Professional Documents
Culture Documents
RISK MANAGEMENT
Every DECISION WE MAKE INVOLVES RISK Even doing nothing may involve risk Aim: To manage not remove risk To take managed risks To encourage innovation and managed risk taking
To achieve desired outcomes
today
objectives
Response to Risk
Transfer
Conventional insurance, paying a third party to take the risk in another way. (Max 20% risk insurarable)
Tolerate
Ability to do anything about some risks may be limited, or the cost of taking any action may be disproportionate to the potential benefit gained
Treat
Actions instigated from within the organisation (although their effects may be felt outside of the organisation) which are designed to contain risk to acceptable levels.
Terminate
Some risks will only be treatable, or containable to acceptable levels, by terminating the activity
Risk Number
Risk Description Increased potential for theft Both internal and external- increased attractiveness of IS items.
C D E F IV
+
C2 C2
Inadequate insurance cover to protect both new and old equipment during transitional period and increase of equipment.
III II Impact
C= significant
3= Critical.
Action/controls already in place/agreed to provide All new equipment to be marked with Smartwater
Location of storage container to be pre agreed to ensure most secure location Hiring of secure container unit
Effective
Effective
I.S. to ensure container is suitable and secure. IS need to check specification with Insurers Relocation/ realignment of existing CCTV provision may be necessary for storage period.
Secure storage
Weekly
Limited cover but can be effective as both deterrent and to identify prevent attempted theft
Continuous
Action/controls already in place Internal security staff to be briefed and to provide increased monitoring of area Use of old equipment inventory. New Equipment inventory to be produced. Appropriate insurance cover to offset any potential loss via theft
Required management action/control Provision of extra security may be necessary at times of increased risk. Extension of building security alarm to storage holds
Critical success factors & KPIs Awareness and increased security monitoring Alarmed facility
Review frequency
Key dates
Effective
Effective Although total loss not fully protected Limited Staff may be shadowed. Not all buildings have access control
IS to ensure that the insurance policy covers the extra units being held during the transitional period Additional security may be required during installation at buildings without secure access control. IS to determine where units are to be stored on these sites prior to commencement of rollout IS to liaise with Risk Services to produce agreed instructions
Secure access
Increased awareness
MONITORING
RISK ANALYSIS
Understanding, quantification
Review
RISK IDENTIFICATION
RISK PROFILING
MONITORING RISK ANALYSIS RISK MANAGEMENT
PROBABILITY OR LIKELIHOOD
A
B C D
6 2
1
PRIORITISATION
E
F IV III
II
SEVERITY OR IMPACT
Strategy Strategic Risk Register Service Plans- operational risks and mitigation of strategic risks CMT and OE Overseeing risk management Corporate Risk Management Group Accounts and Audit Committee- scrutiny Risk Based Audit programme
Member Portfolio and Champion Tony Roberts CMT Champion Keith Stedman Officer Champion and corporate facilitator- Ian Harrison Managers- Service planning and delivery All employees Corporate Audit Section- Risk based Audit programme
Opportunities
Risk management also adds value: It enables us to maximise opportunities, to take managed risks To innovate, pathfind, explore new ways of service delivery. To manage risks we may have to take more risks, we may have to innovate.
80%
RISK IDENTIFICATION
PHYSICAL RISK
MONITORING RISK ANALYSIS
CONSEQUENCES Reputation Accidents Increase in premiums Destruction of property Resources diverted from services Theft
RISK MANAGEMENT PRIORITISATION
Physical hazards incl fire and flood Inappropriate fleet usage Inadequate security of premises Inherent property defects Poor maintenance Lack of proper training Staff risks from public Safety of parks / cemeteries Equipment usage and defects Lack of overall and properinspection Physical and assessment Partner practices Work practices (site work to workstation work)
MONITORING
RISK ANALYSIS
Understanding, quantification
Owned by:
Date:
Likelihood
C D E F IV III II Impact I
Risk Number
Description
Review frequency
Key dates
Respond
Service planning RM
Identify, where relevant, how your service area can and will mitigate the Councils Strategic Risks
Identify, quantify and prioritise those risks to your service planning.
