Presentation on theme: "Risk Management in the S.A. Public Sector"— Presentation transcript:
1 Risk Management in the S.A. Public Sector Darryl BruhnRisk Management CoordinatorSAFA (SAICORP)Phone
2 SAFA (SAICORP)1/7/1994 South Australian Insurance Corporation (trading as SAICORP)established.Insurance cover for all agencies of the CrownWhole of Government catastrophe reinsuranceProvide risk management advice & assistance1/7/2006 SAICORP amalgamated with South Australian Financing Authority (SAFA).Part of Dept. Treasury & Finance
3 Risk Management Advice & Assistance Coordinating risk management trainingAssisting agencies with risk management policy & framework developmentProviding funding for specific risk management initiativesCoordinating networks and forumsDeveloping manuals & workbooksPublishing the SAICORP NewsletterPromoting AS/NZS4360 Risk Management Standard & RMIA
5 RISK MANAGEMENT STANDARD AS/NZS 4360 Developed with the objective of providing a guide to establishing a risk management framework using the risk management process.The standard specifies the elements of the risk management process only.It is a generic framework and independent of any specific industry or economic sector.
6 Definitions in 4360Risk is “the CHANCE of something happening that will have an IMPACT on OBJECTIVES”Risk = DEGREE of UNCERTAINTY as to the potential for gain as well as exposure to loss.Risk Management is the “CULTURE, PROCESSES AND STRUCTURES that are directed towards realising potential opportunities, whilst managing adverse effects.”
7 RISK MANAGEMENT PROCESS Built-in continuous improvement cycleRisk Assessment= Identify, Analyse & Evaluate RisksDefine Context firstOpportunities as well
8 RISK ASSESSMENT Subset of the Risk Management process Managers involved in thisDefine Context and clear focus for risk assessment.E.g. Strategic, business or project plan3 years, 1 year, 6 monthsJ &PS OutcomesObjectives – Impacted uponDegree of Uncertainty
9 RISK ASSESSMENT (continued) Unexpected EventsExpected EventsUncertainty = at what rate will it occurWill it Impact on Objectives?Staff turnover, absences, workers compensation costsConsider scenarios
10 Uncertainty-based Risks CharacteristicsExtremely hard to quantifyCatastrophic in natureOut of our controlAlways negative outcomesRestorative planning & actionsRM ResponseBusiness ContinuityEmergency ResponseDisaster Recovery PlanningQuestion of balance.
11 Hazard type risks Characteristics Insurable type risks Extensive data availableSOP’s used to manageAccident rate that is uncertainTreat by reducing likelihood/consequence or both - PreventativeExamplesOH & S / Workers Comp.PropertyFinancial managementClinical
12 Opportunity type risks CharacteristicsOften non insurable type risksAssessment is qualitativePerformance relatedTreat by avoidance, risk sharing etc.Integrated into businessExamplesStrategicBusiness, Project planningOpportunity costsRelationship, reputationsEfficiency & effectiveness
13 2. Rationale for Implementing a Risk Management Policy & Framework? 1) Compliance2) Protection3) Improve Organisational Performance
14 2.1 COMPLIANCE ISSUES S. A. Government : Risk Management Policy – Re-issued November 2003CE’s Accountable to their MinistersProtect & enhance Govt. resourcesProtect well being of citizens & environmentSAICORP to provide advice to the Crown“Premiers Safety Commitment Statement” &DAIS - “Workplace Safety Management in the SA Public Sector – Implementation Plan.”Annual SAICORP Declarations – to meet our duty of disclosure to our insurers (re-insurers)Corporate Governance Expectation
15 2.2 Protection Provided on Two Levels : 1) Reduce likelihood of things going wrong and / or when things do go wrong, the consequences should be less severe.2) Due diligence defence - will be able to demonstrate that all reasonable efforts have been made using a systematic, consistent approach to identify, rate and treat risks.
16 2.3 To improve organisational performance Improve strategic and business planningImprove information for decision makingMaximise the benefits of opportunities that ariseImprove operating efficiency due to targeting of resources, less time fire-fighting and avoidance of costly mistakes.Provide an early warning system enabling preventative action to be taken
17 3.1 Policy & Framework – Agency Considerations Central coordinating body responsible for Risk Management.Communication & Consultation on risk managementRisk Management Policy & FrameworkCriteria, categories of risksLikelihood & consequence indicatorsRisk MatrixAnnual,Half Yearly, Quarterly, needs based risk assessmentRisk Assessment Tools & reporting requirementsHow to assist managers meet their risk management responsibilities
18 Likelihood Descriptors LIKELIHOOD OF OCCURRENCERATINGDescriptionAlmost Certain5This event will almost certainly occur within the next six monthsLikely4It is likely that this event will occur at least once in the next year or it is moderately likely that this event will occur at least once in the next two yearsModerate3It is moderately likely that this event will occur at least once in the next two yearsUnlikely2It is possible, though unlikely, that this event may occur once in a 2 year periodRare1May occur only in very unusual circumstances. Remote possibility of occurring once every 2 to 5 years
19 Consequence Descriptors AREA OF IMPACTRATINGFinancialOrganisational ImpactReputation & ImageHuman ResourcesInsignificant1Financial loss up to $50,000Small delay, internal inconvenience only.One off media coverage onlyMinor injury. Temporary local poor morale.Minor2Financial loss >$50,000 and < $100,000Easily remedied, some impact on external stakeholders. Business objectives delayed.Temporary negative impact on reputationLost time injury. Local but lingering poor morale. Skill mix issuesModerate3Financial loss >$100,000 and < $500,000Considerable remedial effort required with widespread disruption to the organization extending for period up to 3 months. Some business objectives will not be achieved.Temporary breakdown in key relationship. Widespread negative reporting in media. Premier or Ministerial involvement.Serious permanent injury. Ongoing widespread morale issues. High staff turnover.Major4Financial loss > $500,000 and< $1 millionPermanent loss of critical information, substantial disruption to organization or external intervention extending over 3 months or more. Major goals not achieved.Ongoing widespread negative reporting in media. Leads to a high-level independent investigation with adverse findings.Death. Entrenched morale problems. Inability to recruit staff with necessary skills.Catastrophic5Financial loss > $1 millionOrganisation is totally dysfunctional requiring appointment of an administrator.Total loss of confidence within community leading to dismissal of Board.Example Detail Description
20 Level of Risk Matrix L IKELIHOOD CONSEQUENCES Risk Analysis (Level of Risk - LOR)CONSEQUENCESInsignificant 1Minor 2Moderate 3Major 4Catastrophic 5L IKELIHOODAlmost Certain 5HighExtremeLikely 4ModeratePossible 3LowUnlikely 2Rare 1
21 3.2 What does a Risk Management Policy & Framework help to achieve? A systematic and consistent approach to considering risk and opportunity integrated into all planning and business activities.Cultural change – Reactive to Proactive to become embedded into the departmental culture.
22 Risk Assessment Training Duration (three hours) for all managers and risk assessment facilitators on all aspects of risk assessment including:defining the risk assessment context;Identifying, analysing & evaluating risk;completing risk registers anddeveloping risk treatment plans.NOTE: Registration fee of $55 (incl. GST)