Risk Management in the S.A. Public Sector Darryl Bruhn Risk Management Coordinator SAFA (SAICORP)...
-
Upload
dylan-fisher -
Category
Documents
-
view
216 -
download
1
Transcript of Risk Management in the S.A. Public Sector Darryl Bruhn Risk Management Coordinator SAFA (SAICORP)...
Risk Management in the S.A. Risk Management in the S.A. Public Sector Public Sector
Darryl Bruhn
Risk Management Coordinator
SAFA (SAICORP)
Phone 8226 3429
SAFA (SAICORP)SAFA (SAICORP)
1/7/1994 South Australian Insurance Corporation (trading as SAICORP)established. Insurance cover for all agencies of the Crown Whole of Government catastrophe reinsurance Provide risk management advice & assistance
1/7/2006 SAICORP amalgamated with South Australian Financing Authority (SAFA).
Part of Dept. Treasury & Finance
Risk Management Advice & Risk Management Advice & AssistanceAssistance
Coordinating risk management training Assisting agencies with risk management policy &
framework development Providing funding for specific risk management initiatives Coordinating networks and forums Developing manuals & workbooks Publishing the SAICORP Newsletter Promoting AS/NZS4360 Risk Management Standard &
RMIA
Session OutlineSession Outline
1. Risk & Risk Management Context
2. Reasons for implementing risk management
policy & frameworks.
3. Developing risk management policy &
frameworks – agency considerations.
RISK MANAGEMENT STANDARD AS/NZS 4360
Developed with the objective of providing a guide to establishing a risk management framework using the risk management process.
The standard specifies the elements of the risk management process only.
It is a generic framework and independent of any specific industry or economic sector.
Definitions in 4360
Risk is “the CHANCE of something happening that will have an IMPACT on OBJECTIVES”
Risk = DEGREE of UNCERTAINTY as to the potential for gain as well as exposure to loss.
Risk Management is the “CULTURE, PROCESSES AND STRUCTURES that are directed towards realising potential opportunities, whilst managing adverse effects.”
Built-in continuous improvement cycle
Risk Assessment
= Identify, Analyse & Evaluate Risks
Define Context first
Opportunities as well
RISK MANAGEMENT PROCESS
Subset of the Risk Management process
Managers involved in this
Define Context and clear focus for risk assessment.
E.g. Strategic, business or project plan
3 years, 1 year, 6 months
J &PS Outcomes
Objectives – Impacted upon
Degree of Uncertainty
RISK ASSESSMENT
Unexpected Events
Expected Events
Uncertainty = at what rate will it occur
Will it Impact on Objectives?
Staff turnover, absences, workers compensation costs
Consider scenarios
RISK ASSESSMENT (continued)
Uncertainty-based Risks
Characteristics Extremely hard to
quantify Catastrophic in nature Out of our control Always negative
outcomes Restorative planning &
actions
RM Response Business Continuity Emergency Response Disaster Recovery
Planning
Question of balance.
Hazard type risks
Characteristics Insurable type risks Extensive data available SOP’s used to manage Accident rate that is
uncertain Treat by reducing
likelihood/consequence or both - Preventative
Examples OH & S / Workers Comp. Property Financial management Clinical
Opportunity type risks
Characteristics Often non insurable
type risks Assessment is
qualitative Performance related Treat by avoidance, risk
sharing etc. Integrated into business
Examples Strategic Business, Project
planning Opportunity costs Relationship, reputations Efficiency & effectiveness
2. Rationale for Implementing a2. Rationale for Implementing aRisk Management Policy & Framework?Risk Management Policy & Framework?
1) Compliance
2) Protection
3) Improve Organisational Performance
2.12.1 COMPLIANCE ISSUES COMPLIANCE ISSUES
S. A. Government : Risk Management Policy – Re-issued November 2003
CE’s Accountable to their Ministers Protect & enhance Govt. resources Protect well being of citizens & environment SAICORP to provide advice to the Crown
“Premiers Safety Commitment Statement” & DAIS - “Workplace Safety Management in the SA Public Sector 2004 - 2006 – Implementation Plan.”
