Public Sector Enterprise Risk Management


Published on

Presentation given to audit around the importance of governance, risk management and audit

Published in: Business, Economy & Finance
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • An uncertain event or set of events which should it occur will have an effect on the achievement of objectives A risk consists of a combination of the probability of the perceived threat or opportunity occurring and the magnitude of its impact on objectives (or benefits)
  • The problem with the future is that there are many more things that might happen than will happen
  • Known Knowns – Issues, Known Unknowns – Risks, Unknown Unknowns -
  • Public Sector Enterprise Risk Management

    1. 1. Public Sector Enterprise Risk Management and Why It’s Important Internal Audit, Risk & Governance The Hatton, London, 18th May 2009 Dr David Hancock MBA Public Sector Risk Manager of the Year 2008/09
    2. 2. Agenda <ul><li>Understanding public sector risk management </li></ul><ul><li>What are the particular challenges? </li></ul><ul><li>What might a successful ERM programme look like? </li></ul><ul><li>Gaining senior management buy-in to ERM </li></ul>
    3. 3. What is meant by a Risk? “ The uncertainty of outcome, whether positive or negative threat, of actions and events. It is the combination of likelihood and impact, including perceived importance.” (HM Treasury, The Orange Book, 2004) A statistical inevitability?
    4. 4. Evaluating A Risk <ul><li>Likelihood </li></ul><ul><li>The chance that the risk may actually be realised, (occur), sometimes called probability </li></ul><ul><li>Impact </li></ul><ul><li>The effect that the risk being realised would have on the Objectives, sometimes called consequence </li></ul>
    5. 5. The Risk Process Set Objectives Monitor the risks Report movement of the risk Identify Threats and Opportunities to Objectives Assess the risks associated with each threat and opportunity ( Inherent ) and map exposure (PxC) Consider actions to manage risk terminate, tolerate, treat, transfer Reassess the risk ( Residual ) and remap (PxC) in light of actions in place
    6. 6. Response to risk… the 4 Ts Terminate – Do things differently and thus remove the risk Tolerate – Nothing can be done at a reasonable cost to mitigate the risk or the likelihood and impact are at a reasonable level What about ethical and moral acceptance? Treat – Take action to control the risk either by reducing the likelihood of the risk developing or limiting the impact it will have on the project Transfer – Some of the financial risk may be transferable via insurance or contractual arrangements or accepted by third parties
    7. 7. What is Risk ? (Advanced) <ul><li>Exists in the future </li></ul><ul><li>There are many possible futures available </li></ul><ul><li>The model is not reality </li></ul><ul><li>“ Recognising the possibility of different outcomes and trying to make sure that activities are directed towards making an acceptable set of outcomes more likely” - CIPFA Treasury discussion paper </li></ul>
    8. 8. Two Types of Uncertainty <ul><li>Aleatoric uncertainty - is &quot;unknowable&quot;, that is, we can't obtain observations, which would help reducing that uncertainty. </li></ul><ul><li>Epistemic uncertainty is - &quot;unknown to me&quot; and it is possible to obtain observations which help to reduce that uncertainty </li></ul>Known Knowns, Known Unknowns Unknown Unknowns – Donald Rumsfeld
    9. 9. Risk Assessment <ul><li>Quantitative </li></ul><ul><ul><li>An attempt to apply meaningful and objective probabilities and subsequently consider and then quantify the potential of such risks in terms of time, cost and quality (Laxtons guide to risk analysis and management) </li></ul></ul><ul><li>Qualitative </li></ul><ul><ul><li>Involves the registration of the identified risks, by ‘experts’ in a formal manner using subjective probabilities. </li></ul></ul><ul><ul><li>Selection of stakeholders is critical to its success. </li></ul></ul><ul><ul><li>Need to take into consideration Group Dynamics. </li></ul></ul><ul><ul><li>Also used to identify Opportunities </li></ul></ul>
    10. 10. <ul><li>General Project Delivery Trends </li></ul><ul><li>Increased complexity of solutions </li></ul><ul><li>Projects solved and delivered through diverse teams </li></ul><ul><li>Increased relationships/partnerships </li></ul><ul><li>Increased societal interaction </li></ul><ul><li>Increased interaction with ‘non experts’ (General Public) </li></ul><ul><li>Increased political involvement </li></ul><ul><li>Higher customer expectation </li></ul><ul><li>Increased expectations of performance </li></ul><ul><li>Increased informed risk taking </li></ul><ul><li>Increased media attention </li></ul>What are the particular challenges?
