Risk Management in the S.A. Public Sector Darryl Bruhn Risk Management Coordinator SAFA (SAICORP) Phone 8226 3429 Bruhn.Darryl2@saugov.sa.gov.au
SAFA (SAICORP) 1/7/1994 South Australian Insurance Corporation (trading as SAICORP)established. Insurance cover for all agencies of the Crown Whole of Government catastrophe reinsurance Provide risk management advice & assistance 1/7/2006 SAICORP amalgamated with South Australian Financing Authority (SAFA). Part of Dept. Treasury & Finance
Risk Management Advice & Assistance Coordinating risk management training Assisting agencies with risk management policy & framework development Providing funding for specific risk management initiatives Coordinating networks and forums Developing manuals & workbooks Publishing the SAICORP Newsletter Promoting AS/NZS4360 Risk Management Standard & RMIA
Session Outline Risk & Risk Management Context Reasons for implementing risk management policy & frameworks. Developing risk management policy & frameworks – agency considerations.
RISK MANAGEMENT STANDARD AS/NZS 4360 Developed with the objective of providing a guide to establishing a risk management framework using the risk management process. The standard specifies the elements of the risk management process only. It is a generic framework and independent of any specific industry or economic sector.
Definitions in 4360 Risk is “the CHANCE of something happening that will have an IMPACT on OBJECTIVES” Risk = DEGREE of UNCERTAINTY as to the potential for gain as well as exposure to loss. Risk Management is the “CULTURE, PROCESSES AND STRUCTURES that are directed towards realising potential opportunities, whilst managing adverse effects.”
RISK MANAGEMENT PROCESS Built-in continuous improvement cycle Risk Assessment = Identify, Analyse & Evaluate Risks Define Context first Opportunities as well
RISK ASSESSMENT Subset of the Risk Management process Managers involved in this Define Context and clear focus for risk assessment. E.g. Strategic, business or project plan 3 years, 1 year, 6 months J &PS Outcomes Objectives – Impacted upon Degree of Uncertainty
RISK ASSESSMENT (continued) Unexpected Events Expected Events Uncertainty = at what rate will it occur Will it Impact on Objectives? Staff turnover, absences, workers compensation costs Consider scenarios
Uncertainty-based Risks Characteristics Extremely hard to quantify Catastrophic in nature Out of our control Always negative outcomes Restorative planning & actions RM Response Business Continuity Emergency Response Disaster Recovery Planning Question of balance.
Hazard type risks Characteristics Insurable type risks Extensive data available SOP’s used to manage Accident rate that is uncertain Treat by reducing likelihood/consequence or both - Preventative Examples OH & S / Workers Comp. Property Financial management Clinical
Opportunity type risks Characteristics Often non insurable type risks Assessment is qualitative Performance related Treat by avoidance, risk sharing etc. Integrated into business Examples Strategic Business, Project planning Opportunity costs Relationship, reputations Efficiency & effectiveness
2. Rationale for Implementing a Risk Management Policy & Framework? 1) Compliance 2) Protection 3) Improve Organisational Performance
2.1 COMPLIANCE ISSUES S. A. Government : Risk Management Policy – Re-issued November 2003 CE’s Accountable to their Ministers Protect & enhance Govt. resources Protect well being of citizens & environment SAICORP to provide advice to the Crown “Premiers Safety Commitment Statement” & DAIS - “Workplace Safety Management in the SA Public Sector 2004 - 2006 – Implementation Plan.” Annual SAICORP Declarations – to meet our duty of disclosure to our insurers (re-insurers) Corporate Governance Expectation
2.2 Protection Provided on Two Levels : 1) Reduce likelihood of things going wrong and / or when things do go wrong, the consequences should be less severe. 2) Due diligence defence - will be able to demonstrate that all reasonable efforts have been made using a systematic, consistent approach to identify, rate and treat risks.
2.3 To improve organisational performance Improve strategic and business planning Improve information for decision making Maximise the benefits of opportunities that arise Improve operating efficiency due to targeting of resources, less time fire-fighting and avoidance of costly mistakes. Provide an early warning system enabling preventative action to be taken
3.1 Policy & Framework – Agency Considerations Central coordinating body responsible for Risk Management. Communication & Consultation on risk management Risk Management Policy & Framework Criteria, categories of risks Likelihood & consequence indicators Risk Matrix Annual,Half Yearly, Quarterly, needs based risk assessment Risk Assessment Tools & reporting requirements How to assist managers meet their risk management responsibilities
Likelihood Descriptors LIKELIHOOD OF OCCURRENCE RATING Description Almost Certain 5 This event will almost certainly occur within the next six months Likely 4 It is likely that this event will occur at least once in the next year or it is moderately likely that this event will occur at least once in the next two years Moderate 3 It is moderately likely that this event will occur at least once in the next two years Unlikely 2 It is possible, though unlikely, that this event may occur once in a 2 year period Rare 1 May occur only in very unusual circumstances. Remote possibility of occurring once every 2 to 5 years
Consequence Descriptors AREA OF IMPACT RATING Financial Organisational Impact Reputation & Image Human Resources Insignificant 1 Financial loss up to $50,000 Small delay, internal inconvenience only. One off media coverage only Minor injury. Temporary local poor morale. Minor 2 Financial loss >$50,000 and < $100,000 Easily remedied, some impact on external stakeholders. Business objectives delayed. Temporary negative impact on reputation Lost time injury. Local but lingering poor morale. Skill mix issues Moderate 3 Financial loss >$100,000 and < $500,000 Considerable remedial effort required with widespread disruption to the organization extending for period up to 3 months. Some business objectives will not be achieved. Temporary breakdown in key relationship. Widespread negative reporting in media. Premier or Ministerial involvement. Serious permanent injury. Ongoing widespread morale issues. High staff turnover. Major 4 Financial loss > $500,000 and< $1 million Permanent loss of critical information, substantial disruption to organization or external intervention extending over 3 months or more. Major goals not achieved. Ongoing widespread negative reporting in media. Leads to a high-level independent investigation with adverse findings. Death. Entrenched morale problems. Inability to recruit staff with necessary skills. Catastrophic 5 Financial loss > $1 million Organisation is totally dysfunctional requiring appointment of an administrator. Total loss of confidence within community leading to dismissal of Board. Example Detail Description
Level of Risk Matrix L IKELIHOOD CONSEQUENCES Risk Analysis (Level of Risk - LOR) CONSEQUENCES Insignificant 1 Minor 2 Moderate 3 Major 4 Catastrophic 5 L IKELIHOOD Almost Certain 5 High Extreme Likely 4 Moderate Possible 3 Low Unlikely 2 Rare 1
3.2 What does a Risk Management Policy & Framework help to achieve? A systematic and consistent approach to considering risk and opportunity integrated into all planning and business activities. Cultural change – Reactive to Proactive to become embedded into the departmental culture.
Risk Assessment Training Duration (three hours) for all managers and risk assessment facilitators on all aspects of risk assessment including: defining the risk assessment context; Identifying, analysing & evaluating risk; completing risk registers and developing risk treatment plans. NOTE: Registration fee of $55 (incl. GST)
QUESTIONS ??????? www.treasury.sa.gov.au