Академический Документы
Профессиональный Документы
Культура Документы
Risk Management
Financial Management Institute,
Toronto Chapter
February 17 2010
CorinneBerinstein,BPT,MBA,MHSC,CA,CFI
HealthAuditServicesTeam
OntarioInternalAuditDivision
Contact Info:
CorinneBerinstein,BPT,MBA,MHSC,CA,CFI,CertificateinRisk
Management(CanadianHealthCareAssociation
SeniorAuditManager
HealthAuditServicesTeam
OntarioInternalAuditDivision
ProvinceofOntario
Office:4163277798
eMail:corinne.berinstein1@ontario.ca
Basic Concepts
Outline
Objectivesoftodayssession
Basicprinciples,concepts,definitions
Asimpleframework
Stockingyourtoolkiteducation,jobaids,templates
Whatareyougoingtodobackintheoffice?
Q&As
AcaseLetspractice!
Objectives
Giveyouapracticalapproach,frameworkandtoolsso
youcanstartimplementingERMwhenyougetbackto
theoffice.
Sharesomelessonslearned.Sharesometipsandtricks.
Practiceconceptsandtoolswithacasestudysothatyou
practice
Withoutgoodriskmanagementpractices,governmentcannotmanageits
resources effectively. Risk management means more than preparing for
the worst; it also means taking advantage of opportunities to improve
servicesorlowercosts.
SheilaFraser,AuditorGeneralofCanada
IncreaseriskawarenessWhatcouldaffecttheachievementofobjectives?Whatcould
change?Whatcouldgowrong?Whatcouldgoright?
Increaseunderstandingofrisksensitivities.Whatmakesmyrisks
increase/decrease/disappear?
PromoteahealthyriskcultureItssafetotalkaboutrisk.Openandtransparent.
Developacommonandconsistentapproachtoriskacrosstheorganization.Notintuitionbased.
Allowsintelligentinformedrisktaking.
Focuseseffortshelpsprioritize.Top10list.Ortop3.
Or
Isproactive.notreactivePrepareforrisksbefore
theyhappen.Identifyrisksanddevelopappropriaterisk
mitigatingstrategies.
Improveoutcomesachievementofobjectives
(corporate,clinical,etc)
Reallycomestodowntosimplegoodmanagement
Enablesaccountability,transparencyandresponsibility
Andmaybeevenmeansurvival
Interestrates
Foreignexchangerates
Supplyofservice/product/resources
Demand/uptakeforservice/product/resources
Theeconomy
Theweather
Thestockmarket
10
11
Definition of ERM
aprocess,effectedbyanentity'sboardof
directors,managementandotherpersonnel,applied
instrategysettingandacrosstheenterprise,
designedtoidentifypotentialeventsthatmayaffect
theentity,andmanageriskstobewithinitsrisk
appetite,toprovidereasonableassuranceregarding
theachievementofentityobjectives.
Source:COSOEnterpriseRiskManagementIntegratedFramework.2004.
TheCommitteeofSponsoringOrganizationsoftheTreadwayCommission(COSO)
12
Formalprocess
Consistentandsystematic
Includesprojects,programs,
operations
Isembeddedinkeyprocesses
suchasstrategicplanning,
budgeting,projectplanning,
evaluation,etc
Mustbedrivenandsupportedby
Leadership
Addsvaluetodecisionmaking
Differences:
Enterprisewide:
Isorganizationalcentric
Successisdefinedas
implementationovertheentire
organization
Integrated:
Takeasystemsfocus
Mayactuallycreaterisksfor
individualorganizations
13
Unitor
Project
Level
14
Organiz
ational
Level
15
INHEREN
T
Slide 16
16
A Simple Framework
Step 1
Step 2
Establish
Establish
Objectives
Objectives
Identify
Identify
Risks
Risks&&
Controls
Controls
Step 3
Assess
Assess
Risks
Risks&&
Controls
Controls
Step 4
Evaluate
Evaluate
&&Take
Take
Action
Action
Step 5
Monitor
Monitor
&&Report
Report
17
18
concerned with implementation.
19
PoliticalorReputationalRisk
2.
