Presentation is loading. Please wait.

Presentation is loading. Please wait.

Growing the Enterprise Risk Management Culture in Human Services

Published byJosephine Cain Modified over 6 years ago

Similar presentations

Presentation on theme: "Growing the Enterprise Risk Management Culture in Human Services"— Presentation transcript:

1 Growing the Enterprise Risk Management Culture in Human Services
OMSSA 2017 Leadership Symposium Staying Ahead of the Curve: Future Proofing Human Services in Ontario May 29, 2017

2 Agenda Topic Speaker Timing Welcome and introductions All
10:30 – 10:45 am Background: About ERM Simon 10:45 – 10:55 am The Toronto Children's Services experience Trish 10:55 – 11:10 am The Deloitte ERM framework Shannon 11:10 – 11:30 am Risk Assessment Exercise 11:30 – 11:50 am Lessons Learned and Questions 11:50 am – 12:15 pm Growing the Risk Management Culture in Human Services

3 Welcome and introductions
Growing the Risk Management Culture in Human Services

4 Welcome and introductions
Meet your presenters Deloitte team Lead Engagement Partner Simon O’Keefe Toronto Children’s Services Project Lead Trish Horrigan Project Senior Manager Shannon Field Project Senior Consultant Catherine Cormier Growing the Risk Management Culture in Human Services

5 Welcome and introductions
Opening Exercise: Who are you and how much do you know about risk management? Now that you’ve met us.... Its time for us to meet you, find out about your organization and see how much you really know about risk management! Growing the Risk Management Culture in Human Services

6 Background: About ERM Growing the Risk Management Culture in Human Services

7 Background: About ERM Understanding risk management
“Broadly defined, risk management is the discipline of improving your chances of survival and success, particularly in uncertainty and turbulence.” Surviving and Thriving in Uncertainty: Creating the Risk Intelligent Enterprise, 2010 Risk management is about understanding what your risks are and deciding if you will take action to reduce, eliminate, transfer or leverage some or all risk for a particular exposure. Click to edit Master text styles Second level Third level Fourth level Growing the Risk Management Culture in Human Services

8 Background: About ERM (cont’d)
Practicing risk management is at the heart of running any successful organization and is evident in day- to-day decision-making and when: Policies and procedures are established Service/Product offering trade-offs are made Strategic direction is set Insurance is purchased Given the various risk management activities that you perform, why consider ERM? Growing the Risk Management Culture in Human Services

9 Background: About ERM (cont’d)
ERM provides you with the processes, tools and disciplines required to effectively identify, assess and manage the risks that matter most. ERM is: A process to continually evaluate and manage threats and opportunities to organizational strategies and objectives on an entity-wide basis A common framework to manage all types of risk, both on the downside and the upside An integral, repeatable and demonstrable business process that is strategic in nature A process to enhance accountability and transparency of risks at all levels of the organization Growing the Risk Management Culture in Human Services

10 The Toronto Children's Services experience
Growing the Risk Management Culture in Human Services

11 The Toronto Children's Services Experience
The many faces of risk Risk comes in many forms and from various sources: Growing the Risk Management Culture in Human Services

12 The Toronto Children's Services Experience
Risk in a Human Services Context The risk to the integrity of public programs, services and assets is an inherent part of day to day business in all divisions at the City of Toronto. Unprecedented growth within the early learning and child care sector Development of new divisional strategic objectives as part of the Service Plan Continued emphasis on increased on good governance and fiscal sustainability Expansion of the existing risk management functions within the Division and need to formalize the role of the Risk and Accountability unit The time has never been better to think about our risks! Growing the Risk Management Culture in Human Services

13 The Deloitte ERM framework
Growing the Risk Management Culture in Human Services

14 The Deloitte ERM framework
Span of ERM ERM considers all levels and types of risks within an organization that could impact: The achievement of strategies and objectives The “viability” and “thrivability” of the business and/or the effectiveness of business activities “Effective risk management practices enable an organization to be risk intelligent.” Growing the Risk Management Culture in Human Services

