Risk Management in service planning and projects

RISK MANAGEMENT
Every DECISION WE MAKE INVOLVES RISK Even doing nothing may involve risk Aim: To manage not remove risk To take managed risks To encourage innovation and managed risk taking
To achieve desired outcomes

All organisations exist to achieve their objectives.
The purpose of risk management is to manage the barriers to achieving these objectives.

today

objectives

Why Risk Management?
Corporate Governance Statutory requirements- eg: health/safety Ensure best use of public resource To prevent/minimise the unexpected To ensure delivery of service To realise and maximise opportunities

Response to Risk
 Transfer
 Conventional insurance, paying a third party to take the risk in another way. (Max 20% risk insurarable)

 Tolerate
 Ability to do anything about some risks may be limited, or the cost of taking any action may be disproportionate to the potential benefit gained

 Treat
 Actions instigated from within the organisation (although their effects may be felt outside of the organisation) which are designed to contain risk to acceptable levels.

 Terminate
 Some risks will only be treatable, or containable to acceptable levels, by terminating the activity

RISK: I.T. Migration Project – Physical Security
Risk Owner: David Dickinson
A B
cLikelihood

Risk Number

Current Risk Score C2

Target Risk Score D3 D3 E3

Risk Description Increased potential for theft – Both internal and external- increased attractiveness of IS items.

C D E F IV

+
C2 C2

Interim storage arrangements for new and old hardware
Environment Agency

Inadequate insurance cover to protect both new and old equipment during transitional period and increase of equipment.

III II Impact

I

C= significant

3= Critical.

Consequences: Potentially severe disruption of service. Loss of finance. Reputation.
Required management action/control  IS Management to ensure that enough solution and stickers are ordered prior to commencement of the rollout. Also ensure all equipment is correctly marked.  I.S. to ensure that Risk Services are consulted prior to delivery of the storage units. Responsibility for action Sharon Parkinson and David Dickinson Critical success factors & KPI’s Review frequency Key dates

Action/controls already in place/agreed to provide  All new equipment to be marked with “Smartwater”

Adequacy of action/ control to address risk Limited – May act as deterrent.

All hardware adequately marked

-



Location of storage container to be pre agreed to ensure most secure location Hiring of secure container unit

Effective

Sharon Parkinson and David Dickinson Secure location

-



Effective



I.S. to ensure container is suitable and secure. IS need to check specification with Insurers Relocation/ realignment of existing CCTV provision may be necessary for storage period.

Sharon Parkinson and David Dickinson

Secure storage

Weekly



CCTV located within area of storage containers

Limited cover but can be effective as both deterrent and to identify prevent attempted theft



Sharon Parkinson and David Dickinson Secure storage

Continuous

Action/controls already in place  Internal security staff to be briefed and to provide increased monitoring of area  Use of old equipment inventory. New Equipment inventory to be produced. Appropriate insurance cover to offset any potential loss via theft

Adequacy of action/ control to address risk Effective

Required management action/control  Provision of extra security may be necessary at times of increased risk.  Extension of building security alarm to storage holds

Responsibility for action Sharon Parkinson and David Dickinson

Critical success factors & KPI’s Awareness and increased security monitoring Alarmed facility

Review frequency

Key dates

Effective

Sharon Parkinson and David Dickinson

Effective – Although total loss not fully protected Limited – Staff may be shadowed. Not all buildings have access control

IS to ensure that the insurance policy covers the extra units being held during the transitional period Additional security may be required during installation at buildings without secure access control. IS to determine where units are to be stored on these sites prior to commencement of rollout IS to liaise with Risk Services to produce agreed instructions

Sharon Parkinson and David Dickinson

Adequate insurance value

Door entry systems to prevent unauthorised access

Sharon Parkinson and David Dickinson

Secure access

All staff to be reminded of basic security measures

Limited if required actions not enforced i.e. closing of blinds, etc

Sharon Parkinson and David Dickinson

Increased awareness

THE RISK MANAGEMENT CYCLE
Inspections, interviews, workshops, analysis of data
RISK IDENTIFICATION

Testing, reviewing actions, planning, reporting

MONITORING

RISK ANALYSIS

Understanding, quantification

RISK MANAGEMENT PRIORITISATION

Contingency planning, Decisions controls, training, procedures, inspection

Agreement How likely, how bad?

