Fundamentals Of Risk Management


Published on

What it says on the tin

Published in: Business, Economy & Finance

Fundamentals Of Risk Management

  1. 1. What is risk management and why is it important? Earls Court Exhibition Centre 14th January 2009 Dr David Hancock MBA Public Sector Risk Manager of the Year 2008/09
  2. 2. Agenda <ul><li>Understanding public sector risk management </li></ul><ul><li>What are the particular challenges? </li></ul><ul><li>What does a successful risk management programme look like? </li></ul><ul><li>What is the difference between operational and strategic risk? </li></ul>
  3. 3. What is meant by a Risk? “ The uncertainty of outcome, whether positive or negative threat, of actions and events. It is the combination of likelihood and impact, including perceived importance.” (HM Treasury, The Orange Book, 2004) A statistical certainty?
  4. 4. Evaluating A Risk <ul><li>Likelihood </li></ul><ul><li>The chance that the risk may actually be realised, (occur), sometimes called probability </li></ul><ul><li>Impact </li></ul><ul><li>The effect that the risk being realised would have on the Objectives, sometimes called consequence </li></ul>
  5. 5. Scoring and Traffic Light Notation L I K 5 E L I 4 H O O 3 D 2 1 1 2 3 4 5 SEVERITY LDA Legal Impact 1 Improvement notice 2 Prohibition notice. 3 Prosecution with fine. 4 Directors charged with Corporate killing, fraud etc.. 5 Directors charged with Corporate killing, fraud etc.. LDA Reputation Impact 1 No press coverage 2 Minor, local reputation damage. 3 Major, local reputation damage. 4 National adverse media coverage. 5 International adverse media coverage Financial 1 £ thousands 2 £ tens of 3 £ hundreds of 4 £ Millions 5 £ tens of millions thousands thousands Descriptor 1 Improbable 2 Unlikely 3 Less likely than not 4 Likely 5 Probable Likelihood Descriptor 1 Minor 2 Moderate 3 Significant 4 Substantial 5 Catastrophic Impact LDA Output Targets 1 Exactly meets targets 2 Significantly meets targets 3 Meets 50% of targets 4 partially meets targets 5 Does not meet targets Health & Safety 1 Negligible injuries 2 Minor injuries 3 Major injuries 4 Single fatality 5 Multiple fatalities Schedule 1 Day 2 Week 3 Month 4 Year 5 Years
  6. 6. The Risk Process Set Objectives Monitor the risks Report movement of the risk Identify Threats and Opportunities to Objectives Assess the risks associated with each threat and opportunity ( Inherent ) and map exposure (PxC) Consider actions to manage risk terminate, tolerate, treat, transfer Reassess the risk ( Residual ) and remap (PxC) in light of actions in place
  7. 7. Response to risk… the 4 Ts Terminate – Do things differently and thus remove the risk Tolerate – Nothing can be done at a reasonable cost to mitigate the risk or the likelihood and impact are at a reasonable level Treat – Take action to control the risk either by reducing the likelihood of the risk developing or limiting the impact it will have on the project Transfer – Some of the financial risk may be transferable via insurance or contractual arrangements or accepted by third parties
  8. 8. Risk and Opportunity
  9. 9. Risk Assessment <ul><li>Quantitative </li></ul><ul><ul><li>An attempt to apply meaningful and objective probabilities and subsequently consider and then quantify the potential of such risks in terms of time, cost and quality (Laxtons guide to risk analysis and management) </li></ul></ul><ul><li>Qualitative </li></ul><ul><ul><li>Involves the registration of the identified risks, by ‘experts’ in a formal manner using subjective probabilities. </li></ul></ul><ul><li>Selection of stakeholders is critical to its success. </li></ul><ul><li>Need to take into consideration Group Dynamics. </li></ul><ul><li>Also used to identify Opportunities </li></ul>
  10. 10. What is Risk? (Part 2) <ul><li>Exists in the future </li></ul><ul><li>There are many possible futures available </li></ul><ul><li>The model is not reality </li></ul><ul><li>“ Recognising the possibility of different outcomes and trying to make sure that activities are directed towards making an acceptable set of outcomes more likely” - CIPFA Treasury discussion paper </li></ul>
  11. 11. Understanding what is meant by project success is crucial
  12. 12. <ul><li>General Project Delivery Trends </li></ul><ul><li>Increased complexity of solutions </li></ul><ul><li>Projects solved and delivered through diverse teams </li></ul><ul><li>Increased relationships/partnerships </li></ul><ul><li>Increased societal interaction </li></ul><ul><li>Increased interaction with ‘non experts’ (General Public) </li></ul><ul><li>Increased political involvement </li></ul><ul><li>Higher customer expectation </li></ul><ul><li>Increased expectations of performance </li></ul><ul><li>Increased informed risk taking </li></ul>What are the particular challenges?
  13. 13. What are the particular challenges? <ul><li>What does ‘acceptable’ mean and who chooses? </li></ul><ul><li>What about Local Strategic Partnerships, Local Area Agreements and Comprehensive Area Assessments for delivering local solutions? </li></ul><ul><li>How do we manage trade offs e.g. Education v Social Services v Housing etc? </li></ul><ul><li>What about reputational risk? </li></ul><ul><li>How do we manage increased public involvement in strategy and delivery? </li></ul>
  14. 14. What are the particular challenges? <ul><li>What are the risks involved with delivery in partnership with the private and voluntary sectors? </li></ul><ul><li>The move towards unitary authorities and a desire to break down silo working by cross functional and organisational working should mean that the public sector approach to risk management should also be reviewed. </li></ul><ul><li>What is the role for our present risk and audit functions in this delivery? </li></ul>
  15. 15. What does a successful risk management programme look like?
  16. 16. The need for holistic thinking I’m glad the hole isn’t in our end!
  17. 17. Corporate Risk register
  18. 18. Performance Reporting [including risk]
  19. 19. CRR and Audit Plan
  20. 21. What is the difference between operational and strategic risk? Operational/ Factors that may effect meeting the short term Technical objectives of the team Financial/ Legal/ Factors that may effect the efficient use and Contractual accountability of funding and the impact of constraints on funding factors that may effect the delivery of statutory/regulatory responsibilities Behavioural/ Cultural and behavioural factors that may effect the Cultural/ performance of the team Organisational Strategic Factors that may effect meeting the medium to long term objectives of the team
  21. 22. A New Risk Management Model?