15 The Deloitte ERM framework (cont’d)
Deloitte’s ERM architecture Risk management activities from the board and executive management to business units and supporting functions are integrated into a systematic, enterprise-wide program that embeds a strategic view of risk into all aspects of business management. Risk governance Board of Directors Tone at the top Stakeholder expectations Risk appetite Strategy & performance Information flow and continuous improvement Executive management Risk management enablers/infrastructure Policies Framework & methodology Culture & capabilities Information & reporting Technology Risk governance Boards have the responsibility from a regulatory, legal, fiduciary, and stakeholder perspective to oversee the risk management activities of the company. Risk governance includes strategic decision-making and risk oversight, led by the board of directors to meet their responsibilities. Risk management enablers / infrastructure Risk management enablers and infrastructure support the design, implementation, and maintenance of an effective risk program, led by executive management. A streamlined, standardized risk management infrastructure, buttressed by appropriate technology, can deliver long-term benefits including greater transparency, greater cross- enterprise collaboration, and, ultimately, greater business value. Risk management processes Risk management processes include the identification, measurement and assessment of risk as well as the response, escalation and monitoring activities led by business units and supporting functions Risk management processes Business units and supporting functions Risk measurement Risk assessment Risk response Escalation & monitoring Risk identification Integration with the business Growing the Risk Management Culture in Human Services

16 The Deloitte ERM framework (cont’d)
High level overview of project plan Conducted kick-off meeting, refined project plan & timelines Created the project launch communication Delivered revised project plan Review existing ERM policies & procedures Identify gaps and opportunities for improvement Assess the completeness and conciseness of the existing risk register Review the presentation and categorization of the risk register to identify opportunities for improvement Conduct enterprise risk assessment workshop on final risk universe Develop tools/templates for managing and documenting the ERM process Request risk owners to complete risk management templates for the top 10 major risks Review documentation of existing communication strategies and associated tools Identify opportunities for improvement to existing processes and tools Develop an information and communication strategy for the ERM program Develop draft report for review and feedback Develop and present final report to Steering Committee Phase 1 Plan project and review draft ERM work plan Phase 2 Policy and procedure review Phase 3 Identify gaps in existing draft risk register, identify key risk owners Phase 4 Assess risks, develop mitigating strategies and reporting tools Phase 5 Develop an ERM information and communication plan Phase 6 Develop and present report Growing the Risk Management Culture in Human Services

17 The Deloitte ERM framework (cont’d)
Risk universe The Risk Universe is intended to document and define the risks which are in Toronto Children’s Services (TCS) goals and strategy for the next three years. The risk universe promotes a common understanding of risk and will be used as the basis for the upcoming risk assessment. As part of this process, we will consider the mitigating controls that already exist, including those from the Division’s strategic objectives. The TCS Risk Universe consists of five primary categories of risk and the following sub-categories: Risk category Sub-category 1. Strategic Strategic governance Stakeholder Community needs 2. People Staff Clients Health and safety 3. Operational Quality of services Legal, regulatory and professional standards compliance Vendor management 4. Financial Facilities Revenue and expenses 5. Administration Information and technology Business continuity The risk universe does not illustrate or represent TCS’s most significant risks (i.e. TCS risk profile). To understand TCS’s most significant risks, the universe of risks must be assessed using risk-rating criteria. Growing the Risk Management Culture in Human Services

18 The Deloitte ERM framework (cont’d)
Building a risk register The risk assessment workshop will focus on assessing/evaluating the top risks in the TCS risk universe using anonymous voting technology. The following activities will be performed for each risk: The end product of the risk assessment workshop will be a Risk Register of the most significant risks facing TCS. Review and discuss the risk definition to ensure clarity Discuss existing risk management activities for the risk Assess the likelihood of the risk occurring (considering the risk management activities that were discussed) Assess the impact / consequence to TCS should the risk occur Determine the trend of the risk Identify the risk owner Review the risk assessment results and discuss if necessary Growing the Risk Management Culture in Human Services

19 The Deloitte ERM framework (cont’d)
Workshop heat map and management actions Very high impact with mitigating controls / practices that are not working effectively High vulnerability Requires active management Moderate vulnerability Requires periodic monitoring Low impact and/or mitigating controls / practices that are working effectively Low vulnerability No major concerns Growing the Risk Management Culture in Human Services

20 We will now complete a mock Risk Assessment Exercise
We will now complete a mock Risk Assessment Exercise. Think through the likelihood and impact that these risks will occur in the next three years. Growing the Risk Management Culture in Human Services

