Presentation is loading. Please wait.

Presentation is loading. Please wait.

QSPS 809 PMPA Andrew Graham School of Policy Studies Queens University

Published byFerdinand Egeland Modified over 6 years ago

Similar presentations

Presentation on theme: "QSPS 809 PMPA Andrew Graham School of Policy Studies Queens University"— Presentation transcript:

1 QSPS 809 PMPA Andrew Graham School of Policy Studies Queens University
Risk Management QSPS 809 PMPA Andrew Graham School of Policy Studies Queens University

2 Myths, Muddles and the Public Service
Risk Basics - Definitions Perceiving & Communicating Risk Risk Management Risk Tolerance Building a Risk Smart Culture Risk and Innovation

3 Myths, Muddles and the Public Service

4 Human Error is Both Universal and Inevitable It is the Downside of Having a Brain

5 Is the Public Sector Inherently Risk Averse?
Complicated question Risk in public sector is a complex field We do carry heavy role in sustaining programs Plenty of risk averse people, often in leadership positions Confusing avoiding bad risks when you can and not being prepared to adapt as risks arise Is the Public Sector Inherently Risk Averse?

6 Is the Public Sector Inherently Risk Averse?
Key factors in defining a risk averse culture: Organizational leaders trust their employees, Clarity of goals Excessive dependence of formalism: “By the book.” Blame the politics and politicians: so, why are so many of them voicing concern about how risk averse their public servants are? Is the Public Sector Inherently Risk Averse?

7 We are in a time when risk seems to be risky
From Lee McCormick, Director, Research CCAF on a major public sector survey on risk management last year. Source We are in a time when risk seems to be risky

8

9 Risk Basics - Definitions

10 Why do cars have brakes?

11 Risk is invariably portrayed as something bad
Public sector is seen a risk averse Risk is something to be minimized not an essential element of how government and public service work “The only alternative to risk management is crisis management --- and crisis management is much more expensive, time consuming and embarrassing.“ James Lam, Enterprise Risk Management, Wiley Finance © 2003 So, What’s The Problem?

12 Risk management is not crisis management
Focuses on objectives Future oriented Preventive Identifies both threats and opportunities Seeks to avoid crisis Seeks to leverage opportunities Regular part of doing business Dull: just part of the business Episodic Specific Threat Specialized response Extraordinary attention and urgency Seeks to restore status quo Special effort and focus Fun: great adrenalin flow Risk management is not crisis management

13 Any event or circumstance that can prevent an organization from achieving it goals.
What is a risk? “Risk is a choice rather than than a fate .” -Bernstein, 1996

14 If an organization does not consider risk intelligence as a critical strategic enabler, then risk will end up driving its strategy. “Risk comes from not knowing what you are doing.” -Warren Buffett

15 Risk as cross cutting the Management Framework

16 How Do You Measure It? Probability and Intensity
Not all risks are equal, not all risks require action – this is about priority setting More to follow “The policy of being too cautious is the greatest risk of all.” – Jawalarlal Nehru

17 Threat Opportunity

18 Perceiving & Communicating Risk

19 Risk the emotion and risk the calculation
Risk is detected in both the gut and the head – Dan Gardner, The Science and Politics of Fear Risk cannot be stripped down to cold numbers especially in so much of what the public sector does. Risk the emotion and risk the calculation

20 Risk as a feeling The intuitive reaction to danger, often automatic, nonverbal and an experimental approach to viewing risk. Even though decisions are based on statistical information there is an emotional element that means risk is subjective. People bring their world knowledge, personal disposition and interpretation of probability related statements as well as their ability to understand, manipulate or critically analyse information when it comes to risk. When judging or interpreting risk as feeling, we are susceptible to appealing shortcuts, although reliable in some instances, may also lead us astray.

21 Risk as a feeling – the four biases
Optimism bias – belief that one’s own risk is lower than the risk faced by others sharing the same behaviour. Risk denial – learnt cognitive skill, strengthened by past and peer experiences where new evidence only appears reliable if it is consistent with a person’s belief.

