1 / 38

Risk Management in the Public Service

Risk Management in the Public Service . Caleb Sunguti Kenya School of Government. Risk – Legal Definition. Definition: 1 a) possibility of loss or injury; b ) liability for loss or injury if it occurs

ilana
Télécharger la présentation

Risk Management in the Public Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management in the Public Service Caleb Sunguti Kenya School of Government

  2. Risk – Legal Definition Definition: 1 a) possibility of loss or injury; b) liability for loss or injury if it occurs 2 a) the chance of loss to the subject matter of an insurance contract - uncertainty with regard to loss; b) a person or thing that is a specified hazard to an insurer

  3. What is risk? • A chance of something happening that when it occurs, will impacton your goals & objectives. • An event that may or may not happen but if it does, it causes unpleasant outcomes for our projects. • Risks are threats to the success of the Organization!

  4. Types of risks • Knowledge risk -deficient knowledge is applied • Relationship risk –failure to collaborate effectively • Process-engagement risk – failure to operate effectively • Strategic risk, e.g. risks arising from policy decisions • Opportunity risk, e.g. the risk of missing opportunities to improve on delivery of the Ministry/ department’s objectives • Risks arising from pilot projects, e.g. risk of not learning from pilots • Reputation risk, e.g. risk of damage to the Ministry/ department’s credibility and reputation

  5. Types of risks…ctd • Financial risk, e.g. risks arising from spending on capital projects • Operational risk, e.g. risks associated with delivery of public services • Project risk e.g. risks of introducing new systems • Compliance risk, e.g. the risk of failing to meet government standards/laws and regulations • Risks arising from new ways of working, e.g. Concessioning or Public Private Partnerships. • Risks facing the public which fall within your Ministry/ department’s area of responsibility.

  6. Operational Hazard Physical Strategic Capital / resource allocation Industry / competitors Technological Databases Security Confidential information Stakeholder Legal Compliance Regulatory Financial Capital markets Credit risks Taxes Human capital Retention Training Reputational Types of Risks

  7. Sources of Risk • Unreasonable timelines • Requirements change • Budget overruns • Legal risks • Untested technology • Unknown suppliers • Unusual deliverables • Interpersonal dynamics • Failure/deficiency of input • Unforeseen problems • Lack of options for contingencies • Unrelated party actions • Acts of God

  8. Risk management • Is the process of measuring or assessing risk and developing strategies to manage it. • Strategies include transferringthe risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. • Risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled later. • The leader’s challenge is to balance between risks with a high probability of occurrence but lower loss versus those with high loss but lower probability of occurrence.

  9. Risk Management • Identification, assessment, evaluation and mitigation of risks and their associated outcomes • Cost/benefit analysis • Between various risk alternatives • Analysis • The identification and assessment of the risk as to likelihood and potential outcomes • The costs associated with the potential outcome • The costs associated with various alternatives and mitigating against potential risks

  10. Why manage risk? • Managing risk comes with creation of immediate value from the identification and reduction of risks that reduce productivity. • It also helps to solve resource allocation problems by allocating resources on more profitable activities that effectively benefits from them.

  11. Why Risk Lesson is Important? • Compliance with applicable laws and regulations. • Accomplishment of the entity’s mission. • Relevant and reliable risk reporting. • Effective and efficient operations. • Safeguarding of assets.

  12. Justification to Public service in Kenya • Improvement on public service delivery • Achievement of V2030 flagship projects • Maximum benefits from devolved funds • Motivation of public sector employees • Proper management of public debt • Proper management of public sector contracts. • Good governance in government

  13. Purpose of risk management • To provide support on Risk management to your department • To develop and implement risk management policies, guidelines and frameworks; • To provide risk management technical support to your institution; • To facilitate implementation of risk management best practice in the work place; • To facilitate risk management knowledge sharing; and • To provide fraud prevention support to your institution.

  14. An Integrated Risk Management Framework • The Integrated Risk Management Framework provides guidance to adopt a more holistic approach to managing risk. • The application of the Framework is expected to enable employees and organizations to better understand the nature of risk, and to manage it more systematically.

  15. Enterprise RM Definition • ERM “is a structured, consistent and continuous process across the whole organization for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievements of its objectives.” • Public sector adopts ERM by developing and implementing a RM Policy.

  16. Issues in ERM Implementation • Different corporate cultures require different ERM approaches • Who is going to be the ERM champion within the organization • Among senior executives • Among departments / functions • How to embed a risk management culture and responsibilities throughout the organization.