The Risk Management Cycle
Identify
Control Monitor

Review

RISK IDENTIFICATION

RISK PROFILING
MONITORING RISK ANALYSIS RISK MANAGEMENT

PROBABILITY OR LIKELIHOOD

A
B C D
6 2
1

PRIORITISATION

3

E
F IV III

5

II

I

SEVERITY OR IMPACT

OUR RISK MANAGEMENT STRUCTURE

• Strategy • Strategic Risk Register • Service Plans- operational risks and mitigation of strategic risks • CMT and OE – Overseeing risk management • Corporate Risk Management Group • Accounts and Audit Committee- scrutiny • Risk Based Audit programme

RISK MANAGEMENT: OUR KEY PLAYERS

• • • • • •

Member Portfolio and Champion – Tony Roberts CMT Champion – Keith Stedman Officer Champion and corporate facilitator- Ian Harrison Managers- Service planning and delivery All employees Corporate Audit Section- Risk based Audit programme

Opportunities
 Risk management also adds value:  It enables us to maximise opportunities, to take managed risks  To innovate, pathfind, explore new ways of service delivery.  To manage risks we may have to take more risks, we may have to innovate.

WHAT ABOUT INSURANCE?
“Risk Management is not just about insurance”

80%

of risks faced by organisations are not insurable!
‘Chance or choice’ - SOLACE/ZMMS

RISK IDENTIFICATION

PHYSICAL RISK
MONITORING RISK ANALYSIS

CONSEQUENCES Reputation Accidents Increase in premiums Destruction of property Resources diverted from services Theft
RISK MANAGEMENT PRIORITISATION

THE RISKS “vulnerabilities” or “triggers”

Claims & liabilities Poor utilisation
Staff turnover Death

Physical hazards incl fire and flood Inappropriate fleet usage Inadequate security of premises Inherent property defects Poor maintenance Lack of proper training Staff risks from public Safety of parks / cemeteries Equipment usage and defects Lack of “overall” and “proper”inspection Physical and assessment Partner practices Work “practices” (site work to workstation work)

THE RISK MANAGEMENT CYCLE
Inspections, interviews, workshops, analysis of data
RISK IDENTIFICATION

Testing, reviewing actions, planning, reporting

MONITORING

RISK ANALYSIS

Understanding, quantification

RISK MANAGEMENT PRIORITISATION

Contingency planning, Decisions controls, training, procedures, inspection

Agreement How likely, how bad?

Step 4: Example of a Management Action Plan (MAP)
A B

Owned by:

Date:

Likelihood

C D E F IV III II Impact I

Risk Number

Current Risk Score

Target Risk Score

Description

Action/controls already in place

Adequacy of action/control to address risk

Required management action/control

Responsibility for action

Critical success factors & KPI’s

Review frequency

Key dates

What is Risk Management?
What can go wrong Identify

How good or bad can it get
What can we do about it

Assess and measure

Respond

Service planning RM
Identify, where relevant, how your service area can and will mitigate the Councils’ Strategic Risks
Identify, quantify and prioritise those risks to your service planning.

2. Types of risk and risk identification

RISK IDENTIFICATION

SCOPE OF RISK
MONITORING RISK ANALYSIS

Political

RISK MANAGEMENT PRIORITISATION

Economic

Social

Technological

Legislative/ Regulatory

Environmental

Competitive

Customer/ Citizen

Managerial/
Professional

Financial

Legal

Partnership/ Contractual

Physical

Political
Arising from the political situation
 Political make-up (majority party, hung council, key opposition parties)  Stability of political situation  Election cycles (power shifts, undue influence on electioneering)  Recent or proposed changes to political structure  Political personalities  Leadership issues (lack of strong leadership, concentration of power into the hands of a few, imbalance of power)

Economic
Arising from the national, local and organisation specific economic situation
 Borrowing and lending situations  Interest rates  Strength of investments  Budgetary position (eg, weak, not sustainable)  Key employment sectors (e.g. over reliance on key industries/employers)  Poverty indicators

Social
Arising from the national and local demographics/ social trends
 Demographic profile (age, race, etc)  Residential patterns and profile (e.g. temporal, commuter belt, state of housing stock, public/private mix)  Health statistics/trends  Leisure and cultural provision  Crime statistics/trends  Children at risk

