A risky business
Civil Society facing tough choices in a new world of risk.
2nd November 2010Paul EmeryHead of Community and Social Organisations
Bridget CollobyMarketing Manager
© Z
uri
ch In
sura
nce
Com
pan
y
2
Agenda
Introductions
What this session is about
Contributor input, group work
Feedback and conclusions
Wrap
© Z
uri
ch In
sura
nce
Com
pan
y
3
The two agendas for risk management
Why should you be interested in risk management?
© Z
uri
ch In
sura
nce
Com
pan
y
4
Controls / Assurance / Audit / Inspection
C2 What are the legal requirements for charities in relation to risk management?
Charities that are required by law to have their accounts audited must make a risk management statement in their trustees' annual report confirming that
“...the charity trustees have given consideration to the major risks to which the charity is exposed and satisfied themselves that systems or procedures are established in order to manage those risks.” (Charities (Accounts and Reports) Regulations 2008)
Major risks are those risks that have a major impact and a probable or highly probable likelihood of occurring.
If they occurred they would have a major impact on some or all of the following areas: governance; operations; finances; environmental or external factors such as public opinion
or relationship with funders; a charity's compliance with law or regulation.
Any of these major risks and their potential impacts could change the way trustees, supporters or beneficiaries might deal with the charity.
© Z
uri
ch In
sura
nce
Com
pan
y
5
Is this why for many charities…
Risk management is a paper exercise?
They feel they gain limited benefit from undertaking risk management?
It is a once a year process with limited involvement from the Board?
© Z
uri
ch In
sura
nce
Com
pan
y
6
What is risk based decision making?
All organisations exist to achieve their objectives.
The purpose of (business) risk management is to manage the barriers to achieving these objectives.
Tre
asu
ry 2
00
0 (
OG
C)
© Z
uri
ch In
sura
nce
Com
pan
y
7
There are two types of risks:
Direct threats (damaging events) which could lead to a failure to achieve objectives.
Opportunities (constructive events) which if exploited could offer an improved way of achieving objectives , but which are surrounded by threats.
© Z
uri
ch In
sura
nce
Com
pan
y
8
Business v Operational risks
Business risksThose which have been identified as potentially damaging to the achievement of the organisation’s objectives.
Operational risks
Risks which managers, staff and volunteers are likely to encounter in day-to-day work situations.
© Z
uri
ch In
sura
nce
Com
pan
y
9
What about insurance?
“Risk Management is not just about insurance”
80%
of risks faced by of risks faced by
organisations organisations
are are notnot
insurable!insurable!
‘‘Chance or choice’ - Chance or choice’ -
SOLACE/ZMMSSOLACE/ZMMS
© Z
uri
ch In
sura
nce
Com
pan
y
10
What is the context?
Significant crises impacting on organisations’ abilities to continue are now becoming one in five year events.
Hardest hitting recession for many years.
With funding resources scarce, partners want confidence that you understand and are managing your key risks.
The charity sector has become one of the major suppliers to Local Government in terms of commissioned services (estimated at over £12bn)
Society is less forgiving of failure.
© Z
uri
ch In
sura
nce
Com
pan
y
11
What is your role in this?
So, in effect, a [strategic] leader has (only) two jobs??
Identifying the opportunities that will lead to success(<25% of the job)
and
Managing the risks / issues / concerns which might get in the way (>75%of the job)
© Z
uri
ch In
sura
nce
Com
pan
y
12
What is a business risk? - definition
Risk is the variation in outcomes around an expectation
(in effect, risk management is scenario planning and management)
© Z
uri
ch In
sura
nce
Com
pan
y
13
The two agendasAc
hiev
e
obje
ctiv
es
Less risk
averse
Better (performance)manage
ment
Corporate
Governanc
e
Auditrequiremen
ts
Focus
on (financial) priorities
Better option
appraisal
Improved forward planning
Demonstrate
improvement
Contr
ols
/ a
ssura
nce
/ a
udit
/
insp
ect
ion
Ris
k-base
d d
eci
sion
maki
ng
© Z
uri
ch In
sura
nce
Com
pan
y
14
What risks does your organisation face?
