Presentation on theme: "Enterprise Risk Management in DHHS"— Presentation transcript:
1 Enterprise Risk Management in DHHS Erin Baker Director Human Resources and Workplace Safety
2 Risk in DHHS: My roles and responsibilities Leader: Risk Project Steering GroupMember of Departmental Executive: oversight of DHHS enterprise risk management framework and strategic level risk register; ownership of some strategic risksManager: oversight of business unit risk registerMentor: through Risk Network – building a culture of risk management
3 In DHHS we manage risk to: Increase likelihood of achieving objectivesImprove quality of servicesProtect staff, assets, property and reputationImprove performance consistent with valuesSupport better decision makingApply our resources more effectively
4 Where did it all start?Frank discussions about how much risk the organisation wished to pursueHaving the difficult conversationsSenior executives stepping outside of their own portfolio and thinking strategically across the organisation.
5 DHHS – a journey to risk maturity What is an enterprise risk management system?Why did we choose it?How did we do it?What are the learnings?
6 Enterprise risk management (ERM) ERM supports the achievement of an organisation’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk profile.
7 Principles of ERMThe same framework applies across, up and down the organisationThe framework is tailored to the organisation, owned by its leaders and integrated into planning, policy and systemsWe know the risks that could impact on achieving our objectivesSenior management and governance committees have ‘line of sight’ to those risks
8 DHHS ERM Governance Structure Audit and Risk CommitteeSecretaryDepartmental ExecutivePerformance, Finance and Risk CommitteeGroupsBusiness Units
9 Why ERM for DHHS? A ‘mixed business’ with a broad mandate National health reformsFramework no longer matched the organisationChanges to the external environmentImprove our performance
10 How did we do it?Established a project - clear objectives, tight timeframe, plan, governance, sponsor, dedicated project manager, access to resourcesGained high level support by engaging leaders to:develop and endorse the risk frameworkassess strategic risksachieve a common languageknow our risks
11 Project Objectives Know our risk profile Validate and communicate our risk profileEstablish a risk governance systemDevelop a risk management cultureIntegrate risk management with systems
12 Objective 1: Knowing our risks DHHS needed an up-to-date risk profileCriteria linked to strategic objectivesRisk assessment by executiveProduced an initial risk profile – top risks
13 Objective 2: Communicate and Consult Risk assessment workshops for senior managementProduced a strategic risk profile and group profilesValue of communicating and consulting:Shared understandingShared languageEnhanced decision making
14 Objective 3: Governance System Policy, Handbook, ToolsReporting and escalationRisk Activity Management PlanRisk NetworkRisk Appetite Statement
15 Objective 4: Build a Culture of Risk Management Senior management buy-inCommunicate the value of ERMManagers are key stakeholdersRisk Network – support, mentor, consult
16 Objective 5: Integrate Risk Management Align with business planning cycleIntegrate policies and processes
17 What does it look like?Risk assessment criteria tailored to our organisation and linked to our strategic objectivesReporting system linked to our ‘risk tolerance’Escalation of ‘high’ and ‘extreme’ risks for treatment and oversight
18 What are the outcomes? Less surprises Better planning Better communicationBetter decisions
19 What are the learnings? IT systems always take longer than you think Know your requirements before you startIts OK to start with something simple
20 What are the next steps?Rolling out framework to business units, with support of Risk NetworkSetting the risk appetiteRolling out risk treatment plansAutomated risk registerFirst year of full cycle – business planning, budget, performance managementIt’s a journey!