Risk Potential Assessment Tool
Lessons Learned from First Year of
Operation
Michael Pronin
Director Assurance Reviews
Department of Finance and Deregulation
Agenda – some questions
• Why was change to Government decision making
required? What is the RPAT, and why do we need it?
• How does it fit into the Government decision making
process?
• How can it be integrated into broader agency Risk
Management?
• What lessons have been learned in the current Budget
round? Where to next?
Establishing the Landscape for Change
What are the changes to Cabinet submissions? And Why?
•
Cabinet is mandating more rigour around the delivery of government programs
•
To assist Cabinet in proactively identifying potential policy implementation
challenges, all NPPs are to include a detailed risk statement incorporating the
results of a completed risk potential assessment tool
•
All Cabinet submissions with significant implementation challenges are to include a
comprehensive and robust implementation plan to facilitate more effective policy
outcomes
•
The Risk Potential Assessment Tool (RPAT) has been developed to assist agencies
to identify and communicate (at a high level) the potential risks associated with each
NPP
•
•
Agencies still need to undertake their internal risk assessment processes to complete the RPAT
Cabinet submission changes take effect from Monday 8th August 2011
Establishing the Landscape for Change
What are the benefits of these changes?
•
Strengthens existing requirements of the Cabinet process
•
Promotes proactive consideration of risks associated with implementation
•
Allows Ministers to make risk informed decisions before seeking authority by
Expenditure Review Committee (ERC) to come forward with a fully developed
NPP as part of the Budget process
•
Facilitates the use of a consistent method for assessing risk, allowing risks
associated with NPPs to be compared and contrasted by Cabinet
•
Provides a consistent trigger for more in-depth assurance reviews for high risk
policies as determined by Cabinet
•
Increases the likelihood of successful project and program outcomes
Establishing the Landscape for Change
Who is responsible for driving the changes in Cabinet submissions?
•
Department of Prime Minister and Cabinet (PM&C) and Department of Finance &
Deregulation (Finance) are overseeing the suite of changes
•
Project officers completing NPPs are responsible for ensuring their Cabinet
submission complies with the new requirements, including using the RPAT as
specified in guidance material
•
Central agencies are responsible for reviewing the risk statements (including the
completed RPAT where required) in all NPPs and ensuring comprehensiveness
and compliance
•
Assurance Reviews Branch, Department of Finance and Deregulation is
available to provide technical support for the use of the RPAT
What is the Risk Potential Assessment Tool (RPAT)?
•
The RPAT is a high-level indicator designed to inform Cabinet’s consideration of
NPPs, by providing standardised information on the risks and mitigation
strategies associated with NPPs
•
The RPAT can assist NPP drafters to determine whether their submission has
significant implementation risks or challenges
•
The RPAT is not a risk management methodology. Agencies should still
undertake their internal risk assessment processes to complete the RPAT
•
The overall risk rating derived from the RPAT will allow agencies to provide risk
informed advice to Cabinet
•
Depending on the RPAT overall risk rating, additional assurance may be required
by Cabinet (e.g. Implementation Readiness Assessments, Gateway, Two Pass
Process or implementation plans)
What is the RPAT?
•
The RPAT contains 20 short and objective questions, in two sections:
•
Section A: Consequence (6 questions)
•
Section B: Likelihood (14 questions)
•
The RPAT Risk ratings are a consolidation of individual question answers
•
The ratings can be Very High, High, Medium or Low
•
Upon completion of the 20 questions, information is then extracted into a
Risk Summary table and a Top 5 Risks table
•
The RPAT will guide agencies to identify potential mitigation strategies to generate a
‘residual risk’ for each Top 5 risk
•
NPP drafters will need to copy and paste the Overall Risk Rating and the Top 5 Risks into
the Implementation Arrangements section (Risks subheading) of the NPP template
How to complete the RPAT?
To complete each question in Section A and Section B, NPP drafters must:
1. Review the question objectives by reading the guidance provided
2. Select the most appropriate rating from Low to Very High
3. Provide justification for the selection chosen
4. Once complete, move on to the next question
How to complete the RPAT?
•
When all 20 questions are complete, a “Top 5 Risks” Table needs to be created. Click “Add
Top Risks” to create. To clear, click “Clear Top Risks”
•
For each Top 5 Risk, identify potential mitigation strategies and the level of residual risk
•
The “Risk Summary” Table will automatically be calculated after the “Top 5 Risks” Table has
been populated.
