For ports, "resilience" can be achieved by formulating, implementing, and monitoring a well-executed Enterprise Risk Management (ERM) strategy and procedure. ERM allows for resilience-building to be viewed as a strategic desired outcome for the port; it is framed as an opportunity for ports and an enabler for competitiveness, re-shaping, growth and strength (Bell G., 2020). It determines thresholds for resilience-building measures, while concurrently assessing extreme exposures and impacts and determining priority areas. ERM ensures consistency in decision-making processes, enabling organizations to understand better the acceptable level of vulnerability and options relating to preventive and corrective treatments and controls.
Port resilience-building efforts must be linked to the port's core values and mission. A combination of risk management and resilience-building tools enables ports to achieve a fully integrated understanding of organizational exposure, preparedness, absorption and the response capacity required to reduce the likelihood and impact of potential and actual disruptions. In this context, ERM acts as a common ground and integrator for other tools and instruments, e.g. business continuity and scenario planning.
Ports should not take false assurance from aspirational response plans that (often) do not specify how suitable arrangements will be implemented. For example, a response plan can be disconnected from relevant risks, risk appetite and tolerances, and crisis management arrangements do not adequately handle processes related to required information flow and decision-making. In other cases, the workforce is not sufficiently well trained and has limited practice, and therefore is not crisis ready. Thus, often the management system required to sustain and provide relevant human and financial resources for resilience-building can be inadequate. With appropriate response plans, disruption impacts can be minimized. This requires, however, a well-trained workforce and teams operating via connected and well-thought-through plans. Inadequate communications across a coordinated resilience framework have compromised the actions of many organizations, causing them to ditch poorly prepared plans. Furthermore, collaboration is crucial to overcoming silo perspectives among business continuity, crisis management, and other risk management practices.
As a result, disruption impacts can be minimized when a major disruption event, e.g. the COVID-19 pandemic, occurs. This can only be addressed by a well-trained workforce and teams operating via connected and well-thought-through plans. Inadequate communications across a coordinated resilience framework have compromised the actions of many organizations, causing them to ditch poorly prepared plans. Furthermore, collaboration is crucial to overcoming silo perspectives among business continuity, crisis management, and other risk management practices.
ERM integrates different risks (e.g. financial, reputational, etc.) and ensures that resilience-building activities keep port organizational resilience capabilities within its risk appetite and tolerance levels. Hopkin, P. (2018) described ERM as encompassing the following activities:
- Prioritize port risks and exposure and manage these as interrelated risk portfolios rather than individual "silos" of risk.
- Assess the risk portfolio and consider internal and external contextual factors and stakeholders.
- Analyze individual risks across the port and recognizing their interlinkages. Recognize that these can create a combined exposure that differs from the sum of the individual risks.
- Pursue a structured process for the management of all risks.
- Mainstream risk management in the port's critical decisions.
- Identify acceptable risks to achieve the port's strategic objectives.
- Ensure communications to foster a common understanding of risks and their importance.
- Support internal audit activities, when applicable, and provide a structure for the provision of risk assurance to the Board and the Audit Committee.
- Consider effective management of risks as a competitive advantage that contributes to achieving business and strategic objectives.
Implementing a fully functioning ERM programme is a significant undertaking involving all relevant port stakeholders, including third parties. The time required to implement an ERM programme depends on various factors, including:
- Existing risk management efforts upon which to build.
- Commitment on the part of senior management. The greater its commitment and involvement, the more likely it will give prioritize the programme.
- Size and complexity of the port, including its terminals, hinterland and seaside connections
- Available resources, including financial and human resources.
The following steps enable effective ERM:
- Engage senior management and the Board to provide organizational support and resources.
- Establish an independent ERM function reporting directly to the Board/authority.
- Set up the risk governance structure at senior management/Board levels, supported by internal audit, as deemed appropriate.
- Develop the ERM framework that incorporates an appropriate risk classification system.
- Promote a risk awareness culture fostered by a common language, training and education.
- Provide written procedures with a clear statement of the port's risk appetite.
- Agree on a monitoring and reporting mechanism against established objectives for risk management.
- Undertake risk assessments to identify accumulations and interdependencies of risk.
- Integrate ERM into relevant strategic planning, business processes, and operational success.
- Track and measure benefits achieved by ERM.
27 See Hopkin, P. 2018.