21 Lessons Learned and Questions
Growing the Risk Management Culture in Human Services

22 Lessons Learned and Questions
Benefits of an Enterprise Risk Management process 1 Enhanced ability to achieve the organization’s strategic objectives 2 Greater awareness of risk and how to respond 3 Increased organizational effectiveness 4 Improved compliance with legal, regulatory and reporting requirements 5 The Risk Management Unit becomes a more value added partner Growing the Risk Management Culture in Human Services

23 Lessons Learned and Questions
Expected challenges in implementing an ERM process 1 Weak or non-existent risk culture undermines the process 2 Board of Directors and Senior Management don’t see the link between ERM and organizational performance 3 Disconnect between individual business units that operate in silos 4 Process is seen as overly complicated… not adding value, box ticking exercise 5 Staff engagement requires both training and development Growing the Risk Management Culture in Human Services

24 Lessons Learned and Questions
Key success factors Senior Management commitment to a process that drives a stronger risk culture Include a governance framework Must be accompanied by a staff engagement process and include staff Should build on existing risk management activities Keep it simple Talk to people in a language they can relate to Start small Design an ERM solution around your environment (make it fit) Make it an on-going, iterative process that includes reporting mechanisms and oversight Growing the Risk Management Culture in Human Services

25 Lessons Learned and Questions
Questions or Comments? Growing the Risk Management Culture in Human Services

26 Deloitte, one of Canada's leading professional services firms, provides audit, tax, consulting, and financial advisory services. Deloitte LLP, an Ontario limited liability partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. The information contained herein is not intended to substitute for competent professional advice. © Deloitte LLP and affiliated entities.

Download ppt "Growing the Enterprise Risk Management Culture in Human Services"

Similar presentations

Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Mind the Gap: Evaluating Internal Controls in Pharmaceutical Supply Chains across Sub-Saharan Africa AIDS 2012: July 22-27 Julianna Kohler, Revathi Avasarala,

Mind the Gap: Evaluating Internal Controls in Pharmaceutical Supply Chains across Sub-Saharan Africa AIDS 2012: July Julianna Kohler, Revathi Avasarala,
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Risk Assessment Frameworks

Risk Assessment Frameworks
Victorian Managed Insurance Authority APCO Presentation – Risk Management in the VPS Jonathon Masom – Risk Management Adviser.

Victorian Managed Insurance Authority APCO Presentation – Risk Management in the VPS Jonathon Masom – Risk Management Adviser.
Financial structure, management, and IFRS Reporting Creating value for growth Presenter: John Robinson Partner.

Financial structure, management, and IFRS Reporting Creating value for growth Presenter: John Robinson Partner.
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
DAA and GEP Orlando 20081 Audit & Compliance or Audit vs. Compliance.

DAA and GEP Orlando Audit & Compliance or Audit vs. Compliance.
Tax Transformation: What does it mean to you?

Tax Transformation: What does it mean to you?
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.

© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Enterprise Risk Management Expectations Outpacing Capabilities and The Audit Committee’s Role July 30, 2013 Presented by: Suzette E. Ramsden (B.Sc., CISA,

Enterprise Risk Management Expectations Outpacing Capabilities and The Audit Committee’s Role July 30, 2013 Presented by: Suzette E. Ramsden (B.Sc., CISA,
© 2007 KPMG, the Malaysian member firm of KPMG International, a Swiss cooperative. All rights reserved. 1 Differing Roles of Internal Auditor and Risk.

© 2007 KPMG, the Malaysian member firm of KPMG International, a Swiss cooperative. All rights reserved. 1 Differing Roles of Internal Auditor and Risk.
INTEGRATING ENTERPRISE RISK MANAGEMENT IN THE FEDERAL GOVERNMENT

INTEGRATING ENTERPRISE RISK MANAGEMENT IN THE FEDERAL GOVERNMENT
© 2011 Deloitte Global Services Limited United Nations Global Compact Management Model Signatory Training.

© 2011 Deloitte Global Services Limited United Nations Global Compact Management Model Signatory Training.
1 Introducing Enterprise Risk Management (ERM) - The KOC Experience November 2012 Khaled Al-Awadhi Risk Management Team Kuwait Oil Company.

1 Introducing Enterprise Risk Management (ERM) - The KOC Experience November 2012 Khaled Al-Awadhi Risk Management Team Kuwait Oil Company.
RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.

RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Similar presentations

Ads by Google