22 Risk as a feeling – the four biases
Anchoring bias – the human tendency to rely on one (often irrelevant) piece of information when making decisions. Risk aversion – where losses loom larger than gains. People will often take greater gains to avoid little losses while neglecting strategies to maximise long term gains. People’s perception of risk has been linked to behaviour in two ways; the first is protective, where the higher the perceived risk of a behaviour the lower the inclination to participate in that behaviour, the second perception is the opposite reaction, where the higher the perceived risk the higher the inclination to participate. emotional outcomes can also override consideration of probabilities. Given that there are these two approaches to risk, risk as analysis or risk as feelings, there may be some disjoint in the way humans view risk. Most people’s approach to risk taking would seem to be highly irrational. To help make sense of the uncertainty around risk people have tried to quantify it through the use of statistical methods, however, people’s emotions play an important part in their perception of risk

23 And then there’s the white male effect
Risks tend to be judged lower by men than women White men judge risks lower than men of colour Rich white men judge risk lower than poor white men Hierarchically advantages rich white men judge risk lower than all others So, who’s making decisions???? And then there’s the white male effect

24 And then sometimes, it is just obvious…….

25 Risk Communications is much more than political management of issues
Beyond crisis management Politics, yes, but it does not end their Program and institutional integrity The accountability loop what did you you, when and what did you do about it Conditioning public response and responsiveness Risk Communications is much more than political management of issues

26 Beware the Domino Effect
S K C O N F I D E R E P U T A I O N Beware the Domino Effect

27 The Arc of Public Issues – Phase One

28 The Arc of Public Issues – Phase Two

29 What influences perception of risk?
Characteristics of the risk Underlying views Social and organizational trust What influences perception of risk?

30 “Good risk communication helps create that trust necessary for successful response operations and societal resilience –the key elements for an effective risk management strategy.” Ross R, Risk and decision-making in homeland security. Risk Sciences Branch, Office of Special Programs, DHS, Science and Technology Directorate, Government of Australia

31 Role of Communications in the Risk Management Process

32 The communication of risk
The communication of risk is important in society as a two way exchange of information leads to the empowerment of individuals through better understanding and autonomy when making decisions. Poor communication could be lead to poor decisions, denial of the right to know and to participate in society and it can erode the goodwill and trust society needs to operate. Risk communication addresses knowledge, perceptions, attitudes and behaviour related to risk It is considered effective if the targeted audience takes notice, if there is greater understanding, and the communication leads to recommended behaviour as the outcome “People are disturbed, not by things, but by the view they take of them.” - Epictetus, Greek Stoic Philospher

33 An example of poor communication and understanding of risk
In October 1995 there was a contraceptive pill scare in Britain, when it was shown that there was a 100% increase of potentially life-threatening blood clots for women taking a new contraceptive, when in reality the risk went from 1 in to 2 in 7000. The estimated fallout from the scare was an estimated additional abortions, an increase of 800 pregnancies in girls under 16 and an additional £46 million in health services as well as a drop in confidence with oral contraception.

34 The communication of risk
General misunderstandings Can be due to several reasons – cognitive limitations and biases or personal factors such as culture or health. The provider of information can choose the method of communication that best suits its interests. The time frame for the risk is not identified or not the same period for the two groups being compared. When the reported risk is not the risk of the target audience. Due to the fact that risk information can be presented in several ways there is scope for the manipulation of risk information, and therefore there is a challenge to the ethical idea of informed consent For example, the benefits of treatment may be presented in terms of relative risk to make the numbers look large, while the harms are communicated in terms of absolute risk to make the numbers look small. there seems to be a lack of consensus among researchers and policy makers concerning the most appropriate method in which to communicate risk and, in particular, medical risk. The format in which risk information is given is critical as the dangers of being misled or making uninformed decisions are countless when individuals may have no prior opinions about the magnitude of risk One of the reasons for the lack of consensus concerning the most appropriate method in which to communicate risk is the frequency of poor representations in usage To overcome the use of poor representation of risk information, several formats of communication should be used.

35 The communication of risk
General misunderstandings Humans’ intuitive perception of risk can also cause misunderstanding. People have an insensitivity to large numbers; the loss of a few seems important. For example the loss of life due to one off shootings seems more important than the larger numbers lost to shootings in a war. Peoples’ insensitivity to probability, where the outcome has a stronger effect on emotions than the numerical value. For example the perception of risk is higher for events that are uncontrollable, catastrophic or fatal.

36 Risk Perception Risks feared less: Risks feared more: natural
choice involved may also provide benefit under your control from trusted source we are less aware of threatens others Risks feared more: new human-made imposed upon them associated with death from untrustworthy source directly affect you affect our children high uncertainty Risk Perception

37 VS Summer 2001 “Swimmers warned as hundred of sharks gather.” Sydney Morning Herald “Florida panel embraces ban on shark feeding” CNN Summer 2001 – July 6-September 11 Began with three attacks in a two week period. (2 in Florida, 1 in Bahamas). The first attack was an eight-year-old boy whose amputated arm was surgically reattached. Any subsequent attack worldwide received press coverage August: footage of shark swarms off coast of Florida (actually part of an annual shark migration). September: shark feeding legislation to help control the “problem” International Shark File – 76 attacks in 2001 (five deaths), lower than the 85 in 2000 (12 deaths). Average shark fatalities per year = 8. The only feeding frenzy was by the media. You have a higher chance of being injured by a lightening strike or deer than you do of a shark attack. (In 2010 there were 1.14 million deer-vehicle accidents in the US resulting in 140 deaths). This is counter-intuitive. Our “gut” tells us that sharks are more dangerous than deers. But often our gut is wrong. 37 37