RISK IDENTIFICATION
SCOPE OF RISK
MONITORING RISK ANALYSIS
Political
Economic
Social
Technological
Legislative/ Regulatory
Environmental
Competitive
Customer/ Citizen
Managerial/
Professional
Financial
Legal
Partnership/ Contractual
Physical
Political
Arising from the political situation
Political make-up (majority party, hung council, key opposition parties) Stability of political situation Election cycles (power shifts, undue influence on electioneering) Recent or proposed changes to political structure Political personalities Leadership issues (lack of strong leadership, concentration of power into the hands of a few, imbalance of power)
Economic
Arising from the national, local and organisation specific economic situation
Borrowing and lending situations Interest rates Strength of investments Budgetary position (eg, weak, not sustainable) Key employment sectors (e.g. over reliance on key industries/employers) Poverty indicators
Social
Arising from the national and local demographics/ social trends
Demographic profile (age, race, etc) Residential patterns and profile (e.g. temporal, commuter belt, state of housing stock, public/private mix) Health statistics/trends Leisure and cultural provision Crime statistics/trends Children at risk
Technological
Arising from technological change /organisational technological situation
Capacity to deal with technological changes/egovernment targets Current use of/reliance on technology Current or proposed technology partners State of architecture Current performance and reliability Security and standards, e.g. on back-up and recovery
Legislative/Regulatory
Arising from current and potential legal changes and the organisations regulatory environment
Preparedness for new legislation and regulations including Europe, e.g. Human Rights Act, DETR guidelines Exposure to regulators e.g. auditors/inspectors
Environmental
Arising from inherent issues concerned with the physical environment Nature of environment (urban, rural, mixed) Land use green belt, brown field sites Waste disposal and recycling issues Pollution issues, e.g. contaminated land Exposure to drainage problems/flooding/erosion/subsidence/ landslip Traffic problems/congestion
Competitive
Arising from the organisations competitive Spirit and the competitiveness of services, etc Position in league tables Relationships with neighbours and partners, e.g. competitive or collaborative Plaudits held/sought, e.g. Beacon Council status Success in securing funding Nature of service provision Competition for service users, e.g. leisure, car parks
Customer/Citizen
Arising from the need to meet current and changing needs and expectations of customers and citizens Extent and nature of consultation with/involvement of community, e.g. community groups, local businesses, focus groups, citizens panels, consultation on new democratic structures, Council Tax levels, etc Relationship with community leaders, tenant groups and opposition groups Community needs v Organisational objectives Visibility of services e.g. environmental, refuse collection, Service delivery feedback / complaints
Professional/Managerial
Arising from the need to be managerially and professionally competent Views arising from peer reviews e.g. from consultancy reviews and internal audit Professional/managerial standing of key officers Stability of officer structure/management teams Organisational competency and capacity Individual competency and capacity Performance management structure Key staff changes and personalities Staff recruitment and retention Turnover, absence, stress levels
Financial
Arising from the financial planning and Control framework
Financial situation of authority Level of reserves Adequacy of grant settlements Budgetary policy and control Delegation of budget and financial disciplines Monitoring and reporting systems Use and sustainability of other sources of income , e.g. revenue from fines
Legal
Arising from possible breaches of legislation Legal challenges and claims Adequacy of legal support Boundaries of corporate & personal liabilities Sufficient reserves to defend legal challenge Damage to reputation arising from legislation breach
Physical
Arising from physical hazards associated with people, buildings, vehicles, plant and equipment Nature and state of asset base including record keeping Commitment to health, safety and well-being of staff, partners and the community Accident record keeping Maintenance practices Responsibility as managers
Partnership/Contractual
Arising from partnerships and contracts Key strategic partners from public, private and voluntary sectors Accountability frameworks and partnership boundaries Any PFI schemes or other large scale projects involving joint ventures Outsourced services Relationships with contractors Procurement arrangements / contract renewal policy
Identifying risk
Looking ahead!