Top Five Risks from RPAT
Risk Summary Table from RPAT
Australian Government's Budget process - Indicative timing
July
August
September
October
November
December
Pre-budget year
Planning and setting priorities
Government
Portfolio
sets operational
Ministers
Late Nov. Expenditure Review
rules and timing propose policy Committee (ERC) considers
priorities to the
policy priorities
Initial strategic Prime Minister
Budget planning
undertaken by
the Government
Peak periods leading
to Budget
January
February
Portfolio
Departments
prepare draft
PB Subs
Budget
Review
March
Portfolio
Expenditure
Departments
Review
lodge final PB
Committee
Sub
(ERC) considers
major new
policy proposals
Pre-ERC
estimates
update
Conduct new reviews
RPAT - Proposals
1st July
Budget year
begins
May
June
Budget
Estimates
Update
Budget night usually 2nd
Tuesday
Senate
Legislation
Committee
hearings
Authority
Finance agrees
costings
Budget year
April
Mid/Late April
Government
considers
proposals from
ERC
Budget papers produced - up until
release on Budget night
Monitoring, evaluating and reporting
AEs Approp.
Bills 3 & 4
Mid-Year Economic and Fiscal Outlook (MYEFO)
usually
and Additional Estimates (AEs) processes
introduced to
commence
Parliament in
MYEFO
Dec after
Review Authority
MYEFO
Senate Estimates AEs hearings
AEs passage through both
Houses of Parliament by April
Monthly reporting
Can apply for
AFM
Post Budget Year
AFM
Financial year-end reporting
Final Budget Agency annual
Outcome (FBO)
reports
Consolidated Advance to the
Financial Finance Minister
Statements
(AFM) Report
(CFS) to
tabled in
Auditor-General Parliament
AFM Report to
be passed
through
Parliament
Appropriation
Bills passed by
Parliament by
the end of June
What the RPAT is and isn’t
•
RPAT is a simplified risk identification tool which provides a high level overview
of the key risks associated with a NPP
•
It is not a complete risk assessment or risk management methodology
•
RPAT does not replace an agency’s existing risk assessment processes.
Artefacts from the RPAT process can form the basis of Risk Management.
•
Full risk assessments should be conducted for NPPs, and Cabinet submissions
more broadly, as part of the business case development process and
implementation phases (Agencies should refer to their own risk management
policy and framework for specific requirements)
•
RPAT information should accurately reflect the risk environment and should be
taken seriously given the risk rating will be relied upon by portfolio ministers,
central agencies and Cabinet to inform recommendations and decisions
12
RPAT Overall Picture
RPATs have been used in preparing all New Policy Proposals for the
2012/13 Budget – as per Cabinet decision.
RPAT Tool generally OK – all issues reported were resolved
Over 600 people attended RPAT 3 hour training courses
Some RPAT fine tuning and lesson learned required for next Budget
A fine-tuned RPAT V 3.0 (inc updated guidance) for 2013/14 Budget
RPAT Some statistics
13
•
almost 30% of the 100 or so RPATs reviewed have involved a selfassessed High and Very High overall level of risk, with total
project/program costs exceeding $29B;
•
around 75% of RPATs involved total project/program costs
exceeding $50K
•
the vast majority of RPATs are self assessed as Low Risk, and the
summary table and Top 5 Risks are included in the NPPs
1/03/2012 - 30/04/2012
Consult with PM&C and AAUs
14
Current Policy
RPATs for all NPPs
Medium Risk and Above to ARB
Issues arise when:
- Revenue measures
- Savings measures
- Renew lapsing programs
- Proposals with options
- Comebacks
- Multiple agencies
- Packages of NPPs
Threshold Questions
- What RPATs does ARB see?
- Tighten definitions by $
- Maintain QA role for AAUs
- Major programs/projects only?
1/05/2012 - 1/06/2012
Road Test New Version/Guidance
With agencies
Update Guidance
- Mitigation
- Definitions and examples
- Address common errors
Fine Tune Tool
- Minor wording change
- ease of use
- printing, resize boxes
Training
- Refocus training
- Common errors eg
mitigation not well
understood
1/07/2012 - 30/09/2012
Release New guidance
Update EM
Fine tune policy via BPOR
Policy
- get clearance for
refinements
- Update EM
- use BPOR for any
change to Cabinet
decision
Training
- Update training with
Comcover
Release new Tool
V3.0
Questions & Reference Materials
You will be emailed a Participant Guide to use as a reference tool to complete or review the RPAT process
For further information, please contact:
Department of Finance and Deregulation
• Your Agency Advice Unit can assist in determining the comprehensiveness and reasonableness of
assumptions contained in NPPs
• Assurance Reviews Branch can provide technical support on the use of the RPAT and advice on Gateway
reviews and Implementation Readiness Assessments – contact: (02) 6215 1696 or gateway@finance.gov.au
Department of Prime Minister and Cabinet
• Agencies’ relevant policy counterparts in PM&C can provide advice on reviewing implementation plans and
reviewing the comprehensiveness and reasonableness of assumptions contained in NPPs
• Cabinet Implementation Unit can provide advice on developing comprehensive and robust implementation
plans – contact: (02) 6271 5844 or implementation@pmc.gov.au
Your agency’s risk management area
• Your agency’s risk management area for advice on the internal risk management framework and risk
assessment processes
Thank You