Presentation is loading. Please wait.

Presentation is loading. Please wait.

Embedding risk management in the public sector – a rain check

Published byChance Hanks Modified over 9 years ago

Similar presentations

Presentation on theme: "Embedding risk management in the public sector – a rain check"— Presentation transcript:

1 Embedding risk management in the public sector – a rain check
Colette Kane Northern Ireland Audit Office Promoting better use of public money

2 Overview Good practice in Risk management
Key messages we wanted to promote How public sector bodies are doing Where additional focus is needed This is what I hope to focus on today- Firstly many of you will know we produced our Good Practice in Risk Management publication in June I will highlight to you the background to this publication, our purpose in producing it and what we did to bring it together. Secondly I will highlight the key messages we wished to promote when we produced the guide. Then I will talk a little about where we have seen changes in risk management from our perspective as public sector auditors and finally I will highlight where, in our view, additional focus is needed. I will also briefly discuss the Governance Statement and its role in risk management and how it is developing.

3 As I said we published this Good Practice guide in June It is on our website to download and still continues to hold the record for the most downloaded publication there. We considered we were ideally placed to produce the guide as we currently audit in excess of 200 public bodies covering all areas including health and local government. This is in addition to our value for money work. When we produced the publication we were fairly up front that the content presented nothing radical or new –rather it was a bringing together of good practice from a number of sources including Treasury and other sources. We did however aim to use local examples of good practice to illustrate issues. We produced a checklist which is replicated in the publication and used this to survey 16 bodies – the central government departments and a number of other bodies. We also used our knowledge of our audited bodies to include good examples where required – we did struggle to get organisations to highlight good practice ! So what was our aim: To revive risk management processes – at that time we were seeing a jaded process where, on many occasions, risk management was dusted down for quarterly board and audit committee meetings and even then was so far down agendas little time was left for discussion. To illustrate good practice examples- we knew there were good examples of risk management out there and we wanted these highlighted so others good use them Due to the economic climate – we saw, and I am sure you all agree, good risk management is key in an recession when there is pressure to produce more for less.. To dispel the myth that risk is bad – over and over again we had heard the mantra – the public sector is risk averse – indeed NIAO and the PAC don’t expect risks to be taken and therefore risk should be avoided. But we all know business could never be done without risk taking!

4 Good Practice in Risk Management-key messages
Process should be specific to each body. Managed risk taking can present opportunities. A clear understanding of roles and responsibilities in the process is key. Contingency planning is important for every organisation. Not all risks need to be accepted/treated. Good communication is key. Horizon scanning is recommended. Identify and communicate risk appetite. Consider fraud risk. Be clear on assurances. Process should be specific to each body – there is no one size fits all. Managed risk taking can present opportunities . A clear understanding of roles and responsibilities in the process is key – there is a diagram outlining the roles and responsibilities clearly – one issue we had with this was that boards were very often delegating responsibility for risk management to audit committees. Contingency planning is important for every organisation – not only for internal emergencies for emergencies which impact delivery thus we highlighted the need for a good tested communication strategy. Not all risks need to be accepted/treated – a reminder that risks can be terminated or transferred too. Good communication is key – so that everyone understands their specific role and responsibility in risk management. Horizon scanning is recommended – the benefits of looking around the corner. Identify and communicate risk appetite – this is one I will come back to – we encouraged bodies to start thinking about risk appetite Consider fraud risk – we saw this as particularly important in the current economic climate where fraud is more common Be clear on assurances- we were concerned that risk registers detailed lots of untested controls which did not seem to mitigate against the risk.

5 A rain check! We have observed;
An increased emphasis on risk management. As finances get tighter risk management is seen as more important. More conversations on risk around the board and audit committee table. Risk discussed at all levels within the organisation. Risk appetites being explored. More emphasis on the high risks. More movement on risks than before. So where are we now in 2014?

6 Could do better? Areas of risk management requiring more focus;
Braver managed risk taking. Too many risks being recorded and monitored. Risk assessment very cautious and without regard to appetite. The controls being relied upon are sometimes non existent. Horizon scanning not widely used. Fraud risk assessments not being prepared. Contingency planning still relatively weak and rarely tested. Disclosure in Governance Statements still being developed. Braver managed risk taking- some public sector organisations need to take significant risks to achieve their goals – organisations like InvestNI, NITB where pressure on the economy is their focus but its important this is managed risk taking, seeing the risks at the outset and including adequate controls as far as possible. Too many risks being recorded and monitored.- we still see risk registers with 20+ risks many considered low – organisations need to focus on the real risks and threats to them. Risk assessment very cautious and without regard to appetite – often there lots of high/high risks and this is because there is little regard to appetite. The conversations amongst senior management, around the board and audit committee table about appetite are extremely useful to determine the levels of acceptable risk. We strongly encourage bodies to determine risk appetite and communicate it widely. The controls being relied upon are sometimes non existent – I mentioned this before and we have been advocating the use of assurance frameworks so the key controls are examined and assurances are evidenced Horizon scanning not widely used – where it is used it is useful for ensuring controls are in place to counteract an unexpected or maybe even expected Fraud risk assessments not being prepared. Contingency planning still relatively weak and rarely tested. Disclosure in Governance Statements still being developed.- I will look at this in a little more detail.

