Add to collection(s) Add to saved
  1. Business
  2. Finance

Implementing a Risk Management Framework at the Department of

advertisement 
Enterprise Risk Management in
DHHS
Erin Baker
Director Human Resources and Workplace Safety
Risk in DHHS: My roles and responsibilities
• Leader: Risk Project Steering Group
• Member of Departmental Executive: oversight of DHHS
enterprise risk management framework and strategic level
risk register; ownership of some strategic risks
• Manager: oversight of business unit risk register
• Mentor: through Risk Network – building a culture of risk
management
In DHHS we manage risk to:
• Increase likelihood of achieving objectives
• Improve quality of services
• Protect staff, assets, property and reputation
• Improve performance consistent with values
• Support better decision making
• Apply our resources more effectively
Where did it all start?
• Frank discussions about how much risk the organisation
wished to pursue
• Having the difficult conversations
• Senior executives stepping outside of their own portfolio and
thinking strategically across the organisation.
DHHS – a journey to risk maturity
1.
2.
3.
4.
What is an enterprise risk management system?
Why did we choose it?
How did we do it?
What are the learnings?
Enterprise risk management (ERM)
ERM supports the achievement of an organisation’s objectives by
addressing the full spectrum of its risks and managing the
combined impact of those risks as an interrelated risk profile.
Principles of ERM
• The same framework applies across, up and down the
organisation
• The framework is tailored to the organisation, owned by its
leaders and integrated into planning, policy and systems
• We know the risks that could impact on achieving our
objectives
• Senior management and governance committees have ‘line of
sight’ to those risks
DHHS ERM Governance Structure
Audit and Risk Committee
Secretary
Departmental
Executive
Groups
Business Units
Performance,
Finance and Risk
Committee
Why ERM for DHHS?
•
•
•
•
•
A ‘mixed business’ with a broad mandate
National health reforms
Framework no longer matched the organisation
Changes to the external environment
Improve our performance
How did we do it?
• Established a project
clear objectives, tight timeframe, plan, governance,
sponsor, dedicated project manager, access to resources
• Gained high level support by engaging leaders to:
– develop and endorse the risk framework
– assess strategic risks
– achieve a common language
– know our risks
Project Objectives
1.
2.
3.
4.
5.
Know our risk profile
Validate and communicate our risk profile
Establish a risk governance system
Develop a risk management culture
Integrate risk management with systems
Objective 1: Knowing our risks
•
•
•
•
DHHS needed an up-to-date risk profile
Criteria linked to strategic objectives
Risk assessment by executive
Produced an initial risk profile – top risks
Objective 2: Communicate and Consult
• Risk assessment workshops for senior management
• Produced a strategic risk profile and group profiles
• Value of communicating and consulting:
– Shared understanding
– Shared language
– Enhanced decision making
Objective 3: Governance System
•
•
•
•
•
Policy, Handbook, Tools
Reporting and escalation
Risk Activity Management Plan
Risk Network
Risk Appetite Statement
Objective 4: Build a Culture of Risk Management
•
•
•
•
Senior management buy-in
Communicate the value of ERM
Managers are key stakeholders
Risk Network – support, mentor, consult
Objective 5: Integrate Risk Management
• Align with business planning cycle
• Integrate policies and processes
What does it look like?
• Risk assessment criteria tailored to our organisation and
linked to our strategic objectives
• Reporting system linked to our ‘risk tolerance’
• Escalation of ‘high’ and ‘extreme’ risks for treatment and
oversight
What are the outcomes?
• Less surprises
• Better planning
• Better communication
• Better decisions
What are the learnings?
• IT systems always take longer than you think
• Know your requirements before you start
• Its OK to start with something simple
What are the next steps?
• Rolling out framework to business units, with support
of Risk Network
• Setting the risk appetite
• Rolling out risk treatment plans
• Automated risk register
• First year of full cycle – business planning, budget,
performance management
• It’s a journey!
Questions?
Related documents
Medicaid/MIChild
Medicaid/MIChild
NAME OF GRANT/PROGRAM/AWARD
NAME OF GRANT/PROGRAM/AWARD
MM Assignment briefing - Jun-Sep 2013
MM Assignment briefing - Jun-Sep 2013
ENTERPRISE RISK MANAGEMENT, Implementation challenges
ENTERPRISE RISK MANAGEMENT, Implementation challenges
Preparing a Records Management Plan (RMP)
Preparing a Records Management Plan (RMP)
Childcare Adult Day School Building Application
Childcare Adult Day School Building Application
Marketing Planning (MOD004454)
Marketing Planning (MOD004454)
Tamer Saka - International Istanbul Insurance Conference
Tamer Saka - International Istanbul Insurance Conference
Risk Management - University of Connecticut
Risk Management - University of Connecticut
Presentation PPT
Presentation PPT
Erasmus +
Erasmus +
Managing Risk for Opportunity
Managing Risk for Opportunity
New Product Governance
New Product Governance
URIncluded Powerpoint
URIncluded Powerpoint
Madge Toye Temple
Madge Toye Temple
Hekder Turkey - castellum publicus
Hekder Turkey - castellum publicus
Online-Adviser-Presentation-Strategic-Thinking
Online-Adviser-Presentation-Strategic-Thinking
Consumer Related Serious Incident Reporting Procedure for
Consumer Related Serious Incident Reporting Procedure for
Presentation - EventRebels
Presentation - EventRebels
Math 377 / 477 Casualty Actuarial Mathematics
Math 377 / 477 Casualty Actuarial Mathematics
File
File
Federal Enterprise Risk Management – Where is the Value?
Federal Enterprise Risk Management – Where is the Value?
Download
advertisement