TRAINING
RISK COMMITTEES
RISK MANAGEMENT METHODOLOGY
• A RISK METHODOLOGY
 Organises, prioritises and provides a common
means of comparing risks identified
 Provides a structure to make risk assessment an
on-going process – not an ad-hoc activity
 Risk management should become imbedded into
the department’s day-to-day operations and
culture
RISK MANAGEMENT METHODOLOGY
Risk Assessment
- Analysis
- Categorize
- Prioritise
Risk Response
Risk Identification
- Handling/action Plan
Communication
Continuous
monitoring
&
Reporting
STEP 1: IDENTIFY AND DESCRIBE THE RISKS
The Objective
(Clinical Institution / Chief Directorate/
Operational unit
PREDETERMINED
Formal
Per regulation/policy
INHERENT
Basic management
objectives
Financial system control
objectives
STEP 2:
STEP 2: RISK ASSESSMENT
IMPACT
Extreme
RISK MANAGEMENT ACTIONS
Unacceptable level of risk
- Requires management
attention within next 3 months
Unacceptable level of risk
- Immediate management
attention
Unacceptable level of risk
- Immediate management
attention
Accept Risk but monitor
Unacceptable level of risk
-Requires management
attention within next 3 months
Unacceptable level of risk
- Immediate management
attention
Accept Risk but monitor
Accept Risk but monitor
Unacceptable level of risk
- Requires management attention
within next 3 months
Rare
Possible
Certainly
Moderate
None
LIKELIHOOD
STEP 3: RISK RESPONSE
ACTION PLAN
1. Identify risk response options
2. Select risk response option
3. Assign risk ownership
4. Prepare risk response plans
5. Identify risk response options
STEP 3: RISK RESPONSE CONTINUED
1. Identify risk response options
Strategy
Risk avoidance
 Risk acceptance
 Risk reduction
 Risk transfer
Change the nature of the activity
STEP 3: RISK RESPONSE CONTINUED
2. Select options for Response
Scenario
Response Option
1. High Likelihood and high consequence
Reduce
2. High Likelihood and low consequence
Reduce
3. Low likelihood and high consequence
Reduce / Transfer
4. Low likelihood and low consequence
Accept
STEP 3: RISK RESPONSE CONTINUED
3. Assign risk ownership
 Risk owners nominated should assume
responsibility for developing effective risk
response plans.
 The risk owner should be senior staff member or
manager.
 He/She should have sufficient technical
knowledge about the risk and/ or risk area for
which a response is required.
 The risk owner may delegate responsibility to
his/her subordinates (but not accountability)
STEP 3: RISK RESPONSE CONTINUED
4. Prepare response plans
 Risk objective/result/outcome
 Activities to achieve objective
 Time scale
 Progress on action
 % completed
 Reason not achieving time scale
 New time scale
STEP 3: RISK RESPONSE PLANS CONTINUED
4.1 The Risk Action Plan should:

Identify responsibilities; schedules; the expected outcome of the
response; budgets; performance measures; the review process to be
put in place, include mechanisms for assessing and monitoring response
effectiveness.

The Institution’s objectives and processes for monitoring action plan progress against
critical implementation milestones

Document how practically the chosen option will be implemented.
STEP 3: RISK RESPONSE CONTINUED
5. Identify risk response options
The process will start again.
The process will also be followed when:
 New risks are identified and
 Major changes, capital expenditure,
projects and similar events occur.
STEP 4:COMMUNICATING & REPORTING
1. Responsibilities of the Risk management Sub-committees
Risk Management Sub-committees high level responsibilities:
• Implement Risk management Policy and Strategy
• Apply risk tolerance levels and risk appetite levels
• Apply the Department’s risk identification and assessment methodology
• Evaluate the effectiveness of mitigating strategies to address the material
risks
• Report to the Department Risk Management Committee any material
changes to the risk profile
• Implement the Fraud Prevention Strategy
• Implement the recommendations of any material findings by
Internal/External auditors and Standard Compliance
• Provide proper and timely reports.
STEP 4: COMMUNICATING & REPORTING
CONTINUED
2. Meetings
2012/13
Date of Department
RM Committee meeting
Date of submission of Risk
sub-committee Action Plan
Date of Risk subCommittee meeting
1st Quarter
End of June 2012
31 May 2012
Approx 16-18 May
2012
2nd Quarter
End of September 2012
31 August 2012
Approx 15-17 August
2012
3rd Quarter
Begin of December 2012
9 November 2012
Approx 24-26 October
2012
4th Quarter
End of March 2013
28 February 2013
Approx 14-16 February
2013
STEP 4:COMMUNICATING & REPORTING
CONTINUED
3. Administrative Duties
• The Committee Coordinator shall be the
secretary of the Risk Management SubCommittee
• The secretary shall forward the notice of
each meeting to all members no later
than ten working days prior to the date
of the meeting
• The notice shall confirm the venue, time,
date and agenda.
STEP 4: COMMUNICATING & REPORTING
CONTINUED
Reporting protocol
4.1 The General Managers are responsible
to report on risks on behalf of the district.
1. Identify & assess
their risks as in past
2.Manage those
risks through
quarterly action
plans
3. General Managers
would meet with the
heads of respective
institutions
4 General
Managers would
discuss action plan
reports with them
5. Only high risks
that Risk subcommittees are
unable to reduce risk
exposure
6. Be elevated to
Department Risk
Committee level
7 General Managers
would only report
on these high level
risks
STEP 4: COMMUNICATING & REPORTING
CONTINUED
4.2 The General Managers are responsible
to report on risks on behalf of the district.
1. Effective &
efficient
2. Focus on high
level operational
risks the
Department is
exposed to
STEP 5: CONTINOUS MONITORING
COMPARE
Actual results
• Application of controls
• Results of noncompliance
• Utilisation of resources
• Financial implication
To facilitate decision
Making and change
Management
Who does the
monitoring
Expectations
• Process or control
standards
• Performance standards