TR 07- FI- 02
INTERNAL CONTROL – basic course
RISK MANAGEMENT
January 2009
EU Twinning Project TR 07-FI-02
TR 07- FI- 02
THE STAGES
IDENTIFYreliable & comprehensive
information
REVIEW & REPORT ASSESS up to date, reliable, assess & record – current status fit for purpose potential for adverse impact
ADDRESScapability, supporting tools
ownership, contingency plans
TR 07- FI- 02
THE 3 MAIN APPROACHES TO RISK MANAGEMENT
INFORMAL
RULES – BASED
MOTIVATED ACTION
TR 07- FI- 02
INFORMAL APPROACH
THE RISKS
* Process & Policies are usually underdeveloped
* Reporting of bad news may not be part of the culture
* Risk information may not trigger action
* Accountability/responsibility may be unclear
* Blame rather than Encouragement
* Resources allocated may be disproportionate
SUMMARY: INADEQUATE?
TR 07- FI- 02
RULES - BASED APPROACH
THE RISKS
* Applied in a rule bound, inflexible way
* Focus: reporting and completing registers only
* Only performed to comply with ‘requirements’
* Information reliance substitutes good judgement
* Risk adverse for fear of censure
* Preoccupation with reputational risks
SUMMARY: INEFFECTIVE?
TR 07- FI- 02
MOTIVATED ACTIONS
THE BENEFITS
* Process & policies are subject to helpful ‘challenge’
* Combine quantitative methods, organisational learning,
& scenarios to consider uncertainty & response
* Professional judgement is encouraged
* Blame-free culture
* Innovation & risk taking are well managed
SUMMARY: EXPLICT & SYSTEMATIC?
TR 07- FI- 02
Risk Management Assessment Framework (1)
7 Categories set by the Risk Support Team, HM Treasury, UK in October 2004:
1. Leadership: do senior management and Ministers support and promote risk management?
2. Are people equipped and supported to manage risk well?
3. Is there a clear risk strategy and risk policies?
4. Are there effective arrangements for managing risks with partners
5. Do the organisation’s processes incorporate effective risk management?
Risk Handling6. Are risks handled well?
Outcomes7. Does risk management contribute to achieving outcomes?
TR 07- FI- 02
Risk Management Assessment Framework (2)
Assessment Scale:
Capability (Leadership; Policy & Strategy; People; Partnerships & Resources; and Processes):
1. Awareness and understanding2. Implementation planned & in progress3. Implemented in all key areas4. Embedded and improving5. Excellent capability established
Risk Handling and Outcome performance:1. No evidence2. Satisfactory3. Good4. Very good5. Excellent
TR 07- FI- 02
EFFECTIVE RISK MANAGEMENT REQUIRES:
IDENTIFY, ASSESS probability, significance & RECORD
DETERMINE THE RESPONSE - what is our capability to manage the response?
WHO IS IN OVERALL CHARGE OF IMPLEMENTING THE RESPONSE?
HOW TO ORGANISE IMPLEMENTING THE RESPONSE? – tools? people?
WHEN/HOW TO MONITOR & REVIEW THE RISK & RESPONSE –
is this reliable & effective? Does the approach need updating?
TR 07- FI- 02
Key themes in NAO guidance to Audit Committees (January 2010):
• Leadership• Staff training• Risk management framework• Risk identification• Risk evaluation• Control of risks• Risk Appetites• Embedding risk management
TR 07- FI- 02
RISK CATEGORIES (ILLUSTRATIVE)
EXTERNAL : p.e.s.t.l.e.
OPERATIONAL: delivery
capacity & capability
risk management performance & capability
CHANGE : specific targets
change programmes
new projects/new policies
TR 07- FI- 02
RESPONSES (ILLUSTRATIVE)
KNOW YOURSELF: S.W.O.T.
* fundamental controls
* consultation throughout the organisation
* ongoing application of control strategies
* awareness of organisational objectives
* early warning mechanisms & quick response
* reliable ‘business’ information
AN EMPHASIS ON CHANGING BEHAVIOURS
TR 07- FI- 02
SWOT – so what?
VALUE TO THE RISK TO THE
ORGANISATION ORGANISATION
S W
O T ABILITY TO ABILITY TO
EXPLOIT ADDRESS
TR 07- FI- 02
GROUP SESSION 5 risk management
1 organise yourselves
2 address the questions in the course outline
FOCUS YOUR THOUGHTS & RESPONSES ON:
IDENTIFYING & ADDRESSING RISKS
REMEMBER PREVIOUS GROUP SESSIONS