Download presentation
Presentation is loading. Please wait.
1
Robin Youll Office for National Statistics
Risk Management in ONS Robin Youll Office for National Statistics
2
What we’ll cover in this session
Why we manage risks ONS appetite for risks What is a risk? The risk Management Cycle
3
Why manage risks? Management of risk is critical to an organisation’s success Informed risk-taking helps to improve performance through the use of innovative approaches for managing the business and service delivery All of us manage risks in our daily lives almost unconsciously (assessing the speed of traffic when crossing a road, pulling out into traffic, weighing up options etc). In this rapidly changing world, a status quo is unrealistic and failure to identify and explore new opportunities is a risk in itself. As an organisation we do manage our risk, but not always in a way that is visible, repeatable or consistent to support effective decision-making.
4
Why is Risk management important?
Effective risk management is likely to improve performance against objectives by contributing to : Better service delivery Reduction in management time spent fire-fighting More focus internally on doing the right things and properly Better basis for strategy setting Fewer shocks and unwelcome surprises More efficient use of resources Reduced waste and fraud, and better value for money Improved innovation Better management of contingent and maintenance activities A certain amount of risk taking is inevitable if an organisation is to achieve its objectives. Those organisations that are most risk aware appreciate that actively managing threats and opportunities provides them with a competitive advantage. Taking and managing risk is the very essence of business survival and growth. Public sector’s role is to implement programmes cost-effectively, in accordance with government legislation and policies to achieve value for money. Effective risk management and internal control can be used to manage change, to all levels of people in the company in meeting its business objectives
5
Tolerance/Appetite ….ONS Guidance
ONS must be risk averse when it comes to Reputation Disclosure Confidentiality Objectivity ONS will take risks in areas with manageable outcomes for example improving processes and systems
6
How we define a risk CAUSE/SOURCE - As a result of ………….
EVENT/THREAT - there is a risk that .…….. EFFECT/IMPACT/CONSEQUENCE - that may result in………. e.g. As a result of failure in a particular system, there is a risk that ONS will not be able to meet a publication deadline, with the result that the reputation of ONS will be damaged.
7
Effective risk management
For risk management to be effective, risks need to be: Identified this includes risks being considered that could affect the achievement of objectives within the context of a particular organisational activity and then described to ensure that there is a common understanding of these risks Assessed this includes ensuring that each risk can be ranked in terms of estimated impact & immediacy, & understanding the overall level of risk associated with the organisational activity being studied Controlled this includes identifying appropriate responses to risks, assigning owners and then executing, monitoring & controlling these responses
8
RECORD Risk Management Cycle Risk Identification Monitor/Review Risk
Assessment Risk Control Monitor/Review and Report RECORD
9
Step 1. Identification Independent Risk Review
Designated team interviews key staff at all levels of the project/programme – to build a risk profile Risk Self Assessment conducted through a facilitated workshop approach – facilitators help key staff to work out the risks affecting their objectives A particular strength of this approach is that better ownership is established when owners identify the risks themselves Risk Identification should be a group activity Greater chance of capturing all potential risks Gives a more rounded assessment of risk exposure Need a cross-section of people involved Programme and project reps…customers and suppliers
10
Step 2. Assessment Risks are always assessed in terms of likelihood and impact. No industry standard - Other organisations use a more or less detailed matrix than ONS However, ONS has a corporate standard based on the five-by-five matrix (see next slide) Key is to be clear about inherent (original) risk Report this to relevant Programme/Project board to give a view of impact if risk treatment fails Also gives a view on whether over control is taking place Current ONS database records original and residual risk score
11
ONS Corporate Standard Risk Assessment Scoring
exposure 5 10 15 20 30 4 8 12 16 24 3 6 9 18 2 1 likelihood exposure 1 – 4 Low Risk 5 – 12 Moderate Risk High Risk Corporate Risk Impact Likelihood x Impact = Exposure
12
Step 3. Control Measures to be initiated within the programme/ project to control the risk are: Tolerate Transfer Terminate – linked to early risk identification Treat Treating the risk is normal ONS approach. Treatment involves Mitigation: Reducing likelihood or expected impact Contingency: Measures to be put in place if the risk materialises Risk control must assign an appropriate risk owner member of the Project Management team best placed to observe the risk and factors affecting it (Prince2)
13
Step 4. Monitor, Review and Report
Risks reviewed and reported for two reasons: to monitor whether risk profile is changing to identify when further action is necessary Processes should be put in place to review whether: risks still exist likelihood and impact has changed new risks have arisen Review processes must: ensure all aspects of risk management process are reviewed at least once a year ensure individual risks are reviewed with appropriate frequency make provision for alerting the appropriate level of management to new risks and changes in risks already identified
14
Questions
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.