Wednesday, 9 March 2022

Auditor-General

Business Continuity During COVID-19

Dr CUMMING (Western Metropolitan) (17:22): I rise to speak on the report by the Victorian Auditor-General’s Office Business Continuity During COVID-19. A business continuity plan (BCP) is a practical plan for how a business can prepare for and continue to operate during and after an initial incident or crisis. It helps business to identify and prevent or reduce risk where possible and to prepare for risks that cannot be controlled. Never have these plans been more important than over the last two years.

The Auditor-General audited the business continuity arrangements for all eight government departments as well as Cenitex, which provides services to most departments. The most alarming finding from this audit is, and I will quote:

Before the pandemic, most departments’ business continuity arrangements were inadequate. This meant that their response to restoring and maintaining their prioritised services was reactive and less efficient and effective than it could have been.

Their business continuity arrangements were tested in 2018 and 2019, and significant weaknesses were found. However, many of these had not been addressed prior to COVID-19. Luckily their incident management structures enabled them to quickly set up teams and make decisions.

For many years a pandemic has been seen as a state significant risk. In 2019 it was rated as ‘likely to occur’ with ‘severe’ consequences. In 2018 an exercise was run to see what would happen if a significant percentage of the population could not work due to a pandemic. That exercise highlighted opportunities to improve business continuity plans, whole-of-government ICT systems, interagency redeployment and communications between all sectors. Three years later, none of these have been addressed. One of the most important elements of a BCP is the need to understand the services that businesses provide, the importance of those services, how they would be affected by disruption and how the business would respond to that disruption.

Only one department had done this to meet international standards. The report shows huge gaps in training for staff, in meeting international standards, in regular updates and plans and in running exercises.

The recommendations of the Auditor-General have been presented to the departments, and most of them have been accepted. For me, I hope that they do implement the recommendations in a more timely manner than they did when it came to the recommendations that they received in 2018. It would have been great if it was done within this pandemic, but I hope that this government learns from the Auditor-General’s report and does something now while we still are—apparently—in a pandemic.