FinancialRisk
3.
ServiceDeliveryorOperationalRisk
4.
People/HRRisk
5.
Information/KnowledgeRisk
6.
Strategic/PolicyRisk
7.
StakeholderSatisfaction/PublicPerceptionRisk
8.
Legal/ComplianceRisk
9.
TechnologyRisk
10.
Governance/OrganizationalRisk
11.
PrivacyRisk
12.
SecurityRisk
13.
EquityRisk
14.
PatientSafety
NEW
Slide 20
20
VeryHigh:Isalmostcertaintooccur
RiskImpact:Levelofdamagethat
canoccurwhenariskevent
occurs
VeryHigh:Threatensthesuccessof
theproject
High:Substantialimpactontime,cost
orquality
Medium:Notableimpactontime,
costorquality
Low:Minorimpactontime,costor
quality
VeryLow:Negligibleimpact
High:Islikelytooccur
Medium:Isaslikelyasnottooccur
Low:Mayoccuroccasionally
VeryLow:Unlikelytooccur
Slide 21
21
Immediatenow
Lessthan6months
Between612months
Between1224months
Between2436months
Morethan36months
22
Risk rating
Combining impact and likelihood
Slide 23
23
24
25
Consequence
KRI
Performance
26
EXAMPLES OF KRIs
Human resource
Average time to fill vacant
positions
Staff absenteeism /sickness
rates
Percentage of staff appraisals
below satisfactory
Age demographics of key
managers
Information Technology
Systems usage versus
capacity
Number of system upgrades/
version releases
Number of help desk calls
Finance
Daily P&L adjustments (#,
amt)
Reporting deadlines missed
(#)
Incomplete P&L sign-offs (#,
aged)
Legal/compliance
Outstanding litigation cases
(#, amt)
Compliance investigations (#)
Customer complaints (#)
Audit
Outstanding high risk issues
(#, aged)
Audit findings (#, severity)
Revised management action
target dates (#)
Risk management
Management overrides
Limit breaches (#, amt)
27
Strong
tolerances
Adequate
Weak
Source:Standard&Poor
28
Establishcentralizedsupport
Developastandardizedframework
Provideeducationandcoaching
Ensureministrywideimplementation
EmbedIRMintoallmajorprocessesincludingstrategic
planningandresourceallocationsdecisions
Enableourstewardshiprole
30
The Approach
Incorporatesriskinformationintothestrategicdirection
setting,makingdecisionsthatconsiderestablishedrisk
tolerancelevels.
Takesasystemsapproachtomanagingriskatthe
strategic,operationalandprojectlevelswhichis
continuous,proactiveandsystematic.
Fostersaworkingculturethatvalueslearning,innovation,
responsiblerisktakingandcontinuousimprovement.
31
Wewantedtoaddvaluenotwork.Wedevelopedforms
andtemplates.
Sowedevelopedanddeliverededucationalsessions
usuallyattendedbyallteammembers.Includedrisk101
andthentimefortheteammemberstodiscusshowto
applyconceptstotheirwork.
Weassistedteamsinactualriskassessments.Sometimes
weusedvotingsoftware.
Wetrainedthetrainer.
32
Components
Participant Outcomes
IntroductionIntegratedRiskManagement
Understandingofriskmanagementprocess
Introductiontobasicriskconceptsandterminologies
Understandingofhowriskmanagementisrelevanttotheirdaytoday
work
IntroductiontotheMOHLTCsIntegratedRisk
Framework
KnowledgeofIRMinMOHLTC
StatusofIRMinMOHLTC
(Mosteffectivewhenfollowedupwithfacilitatedrisk
assessmentworkshoporapplicationtoactualproject)
ManagementIRM
PlanningMeeting
RiskAssessment
Workshop
Planning
CommitmenttoIRMimplementationinareaorstreamofwork
DiscussbestwaytoimplementationIRMinarea
Riskmanagementrolesandresponsibilitiesclearlydefined
ProposedIRMimplementationplanpresentedforarea
ReviewofIRMrollout;timelines,deliverables,relatedforums
Clarifyroles&responsibilitiesforriskmanagement
Commitmenttocontinuousriskcommunication&learning
FacilitatedTrainingIdentificationofrisks&
mitigationstrategies
Handsonexperienceallowingassimilationofconsistentrisk
managementtechniques
Identificationofobjectives
HandsonpracticeofIRMprocess,enablingapplicationofrisk
managementprinciplesandtoolstowork
Brainstormingandidentificationofriskstomeeting
objectives(forproject,branch,initiative,etc.)