38 Risk Perception September 2001 – 2002
1595 people died on America’s roads as a direct result of having fled the airports to be safe from terrorism. In the year following the September 11 attacks, 1595 people died on America’s roads as a direct result of having fled the airports to be safe from terrorism. (Dan Gardner 2008) German psychologist Gerd Gigerenzer studied US traffic patterns for the five years before September 11 and the five years after. He established that as a direct result of the one year shift away from plane travel to car travel (Sept 01-02) 1595 Americans died in car crashes. - An American professor calculated that if a terrorist was highjacking and crashing one passenger jet per week in the US, a person who took one flight a month for a year would have a 1-in chance of being killed. This is trivial compared with the annual 1-in-6000 odds of being killed in a car crash (US numbers). 1595 is more than half the total death toll from September 11 (3000), six times higher than the number of people on the doomed flights and 319 times higher than the number of people killed in the subsequent anthrax attacks. - Risk perception is a subjective judgement about characteristics and severity of risk. - Stakeholders’ perception of the risk will be the basis for their actions. We need to understand how our stakeholders perceive the risk in order to manage the risk. 38 38

39 Risk Management

40 Risk Management: Why Do It?
Degree of change in the organization and/or the working environment Degree of change in senior management with more to come Appetite for: governance (actual and optics) clarity of decision making Part of good corporate management – follows logically from sound planning, good direction and strategic outlook An powerful tool in allocating resources A communication tool within the organization and with key stakeholders Risk Management: Why Do It?

41 Gives greater assurance in an increasingly uncertain and complex world
We are getting better at both identifying and measuring risk in our environment Effective risk management better prepares an organizational for an uncertain future, enables it to match its predictive capacity to resource management and priority setting and better allocate accountability Why Do It?

42 Complacency is the enemy of risk management
When anyone asks me how I can best describe my experience in nearly forty years at sea, I merely say, uneventful. Of course there have been winter gales, and storms and fog and the like, but in all my experience, I have never been in any accident of any sort worth speaking about. I never saw a wreck and never have been wrecked, nor was I ever in any predicament that threatened to end in disaster of any sort. You see, I am not very good material for a story. Edward J. Smith, Captain, RMS Titanic Complacency is the enemy of risk management

43 The enemies of good risk management
Seeing mistakes as just failures. Inability to learn and adapt. Telling lies to power Fear of all risk – the catatonic leader. Parts that don’t work together – control and audit outside of operations. Policy systems that are disconnected from their targeted reality Arrogance about the organizational capacity to manage problems and change Ignorance of what is going on The enemies of good risk management

44 Benefits of An Integrated Approach to Risk Management
Alignment of all levels with objectives, priorities and tolerances for risks Reassures stakeholders that the organization is well managed Enables stakeholders and funders/policy setters to better understand needs of the organization Helps meet emerging national and international risk management standards, such as AS/NZS 4360 Allocates resources based on risk priorities Avoids surprises and helps ensure operating stability Benefits of An Integrated Approach to Risk Management

45 What is it a tool to do? Risk Management is an active
process. It is the opposite of emergency response. Risk management is also a process of choosing to accept, reject, transfer or manage risk to the organization. Manage Respond Plan Communicate What is it a tool to do?

46 “The essence of risk management lies in maximizing the areas where we have some control over the outcome while minimizing the areas where we have absolutely no control over the outcome and the linkage between effect and cause is hidden from us.” - Peter Bernstein, Against the Gods

47 What are the elements of Risk Management?
It’s the whole meal deal. That means: Risk identification that is systematic A system of documenting and reviewing major risks A system of risk mitigation strategies with clear assignment of responsibilities Risk communication management Risk governance – someone is overseeing what is going on and making decisions. Do Not Start Unless You Carry Through What are the elements of Risk Management?