Technological
Arising from technological change /organisational technological situation
 Capacity to deal with technological changes/egovernment targets  Current use of/reliance on technology  Current or proposed technology partners  State of architecture  Current performance and reliability  Security and standards, e.g. on back-up and recovery

Legislative/Regulatory
Arising from current and potential legal changes and the organisation’s regulatory environment
 Preparedness for new legislation and regulations – including Europe, e.g. Human Rights Act, DETR guidelines  Exposure to regulators – e.g. auditors/inspectors

Environmental
Arising from inherent issues concerned with the physical environment  Nature of environment (urban, rural, mixed)  Land use – green belt, brown field sites  Waste disposal and recycling issues  Pollution issues, e.g. contaminated land  Exposure to drainage problems/flooding/erosion/subsidence/ landslip  Traffic problems/congestion

Competitive
Arising from the organisation’s competitive Spirit and the competitiveness of services, etc  Position in league tables  Relationships with neighbours and partners, e.g. competitive or collaborative  Plaudits held/sought, e.g. Beacon Council status  Success in securing funding  Nature of service provision  Competition for service users, e.g. leisure, car parks

Customer/Citizen
Arising from the need to meet current and changing needs and expectations of customers and citizens  Extent and nature of consultation with/involvement of community, e.g. community groups, local businesses, focus groups, citizens’ panels, consultation on new democratic structures, Council Tax levels, etc  Relationship with community leaders, tenant groups and ‘opposition’ groups  Community needs v Organisational objectives  Visibility of services e.g. environmental, refuse collection, Service delivery feedback / complaints

Professional/Managerial
Arising from the need to be managerially and professionally competent  Views arising from peer reviews – e.g. from consultancy reviews and internal audit  Professional/managerial standing of key officers  Stability of officer structure/management teams  Organisational competency and capacity  Individual competency and capacity  Performance management structure  Key staff changes and personalities  Staff recruitment and retention  Turnover, absence, stress levels

Financial
Arising from the financial planning and Control framework

 Financial situation of authority  Level of reserves  Adequacy of grant settlements  Budgetary policy and control  Delegation of budget and financial disciplines  Monitoring and reporting systems  Use and sustainability of other sources of income , e.g. revenue from fines

Legal
Arising from possible breaches of legislation Legal challenges and claims Adequacy of legal support Boundaries of corporate & personal liabilities Sufficient reserves to defend legal challenge Damage to reputation arising from legislation breach

Physical
Arising from physical hazards associated with people, buildings, vehicles, plant and equipment  Nature and state of asset base including record keeping  Commitment to health, safety and well-being of staff, partners and the community  Accident record keeping  Maintenance practices  Responsibility as managers

Partnership/Contractual
Arising from partnerships and contracts  Key strategic partners – from public, private and voluntary sectors  Accountability frameworks and partnership boundaries  Any PFI schemes or other large scale projects involving joint ventures  Outsourced services  Relationships with contractors  Procurement arrangements / contract renewal policy

3. Profiling and Prioritisation
To profile and prioritise risks according to likelyhood and impact
To concentrate on key risks and target controlling resources

Identifying risk

Looking ahead!

Techniques for identifying risk
workshops brainstorming self assessment checklists organisation charts process flow charts Prompt lists

What risks and were they managed?
Millennium Dome Iraq involvement Rail privatisation ? New Council depot ? Millennium Bridge- Newark? Job evaluation ?

DOME
Partnership/Contractural Reputation Political Competitive Financial/ Economic

Show StrategicRisk Register

HORIZON SCANNING
Pandemic Flu Re-organisation New leisure and Museum centres Oil Dependency- Fuel prices Security of Kelham Hall Global warming Ageing population

Step 2: Analysis A strategic risk scenario
Vulnerability
The council is facing challenging financial circumstances. There are a number of issues on the horizon including pay awards, changes to grant mechanisms, review of flood defence funding and review of waste contract

RISK IDENTIFICATION

MONITORING

RISK ANALYSIS

RISK MANAGEMENT PRIORITISATION

Trigger
Financials situation gets depreciably worse (be specific)

Consequence
 Resources diverted from services  Services reduced  Managers cannot deliver on changed budgets  Public complaints rise  PIs not achieved  Audit criticism  Stress and sickness increases  Productivity reduces  Council Tax has to rise  Room for manouvre removed

Cause

Event

Consequences

Step 2: Analysis a strategic risk scenario
Vulnerability Trigger Consequence
The Council has waste Targets not met within management the prescribed time limit. responsibilities and is required to meet “challenging” government recycling targets.