Annual SAICORP Declarations – to meet our duty of disclosure to our insurers (re-insurers)
Corporate Governance Expectation
2.22.2 Protection Provided on Two Protection Provided on Two Levels :Levels :
1) Reduce likelihood of things going wrong and / or when things do go wrong, the consequences should be less severe.
2) Due diligence defence - will be able to demonstrate that all reasonable efforts have been made using a systematic, consistent approach to identify, rate and treat risks.
2.3 To improve organisational performance2.3 To improve organisational performance
1. Improve strategic and business planning
2. Improve information for decision making
3. Maximise the benefits of opportunities that arise
4. Improve operating efficiency due to targeting of resources, less time fire-fighting and avoidance of costly mistakes.
5. Provide an early warning system enabling preventative action to be taken
3.1 3.1 Policy & Framework – Policy & Framework – Agency ConsiderationsAgency Considerations
Central coordinating body responsible for Risk Management. Communication & Consultation on risk management Risk Management Policy & Framework
Criteria, categories of risks Likelihood & consequence indicators Risk Matrix Annual,Half Yearly, Quarterly, needs based risk assessment
Risk Assessment Tools & reporting requirements How to assist managers meet their risk management
responsibilities
Likelihood DescriptorsLikelihood Descriptors
LIKELIHOOD OF OCCURRENCE
RATING Description
Almost Certain 5 This event will almost certainly occur within the next six months
Likely 4It is likely that this event will occur at least once in the next year or it is moderately likely that this event will occur at least once in the next two years
Moderate 3 It is moderately likely that this event will occur at least once in the next two years
Unlikely 2 It is possible, though unlikely, that this event may occur once in a 2 year period
Rare 1May occur only in very unusual circumstances. Remote possibility of occurring once every 2 to 5 years
Consequence DescriptorsConsequence Descriptors
Example Detail Description
AREA OF IMPACT
RATING Financial Organisational Impact Reputation & ImageHuman
Resources
Insignificant 1Financial loss up to $50,000
Small delay, internal inconvenience only.
One off media coverage only
Minor injury. Temporary local poor morale.
Minor 2
Financial loss >$50,000 and < $100,000
Easily remedied, some impact on external stakeholders. Business objectives delayed.
Temporary negative impact on reputation
Lost time injury. Local but lingering poor morale. Skill mix issues
Moderate 3Financial loss >$100,000 and < $500,000
Considerable remedial effort required with widespread disruption to the organization extending for period up to 3 months. Some business objectives will not be achieved.
Temporary breakdown in key relationship. Widespread negative reporting in media. Premier or Ministerial involvement.
Serious permanent injury. Ongoing widespread morale issues. High staff turnover.
Major 4Financial loss > $500,000 and< $1 million
Permanent loss of critical information, substantial disruption to organization or external intervention extending over 3 months or more. Major goals not achieved.
Ongoing widespread negative reporting in media. Leads to a high-level independent investigation with adverse findings.
Death. Entrenched morale problems. Inability to recruit staff with necessary skills.
Catastrophic 5Financial loss > $1 million
Organisation is totally dysfunctional requiring appointment of an administrator.
Total loss of confidence within community leading to dismissal of Board.
Level of Risk MatrixLevel of Risk Matrix
Risk Analysis(Level of Risk
- LOR)
CONSEQUENCES
Insignificant1
Minor2
Moderate3
Major4
Catastrophic5
LIKELIHOOD
Almost Certa
in5
High High Extreme Extreme Extreme
Likely4
Moderate High High Extreme Extreme
Possible3
Low Moderate High Extreme Extreme
Unlikely2
Low Low Moderate High Extreme
Rare1
Low Low Moderate High High
3.2 3.2 What does a Risk Management What does a Risk Management Policy & FrameworkPolicy & Framework help to achieve?help to achieve?
A systematic and consistent approach to considering risk and opportunity integrated into all planning and business activities.
Cultural change – Reactive to Proactive to become embedded into the departmental culture.
Risk Assessment Training
Duration (three hours) for all managers and risk assessment facilitators on all aspects of risk assessment including: defining the risk assessment context; Identifying, analysing & evaluating risk; completing risk registers and developing risk treatment plans.
NOTE: Registration fee of $55 (incl. GST)
QUESTIONS ???????QUESTIONS ???????
www.treasury.sa.gov.au