48 The Process of Risk Management
Form Risk Assessment Team / Linkages identify & involve other affected areas of the OPP & relevant experts The Process of Risk Management SCANNING Risk Assessment What is the risk? What can get in the way of achieving objectives? What controls/systems are currently in place to manage the risk? Are these systems up to date, understood & implemented? What could still go wrong (short & long run)? Can the current system be improved? Identify & evaluate the options Corrective Action Plan plan developed to reduce likelihood or impact of occurrence; avoid activity… Evaluate the Outcome

49 Responses to risk

50 Classic Presentation of Risk

51 Here’s a better way

52 Hierarchy of Risk Control Measures

53 Setting that Word Control in Context
Internal control is what we do to see that the things we want to happen will happen … And the things we don’t want to happen won’t happen. Driven by our objectives and risks Forms and degree of control vary dramatically Lack of effective controls create risks for the organization Setting that Word Control in Context

54 How Does It Work? Risk Tolerances Filter

55 Risk Tolerance

56 Risk Analysis and Management Toolkit Risk Tolerances
Setting tolerances involves a mix of qualitative and quantitative measures Not always straightforward It takes experimentation and time Issue of how public they are is important Equally important is how politically sensitive they are: is there a tolerable murder rate? Wrong tolerance! Risk Tolerances TYPCIAL RISK TOLERANCE GRID 5 Worst Case 4 Severe 3 Major 2 Moderate 1 Minor

57 Risk Analysis and Management Toolkit Risk Tolerances
WHEN DO YOU ACT AND HOW? Employee confidence Widespread departures of key staff with scarce skills or knowledge. Sharp, sustained drop in employee survey results; departures of key staff with scarce skills or knowledge. Sharp decline in employee survey results; sharp increase in grievances. Modest decline in employee survey results; modest increase in grievances. Less than planned improvements in employee survey results. SEVERITY RISES

58 Canada Revenue agency: risk tolerance methodology
Multi-year effort at CRA Risk tolerance seen as vague concept Little guidance beyond general statements Part of ERM development Wanting to capture how to measure or display varying levels of comfort with risk exposure Defines risk tolerance as the willingness of CRA to accept or reject a given level of residual risk Turn this around and it becomes the amount of risk CRA can afford to take while remaining within its resources to achieve expected outcomes. Canada Revenue agency: risk tolerance methodology

59 Risk tolerance factors
10 Points 30 Points 30 Points 30 Points Risk tolerance factors 20 Points

60 General application

61 Risk tolerance and zero tolerance

62 Building a Risk Smart Culture

63 The Harsh Realities of Risk Management
Risk of blame may be highest risk Negativity bias in the culture twists meaning of risks Protection from risk through procedularism Web of rules as a security blanket Not rewarding correctible error Zero tolerance the moose in the room Audit as the salvation The Harsh Realities of Risk Management

64 Building a Risk Smart Culture
Operating a risk smart environment means having effective control tools Also, key cultural elements that aim at mindfulness and solutions over blame and disincentives Certain key cultural elements focusing on overall safe culture Building a Risk Smart Culture

65 Four Subcultures to Create One Culture of Resilience
The problem is that candid reporting of risks and errors takes trust and trustworthiness. Both are hard to develop, easy to destroy, and hard to institutionalize. Reporting Culture Just Culture Flexible Culture Learning Culture James Reason, Achieving a Safe Culture. 1998 Four Subcultures to Create One Culture of Resilience

66 “Reason argues that it takes four subcultures to ensure an informed culture:
What gets reported when people make errors or experience near misses (reporting culture) How people apportion blame when something goes wrong (just culture) How readily people can adapt to sudden and radical increments in pressure, pacing, and intensity (flexible culture) How adequately people can convert the lessons that they have learned into reconfigurations of assumptions, frameworks, and action (learning culture)”

67 Since safety cultures are dependent on the knowledge gained from rare incidents, mistakes, near misses, and other “free lessons,” they need to be structured so that people feel willing to “confess” their own errors. A reporting culture is about protection of people who report. It is also about what kinds of reports are trusted Reporting Culture

68 An organization is defined by how it handles blame and punishment, and that in turn can affect what gets reported in the first place. Just Culture

69 Adapts to changing demands
Deference to expertise – decisions migrate to expertise during periods of high-tempo activity Collect multiple signals from a variety of sources Flexible Culture

70 Learns by means of ongoing debates about constantly shifting discrepancies.
Shares experiences and learning from error. Builds a learning practice system. Learning Culture

71 To be mindful is to become susceptible to learning anxiety
To be mindful is to become susceptible to learning anxiety. They realize they do not know everything. There is a strong preoccupation with core business process, an understanding of how they work and can fail and desire to never rest on one’s laurels. Mindful Culture

