EEA and Norway Grants Programme risk management Inger K. Stoll, Head of Communication, Reporting and Evaluation, Financial Mechanism Office November 2012
Results and risks What is Results Based Management (RBM) RBM is a management strategy by which all actors, contributing directly or indirectly to achieving a set of results, ensure that their processes, products and services contribute to the achievement of desired results (outputs, outcomes and impact) What is a result and a risk? In the context of the Grants: A result is the output, outcome or impact of a development intervention A risk is an event that may occur and impede the objective
KEY CONCEPTS Results achievement Beneficiary oriented Managing for results and reduced risks
Risks • Risks are an expression of uncertainty • Risks are events that may occur, and if they occur, have harmful or negative effects on the achievement of results • Risks are closely related to the results and should consequently be analysed against the results framework of a programme • Risk analyses strengthen the basis for choosing realistic objectives and level of ambitions
Risk management process in 8 steps Establish strategy and processes • Develop a strategy for integrating risk management in results management • Establish risk leadership integrated in results management Analysis, actions and follow-up on several levels 3. Identify objectives at all levels 4. Identify critical success factors (assumptions) at all levels
Risk management process in 8 steps 5. Identify risks at all levels 6. Assess and prioritise the risks, in terms of likelihood and impact; high – medium – low 7. Address risks: avoid, reduce, share, accept 8. Mitigate and manage risks Learning – change - communication
Step 1. Develop a risk strategy • Develop a risk strategy for integrating risk management in results management. • Thispresentationgivessomebasictools to risk management at Programmelevel. FMO’s risk management strategy (in process): http://www.eeagrants.org/asset/4814/1/4814_1.pdf
Risk management levels Risk strategy at each level, according to roles and responsibilities Programme Total Grants Country Projects
Step 2: Establish risk leadership • All actors shall ensure that relevant risks are identified and analysed, and that actions are taken, if possible, to reduce the likelihood of negative incidents and limit any adverse effects to acceptable levels • Assign roles at each level • Programme Operator must actively take leadership at programme and for project levels
Step 3. Identify objectives at all levels Example – Renewable Energy Objective (pre-defined) Expected outcome(s) (pre-defined) Outputs Types of projects • Modernised RES infrastructure • R&D on RES • Feasibility of RES mapped out in relation to local conditions • Windmills • Solar systems • Hydropower • Bioenergy • Training in RES planning competence • Plans/policy development • Awareness raising campaigns at local level • Train the trainers • Training courses for officials at regional level • Training courses for officials at regional level
Step 4: Identify assumptions • Assumptions are the necessary positive conditions that allow for a succesful cause-and-effect relationship between the different levels of results. • Assumptions are critical success factors. • Assumptions are expressed as positive statements. • Assumptions are formulated after the objectives to ensure results chain realism
Step 4: AssumptionsAn example • Outcome: Participation in local election increases from 63% in 2012 to 75% in 2016. • Output: Votersregistrationincreases from 70% in 2012 to 90% in 2016. • Assumption: Votingcentresareoperational and in place on votingday.
Step 5: Identify risks at all levels • Risk identification is done in all phases of a programme, but early identification gives the best effect. • Normally requires several contributers. • If a critical assumption is likely to occur but not certain, it may represent a risk. • Risks are expressed as negative statements in relation to achievement of the desired result.
Step 5. Risk identification • Identifythe risk, monitor, manage and try to influence. A risk registrycan be useful. • Theremight be a conflictofinterestregardingsharinginformationof risks. • Keep in mind: Alwaysdocumentyour risk identification, analysis and mitigation
Risk categories It is common to group the risks incategories. We have identifiednine risk categories: • Policy and politics • Governance: Institutional, management, transparency and accountability • Corruption and procurementissues • Socio-cultural and gender equity, minorities, Roma, rights and values
Risk categories • Financial issues • Economic issues • Environmental and climate issues • Technical and technological issues • Role of DPPs and project partners
Risk dimensions Each risk categoryconsistsofcertain risk dimensions (expressed as criticalsucessfactor or assumptions): ExampleGovernancecategory: • Competence and capacity, skills available • Supportive legal frameworkconditions • Institutional framework is conducive • Control systems in place • Open and transparent systems in place
Cross cutting issues Keep in mindthe cross-cuttingissues: • Governance • Genderequality • Sustainabledevelopment: - Environmental - Economic - Social Thesearereflected in the risk categories. Cross-cuttingissuesareasssessed and addressed in all phasesofthe Program Cycle
Step 6: Assess and prioritisethe risks A risk analysiscontains an assessmentofthe risks in terms of • Probability or likelyhoodoftheoccurenceofthe risks • Consequences if theeventoccurs As the risk assessment is a forward-lookingexercise, theassessmentshouldtakeintoaccountthe whole agreementperiod- and beyond- to ensuresustainabilityoftheresults
Risk Analysis High Probability Medium Low High Low Medium Consequence
Narrative risk summary • The risk rating is accompanied by a narrative assessmenthighlightingthe major risks identified. • All thehigh or substantial risk ratingsarenamed as major risks Keep in mind: Distinguishprobability and consequence
Step 7: Address the risks – Risk tolerance levels Risks are inevitable. It is not an aim to avoid risks at all costs. A higher risk may be acceptable in contexts where the expected impact and benefits are higher than the potential risks.
Risk tolerance • Decisionsregardingtoleranceofmajor riskscan be divided in thefolllowingstrategies: • Avoid/terminate: Redesign programme or terminatetheprogramme or parts of it. • Transfer/share: Share risk withother partners (ex DPPs) or pass theimpactofthe risk to third part (e.g. via an insurance policy)
Risk tolerance • Accept: Accept the risks withoutanymitigatingactions, but monitor and manage if the risk levelincreases • Reduce, prevent, mitigate: Prepare a mitigation plan and implementmeasures.
Step 8: Mitigate and manage risks • Establish a system for risk monitoring and handling. • During implementation it is good practice to incorporate the mitigating measures in the regular work plan of the programme or projects, assign staff members responsible for actions and resources required.
Mitigation and management • Assess the implementation progress of the mitigating measures, manage and report. • Identify any new risks or changes in circumstances and add to your risk registry and work plan. • Sometimes we need to redesign our risk mitigation strategy and actions.
Reporting and dialogue • The programme risk management will be reported in the Annual Programme Report and in the NFP’s Annual Strategic Report • The risk picture and the possible mitigating actions will be a central element in the dialogue between donors, beneficiaries and the FMO
Risks to achievment of outcomes • At the programme level, the FMO bases its risk assessment on the Programme Proposal, the Annual Programme Report the Annual Strategic Report from the NFP and the dialogue. EU analyses are also used. • The FMO especially focuses on likelihood and consequence of risks to achievement of the outcomes = output to outcome review
Results for the beneficiaries • Weareinterested in achievingresults for thebeneficiaries, e g thehigherlevelobjectives, and correspondinglyinterested in thehigherlevel risks Weare in it together!