Scottish Federation of Housing Associations


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • ‘ Management of Risk and Uncertainty’ has been developed by the Institute of Risk Management (IRM) to provide a broad introduction to the subject of risk management. It is designed to raise awareness of the risk management process and its place within the overall corporate governance framework of an organisation. Within the limited time available it will also provide a brief overview of some of the main tools and techniques involved in the assessment and treatment of risk. The course has been designed around the ‘Risk Management Standard’ developed by the IRM, AIRMIC (the Association of Insurance and Risk Managers) and ALARM (the National Forum of Risk Managers in the Public Sector).
  • Scottish Federation of Housing Associations

    1. 1. Scottish Federation of Housing Associations Finance Staff Forum February 2006
    2. 2. A bit of background! <ul><li>Offrisk Consulting establish in 2002 – based in Glasgow </li></ul><ul><li>Specific remit to assist and advise Scottish organisations </li></ul><ul><li>Many clients in the public and private sector </li></ul><ul><li>Two main areas of interest: </li></ul><ul><li>Corporate Risk Governance Balanced Risk Card </li></ul><ul><li>Business Continuity Reco very Flow </li></ul>
    3. 3. Do we have to do risk management? <ul><li>ensure we have a fully embedded system of </li></ul><ul><li>internal control that identifies significant operational risks </li></ul><ul><li>to the achievement of our plans, aims and objectives, </li></ul><ul><li>evaluates the nature and extent of those risks and </li></ul><ul><li>manages them efficiently, effectively and economically. </li></ul><ul><li>…… .. good corporate governance </li></ul>
    4. 4. What is risk? <ul><li>‘ a future uncertain event that </li></ul><ul><li>could influence (positively & negatively) the </li></ul><ul><li>achievement of operational and strategic objectives </li></ul><ul><li>and statutory obligations’ </li></ul>Event Consequence Impact Objective?
    5. 5. How much of this do I have to do? Goal is achievement of objectives, not process driven assessment! Remember, the assessment work must be proportionate to gains! obsessed managing unaware threat or opportunity shocks and crises or innovation and change Managing risk to add value Over control stifles value creation Exposed and destroying value Performance low high
    6. 6. Balanced Risk card What could stop the Business Plan this year? Processes Are we organised as well as we could be? Learning & Growth Are we developing our people and organisation for the future? Deliverables Are we delivering what our clients expect? Resources How well are we planning and managing our resources?
    7. 7. Business Planning <ul><li>risks can deter accomplishment </li></ul><ul><li>performance measurement </li></ul><ul><li>manage the risks out </li></ul><ul><li>excel at the provision of high quality service </li></ul><ul><li>contribute to stakeholder confidence </li></ul>
    8. 8. Balanced & SMART objectives <ul><li>Processes </li></ul><ul><li>Procurement </li></ul><ul><li>SOPs and ISO </li></ul><ul><li>Interaction with Partners </li></ul><ul><li>Building for the future </li></ul><ul><li>Personnel </li></ul><ul><li>Training </li></ul><ul><li>Deliverables </li></ul><ul><li>Effectiveness </li></ul><ul><li>Policy </li></ul><ul><li>Reputation </li></ul><ul><li>Resources </li></ul><ul><li>Budget control </li></ul><ul><li>Staffing levels </li></ul><ul><li>Infrastructure </li></ul>Service Capability External Impact Internal Process Standards People Issues
    9. 9. Keeping it simple and clear <ul><li>Integrating risk & performance management with clear objectives </li></ul>Risk Identification against scorecard objectives Risk Assessment Decide Action Control, Mitigate or Transfer Monitor risks, controls and actions Review Control Strategies Balanced Risk card
    10. 10. Risk Assessment <ul><li>Impact </li></ul><ul><li>Likelihood </li></ul><ul><li>Controls </li></ul><ul><ul><li>Management </li></ul></ul><ul><ul><li>Policies and procedures </li></ul></ul><ul><ul><li>Contingency plans </li></ul></ul><ul><ul><li>Controls </li></ul></ul>Event Consequence Impact Objective?
    11. 11. Accident causation & controls Adapted from the work of James Reason Other holes due to latent conditions (e.g. faulty equipment, lack of training) Successive layers of defences, barriers and safeguards Some holes due to active failures (e.g. mistakes, procedural violations)
    12. 12. Balanced Risk Card Service Capability People issues Internal processes External impact < Impact Impact > < Probability < Probability Probability > Probability > < Impact Impact >
    13. 13. Business Continuity Management <ul><li>“………… ... is about the development, implementation and maintenance of an action orientated process which responds to: </li></ul><ul><li>an emergency incident impacting operations </li></ul><ul><li>the issues & implications arising – crisis management </li></ul><ul><li>recovery of the business ………………..” </li></ul><ul><li>…… the value is in the planning ……. </li></ul><ul><li>… .. protecting enterprise value </li></ul>Emergency Response 0 hrs 3 to 4 hrs Day 2 Day 4 Weeks Months Crisis Management Process Recovery
    14. 14. A management process   Service Understanding the business risks and process priorities Developing realistic continuity and resumption strategies Risk mitigation and continuity response actions Embedding service continuity culture and confidence in the Plan Maintenance Rehearsing the people Exercising the Plan BCM
    15. 15. What if this happened?
