Transcript Risk Management in the S.A. Public Sector

Risk Management in the S.A.
Public Sector
Darryl Bruhn
Risk Management Coordinator
SAFA (SAICORP)
Phone 8226 3429
[email protected]
SAFA (SAICORP)
 1/7/1994 South Australian Insurance
Corporation (trading as SAICORP)established.
 Insurance cover for all agencies of the Crown
 Whole of Government catastrophe reinsurance
 Provide risk management advice & assistance
 1/7/2006 SAICORP amalgamated with South
Australian Financing Authority (SAFA).
 Part of Dept. Treasury & Finance
Risk Management Advice &
Assistance
 Coordinating risk management training
 Assisting agencies with risk management policy &
framework development
 Providing funding for specific risk management initiatives
 Coordinating networks and forums
 Developing manuals & workbooks
 Publishing the SAICORP Newsletter
 Promoting AS/NZS4360 Risk Management Standard &
RMIA
Session Outline
1. Risk & Risk Management Context
2. Reasons for implementing risk management
policy & frameworks.
3. Developing risk management policy &
frameworks – agency considerations.
RISK MANAGEMENT STANDARD
AS/NZS 4360
 Developed with the objective of
providing a guide to establishing
a risk management framework
using the risk management
process.
 The standard specifies the
elements of the risk management
process only.
 It is a generic framework and
independent of any specific
industry or economic sector.
Definitions in 4360
Risk is “the CHANCE of something happening that will have an IMPACT on
OBJECTIVES”
Risk = DEGREE of UNCERTAINTY as to the potential for gain as well as
exposure to loss.
Risk Management is the “CULTURE, PROCESSES AND STRUCTURES that
are directed towards realising potential opportunities, whilst managing
adverse effects.”
RISK MANAGEMENT
PROCESS
 Built-in continuous
improvement cycle
 Risk Assessment
=
Identify, Analyse &
Evaluate Risks
 Define Context first
 Opportunities as well
RISK ASSESSMENT
 Subset of the Risk
Management process
 Managers involved in this
 Define Context and clear focus
for risk assessment.
 E.g. Strategic, business or
project plan
 3 years, 1 year, 6 months
 J &PS Outcomes
 Objectives – Impacted upon
 Degree of Uncertainty
RISK ASSESSMENT
(continued)
 Unexpected Events
 Expected Events
 Uncertainty = at what rate will
it occur
 Will it Impact on Objectives?
 Staff turnover, absences,
workers compensation costs
 Consider scenarios
Uncertainty-based Risks





Characteristics
Extremely hard to
quantify
Catastrophic in nature
Out of our control
Always negative
outcomes
Restorative planning &
actions



RM Response
Business Continuity
Emergency Response
Disaster Recovery
Planning
Question of balance.
Hazard type risks





Characteristics
Insurable type risks
Extensive data available
SOP’s used to manage
Accident rate that is
uncertain
Treat by reducing
likelihood/consequence
or both - Preventative




Examples
OH & S / Workers Comp.
Property
Financial management
Clinical
Opportunity type risks





Characteristics
Often non insurable type
risks
Assessment is
qualitative
Performance related
Treat by avoidance, risk
sharing etc.
Integrated into business
Examples
 Strategic
 Business, Project
planning
 Opportunity costs
 Relationship, reputations
 Efficiency & effectiveness
2. Rationale for Implementing a
Risk Management Policy & Framework?
1)
Compliance
2)
Protection
3)
Improve Organisational Performance
2.1
COMPLIANCE ISSUES
 S. A. Government : Risk Management Policy –
Re-issued November 2003




CE’s Accountable to their Ministers
Protect & enhance Govt. resources
Protect well being of citizens & environment
SAICORP to provide advice to the Crown
 “Premiers Safety Commitment Statement” &
DAIS - “Workplace Safety Management in the SA Public Sector 2004 2006 – Implementation Plan.”
 Annual SAICORP Declarations – to meet our duty of disclosure to our
insurers (re-insurers)
 Corporate Governance Expectation
2.2 Protection Provided on Two
Levels :
1) Reduce likelihood of things going wrong and / or
when things do go wrong, the consequences should
be less severe.
2) Due diligence defence - will be able to demonstrate
that all reasonable efforts have been made using a
systematic, consistent approach to identify, rate and
treat risks.
2.3 To improve organisational performance
1. Improve strategic and business planning
2. Improve information for decision making
3. Maximise the benefits of opportunities that arise
4. Improve operating efficiency due to targeting of
resources, less time fire-fighting and avoidance of
costly mistakes.
5. Provide an early warning system enabling
preventative action to be taken
3.1





