability.
If your executive, audit or risk committee would like to
discuss your entity’s results further, contact Comcover by
phone 1800 651 540 (option 4) or email
comcover@comcover.com.au.
COMCOVER CONNECT | 7
2015-16 Statement of Cover
Comcover reviews the Statement of Cover annually to
ensure it comprehensively covers the large variety of
risk exposures faced by Fund Members.
The review’s focus is to:
• ensure the cover is up to date with current insurance trends
• clarify any areas Fund Members may have found confusing
• remove the need for Fund Members to obtain cover outside
Comcover, where possible.
This year Comcover has made the Statement of Cover more
user friendly and removed ambiguity or confusion with some
elements of the cover.
Other changes have extended and better clarified the cover
available. The changes include:
• Travel outside country – Comcover has removed the
exclusion for medical cover for any condition for which a
claimant had seen a medical practitioner 30 days before
a trip. Comcover now excludes cover only if a claimant
was considered unfit to travel or travelled against medical
advice.
• Travel inside country – the cover has been extended to
include loss of money.
• Expatriates – the pre-existing condition exclusion has been
expanded to include pregnancy as a pre-existing condition.
• Corruption of computer data – cover has been extended
by restricting the general exclusion to apply only when
someone erases or changes data.
For more information about the Statement of Cover, visit the
Comcover website, www.finance.gov.au/comcover/insurance,
or contact your Comcover Relationship Manager.
Events calendar
Senior Executive Programme –
Discussion Forum – 8 October
October
Seminar Series – Building
Organisational Culture – 8 October
Education – Business Continuity
Management – 16 October
November
December
Senior Executive Programme –
Workshop – 18 November
Employment Practices Claims
Session – 18 November
Education – Risk Management
Fundamentals – 4 December
2015 RMIA conference
When members of the Risk Management Institution
of Australasia (RMIA) meet at their annual
conference in Adelaide in November, they will hear
from an array of Commonwealth speakers.
Robert Antich, Assistant Secretary, Risk Insurance and
Special Claims, Department of Finance, will speak on
defining an organisation’s appetite for risk and building an
appropriate risk culture (see page 1).
A representative from the Department of the Prime Minister
and Cabinet will outline the Australian Government’s Cyber
Security Review.
Representatives from the Department of Defence and the
Australian Maritime Safety Authority will detail the projects
that saw their entities win Comcover Awards for Excellence in
Risk Management.
RMIA’s annual conference is on 11-13 November 2015 at the
Adelaide Oval. For more information, go to
www.rmiaconference.com.au.
To learn more about how to access Comcover’s services, email comcover@comcover.com.au or call 1800 651 540.
Disclaimer: Comcover Connect provides general information for the benefit of Fund Members. Comcover does not guarantee, nor accept legal liability arising from or
connected to, the accuracy, reliability, currency or completeness of any material contained in Comcover Connect. Fund Members are asked to evaluate the accuracy,
currency, completeness and relevance of the material this newsletter contains for their purposes. Comcover Connect is not a substitute for independent professional
advice and Fund Members should obtain appropriate professional advice relevant to their particular circumstances.
8 | COMCOVER CONNECT
Related documents
Tidita Abdurrahmani, Director, Institute for Educational
Tidita Abdurrahmani, Director, Institute for Educational
Notes
Notes
Substantial Change - Derry City & Strabane Council
Substantial Change - Derry City & Strabane Council
Activity 3.1 Linear Measurement Introduction
Activity 3.1 Linear Measurement Introduction
View session overview, activities and output
View session overview, activities and output
Ground Sign Awareness Lesson Plan
Ground Sign Awareness Lesson Plan
solving national security challenges with information technology by
solving national security challenges with information technology by
Download
advertisement