    16. 17. The Business Continuity Plan Practical and flowcharted Reco very Flow over a timeline! <ul><li>Escalation procedure to inform / call out: </li></ul><ul><li>Emergency Response Team </li></ul><ul><li>Ensure life and safety </li></ul><ul><li>Emergency Authority Liaison </li></ul><ul><li>Assess situation – fix the hazard </li></ul><ul><li>Inform management decisions </li></ul>Red Pack – 0 to 2 hours critical 24/7/365 <ul><li>Process Recovery </li></ul><ul><li>Practical actions steps for each function </li></ul><ul><li>Reflection of agreed recovery strategy </li></ul><ul><li>Prioritised post loss requirements </li></ul>Green Pack – day 2 for as necessary <ul><li>Senior Management </li></ul><ul><li>A critical turning point in a major incident </li></ul><ul><li>Impacting the organisations viability </li></ul><ul><li>Who needs to know inc. press & media </li></ul><ul><li>Issues and implications </li></ul>Yellow Pack – ASAP up to 3 days
    17. 18. What is an Emergency? A serious situation or occurrence that happens unexpectedly and demands immediate action and more than usual resources.
    18. 19. Emergency Response – Red Pack <ul><li>Location specific </li></ul><ul><li>Emergency Response Team – 24/7/365 </li></ul><ul><li>Capability and authority </li></ul><ul><li>Expertise and responsible </li></ul><ul><li>Agreed procedures – make safe </li></ul><ul><li>Eyes and ears for the Directors </li></ul><ul><li>Liaison with statutory authorities </li></ul><ul><li>Fix the hazard and set up the recovery phase </li></ul><ul><li>KLP: </li></ul><ul><li>ERT to become easily identifiable within the organisation </li></ul><ul><li>With clearly defined roles and responsibilities </li></ul><ul><li>The Plan must be easily understood </li></ul>
    19. 20. What is a Crisis? <ul><li>A crisis is a decisive moment or turning point event </li></ul><ul><li>that by fact or by perception </li></ul><ul><li>has the sustained potential </li></ul><ul><li>to seriously affect service delivery </li></ul><ul><li>as seen by our customers and the reputation of the Association” </li></ul>
    20. 21. Crisis Management – Yellow Pack <ul><li>Directors </li></ul><ul><li>Issues and implications </li></ul><ul><li>Communication </li></ul><ul><li>Stakeholders – how do others see us? </li></ul><ul><li>Press and media – not marketing! </li></ul><ul><li>Specific attention to staff and relatives? </li></ul><ul><li>KLP: </li></ul><ul><li>Do we appreciate the subtle difference between emergency response and crisis management? </li></ul><ul><li>Not all of the Association may be affected! </li></ul>
    21. 22. Process Recovery – Green Pack <ul><li>Where the rubber touches the road! </li></ul><ul><li>Not generic </li></ul><ul><li>The hardest part but the most satisfying </li></ul><ul><li>Process specific - cognisant of agreed recovery strategies </li></ul><ul><li>Use of alternative facilities </li></ul><ul><li>Post loss resources </li></ul><ul><li>Not able necessarily to recover all processes immediately </li></ul><ul><li>Planning should be about end to end processing </li></ul><ul><li>KLP: </li></ul><ul><li>Do individual managers understand their part in the Plan </li></ul><ul><li>Don’t be frightened to test the Plan’s assumptions! </li></ul>
    22. 23. Staff Rehearsal and Plan Exercising <ul><li>Plan must be kept up to date </li></ul><ul><li>Planned maintenance – contacts and changes in processes </li></ul><ul><li>Controlled document </li></ul><ul><li>Prove it </li></ul><ul><li>Escalation procedure – weekend call out </li></ul><ul><li>Desk top – review against scenario </li></ul><ul><li>Simulation – concentrated days in short time </li></ul><ul><li>Disaster scenario – real time and real event exercise </li></ul><ul><li>KLP: </li></ul><ul><li>Meaningful rehearsal of roles </li></ul><ul><li>Walk through against a realistic scenario will be useful </li></ul>
    23. 24. Summary of what will be in our Plan: <ul><li>Easy to use and realistic </li></ul><ul><li>Understood at all levels within the organisation </li></ul><ul><li>Based on strong recovery strategies </li></ul><ul><li>Emergency procedures – Management of Work Place Regs </li></ul><ul><li>Corporate Governance, Auditor and Insurer expectation? </li></ul><ul><li>Will tell me what to do – wise guidance </li></ul><ul><li>Evidence of controlled document review </li></ul><ul><li>Regular and effective maintenance and exercising </li></ul>
    24. 25. Welcome! to Management of Risk and Uncertainty
    25. 26. [email_address] Graham E Offord, FIRM, MBCI, MCIBS 0141 563 9747 Questions and Answers