Edinburgh 12th March 2009 CIPFA Better Governance Forum Dr David Hancock MBA Public Sector Risk Manager of the Year 2008/09
Agenda <ul><li>Risk Fundamentals </li></ul><ul><li>Challenges and lessons </li></ul><ul><li>Advanced behavioural and strategic risk management </li></ul><ul><li>Potential role for internal audit and risk management </li></ul><ul><li>Links to project management </li></ul>
What is meant by a Risk? “ The uncertainty of outcome, whether positive or negative threat, of actions and events. It is the combination of likelihood and impact, including perceived importance.” (HM Treasury, The Orange Book, 2004) A statistical inevitability?
Evaluating A Risk <ul><li>Likelihood </li></ul><ul><li>The chance that the risk may actually be realised, (occur), sometimes called probability </li></ul><ul><li>Impact </li></ul><ul><li>The effect that the risk being realised would have on the Objectives, sometimes called consequence </li></ul>
Scoring and Traffic Light Notation L I K 5 E L I 4 H O O 3 D 2 1 1 2 3 4 5 SEVERITY LDA Legal Impact 1 Improvement notice 2 Prohibition notice. 3 Prosecution with fine. 4 Directors charged with Corporate killing, fraud etc.. 5 Directors charged with Corporate killing, fraud etc.. LDA Reputation Impact 1 No press coverage 2 Minor, local reputation damage. 3 Major, local reputation damage. 4 National adverse media coverage. 5 International adverse media coverage Financial 1 £ thousands 2 £ tens of 3 £ hundreds of 4 £ Millions 5 £ tens of millions thousands thousands Descriptor 1 Improbable 2 Unlikely 3 Less likely than not 4 Likely 5 Probable Likelihood Descriptor 1 Minor 2 Moderate 3 Significant 4 Substantial 5 Catastrophic Impact LDA Output Targets 1 Exactly meets targets 2 Significantly meets targets 3 Meets 50% of targets 4 partially meets targets 5 Does not meet targets Health & Safety 1 Negligible injuries 2 Minor injuries 3 Major injuries 4 Single fatality 5 Multiple fatalities Schedule 1 Day 2 Week 3 Month 4 Year 5 Years
The Risk Process Set Objectives Monitor the risks Report movement of the risk Identify Threats and Opportunities to Objectives Assess the risks associated with each threat and opportunity ( Inherent ) and map exposure (PxC) Consider actions to manage risk terminate, tolerate, treat, transfer Reassess the risk ( Residual ) and remap (PxC) in light of actions in place
Response to risk… the 4 Ts Terminate – Do things differently and thus remove the risk Tolerate – Nothing can be done at a reasonable cost to mitigate the risk or the likelihood and impact are at a reasonable level Treat – Take action to control the risk either by reducing the likelihood of the risk developing or limiting the impact it will have on the project Transfer – Some of the financial risk may be transferable via insurance or contractual arrangements or accepted by third parties
<ul><li>General Project Delivery Trends </li></ul><ul><li>Increased complexity of solutions </li></ul><ul><li>Projects solved and delivered through diverse teams </li></ul><ul><li>Increased relationships/partnerships </li></ul><ul><li>Increased societal interaction </li></ul><ul><li>Increased interaction with ‘non experts’ ( General Public ) </li></ul><ul><li>Increased political involvement </li></ul><ul><li>Higher customer expectation </li></ul><ul><li>Increased expectations of performance </li></ul><ul><li>Increased informed risk taking </li></ul><ul><li>Increased media attention </li></ul>What are the Particular Challenges
The performance management framework has moved to a process of negotiation which is changing the relationship and the dynamic between central and local government. Central government has responded by attempting to adopt a more citizen-focussed and community-centred approach to public policy. ‘ Challenging perspectives’ - NLGN What are the Particular Challenges
Scottish Government and COSLA Concordat - 2007 <ul><li>In conclusion this package, which to be considered as a whole, is both ambitious and ground-breaking. It represents a fundamental shift in the relationship between the Scottish Government and local government, based on mutual respect. Under the terms of this new partnership, the Scottish Government will set the direction of policy and the over-arching outcomes that the public sector in Scotland will be expected to achieve. The Scottish Government’s intention is to stand back from micro-managing that delivery, thus reducing bureaucracy and freeing up local authorities and their partners to get on with the job. </li></ul>
What are the Particular Challenges National performance framework
<ul><li>What about Single Outcome Agreements, Community Planning Partnerships </li></ul><ul><li>The use of Local Partnership Agreements and Local Outcome Agreements for delivering local solutions? </li></ul><ul><li>How do we manage increased public involvement in strategy and delivery? </li></ul><ul><li>How do we manage trade offs e.g. Education v Social Services v Housing etc? </li></ul>What are the Particular Challenges
<ul><li>What are the risks involved with delivery in partnership with the private and voluntary sectors? </li></ul><ul><li>What does ‘acceptable’ mean for outcomes and who chooses? </li></ul><ul><li>Reduction in ring-fenced funding </li></ul><ul><li>What about reputational risk? </li></ul><ul><li>What is the role for our present risk and audit functions in this new delivery mechanism? </li></ul>What are the Particular Challenges
What is Risk? (Advanced) <ul><li>Exists in the future </li></ul><ul><li>There are many possible futures available </li></ul><ul><li>The model is not reality </li></ul><ul><li>“ Recognising the possibility of different outcomes and trying to make sure that activities are directed towards making an acceptable set of outcomes more likely” - CIPFA Treasury discussion paper </li></ul>
Risk Assessment <ul><li>Quantitative </li></ul><ul><ul><li>An attempt to apply meaningful and objective probabilities and subsequently consider and then quantify the potential of such risks in terms of time, cost and quality (Laxtons guide to risk analysis and management) </li></ul></ul><ul><li>Qualitative </li></ul><ul><ul><li>Involves the registration of the identified risks, by ‘experts’ in a formal manner using subjective probabilities. </li></ul></ul><ul><li>Selection of stakeholders is critical to its success. </li></ul><ul><li>Need to take into consideration Group Dynamics. </li></ul><ul><li>Also used to identify Opportunities </li></ul>
Two Types of Uncertainty <ul><li>Aleatoric uncertainty - is "unknowable", that is, we can't obtain observations, which would help reducing that uncertainty. </li></ul><ul><li>Epistemic uncertainty is - "unknown to me" and it is possible to obtain observations which help to reduce that uncertainty </li></ul>Known Knowns, Known Unknowns Unknown Unknowns
Problem Solving Problem Solution Time since beginning Gather Data Analyse Data Formulate Solution Implement Solution “ TAME” Problems can be solved by linear or “waterfall” process
<ul><li>Clusters of interrelated or interdependent problems </li></ul><ul><li>Messes (Ackoff 1970) </li></ul>Systems Complexity
“ MESSES” meet the following criteria: Organisational Complexity - clusters of interrelated or interdependent problems, or systems of problems. Messes are puzzles; rather than solving them we resolve their complexities. Cannot be solved in relative isolation from one another .
