Enterprise Risk Management (ERM) plays a vital function in bringing together the various resilience-building approaches and tools, including business continuity planning (BCP), horizon scanning (HS). To ensure that risk management principles are mainstreamed, port authorities and executives at higher levels need to commit and assign ownership and accountability for risk management and resilience. A helpful approach to achieve this is the widely used "RACI matrix" approach, setting out clearly who is Responsible, Accountable, Consulted and Informed.
A starting point is to fully understand the port's current business strategy and operational capabilities and its strengths and weaknesses. To ensure that the port or its situation is well understood from the start, it is important to establish a collaborative team and include experts from within and outside the port ecosystem (e.g. epidemiologists in the case of a pandemic).
Elements required to develop a port risk management programme include the following:
- Clearly defined scope for the programme, including the appropriate involvement of representatives from the hinterland, regional and national governments:
- The governance and the review process around the programme;
- Defined detailed roles and responsibilities; and
- Clear activity phases.
Determining the scope of port risk management activities involves:
- Forming a steering group to coordinate efforts;
- Considering, among other factors, which port services/areas to focus on, e.g. a specific terminal operation;
- Identifying processes supporting relevant port service/area. e.g. IT systems, vessel scheduling;
- Coordinating and integrating with other port activities.
A function of port corporate governance is to ensure that appropriate risk management procedures are in place. Setting up a risk governance structure involves:
- Determining the status of port operations and risk management to ensure the proposed approach is feasible, and considering the financial, staff and other resources available;
- Establishing a review, ownership and execution process;
- Identifying specific success criteria;
- Defining who needs to know what and when;
- Setting up the reporting streams; and
- Clarifying how the programme interacts with the rest of the port operations. For example, how the terminal operator interacts with hinterland operators.
When assigning responsibility and distributing tasks, the following considerations may be helpful. Ports need to agree on the risk tools that will be used and by whom. For example, whether the HS activity is to be conducted by the port and who should be involved. The Steering Group should ensure that all activities are appropriately coordinated and prioritized, and that appropriate reporting on progress is provided to senior management.