DOME
Partnership/Contractural Reputation Political Competitive Financial/ Economic
HORIZON SCANNING
Pandemic Flu Re-organisation New leisure and Museum centres Oil Dependency- Fuel prices Security of Kelham Hall Global warming Ageing population
RISK IDENTIFICATION
MONITORING
RISK ANALYSIS
Trigger
Financials situation gets depreciably worse (be specific)
Consequence
Resources diverted from services Services reduced Managers cannot deliver on changed budgets Public complaints rise PIs not achieved Audit criticism Stress and sickness increases Productivity reduces Council Tax has to rise Room for manouvre removed
Cause
Event
Consequences
RISK IDENTIFICATION
MONITORING
RISK ANALYSIS
Financial penalties through taxation Budgets vired from other services Other services have to be reduced or council tax has to be increased Inspection / audit criticism Adverse media reporting Council seen as failing Reputation of the Council on environmental issues suffers Friction between members and officers Officer resources diverted into fire fighting
RISK IDENTIFICATION
RISK ANALYSIS
PRIORITISATION
Vulnerability
The Council has no formal policy regarding the management of asbestos material. The council has numerous properties including council houses, leisure centres and offices.
Trigger
Consequence
Asbestos is present Staff / workers harmed in council properties Public liability claims and harms somebody Resources diverted from services to considering claims Reputation of council damaged OR Tenants seriously harmed Claims etc
Risk Assessment
A 6 point map of the process:
1. 2. What do you want to achieve? - Objective.
Eg: Ensure understanding and embedding of risk management
3. 4. 5. 6.
How likely is it to happen? - Probability. How big will it be? - Impact. What can be done to eliminate the threat? - Control. What do you do about it? Action/Improvement/Intervention
RISK IDENTIFICATION
MONITORING
RISK ANALYSIS
Step 3: Prioritise
3.RISK PROFILING/prioritisation
PROBABILITY OR LIKELIHOOD
RISK IDENTIFICATION
MONITORING
RISK ANALYSIS
RISK MANAGEMENT
A
B C D
6 2
1
PRIORITISATION
E
F IV III
II
SEVERITY OR IMPACT
RISK IDENTIFICATION
MONITORING
RISK ANALYSIS
2
1 3 6 4
IV
Likelihood:
A: B: C: D: E: F: I: II: III: IV: Very High High Significant Low Very Low Almost Impossible Catastrophic Critical Marginal Negligible
Impact:
L i k e l i h o o d
B C
D E F III II I
7 5 8
Impact
The teams risks have been mapped against the teams appetite
Owned by:
Date:
Likelihood
C D E F IV III II Impact I
Risk Number
Description
Review frequency
Key dates
Service planning RM
Identify, where relevant, how your service area can and will mitigate the Councils Strategic Risks
Identify, quantify and prioritise those risks to your service planning.
Owned by:
Date:
Likelihood
C D E F I
Risk Number
Description
Review frequency
Key dates
contractual environmental
client (corporate) operational design
Risky Projects
Whose Responsibility?
Project(s) are the responsibility of a single person or body
Whose Ownership?
Clear defined ownership and management allocation
Starting Point Defined Objectives Time Constraints Something new Tangible outcome End Point
Level of uncertainty %
Risk Identification
Determining which risks are likely to affect the project and documenting the characteristics of each
A Risk to what?
To your team or project from outside From your team or project to the owner / client To the stakeholders from the project
Response Options
Are carried out by risk champions and will include these responses:
Retain
Reduce
Avoid
Transfe r
Share
Set specific goals Define activities, resources needed Set a timetable Forecast outcomes, contingency plans Formulate a detailed plan of action Implement and supervise, evaluate
Owing to increasing costs, greater time pressures and new challenges, loss probability is increasing. This leads to a stronger need for comprehensive Project Risk Management RM will make a major contribution to successful completion of a project: Within budget Within time schedule With minimised losses
Have systems in place to analyse risk. Set-up early warning mechanisms. Effective risk management Vs adverse effects of not managing risk effectively. Have management processes and regular reporting on organisational and project risks.
RISK IDENTIFICATION
MONITORING
RISK ANALYSIS
2
1 3 6 4
IV
Likelihood:
A: B: C: D: E: F: I: II: III: IV: Very High High Significant Low Very Low Almost Impossible Catastrophic Critical Marginal Negligible
Impact:
L i k e l i h o o d
B C
D E F III II I
7 5 8
Impact
The teams risks have been mapped against the teams appetite