From Conformance to Performance: Using Integrated Risk Management to achieve Organisational Health Ms Stacie Hall Comcover National Manager

Outline  Risk – What is it?  Risk – different perspectives  Integration – the ‘Holy Grail’  Features of effective risk management systems  Improving the level of risk management integration  Opportunities for integration  Characteristics of a risk management team

Risk – What is it? “The possibility of events or activities impacting adversely on achieving organisational outcomes”

Risk - Different Perspectives Strategic Operational ComplianceEmerging

Strategic Risks Focus is on managing risks that impact key outcomes Opportunities – the other piece of the puzzle Identify both as part of the strategic planning process and allocation of resources Treatments usually whole-of-organisation, and are resource intensive

Operational Risks Focus is on managing risks that impact individual programmes and projects Treatments involve ‘management’ disciplines including planning, monitoring, reporting, project management Issues: –Treatment approach can lack integration/silo approach –Treatments ‘internally focussed’

Compliance Risks Focus is on managing risk to organisation’s reputation (and avoiding breaking the law!) Treatments involve formal policies, detail processes, specific staff training Has the attention of senior management Issues: –Often ignored until something goes wrong –Perceived as non-value-adding e.g. ‘Check the box’ –Opportunities for integrating rarely utilised

Emerging Risks Can be strategic, operational or compliance Challenge is to respond quickly and assign accountability for managing Leading organisations look for emerging issues before they become public crises

Integration – the Holy Grail Ultimate goal is optimise organisational outcomes/performance Underlying goals –Behavioural change –Comprehensive risk management framework and processes What does integration look like for your organisation?

Features of Effective Risk Management Frameworks Processes and culture incorporate strong risk management emphasis Systematic approach to risk analysis Ability to learn from past experiences Adequate resourcing to deal with emergencies Reporting system to Board level / independent

Features of Effective Risk Management Frameworks Continuous evaluation of risk management framework Horizontally integrated (cuts across silos) Processes are ‘convenient’

Comcover’s Awards for Excellence in Risk Management Purpose: To develop a culture of risk management across the Australian Government Recognises exceptional and inspiring examples of risk management Demonstrates how essential risk management is to the success of Australian Government agencies

Comcover’s Awards for Excellence in Risk Management Findings from 2007 Awards: Stronger governance structures are helping to clearly identify the responsibility for managing risk Better reporting frameworks are helping to ensure risks and their treatment strategies are communicated to senior executives, committees and boards regularly Engagement with key stakeholders is becoming more prevalent Greater collaboration between agencies and stakeholder groups

Improving the Level of Risk Management Integration Keep it simple – people will do what is convenient Get the Board on board Sell the benefits of integration –Reduces competition for resources –Single process  multiple outcomes –Provides big picture Embed the risk assessment process into business planning process

Improving the Level of Risk Management Integration Identify and lobby key influences –e.g. CEO, CFO, Senior Executive and Boards Get stakeholder buy-in through consultation and participation Keep it dynamic Use common risk language and concepts Communicate, communicate, communicate! Identify and train risk experts Include risk management responsibilities in job descriptions and performance agreements

Opportunities for Integration Business Planning –Incorporate risk analysis via templates, workshops –Align risk planning cycle to business planning cycle Compliance risk management –Underlying strategic risk: reputation –Stakeholders – common to strategic risks and operational risks –Processes generally exist –Cuts across organisation silos

Opportunities for Integration Operational risk management –Underlying strategic risks: performance and reputation –Stakeholders often disparate –Processes often localised –The silos start here! Possible solutions: –Look for opportunities to standardise processes e.g. project and contract management frameworks –Analyse sources of risk to identify common/shared risk drivers = efficient resource allocation for treatments –Leverage operational improvement initiatives e.g. innovation and quality forums –KPIs and reporting

Characteristics of a Risk Management Team Accessible and approachable First person to call with a good idea or problem Engaged at beginning of a process / project Have ‘access–all-areas’ Have senior executive support Results driven Ability to get best out of people Creative thinkers

Questions?