Reflections from RMIA Risk Award Winner, Mikelis Jaunalksnis

In the lead up to the 2025 Risk Awards, we spoke with a few of the current Risk Award winners about their previous 12 months holding the title as an RMIA Risk Award winner. Today we’ll be sharing the responses from Mikelis Jaunalksnis, winner of Most Outstanding Organisational Resilience Response.

 Can you tell us about the project or initiative that earned you this recognition?
The project that earned this recognition was Lake Macquarie City Councils outstanding organisational resilience response to a critical IT outage – third party attack – impacting our customer service centre.
 
In the 12 months prior, our newly formed Integrity and Risk Team that combined the disciplines of Risk, Governance, and Business Continuity had been focussing on risk management maturity. A component of this work included a focus on strengthening our business continuity capability through a forward program of quarterly organisation-wide business continuity exercises, and a dedicated focus on ensuring the currency and relevance of plans and establishing greater ‘bench strength’ in our teams to deal with protracted events.
 
On the back of the building the policy, frameworks updated BCPs as well as training, stress testing and continuous improvement, our response was excellent as far as the minimal impact to customers, management of a complex outage and the coordination between key players.
 
What inspired you to pursue this particular risk management approach or strategy?
I am inspired by our commitment to serve our community, and particularly when they need us most, and like anything - capability grows when you put the reps in.
 
This commitment to our community – our customers - really provided the drive to lean into an aggressive exercise schedule and encourage as much participation as possible across the business.
Our leaders wanted to be prepared when participating in exercises with their peers so it drove them to make sure their plans were fit for purpose, and the debriefing of exercises and transparency of actions provided the continuous improvement cycle.
 
Aligning our approach with our risk appetites allowed for consistent prioritisation that focused on the safety and wellbeing of our people first and foremost. With that being achieved and as an organisation we have our ‘mask on first’, we are able to support emergency response, deliver critical services to the community, protect assets and navigate the complex situation.
 
Can you share any specific risk management techniques or methodologies that were particularly effective in this case?
The general approach was based on the principles in the standard of Plan Do Check Act.
 
Having a genuine commitment and top level buy in to develop the framework and plans then apply the rigours of quarterly simulations that sought to engaging, complex and diverse tested many aspects of our plans and sought to identify vulnerabilities that could be strengthened.
 
This has been possible through identifying business continuity as a top strategic risk, and therefore having clear lines of Executive ownership and oversight, that is complimented with regular risk deep-dives that help us monitor context shifts, changes to key drivers, control effectiveness and improvement opportunities.
 
The combination of Executive ownership of BCP and the Integrity and Risk team functioning across the business from its place in the CEOs office. Being independent of other organisational structures has given good perspective and reach of this second-line function.
 
Our approach implicitly embraces the OODA loop that gives an intuitive way to navigate rapidly changing events. When combined with clear objectives and decision making at the right levels, we are able to coordinate a response quickly and smoothly.
 
How do you measure the success of your risk management strategies, and what metrics or indicators did you use in this instance?
We use a “Resilience Scorecard’ to maintain oversight of our BCP currency, training and participation in exercises. This is reported on to our Business Continuity and Resilience Team and Executive team, as well as being available to everyone on our Intranet.
 
The most important measure, however, is the effectiveness of our response in live situations.
This has been evident in rapid response and maintenance of business continuity through critical IT outages, COVID-19 pandemic, severe weather events, power outages, and most recently losing the use of our Administrative Centre following a fire.
 
Were there any surprising outcomes or lessons learned from this project that you didn’t anticipate?
The biggest lessons learned were regarding the value of regular simulation exercises. This had the obvious benefits of building muscle memory, familiarity with plans and the continuous improvement as the plans are pressure tested. The surprise was how much the exercises built the key relationships to quickly get the right people in the room when a novel problem presented.