Greaterunderstandingofworkandinterdependencies
Identificationofsource,mitigationstrategies,ownership
andresidualriskforeachriskcategory
RiskPrioritization
&Voting
Workshop
FacilitatedTrainingAssessmentofmitigation
strategies&prioritization
Reviewofrisks,mitigationstrategies,ownership,residualrisktotheir
workinaseamlessmanner
Reviewofrisks,mitigationstrategiesandownership
Unbiasedriskprioritizationandidentificationofhighrisks
Anonymousvotingontheimpactandprobabilityofeach
risk
Enablesapplicationofcompleteriskmanagementprocesstoevery
daywork
Prioritizationofrisksonheatmap
Discussionofmitigationstrategiesforhighpriorityrisks
Riskfollowup
Session
Monitoring&Review
Reviewofrisksandstatus
Reviewofriskssixmonthsafterinitialassessment
Continuousimprovement
Reviewmitigationstrategiesandresidualrisks
33
34
35
36
37
38
Identifyrisksthatthecyclistsfacesin
cyclingtowork.
Reportback.
39
40
41
42
Risks
Threats:
Opportunities:
Death
Exercise
HeadInjury
Sunlight
Injury
Reputation
Reputation
Financial
Financial
Rolemodel
Damagetothebike
Environment
Sunburn/frostbite
43
44
45
Keep it simple
46
WhyistheorganizationinterestedinRM?Whataretheyhopingwill
beachievedwithitsimplementation?
Whoisdoingwhat?Roles&responsibilitiesmustbeclearlydefined.
MakesureLeadershipsupportsRMandusesRMresultstomake
decisions.Everyoneisariskmanager.Makesurethatallriskshave
ownersandtheresponsibilitiesformitigationareassigned
Howwillitbeimplemented?Whatisyourframework?Whatisthe
commonlanguage?Howwillrisksbemeasuredandreported?
Wherewillyoustart?Choicescouldbewhereyoucanmosteasily
succeedorwhereitisneededthemostorwhereinterestishigh.
Whenwillitbeimplemented?Itisajourneynotadestination;35
yearsforcompleterollout;howoftenwillrisksbeassessed;when
willmitigationplansbeimplementedandmonitored;whenwillrisks
bereported.
47
Doweunderstandourmajorrisks?Doweknowwhatiscausingourriskstoincrease,
decreaseorstaythesame?
Haveweassessedthelikelihoodandimpactofourrisks?
Haveweidentifiedthesourcesandcausesofourrisks?
Howwellarewemanagingourrisks?
Arewetryingtopreventthedownsiderisksfromhappening?Orarewetryingto
simplyrecoverfromthem?
Whoisaccountablefortheserisks?
Howdowetalkaboutrisk?Dowehaveacommonlanguageacrossbranches,across
divisions,acrosstheministry,acrosstheOPS,acrossthehealthcaresystem?
Arewetakingtoomuchrisk?Ornotenoughrisk?
Aretherightpeopletakingtherightrisksattherighttime?
Whatsourculture?Areweriskadverseorarewerisktakers?Orarewesomewhere
inbetween?
48
49
Questions?
50
Case1ThePanAmGames2015
Case2TheprovincialresponsetothenextPandemic
Case3TheextensionofHwy404
Case4TherescueeffortsinHaiti
Case5HumanResourcesintheOntarioPublicServices
Case6AbigteachinghospitalinToronto
51
The case
Considerthe13categoriesofrisk
Identifytop5threats(downside)andtop5opportunities(upside)
Proposemitigationstrategies
Discusshowthefollowingriskfactorswouldaffectyourassessment:
Economy
Demographics
Weather
Technology
Timingofeventssuchanelection
Others
52
Questions?
53