    11. 11. <ul><li>In the comprehensive spending review (Oct 2007 effective from April 2008), the government identified four priority areas and 30 PSAs are divided between the four areas. The four areas are: </li></ul><ul><ul><li>(a) sustainable growth and prosperity (PSAs 1-7) </li></ul></ul><ul><ul><li>(b) Fairness and Opportunity for all (PSAs 8–17) </li></ul></ul><ul><ul><li>(c) Stronger communities and a better quality of life (PSAs 18-26) </li></ul></ul><ul><ul><li>(d) A more secure, fair and environmentally sustainable world (PSAs 27-30) </li></ul></ul>What are the particular challenges?
    12. 12. What are the particular challenges? <ul><li>What about Local Strategic Partnerships, Local Area Agreements and Comprehensive Area Assessments for delivering local solutions? </li></ul><ul><li>How do we manage trade offs e.g. Education v Social Services v Housing etc? </li></ul><ul><li>What does ‘acceptable’ mean and who chooses? </li></ul><ul><li>What about reputational risk? </li></ul><ul><li>How do we manage increased public involvement in strategy and delivery? </li></ul>
    13. 13. What are the particular challenges? <ul><li>What are the risks involved with delivery in partnership with the private and voluntary sectors? </li></ul><ul><li>The move towards unitary authorities and a desire to break down silo working by cross functional and organisational working should mean that the public sector approach to risk management should also be reviewed. </li></ul><ul><li>What is the role for our present risk and audit functions in this delivery? </li></ul>
    14. 14. The performance management framework has moved to a process of negotiation which is changing the relationship and the dynamic between central and local government. Central government has responded by attempting to adopt a more citizen-focussed and community-centred approach to public policy. ‘ Challenging perspectives’ - NLGN What are the Particular Challenges ?
    15. 15. CAA <ul><li>The new joint assessment framework for local services from 2009, CAA, has a number of key differences to the current Comprehensive Performance Assessment: </li></ul><ul><li>Outcome focused </li></ul><ul><li>Area-focused, not just institutionally based </li></ul><ul><li>More forward-looking – based on assessing the risk of not delivering future outcomes, rather than assessing past performance </li></ul><ul><li>Greater attention to local priorities – in other words, not just looking at the agreed set of national indicators </li></ul><ul><li>Joint working by inspectorates – assessment should have meaningful impact on partners other than Local Authorities. </li></ul>
    16. 16. The need for holistic thinking I’m glad the hole isn’t in our end!
    17. 17. Understanding what is meant by success is crucial
    18. 18. Corporate Risk register
    19. 19. Projects and Programmes Concept Appraisal Business Case Approval Investment Decision Monitoring A C D E B Evaluation & Closure <ul><li>Early visibility of projects entering the pipeline </li></ul><ul><li>Early identification of risks </li></ul><ul><li>Early checkpoint assessing project concepts against strategic objectives </li></ul><ul><li>Acceptance / rejection of concepts into a programme </li></ul><ul><li>Provides evidence to justify / decline investment via the chosen procurement route </li></ul><ul><li>Provides evidence to demonstrate whether value for money will be achieved </li></ul><ul><li>Assessment of contract / grant agreement terms against Gateway B tolerances </li></ul><ul><li>Ongoing monitoring of project & programme delivery against budget, outcomes & risk </li></ul><ul><li>Provision of ongoing visibility of corporate performance </li></ul><ul><li>Ensures interim evaluations have been conducted as required by the conditions of Gateways B&C </li></ul><ul><li>Assessment of detailed plans via a strategic & business case </li></ul><ul><li>Detailed assessment of outcomes, value for money, risks, projected budget & evaluation plans </li></ul><ul><li>Provides evidence to justify / decline a progression to contracting </li></ul><ul><li>Sets tolerances for Gateway C </li></ul><ul><li>Assessment of whether the project has been satisfactorily evaluated </li></ul><ul><li>Provides evidence of any outstanding risk / unspent budget before the project is closed </li></ul><ul><li>Ensures projects are closed according to the required process </li></ul>Gateways Confidence Risk
    20. 20. OGC Gateways and Risk
    21. 21. New supplementary skills? <ul><li>Scenario Planning </li></ul><ul><li>Strategy and business planning </li></ul><ul><li>Project, programme and portfolio management </li></ul><ul><li>Facilitation </li></ul><ul><li>Interpersonal and relationship skills </li></ul><ul><li>Communication with ‘non experts’ </li></ul>
    22. 22. Any Questions ? “ When all you have is a hammer, everything looks like a nail” - Japanese Proverb