Policy & Framework –
Agency Considerations
Central coordinating body responsible for Risk Management.
Communication & Consultation on risk management
Risk Management Policy & Framework
 Criteria, categories of risks
 Likelihood & consequence indicators
 Risk Matrix
 Annual,Half Yearly, Quarterly, needs based risk assessment
Risk Assessment Tools & reporting requirements
How to assist managers meet their risk management
responsibilities
Likelihood Descriptors
LIKELIHOOD OF OCCURRENCE
RATING
Description
Almost Certain
5
This event will almost certainly occur within the next six months
Likely
4
It is likely that this event will occur at least once in the next year or it is moderately likely that this event
will occur at least once in the next two years
Moderate
3
It is moderately likely that this event will occur at least once in the next two years
Unlikely
2
It is possible, though unlikely, that this event may occur once in a 2 year period
Rare
1
May occur only in very unusual circumstances. Remote possibility of occurring once every 2 to 5 years
Consequence Descriptors
AREA OF IMPACT
RATING
Insignificant
Financial
1
Financial loss
up to $50,000
Organisational Impact
Reputation & Image
Small delay, internal
inconvenience only.
One off media
coverage only
Human
Resources
Minor injury.
Temporary
local poor
morale.
Example Detail Description
Lost time injury.
Minor
Moderate
Major
Catastrophic
Financial loss
>$50,000 and
< $100,000
Easily remedied, some impact on
external stakeholders. Business
objectives delayed.
Temporary negative
impact on reputation
Financial loss
>$100,000 and
< $500,000
Considerable remedial effort
required with widespread
disruption to the organization
extending for period up to 3
months. Some business
objectives will not be achieved.
Temporary breakdown
in key relationship.
Widespread negative
reporting in media.
Premier or Ministerial
involvement.
Serious
permanent
injury. Ongoing
widespread
morale issues.
High staff
turnover.
4
Financial loss
> $500,000
and< $1 million
Permanent loss of critical
information, substantial disruption
to organization or external
intervention extending over 3
months or more. Major goals not
achieved.
Ongoing widespread
negative reporting in
media. Leads to a
high-level independent
investigation with
adverse findings.
Death.
Entrenched
morale
problems.
Inability to
recruit staff with
necessary
skills.
5
Financial loss
> $1 million
Organisation is totally
dysfunctional requiring
appointment of an administrator.
Total loss of
confidence within
community leading to
dismissal of Board.
2
3
Local but
lingering poor
morale. Skill
mix issues
Level of Risk Matrix
CONSEQUENCES
Risk Analysis
(Level of Risk
- LOR)
Insignificant
1
Minor
2
Moderate
3
Major
4
Catastrophic
5
High
High
Extreme
Extreme
Extreme
Likely
4
Moderate
High
High
Extreme
Extreme
Possible
3
Low
Moderate
High
Extreme
Extreme
Unlikely
2
Low
Low
Moderate
High
Extreme
Low
Low
Moderate
High
High
Almost
Certa
in
5
L
I
K
E
L
I
H
O
O
D
Rare
1
3.2 What does a Risk Management
Policy & Framework help to achieve?
 A systematic and consistent approach to considering
risk and opportunity integrated into all planning and
business activities.
 Cultural change – Reactive to Proactive to become
embedded into the departmental culture.
Risk Assessment Training
 Duration (three hours) for all managers and
risk assessment facilitators on all aspects of
risk assessment including:




defining the risk assessment context;
Identifying, analysing & evaluating risk;
completing risk registers and
developing risk treatment plans.
NOTE: Registration fee of $55 (incl. GST)
QUESTIONS ???????
www.treasury.sa.gov.au