<ul><li>Conflicting social ethics and beliefs </li></ul><ul><li>‘ Wickedness’ (Rittel & Webber 1973) </li></ul>Behavioural Complexity
“ WICKED PROBLEMS ” are characterised by: An evolving set of interlocking issues and constraints - no definitive statement of the problem (no understanding of the problem until the solution has been developed). Many stakeholders - the problem solving process is fundamentally social (getting the right answer is not as important as having stakeholders accept the solution). The constraints (resources, politics) change with time - stakeholders come and go, change their minds or change the rules. Since there is no definitive Problem there is no definitive Solution .
“ WICKED” Problems cannot be solved by linear or “waterfall” process Problem Solution Time since beginning
Wicked Problem Solving Resolving “ WICKED MESSES ” is “ SATISFICING ” (H. Simon 1956) Because of the number of stakeholders, changing constraints and dynamics of the problem, there is no ideal solution-it is “as good as it gets” or “good enough” The Problem solving process ends when resource (time, money energy etc.) runs out! Therefore we need a different approach when handling risk with respect to problems which are not Tame
Wickedness in Government “ The so-called ‘ wicked issues ’ facing government, such as climate change or worklessness and obesity, do not fit neatly into any single government department”. “ Such long term challenges require partnerships between multiple local agencies and actors, as well as a new attitude from the centre”.
Boston Matrix Behavioural Complexity High Low Wicked Wicked Mess Tame Mess Dynamic Systems Complexity High Low Resolution is social/ political/ ethical/ moral/ behavioural Solution is Scientific
PUBLIC AUDIT COMMITTEE CALLS FOR IMPROVED MANAGEMENT OF MAJOR CAPITAL PROJECTS The committee has called on the Scottish Government to ensure that more projects are subject to formal review procedures to ensure that they remain on track and are properly managed. In addition, the committee has asked the Scottish Government to consider how it can make information on the progress of projects more readily available to the public.
Projects and the PMO Concept Appraisal Business Case Approval Investment Decision Monitoring A C D E B Evaluation & Closure <ul><li>Early visibility of projects entering the pipeline </li></ul><ul><li>Early identification of risks </li></ul><ul><li>Early checkpoint assessing project concepts against strategic objectives </li></ul><ul><li>Acceptance / rejection of concepts into a programme </li></ul><ul><li>Provides evidence to justify / decline investment via the chosen procurement route </li></ul><ul><li>Provides evidence to demonstrate whether value for money will be achieved </li></ul><ul><li>Assessment of contract / grant agreement terms against Gateway B tolerances </li></ul><ul><li>Ongoing monitoring of project & programme delivery against budget, outcomes & risk </li></ul><ul><li>Provision of ongoing visibility of corporate performance </li></ul><ul><li>Ensures interim evaluations have been conducted as required by the conditions of Gateways B&C </li></ul><ul><li>Assessment of detailed plans via a strategic & business case </li></ul><ul><li>Detailed assessment of outcomes, value for money, risks, projected budget & evaluation plans </li></ul><ul><li>Provides evidence to justify / decline a progression to contracting </li></ul><ul><li>Sets tolerances for Gateway C </li></ul><ul><li>Assessment of whether the project has been satisfactorily evaluated </li></ul><ul><li>Provides evidence of any outstanding risk / unspent budget before the project is closed </li></ul><ul><li>Ensures projects are closed according to the required process </li></ul>Gateways Confidence Risk
Different categories of risk? Operational/ Factors that may effect meeting the short term Technical objectives of the team Financial/ Legal/ Factors that may effect the efficient use and C ontractual accountability of funding and the impact of constraints on funding factors that may effect the delivery of statutory/regulatory responsibilities Behavioural/ Cultural and behavioural factors that may effect the Cultural/ performance of the team Organisational Strategic Factors that may effect meeting the medium to long term objectives of the team
Any Questions? “ When all you have is a hammer, everything looks like a nail”. Japanese Proverb