  17. Keys to Success in ERM • Senior management commitment and sponsorship • Embed a “risk management culture” in the corporation at the operational level • Provide for accountability, both specific and widespread • Clearly defined responsibilities for coordination and maintenance • Adequate communication

  18. Traditional Risks managed in silos Concentrates on physical hazards and financial risks Insurance orientation Ad hoc / one-off projects Emerging Centralized mgt., with exec-level coordination Integrated consideration of all risks, firm-wide Opportunities for hedging, diversification Continuous and embedded A Paradigm Shift

  19. The Hierarchy of Risks Public Reforms Ministry of Finance Performance Contracting Secretariat Leading Government Agencies Strategic Risk Issues Operational Risk Issues Compliance Risk Issues Environmental Risk Issues Thematic Areas Political risk Finance Risk Procurement Risk HR Risk

  20. Effects of these risks include: • Poor public service delivery, insecurity, low food production, poor physical infrastructure, high costs of doing business, environmental degradation, reduced productivity, loss of public funds, low cost effectiveness, reduced public trust and confidence, reduction in Foreign Direct Investments (FDIs), low reputation in the international community and low credit rating among donors. • These effects carry with them a multiplier effect of high poverty levels, unemployment, low food production and slow economic growth.

  21. Typical effects of unmanaged risks on Organizations • They cost more than we thought they would! • They take longer than we thought they would! • They don’t deliver what we expected them to deliver! • They don’t produce the effects we desired! • Reputation is weakened • Our customers aren’t delighted!

  22. Steps in theRisk Management Process • Determine the corporation’s objectives • Identify the risk exposures • Quantify the exposures • Assess the impact • Examine alternative risk management tools • Select appropriate risk management approach • Implement and monitor program

  23. Risk Management Process ESTABLISHTHE CONTEXT C O M M U N I C A T E A N D C O N S U L T M O N I T O R A N D R E V I E W IDENTIFY RISK ANALYSE RISK EVALUATE RISK Yes Accept Risk No TREAT RISK

  24. 1. Establish the context • Planning the remainder of the process, • Mapping out the scope of the exercise, • The identity and objectives of the institution, • The basis upon which risks will be evaluated, • Defining a framework for the process, and agenda for identification and analysis of risk involved in the process.

  25. 2. Identification of potential risks After establishing the context, the next step is to identify potential risks • Risks are about events that, when triggered, cause problems; hence risk identification can start with the source of problems, or with the problem itself.

  26. Intelligent Tools Questionnaires Assumptions Lessons Learned Intuition Experts Personal Experience Logs Interviews Records Checklists Brainstorming How do you Identify RISKS? slide 26 of 18

  27. Office tool for Risk Management : Risk Register The main output of the risk identification process is a list of identified risks and other information needed to begin creating a risk register. A risk register is: • A document that contains the results of various risk management processes and that is often displayed in a table or spreadsheet format. • A tool for documenting potential risk events and related information. Risk events refer to specific, uncertain events that may occur to the detriment or enhancement of the project.

  28. Sample Risk Register

  29. 3. Assessment • Risks must be assessed as to their potential severity of loss and the probability of occurrence • These quantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring • It is critical to make the best educated guesses possible in order to properly prioritize the implementation of the risk management plan. • Risk assessment is used to identify, measure, and prioritize risks so that the greatest effort is used to address the auditable areas of greatest significance.  Risk assessment is one means of allocating resources to meet the auditing needs of the organization.

  30. 4. Risk analysis • Risk analysis involves estimating the probability of each factor affecting a programme and then determining the range of possible outcomes.

  31. Step A Define and categorize the risks to be ranked. Step C Describe the risks in terms of the attributes in risk summary sheets Step E Describe the issues identified and the resulting rankings. Step B Identify the risk attributes that should be considered Step D Perform the risk rankings. 4. Risk analysis framework Analysts Experts Lay people

  32. 5. Potential risk treatments • Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories: (The 4 T's) • Tolerate (retention) • Treat ( mitigation) • Terminate (elimination) • Transfer (buying insurance) 2. Ideal use of these strategies may not be possible. Some of them may involve trade-offs that are not acceptable to the organization or person making the risk management decisions

  33. Reduce its • likelihood • Transfer it • Budget • for it Ignore it Ways of dealing with RISK? • Tolerate • & Watch it • Mitigate its • effect Avoid it Eliminate it Treat, transfer, terminate, take the risk! slide 33 of 18

  34. 6. Create the plan • Decide on the combination of methods to be used for each risk • Each risk management decision should be recorded and approved by the appropriate level of management • For example, a risk concerning the image of the organization should have top management decision behind it whereas IT management would have the authority to decide on computer virus risks

  35. The risk management plan should propose applicable and effective security controls for managing the risks • For example, an observed high risk of computer viruses could be mitigated by acquiring and implementing anti virus software • A good risk management plan should contain a schedule for control, implementation and responsible persons for those actions

  36. Risk analysis results and management plans should be updated periodically. There are two primary reasons for this: • To evaluate whether the previously selected security controls are still applicable and effective, and • To evaluate the possible risk level changes in the business environment. For example, information risks are a good example of rapidly changing business environment.

  37. Current State • Findings from various surveys • An acknowledged need to improve risk management • A recognition that a holistic approach is appropriate and preferable • ERM can improve overall capital management and thus enhance corporate value and competitiveness • A variety of approaches to improving risk management • There are still problems to overcome

  38. Conclusion • “The revolutionary idea that defines the boundary between modern times and the past is the mastery of risk” - Peter Bernstein, Against the Gods

More Related