The practical exercise
© Z
uri
ch In
sura
nce
Com
pan
y
15
Think about your organisation’s
Vision
Objectives
Strategies
Plans
And the potential barriers to success
© Z
uri
ch In
sura
nce
Com
pan
y
16
Introduction to research report
Public sector and wider Civil Society scopeResearch undertaken by leading third party research agency, Ipsos MoriDifferent perspectives on long term risks facing the public sector and wider Civil Society’Key sources – Public and Civil Society CEO’s, independent risk experts and academics, public poll, Zurich experts
CSR Big SocietyChange
CEO’sPublic
Experts
Zurich
LAs C&SOs Housing EducationHealth
Profile of riskContrast of opinion and importanceView of capability to mitigate risk
And, manage change
© Z
uri
ch In
sura
nce
Com
pan
y
17
Risks facing the sector
Directors of CSOs Public Our view
Budget cuts and income volatility
Maintaining and improving donations
Loss of funding & growing financial instability
Volunteers taking on what were previously paid roles
Fewer people volunteering Continuity & crisis response challenges
Maintaining the quality of services currently provided by
their organisation
Running public services no longer provided by government
Damage to reputation & brand equity
Changes in government policy Quality of services will decline Compromising charitable aims & purposes
Competition/survival Keeping to the purpose of the charity
A more challenging commissioning environment
© Z
uri
ch In
sura
nce
Com
pan
y
18
Taking the public with you
Which of these statements comes closest to your views on local councils / charities
26
17
24
24
51
59
Base: All adults aged 15+ randomly allocated question (336), fieldwork dates: 30 th July - 5th August 2010 – SOLACE 2010
Agree A more Agree B more
A: Individuals should have more responsibility for delivering local public
services because they know what the local area needs
A: Charities and voluntary groups should take on a
bigger role in the delivery of public services
B: It is the government’s job to provide public services and they should not rely on charities and volunteers to fill the gap
B: It is the council’s job to deliver local public services, as they have the expertise to do so
© Z
uri
ch In
sura
nce
Com
pan
y
19
People are less likely to volunteer in deprived areas
R2 = 0.9544
45%
50%
55%
60%
65%
70%
75%
1 2 3 4 5 6 7 8 9 10
CivicEngagementand formalvolunteering
% o
f people
part
icip
atin
g in
civ
ic
engagem
ent &
form
al v
olu
nte
ering
Base: 8,768 British adults, Fieldwork dates: April 2008 - March 2009 – SOLACE 2010
© Z
uri
ch In
sura
nce
Com
pan
y
20
CEO viewpoint
Importance/ability to deal with risks
Climate change
Operational risk management
Social risk
Reputation management
Changes in government policy
Data security
Budget uncertainty
WorkforceWorking with other organisations
*Base: 100 telephone interviews, 12 – 28 July 2010
Lower importance, Good ability to deal
Higher importance, Good ability to deal
Lower importance, Lower ability to deal
Higher importance, Lower ability to deal
© Z
uri
ch In
sura
nce
Com
pan
y
21
CEOs: Top risk issues
Budget uncertainty / Loss of funding
94%
© Z
uri
ch In
sura
nce
Com
pan
y
22
The backdrop
Fire safety
Housekeeping
Electrical wiring
Health & Safety
Capabilities
Security at site
Less Control
New Agenda
Paralysis
Opportunity
Pricing
New ways
Environment
Fear
Contracts
© Z
uri
ch In
sura
nce
Com
pan
y
23
Transition from uncertainty to certainty…
Major uncertainty
Spending Review
October 2010
Some certainty?
2010/11
More certainty
2012+January 2010
© Z
uri
ch In
sura
nce
Com
pan
y
24
Managing the transition to budget certainty
In your control
EmployeesVolunteersWhat you doContracts that you tender forChange managementCost controlSpread of revenue streamsFixed costs
Within your influence
Local authority stanceSpending of othersWhat happens re: full cost of recoveryWhat services are requiredLocal community agendaGovernment strategyMemorandum and articles
© Z
uri
ch In
sura
nce
Com
pan
y
25
CEO viewpoint – data security
Importance/ability to deal with risks
Climate change
Operational risk management
Social risk
Reputation management
Changes in government policy
Data security
Budget uncertainty
WorkforceWorking with other organisations
*Base: 100 telephone interviews, 12 – 28 July 2010
Lower importance, Good ability to deal
Higher importance, Good ability to deal
Lower importance, Lower ability to deal
Higher importance, Lower ability to deal
© Z
uri
ch In
sura
nce
Com
pan
y
26
Data security – what’s driving the risk?