RISK IDENTIFICATION

MONITORING

RISK ANALYSIS

RISK MANAGEMENT PRIORITISATION

 Financial penalties through taxation  Budgets vired from other services  Other services have to be reduced or council tax has to be increased  Inspection / audit criticism  Adverse media reporting  Council seen as failing  Reputation of the Council on environmental issues suffers  Friction between members and officers  Officer resources diverted into “fire fighting”

Step 2: Analysis Sample operational risk scenario
MONITORING RISK MANAGEMENT

RISK IDENTIFICATION

RISK ANALYSIS

PRIORITISATION

Vulnerability
The Council has no formal policy regarding the management of asbestos material. The council has numerous properties including council houses, leisure centres and offices.

Trigger

Consequence

Asbestos is present  Staff / workers harmed in council properties  Public liability claims and harms somebody  Resources diverted from services to considering claims  Reputation of council damaged OR  Tenants seriously harmed  Claims etc

Risk Assessment
A 6 point map of the process:
1. 2. What do you want to achieve? - Objective.
Eg: Ensure understanding and embedding of risk management

What can stop you achieving it? - Hazard.
   Perceived lack of importance Time constraints Inadequate Resources

3. 4. 5. 6.

How likely is it to happen? - Probability. How big will it be? - Impact. What can be done to eliminate the threat? - Control. What do you do about it? – Action/Improvement/Intervention

RISK IDENTIFICATION

MONITORING

RISK ANALYSIS

Step 3: Prioritise

Accurately assessing the relative significance of risks
Likelihood / Probability X Impact / Severity

RISK MANAGEMENT PRIORITISATION

3.RISK PROFILING/prioritisation
PROBABILITY OR LIKELIHOOD

RISK IDENTIFICATION

MONITORING

RISK ANALYSIS

RISK MANAGEMENT

A
B C D
6 2
1

PRIORITISATION

3

E
F IV III

5

II

I

SEVERITY OR IMPACT

Risk Profile:Newark and Sherwood DC

RISK IDENTIFICATION

New Leisure Centre project
A

MONITORING

RISK ANALYSIS

2
1 3 6 4
IV

RISK MANAGEMENT PRIORITISATION

Likelihood:
A: B: C: D: E: F: I: II: III: IV: Very High High Significant Low Very Low Almost Impossible Catastrophic Critical Marginal Negligible

Impact:

L i k e l i h o o d

B C

D E F III II I

7 5 8

Impact
The team’s risks have been mapped against the team’s appetite

4. Management Action Planning

Developing Risk Response
Defining enhancement steps for opportunities and responses to threats.

Treating / Responding to Risk
appoint champio n what can we do about it? prepare action plans how to prevent losses

how to limit if goes wrong

Step 4: Example of a Management Action Plan (MAP)
A B

Owned by:

Date:

Likelihood

C D E F IV III II Impact I

Risk Number

Current Risk Score

Target Risk Score

Description

Action/controls already in place

Adequacy of action/control to address risk

Required management action/control

Responsibility for action

Critical success factors & KPI’s

Review frequency

Key dates

5.Monitor and Review
At intervals agreed within your management plan When there is change If the controls are not working

Service planning RM
Identify, where relevant, how your service area can and will mitigate the Councils’ Strategic Risks
Identify, quantify and prioritise those risks to your service planning.

Step 4: Example of a Management Action Plan (MAP)
A B

Owned by:

Date:

Likelihood

C D E F I

Risk Number

Current Risk Score

Target Risk Score

Description

IV III II Action/controls Impact already in place

Adequacy of action/control to address risk

Required management action/control

Responsibility for action

Critical success factors & KPI’s

Review frequency

Key dates

TO BE INCLUDED IN SERVICE PLAN TEMPLATE

Service Planning- within template
Identify, where relevant, how your service and service plans can and will mitigate strategic risks Identify and quantify risk Profile and Prioritisation Management action Plans Monitor and review Full ppt on Risk Man site on intranet

Projects: Points to Remember

The Risk Management Process enables:
Ability to make better – informed decisions on project adoption or avoidance or expending resource. Better information and confidence. Best chance of minimising project and enterprise failure.

