This document outlines a two-day risk management training for ILRI staff. Day one covers principles of risk management and methodologies and techniques. Day two focuses on identifying and assessing risks at ILRI, including group feedback sessions and discussing ILRI's risk management going forward. The document defines risk management and discusses establishing a risk management framework at the organizational level with key principles like establishing context, identifying risks, analyzing risks, treating risks, and monitoring and reviewing risks. It provides examples of enterprise, project and partnership risks to consider and discusses risk reporting requirements.

1. R isk Management: Principles, Methodologies and Techniques John Fitzsimon Director, CGIAR Internal Audit Unit Peter Getugi ILRI Internal Audit Manager NAIROBI FEBRUARY 5, 2009

2. Session Outline Day I. - 5 Feb 2009 (8.30 am to 1pm) · Recap on principles of risk management. · Risk management methodologies and techniques Day II. – 6 Feb 2009 (8.30 am to 1pm) · Institute risks identification, update and assessment. · Group feed back sessions. · ILRI Risk management -Going Forward

3. Risk Management: Not such a new subject.....

4. A Center’s achievement of its vision and mission is influenced by: RESEARCH STRATEGY AND PROJECT PORTFOLIO PEOPLE PHYSICAL INFRASTRUCTURE TECHNOLOGY INTELLECTUAL AND GERMPLASM ASSETS FINANCE INTERNAL PROCESSES EXTERNAL ENVIRONMENT

5. These factors present the Center with both opportunities and risks: OPERATIONAL EFFECTIVENESS FINANCIAL INTEGRITY AND COMPLIANCE LEGAL COMPLIANCE EFFICIENCY SAFETY AND SECURITY

6. Definitions Organizations pursue opportunities to achieve their objectives. Risks are those occurrences that will have an adverse impact on the organization’s achievements, resulting from inadequate or failed systems or processes, mistakes or external events

7. Definitions RISK MANAGEMENT: A process applied across the enterprise designed to identify potential events that may affect the entity: positive as well as negative manage risks (and opportunities) to be within its risk appetite provide reasonable assurance regarding the achievement of the entity’s objectives

8. Why the attention on more formalized risk management? Makes good business sense Fulfills stakeholder expectations for high standards of governance Meets donor requirements for assurance Helps avoid surprises!

9. Risk Management Framework: Key Principles Establish the context Consider risks across all activities Consider both internal and external factors Create an internal environment that supports proactive risk management at all levels Establish clear business objectives so that risks can be more readily identified and assessed

10. Risk Management Framework: Key Principles Identification of Risks Inventory risks as part of business processes Identify shared risks Risk analysis and evaluation Consider impact of failure and likelihood of occurrence and damage Evaluate organization-wide significance of risks identified at unit/activity/project level Evaluate collaboratively shared risks

11. A Risk Management Framework: Key Principles Risk Treatment Oversight process to ensure that there are clear management responses for all significant risks identified Ensure all risk responses are implemented through relevant control activities Integrate risk management results into policy and planning processes

12. ILRI Risk Management Framework: Monitoring and review Document results of monitoring efforts including action taken in response to risk analyses Implement an internal reporting process to capture unit/activity level risk analyses Implement a reporting process for senior management and Boards Center-wide risk management system Mana gement ana lysis and reporting B oar d re porti ng

13. Risk Management Framework: Concepts Opportunities v. Hazards Impact Likelihood Preventive controls Mitigating actions Risk appetite Risk response

14. What is your risk appetite?

15. Case Study: Enterprise Risks WHAT COULD BRING THE BUSINESS TO A GRINDING HALT: IN DAYS? IN WEEKS? IN MONTHS? IN 5 YEARS? CAN WE PREVENT IT? HOW PREPARED ARE WE TO RECOVER?

16. Top Risks for ILRI – Identified in current risk register

17. Other risks to consider?

18. Case Study: Project and Joint Venture Risks CENTER PARTNERS DONORS

19. Typical Project/Venture Risks Design Phase Structure/design is not aligned to the objectives Insufficient input from stakeholders Unrealistic budgets and timelines Implementation Phase Insufficient skills on project/venture team Overly complex to manage Lack of clarity about sharing liabilities and credits Monitoring and Evaluation Phase Lack of clear indicators and benchmarking to assist M&E

20. Where to from here? REPORTING TO THE BOARD PUBLIC REPORTING

21. Thank you!