1. Enterprise Risk Management

2. www.liikennevirasto.fi What has been done regarding risk management in the past ● Agency level safety an security issues have been led by a top level group ● Data security security issues have been handled somewhat separately ● Risks have been systematically identified ● Responsibilities have been defined ● Control measures have been planned ● Analysis and reporting is done regularly ● We still have vulnerabilities that are not in sufficient control The Finnish Transport Agency 2

3. www.liikennevirasto.fi What is being done now (1/2) New classification of risks ● Strategic risks ● Safety risks ● Process risks ● Project risks ● Financial risks ● Personnel risks ● Operational risks ● Data security risks ● Legal risks The Finnish Transport Agency 3

4. www.liikennevirasto.fi What is being done now (2/2) ● New top level group to lead safety and security issues ● Development of FTA’s Integrated Management System ● Integration of all safety, security and risk issues into the management process ● Contracts with key partners from the industry ● Identification of key focuses (eg. extreme weather, cyber, installations, etc.) ● Plans prepared for exceptional situations in advance ● Definition of acceptable risk levels The Finnish Transport Agency 4

5. www.liikennevirasto.fi Safety and security management vs. risk management The objective of safety and security management -> minimize threats and negative impacts on people, the environment and property The objective of risk management -> to keep business running The Finnish Transport Agency 5

6. www.liikennevirasto.fi Thank you for your attention! Jan Juslén Director, Research and Development Programs Finnish Transport Agency jan.juslen@fta.fi The Finnish Transport Agency 6