Transparency– OCS wants more!
Consortia / Partnership working – Who’s got your data?
Instant media – When things go wrong they go wrong quickly!
Value of donor base to you and others – Cyber attack?
Measuring impact – more and more data, is it secure?
Technology – USB where is yours?
© Z
uri
ch In
sura
nce
Com
pan
y
27
Data security – can you see the risk?
Fire safety
Housekeeping
Electrical wiring
Health & Safety
Capabilities
Security at site
Shared Services / Systems
Partnership Working
Outsourcing – Supply Chains
Public Sector Delivery
Other Fraud
Social Networking
Scope of Risk
Mergers
Cyber Attack
© Z
uri
ch In
sura
nce
Com
pan
y
28
Risk – Data securityWhat are the potential consequences?
Reputational Damage
Public / corporate donorsLocal Authorities and Health providersVolunteersEmployeesTrustees / PatronBeneficiariesThird party suppliersInformation Commissioners Office / Fine
Crisis response and impact on BAU
© Z
uri
ch In
sura
nce
Com
pan
y
29
Zurich case study – the tip of the iceberg
Fine
© Z
uri
ch In
sura
nce
Com
pan
y
30
Zurich case study – the rest of the iceberg!
Fine
Audit and Consulting Fees
Indemnity Policies and Claims
Identity theft Redress payments
Customer Communications Exercise
Impact on BAU
Employees on project Customer acquisition / retention
Organisational Change
Technology costs Ongoing internal comms (cultural shift) New processes and procedures Office adaptations and new
equipment Increased operational costs
© Z
uri
ch In
sura
nce
Com
pan
y
31
Risk – data security
In your control
Partnership principles and governanceShared services contracts and controlsPolicies on social networking – communications frameworkFraud procedures, controls and systemsCrisis planningPublic sector contracts that you tender for.
Within your influence
Social networking and new media (external)Emerging fraud
© Z
uri
ch In
sura
nce
Com
pan
y
32
Importance/ability to deal with risks
Climate change
Operational risk management
Social risk
Reputation management
Changes in government policy
Data security
Budget uncertainty
WorkforceWorking with other organisations
*Base: 100 telephone interviews, 12 – 28 July 2010
Lower importance, Good ability to deal
Higher importance, Good ability to deal
Lower importance, Lower ability to deal
Higher importance, Lower ability to deal
Conclusions
© Z
uri
ch In
sura
nce
Com
pan
y
33
How does your original list of risks look now?
The practical exercise
© Z
uri
ch In
sura
nce
Com
pan
y
34
Your organisation’s
Vision
Objectives
Strategies
Plans
And the potential barriers to success
© Z
uri
ch In
sura
nce
Com
pan
y
35
The risk management cycle
RISK IDENTIFICATION
RISK ANALYSIS
PRIORITISATION
RISK MANAGEMENT
MONITORING
© Z
uri
ch In
sura
nce
Com
pan
y
36
Let’s do a risk ranking exercise
The practical exercise
© Z
uri
ch In
sura
nce
Com
pan
y
37
Likelihood - definition
Likelihood(over 2 years)
Very high
High
Significant
Low
Very low
Almost impossible
>90%
55% to 90%
15% to 55%
5% to 15%
1% to 5%
0% to 1%
© Z
uri
ch In
sura
nce
Com
pan
y
38
The risk profile template
A
B
C
D
E
F
IV III II I
STRATEGIC RISK PROFILE Organisation Name:
Likelihood:
A Very high
B High
C Significant
D Low
E Very low
F Almost impossible
Impact:
I Catastrophic
II Critical
III Marginal
IV Negligible
© Z
uri
ch In
sura
nce
Com
pan
y
39
Conclusions
Any questions / observations
‘Tough Choices’ launches on 8th November 2010
Access the report via www.NewWorldofRisk.com or complete the form to receive your copy
Top Related