Presentation on theme: "Risk Management in the S.A. Public Sector Darryl Bruhn Risk Management Coordinator SAFA (SAICORP) Phone 8226 3429"— Presentation transcript:
Risk Management in the S.A. Public Sector Darryl Bruhn Risk Management Coordinator SAFA (SAICORP) Phone
SAFA (SAICORP) 1/7/1994 South Australian Insurance Corporation (trading as SAICORP)established. Insurance cover for all agencies of the Crown Whole of Government catastrophe reinsurance Provide risk management advice & assistance 1/7/2006 SAICORP amalgamated with South Australian Financing Authority (SAFA). Part of Dept. Treasury & Finance
Risk Management Advice & Assistance Coordinating risk management training Assisting agencies with risk management policy & framework development Providing funding for specific risk management initiatives Coordinating networks and forums Developing manuals & workbooks Publishing the SAICORP Newsletter Promoting AS/NZS4360 Risk Management Standard & RMIA
RISK MANAGEMENT STANDARD AS/NZS 4360 Developed with the objective of providing a guide to establishing a risk management framework using the risk management process. The standard specifies the elements of the risk management process only. It is a generic framework and independent of any specific industry or economic sector.
Definitions in 4360 Risk is the CHANCE of something happening that will have an IMPACT on OBJECTIVES Risk = DEGREE of UNCERTAINTY as to the potential for gain as well as exposure to loss. Risk Management is the CULTURE, PROCESSES AND STRUCTURES that are directed towards realising potential opportunities, whilst managing adverse effects.
Built-in continuous improvement cycle Risk Assessment = Identify, Analyse & Evaluate Risks Define Context first Opportunities as well RISK MANAGEMENT PROCESS
Subset of the Risk Management process Managers involved in this Define Context and clear focus for risk assessment. E.g. Strategic, business or project plan 3 years, 1 year, 6 months J &PS Outcomes Objectives – Impacted upon Degree of Uncertainty RISK ASSESSMENT
Unexpected Events Expected Events Uncertainty = at what rate will it occur Will it Impact on Objectives? Staff turnover, absences, workers compensation costs Consider scenarios RISK ASSESSMENT (continued)
Uncertainty-based Risks Characteristics Extremely hard to quantify Catastrophic in nature Out of our control Always negative outcomes Restorative planning & actions RM Response Business Continuity Emergency Response Disaster Recovery Planning Question of balance.
Hazard type risks Characteristics Insurable type risks Extensive data available SOPs used to manage Accident rate that is uncertain Treat by reducing likelihood/consequence or both - Preventative Examples OH & S / Workers Comp. Property Financial management Clinical
Opportunity type risks Characteristics Often non insurable type risks Assessment is qualitative Performance related Treat by avoidance, risk sharing etc. Integrated into business Examples Strategic Business, Project planning Opportunity costs Relationship, reputations Efficiency & effectiveness
2. Rationale for Implementing a Risk Management Policy & Framework? 1)Compliance 2)Protection 3)Improve Organisational Performance
2.1 COMPLIANCE ISSUES S. A. Government : Risk Management Policy – Re-issued November 2003 CEs Accountable to their Ministers Protect & enhance Govt. resources Protect well being of citizens & environment SAICORP to provide advice to the Crown Premiers Safety Commitment Statement & DAIS - Workplace Safety Management in the SA Public Sector – Implementation Plan. Annual SAICORP Declarations – to meet our duty of disclosure to our insurers (re-insurers) Corporate Governance Expectation
2.2 Protection Provided on Two Levels : 1)Reduce likelihood of things going wrong and / or when things do go wrong, the consequences should be less severe. 2)Due diligence defence - will be able to demonstrate that all reasonable efforts have been made using a systematic, consistent approach to identify, rate and treat risks.
2.3 To improve organisational performance 1.Improve strategic and business planning 2.Improve information for decision making 3.Maximise the benefits of opportunities that arise 4.Improve operating efficiency due to targeting of resources, less time fire-fighting and avoidance of costly mistakes. 5.Provide an early warning system enabling preventative action to be taken
3.1 Policy & Framework – Agency Considerations Central coordinating body responsible for Risk Management. Communication & Consultation on risk management Risk Management Policy & Framework Criteria, categories of risks Likelihood & consequence indicators Risk Matrix Annual,Half Yearly, Quarterly, needs based risk assessment Risk Assessment Tools & reporting requirements How to assist managers meet their risk management responsibilities
Likelihood Descriptors LIKELIHOOD OF OCCURRENCE RATINGDescription Almost Certain5This event will almost certainly occur within the next six months Likely4 It is likely that this event will occur at least once in the next year or it is moderately likely that this event will occur at least once in the next two years Moderate3It is moderately likely that this event will occur at least once in the next two years Unlikely2It is possible, though unlikely, that this event may occur once in a 2 year period Rare1May occur only in very unusual circumstances. Remote possibility of occurring once every 2 to 5 years
Consequence Descriptors Example Detail Description AREA OF IMPACT RATINGFinancialOrganisational ImpactReputation & Image Human Resources Insignificant1 Financial loss up to $50,000 Small delay, internal inconvenience only. One off media coverage only Minor injury. Temporary local poor morale. Minor2 Financial loss >$50,000 and < $100,000 Easily remedied, some impact on external stakeholders. Business objectives delayed. Temporary negative impact on reputation Lost time injury. Local but lingering poor morale. Skill mix issues Moderate3 Financial loss >$100,000 and < $500,000 Considerable remedial effort required with widespread disruption to the organization extending for period up to 3 months. Some business objectives will not be achieved. Temporary breakdown in key relationship. Widespread negative reporting in media. Premier or Ministerial involvement. Serious permanent injury. Ongoing widespread morale issues. High staff turnover. Major4 Financial loss > $500,000 and< $1 million Permanent loss of critical information, substantial disruption to organization or external intervention extending over 3 months or more. Major goals not achieved. Ongoing widespread negative reporting in media. Leads to a high-level independent investigation with adverse findings. Death. Entrenched morale problems. Inability to recruit staff with necessary skills. Catastrophic5 Financial loss > $1 million Organisation is totally dysfunctional requiring appointment of an administrator. Total loss of confidence within community leading to dismissal of Board.
Level of Risk Matrix Risk Analysis (Level of Risk - LOR) CONSEQUENCES Insignificant 1 Minor 2 Moderate 3 Major 4 Catastrophic 5 L I K E L I H O O D Almost Certa in 5 High Extreme Likely 4 ModerateHigh Extreme Possible 3 LowModerateHighExtreme Unlikely 2 Low ModerateHighExtreme Rare 1 Low ModerateHigh
3.2 What does a Risk Management Policy & Framework help to achieve? A systematic and consistent approach to considering risk and opportunity integrated into all planning and business activities. Cultural change – Reactive to Proactive to become embedded into the departmental culture.
Risk Assessment Training Duration (three hours) for all managers and risk assessment facilitators on a ll aspects of risk assessment including: defining the risk assessment context; Identifying, analysing & evaluating risk; completing risk registers and developing risk treatment plans. NOTE: Registration fee of $55 (incl. GST)