Project Risk Management
Or… what can go wrong!

Some apparent problems
 Without historical data, how can you measure risk?  There are so many risks, how is it possible to establish the impact on a project?  ‘Information overload’ - how is it possible to know which are the important risks?

Typical project risk categories
 procurement
 planning  commercial & financial

 project scope  site parameters
 programme  construction

 contractual  environmental
 client (corporate)  operational  design

Risky Projects

Principles of Project Management What is a project?
 An activity with a starting point, clear objectives and an end point  Every project has a desired tangible outcome and a clear timeframe within which the objectives must be achieved

Whose Responsibility?
 Project(s) are the responsibility of a single person or body

Whose Ownership?
 Clear defined ownership and management allocation

Some apparent problems
 Without historical data, how can you measure risk?  There are so many risks, how is it possible to establish the impact on a project?  ‘Information overload’ - how is it possible to know which are the important risks?

Principles of Project Management
 Projects Always have:


    

Starting Point Defined Objectives Time Constraints Something new Tangible outcome End Point

Recent Project Calamities
 Portcullis House, Westminster: £85m to £275m
 The Scottish Parliament: £40m to £400m

££££

Some Construction Project Risk reasons
 no two projects are the same  no two sites are similar  there is never an opportunity to perfect the process or practice  human element with skilled & manual labour  many differing firms  over a long period  many locations for assembly  many differing skills  uncertainty of market  not like a car assembly  teams often have not worked together

Level of uncertainty %

Project risk exposure

0

Cost impact of risk £ Inception Feasibility Design Construct

Risk influence & cost of mitigation measures

When to carry out risk management

Cost of risk mitigation

Opportunity to influence risk drivers
Inception Feasibility Design inception Construct

Risk Identification
Determining which risks are likely to affect the project and documenting the characteristics of each

A Risk to what?
To your team or project from outside From your team or project to the owner / client To the stakeholders from the project

Response Options
Are carried out by risk champions and will include these responses:
Retain
Reduce

Avoid
Transfe r

Share

The 6 Steps for an Action Plan

Set specific goals Define activities, resources needed Set a timetable Forecast outcomes, contingency plans Formulate a detailed plan of action Implement and supervise, evaluate

Ten steps to risk control
 identify the objective  identify the risks  assess  identify mitigation actions  assess residual & secondary risks  estimate costs  identify cost benefits  consider ownership  decide what to do  monitor, repeat & update register

Let’s Summarise Project Risk Management

Risk Management’s major contribution

Owing to increasing costs, greater time pressures and new challenges, loss probability is increasing. This leads to a stronger need for comprehensive Project Risk Management RM will make a major contribution to successful completion of a project:  Within budget  Within time schedule  With minimised losses

Summarising Risk Management
 Create a risk aware environment,  Identify & measure, hold regular reviews,  Prepare action plans, identify champions,  Maintain a risk register, keep an audit trail,  Focus on key risk items & prioritise,  A continuous process, meet regularly to monitor progress

Projects: Points to Remember
Success or Failure

Projects: Points to Remember

Have systems in place to analyse risk. Set-up early warning mechanisms. Effective risk management Vs adverse effects of not managing risk effectively. Have management processes and regular reporting on organisational and project risks.

Projects: Points to Remember
 Senior Management to have real-time information on project status (risks & opportunities).  Early identification leads to project success; ignorance is not bliss!  Identify major project risks before project approval and resource commitment.  Project Management is both an art and a science!

Projects: Points to Remember
 Risk Registers provide basis for mapping a Risk Response Plan. E.g. Risk Response can range from avoidance to acceptance. Over-cautious approach results in potential business benefits being denied.  Reporting and Communication is vital.

Risk Profile:Newark and Sherwood DC

RISK IDENTIFICATION

New Leisure Centre project
A

MONITORING

RISK ANALYSIS

2
1 3 6 4
IV

RISK MANAGEMENT PRIORITISATION

Likelihood:
A: B: C: D: E: F: I: II: III: IV: Very High High Significant Low Very Low Almost Impossible Catastrophic Critical Marginal Negligible

Impact:

L i k e l i h o o d

B C

D E F III II I

7 5 8

Impact
The team’s risks have been mapped against the team’s appetite

Sign up to vote on this title
UsefulNot useful