TRAINING RISK COMMITTEES RISK MANAGEMENT METHODOLOGY • A RISK METHODOLOGY Organises, prioritises and provides a common means of comparing risks identified Provides a structure to make risk assessment an on-going process – not an ad-hoc activity Risk management should become imbedded into the department’s day-to-day operations and culture RISK MANAGEMENT METHODOLOGY Risk Assessment - Analysis - Categorize - Prioritise Risk Response Risk Identification - Handling/action Plan Communication Continuous monitoring & Reporting STEP 1: IDENTIFY AND DESCRIBE THE RISKS The Objective (Clinical Institution / Chief Directorate/ Operational unit PREDETERMINED Formal Per regulation/policy INHERENT Basic management objectives Financial system control objectives STEP 2: STEP 2: RISK ASSESSMENT IMPACT Extreme RISK MANAGEMENT ACTIONS Unacceptable level of risk - Requires management attention within next 3 months Unacceptable level of risk - Immediate management attention Unacceptable level of risk - Immediate management attention Accept Risk but monitor Unacceptable level of risk -Requires management attention within next 3 months Unacceptable level of risk - Immediate management attention Accept Risk but monitor Accept Risk but monitor Unacceptable level of risk - Requires management attention within next 3 months Rare Possible Certainly Moderate None LIKELIHOOD STEP 3: RISK RESPONSE ACTION PLAN 1. Identify risk response options 2. Select risk response option 3. Assign risk ownership 4. Prepare risk response plans 5. Identify risk response options STEP 3: RISK RESPONSE CONTINUED 1. Identify risk response options Strategy Risk avoidance Risk acceptance Risk reduction Risk transfer Change the nature of the activity STEP 3: RISK RESPONSE CONTINUED 2. Select options for Response Scenario Response Option 1. High Likelihood and high consequence Reduce 2. High Likelihood and low consequence Reduce 3. Low likelihood and high consequence Reduce / Transfer 4. Low likelihood and low consequence Accept STEP 3: RISK RESPONSE CONTINUED 3. Assign risk ownership Risk owners nominated should assume responsibility for developing effective risk response plans. The risk owner should be senior staff member or manager. He/She should have sufficient technical knowledge about the risk and/ or risk area for which a response is required. The risk owner may delegate responsibility to his/her subordinates (but not accountability) STEP 3: RISK RESPONSE CONTINUED 4. Prepare response plans Risk objective/result/outcome Activities to achieve objective Time scale Progress on action % completed Reason not achieving time scale New time scale STEP 3: RISK RESPONSE PLANS CONTINUED 4.1 The Risk Action Plan should: Identify responsibilities; schedules; the expected outcome of the response; budgets; performance measures; the review process to be put in place, include mechanisms for assessing and monitoring response effectiveness. The Institution’s objectives and processes for monitoring action plan progress against critical implementation milestones Document how practically the chosen option will be implemented. STEP 3: RISK RESPONSE CONTINUED 5. Identify risk response options The process will start again. The process will also be followed when: New risks are identified and Major changes, capital expenditure, projects and similar events occur. STEP 4:COMMUNICATING & REPORTING 1. Responsibilities of the Risk management Sub-committees Risk Management Sub-committees high level responsibilities: • Implement Risk management Policy and Strategy • Apply risk tolerance levels and risk appetite levels • Apply the Department’s risk identification and assessment methodology • Evaluate the effectiveness of mitigating strategies to address the material risks • Report to the Department Risk Management Committee any material changes to the risk profile • Implement the Fraud Prevention Strategy • Implement the recommendations of any material findings by Internal/External auditors and Standard Compliance • Provide proper and timely reports. STEP 4: COMMUNICATING & REPORTING CONTINUED 2. Meetings 2012/13 Date of Department RM Committee meeting Date of submission of Risk sub-committee Action Plan Date of Risk subCommittee meeting 1st Quarter End of June 2012 31 May 2012 Approx 16-18 May 2012 2nd Quarter End of September 2012 31 August 2012 Approx 15-17 August 2012 3rd Quarter Begin of December 2012 9 November 2012 Approx 24-26 October 2012 4th Quarter End of March 2013 28 February 2013 Approx 14-16 February 2013 STEP 4:COMMUNICATING & REPORTING CONTINUED 3. Administrative Duties • The Committee Coordinator shall be the secretary of the Risk Management SubCommittee • The secretary shall forward the notice of each meeting to all members no later than ten working days prior to the date of the meeting • The notice shall confirm the venue, time, date and agenda. STEP 4: COMMUNICATING & REPORTING CONTINUED Reporting protocol 4.1 The General Managers are responsible to report on risks on behalf of the district. 1. Identify & assess their risks as in past 2.Manage those risks through quarterly action plans 3. General Managers would meet with the heads of respective institutions 4 General Managers would discuss action plan reports with them 5. Only high risks that Risk subcommittees are unable to reduce risk exposure 6. Be elevated to Department Risk Committee level 7 General Managers would only report on these high level risks STEP 4: COMMUNICATING & REPORTING CONTINUED 4.2 The General Managers are responsible to report on risks on behalf of the district. 1. Effective & efficient 2. Focus on high level operational risks the Department is exposed to STEP 5: CONTINOUS MONITORING COMPARE Actual results • Application of controls • Results of noncompliance • Utilisation of resources • Financial implication To facilitate decision Making and change Management Who does the monitoring Expectations • Process or control standards • Performance standards