72 Resilience is the ability to adapt to circumstances as they change while retaining organizational integrity Resilience includes the functional continuity of the system and services, limiting the magnitude of lasses and impact and fast recovery Agility in the face of new opportunities Active renewal or the bounce Redundancy and replaceable parts – the role of distributed knowledge and networks: economic disincentives As an alternative to deal with each emerging threat separately, one can opt for the strategy of resilience. Resilience enhances the capacity of an organisation to cope with stress and recover quickly when exposed to a hazard. The more resilient an organisation, the better able it is to cope with surprises. However, one should be aware that investments in resilience are suboptimal in economic terms compared with expected value approaches or risk-benefit balancing. Taking precautionary measures for highly uncertain events does not pay off if gains and losses are assessed over time (expected value concept). However, taking the resilience approach is highly recommended if an organisation faces many or even an indefinite number of unknown risks (or if these risks are highly uncertain in their impacts and probabilities). Resilient Culture

73 Think of it within a leadership framework, not a personal one.
Risk-taking should not be reckless, it should be strategic. Any risk should serve your organization’s mission. Steady hand: you have to be prepared for failures and adjustments. Its just fine to not take risks. Risk tolerances can have a cost in terms of investment, time, energy or diverting attention. Take the long view. You as a risk taker

74 This is a phone dichotomy.
Like You Have A Choice? You are in government, doing things. You engage with risk continually.

75 Bottom Line on Risk Difference between between being risk smart and risk stupid. Taking risks out of the blue is dumb. Taking smart and informed risks is something we do every day. Huge differences on risk between central offices and field operations. Risk management is a whole meal deal if we are to identify problems and solve them. This leads to mitigation and adaptation. This leads to innovation. Blame game is real and has to be managed.

76 The Risk Innovation Continuum
Risk in Our World: Real, Identified, Accepted Risks Mitigation and Adaptation Innovation to Adapt and Create

77 Don’t take unnecessary risks

Download ppt "QSPS 809 PMPA Andrew Graham School of Policy Studies Queens University"

Similar presentations

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.
From Research to Advocacy

From Research to Advocacy
Leadership and HRO Becoming the Culture We Want.

Leadership and HRO Becoming the Culture We Want.
Society for Risk Analysis Meeting 5-8 December 2004 Improving Government Risk Management and Appraisal of Risk to the Public Brian Glicksman.

Society for Risk Analysis Meeting 5-8 December 2004 Improving Government Risk Management and Appraisal of Risk to the Public Brian Glicksman.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
Assignment 2 Case Study. Criteria Weightage - 60 % Due Date – 11 th October 2012 Length of Analysis – 2500 words Leverage - +-10% including appendices,

Assignment 2 Case Study. Criteria Weightage - 60 % Due Date – 11 th October 2012 Length of Analysis – 2500 words Leverage % including appendices,
Health Systems and the Cycle of Health System Reform

Health Systems and the Cycle of Health System Reform
Integrated Risk Management Charles Yoe, PhD Institute for Water Resources 2009.

Integrated Risk Management Charles Yoe, PhD Institute for Water Resources 2009.
Copyright 2012 Delmar, a part of Cengage Learning. All Rights Reserved. Chapter 9 Improving Quality in Health Care Organizations.

Copyright 2012 Delmar, a part of Cengage Learning. All Rights Reserved. Chapter 9 Improving Quality in Health Care Organizations.
Developing a Framework In Support of a Community of Practice in ABI Jason Newberry, Research Director Tanya Darisi, Senior Researcher www.communitybasedresearch.ca.

Developing a Framework In Support of a Community of Practice in ABI Jason Newberry, Research Director Tanya Darisi, Senior Researcher
Kathy Corbiere Service Delivery and Performance Commission

Kathy Corbiere Service Delivery and Performance Commission
MODULE 9 MANAGERS AS DECISION MAKERS “Decide first, then act” How do managers use information to make decisions and solve problems? What are the steps.

MODULE 9 MANAGERS AS DECISION MAKERS “Decide first, then act” How do managers use information to make decisions and solve problems? What are the steps.
LECTURE 7 AVIATION SAFETY & SECURITY

LECTURE 7 AVIATION SAFETY & SECURITY
Andrew Graham School of Policy Studies Queens University.

Andrew Graham School of Policy Studies Queens University.
CYPS – Foundation Degree How to carry out a swot analysis.

CYPS – Foundation Degree How to carry out a swot analysis.
PERSPECTIVE OF HUMAN RESOURCE MANAGEMENT

PERSPECTIVE OF HUMAN RESOURCE MANAGEMENT
JMFIP Financial Management Conference

JMFIP Financial Management Conference
THINK DIFFERENT. THINK SUCCESS.

THINK DIFFERENT. THINK SUCCESS.
Mental & Emotional health

Mental & Emotional health

Similar presentations

Ads by Google