7 Governance Statements
The governance statement should reflect the organisation’s governance, risk management and internal control arrangements and how they operate in practice. The Governance Statement should provide a sense of the organisation’s vulnerabilities and resilience to challenges. Then an overall higher level aim – much more than was required in the SIC. We recently produced a factsheet (available on our website ) which came from a review of a governance statements produced in the first year of implementation. The next slide details a couple of key recommendations from teh fact sheet specifically relating to risk management disclosures which I thought it might be useful to share with you.

8 Key Recommendations Focus more on the assessment of risk and particularly where risks have materialised and how these were addressed. New risks identified should be disclosed.

9 Once again a reminder of where you can find our good practice guide. Also if you work in a public sector body we audit we are always happy to advise on risk management processes. Thank you for your attention.

Download ppt "Embedding risk management in the public sector – a rain check"

Similar presentations

ATS QUALITY ASSURANCE PROGRAMMES. 2 NAV CANADA: THE COMPANY NAV CANADA, a non-share capital, private sector corporation incorporated May 1995 Financially.

ATS QUALITY ASSURANCE PROGRAMMES. 2 NAV CANADA: THE COMPANY NAV CANADA, a non-share capital, private sector corporation incorporated May 1995 Financially.
5 th June 2008 Peer review and development Penny Silvester Divisional Manager Learning and skills.

5 th June 2008 Peer review and development Penny Silvester Divisional Manager Learning and skills.
Comhairle Nan Eilean Siar - Ag obair comhla airson nan eileanChief Executive Local Government in Scotland Act - AUDIT BEST VALUE CHANGES LOCAL GOVERNMENT.

Comhairle Nan Eilean Siar - Ag obair comhla airson nan eileanChief Executive Local Government in Scotland Act - AUDIT BEST VALUE CHANGES LOCAL GOVERNMENT.
Debt Management Strategy: Governance and Transparency

Debt Management Strategy: Governance and Transparency
World Bank Financial Management Sector September 2010.

World Bank Financial Management Sector September 2010.
© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working: Follow Up Review Vale of Glamorgan Council Final Report- November 2009.

© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working: Follow Up Review Vale of Glamorgan Council Final Report- November 2009.
Delivering effective enterprise education: the role of learning design and technology Professor Pauric McGowan University of Ulster Dr Richard Blundel.

Delivering effective enterprise education: the role of learning design and technology Professor Pauric McGowan University of Ulster Dr Richard Blundel.
Improving how your organisation supports the use of research evidence to inform policymaking.

Improving how your organisation supports the use of research evidence to inform policymaking.
ICGFM Working in the Field in a Time of Increased Oversight Sean Temeemi, Chief Compliance Officer, FHI 360 November 7, 2012.

ICGFM Working in the Field in a Time of Increased Oversight Sean Temeemi, Chief Compliance Officer, FHI 360 November 7, 2012.
Insert event title and date (go to VIEW>MASTER>SLIDE MASTER to edit) Queenslan d Audit Office CPA Public Sector Discussion Group Paul Christensen A/Director.

Insert event title and date (go to VIEW>MASTER>SLIDE MASTER to edit) Queenslan d Audit Office CPA Public Sector Discussion Group Paul Christensen A/Director.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
RIG 6 February 2013 Governance Statements: Good practice observations from our audits Kate Mathers Director, Financial Audit 6 February 2013.

RIG 6 February 2013 Governance Statements: Good practice observations from our audits Kate Mathers Director, Financial Audit 6 February 2013.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
Audit Committee and Corporate Governance. The European Confederation of Institutes of Internal Auditing (ECIIA) Founded in 1982 Confederation of 32 countries.

Audit Committee and Corporate Governance. The European Confederation of Institutes of Internal Auditing (ECIIA) Founded in 1982 Confederation of 32 countries.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Chapter 4 Governance Context.

Chapter 4 Governance Context.
The global body for professional accountants Overcoming the challenges of implementing IPSASs & audit landscape Chris Ridley (ACCA Public Sector Global.

The global body for professional accountants Overcoming the challenges of implementing IPSASs & audit landscape Chris Ridley (ACCA Public Sector Global.

Similar presentations

Ads by Google