Risk Management in the S.A.

Public Sector

Darryl Bruhn
Risk Management Coordinator
SAFA (SAICORP)
Phone 8226 3429
Bruhn.Darryl2@saugov.sa.gov.au

SAFA (SAICORP)

1/7/1994 South Australian Insurance

Corporation (trading as SAICORP)established.

Insurance cover for all agencies of the Crown

Whole of Government catastrophe reinsurance
Provide risk management advice & assistance

1/7/2006 SAICORP amalgamated with South

Australian Financing Authority (SAFA).
Part of Dept. Treasury & Finance

Risk Management Advice &

Assistance

Coordinating risk management training

Assisting agencies with risk management policy &
framework development
Providing funding for specific risk management initiatives
Coordinating networks and forums
Developing manuals & workbooks
Publishing the SAICORP Newsletter
Promoting AS/NZS4360 Risk Management Standard &
RMIA

Session Outline
1.

Risk & Risk Management Context

2.

Reasons for implementing risk management

policy & frameworks.

3.

Developing risk management policy &

frameworks agency considerations.

RISK MANAGEMENT STANDARD

AS/NZS 4360

Developed with the objective of

providing a guide to establishing a
risk management framework using
the risk management process.

The standard specifies the

elements of the risk management
process only.

It is a generic framework and

independent of any specific
industry or economic sector.

Definitions in 4360
Risk is the CHANCE of something happening that will have an IMPACT on
OBJECTIVES
Risk = DEGREE of UNCERTAINTY as to the potential for gain as well as
exposure to loss.
Risk Management is the CULTURE, PROCESSES AND STRUCTURES that
are directed towards realising potential opportunities, whilst managing
adverse effects.

RISK MANAGEMENT
PROCESS

Built-in continuous
improvement cycle

Risk Assessment
= Identify, Analyse &
Evaluate Risks

Define Context first

Opportunities as well

RISK ASSESSMENT

Subset of the Risk Management

process

Managers involved in this

Define Context and clear focus

for risk assessment.

E.g. Strategic, business or project

plan

3 years, 1 year, 6 months

J &PS Outcomes

Objectives Impacted upon

Degree of Uncertainty

RISK ASSESSMENT
(continued)

Unexpected Events

Expected Events

Uncertainty = at what rate will

it occur

Will it Impact on Objectives?

Staff turnover, absences,

workers compensation costs

Consider scenarios

Uncertainty-based Risks

Characteristics
Extremely hard to
quantify
Catastrophic in nature
Out of our control
Always negative
outcomes
Restorative planning &
actions

RM Response
Business Continuity
Emergency Response
Disaster Recovery
Planning

Question of balance.

Hazard type risks

Characteristics
Insurable type risks
Extensive data available
SOPs used to manage
Accident rate that is
uncertain
Treat by reducing
likelihood/consequence
or both - Preventative

Examples
OH & S / Workers Comp.
Property
Financial management
Clinical

Opportunity type risks

Characteristics
Often non insurable type
risks
Assessment is
qualitative
Performance related
Treat by avoidance, risk
sharing etc.
Integrated into business

Examples
Strategic
Business, Project
planning

Opportunity costs
Relationship, reputations
Efficiency & effectiveness

2. Rationale for Implementing a

Risk Management Policy & Framework?
1)

Compliance

2)

Protection

3)

Improve Organisational Performance

2.1

COMPLIANCE ISSUES

S. A. Government : Risk Management Policy

Re-issued November 2003

CEs Accountable to their Ministers

Protect & enhance Govt. resources
Protect well being of citizens & environment
SAICORP to provide advice to the Crown

Premiers Safety Commitment Statement &

DAIS - Workplace Safety Management in the SA Public Sector 2004 2006 Implementation Plan.

Annual SAICORP Declarations to meet our duty of disclosure to our

insurers (re-insurers)

Corporate Governance Expectation

2.2 Protection Provided on Two

Levels :
1) Reduce likelihood of things going wrong and / or
when things do go wrong, the consequences should
be less severe.
2) Due diligence defence - will be able to demonstrate
that all reasonable efforts have been made using a
systematic, consistent approach to identify, rate and
treat risks.

2.3 To improve organisational performance

1.

Improve strategic and business planning

2.

Improve information for decision making

3.

Maximise the benefits of opportunities that arise

4.

5.

Improve operating efficiency due to targeting of

resources, less time fire-fighting and avoidance of
costly mistakes.
Provide an early warning system enabling preventative
action to be taken

3.1

Policy & Framework

Agency Considerations

Central coordinating body responsible for Risk Management.

Communication & Consultation on risk management
Risk Management Policy & Framework

Criteria, categories of risks

Likelihood & consequence indicators

Risk Matrix

Annual,Half Yearly, Quarterly, needs based risk assessment

Risk Assessment Tools & reporting requirements
How to assist managers meet their risk management
responsibilities

Likelihood Descriptors

LIKELIHOOD OF OCCURRENCE

RATING

Description

Almost Certain

This event will almost certainly occur within the next six months

Likely

It is likely that this event will occur at least once in the next year or it is moderately likely that this event
will occur at least once in the next two years

Moderate

It is moderately likely that this event will occur at least once in the next two years

Unlikely

It is possible, though unlikely, that this event may occur once in a 2 year period

Rare

May occur only in very unusual circumstances. Remote possibility of occurring once every 2 to 5 years

Consequence Descriptors

AREA OF IMPACT
RATING

Insignificant

Financial

Financial loss
up to $50,000

Organisational Impact

Reputation & Image

Small delay, internal

inconvenience only.

One off media

coverage only

Human
Resources
Minor injury.
Temporary local
poor morale.

Example Detail Description

Minor

Moderate

Lost time injury.

Local but
lingering poor
morale. Skill
mix issues

Financial loss
>$50,000 and
< $100,000

Easily remedied, some impact on

external stakeholders. Business
objectives delayed.

Temporary negative
impact on reputation

Financial loss
>$100,000 and
< $500,000

Considerable remedial effort

required with widespread
disruption to the organization
extending for period up to 3
months. Some business
objectives will not be achieved.

Temporary breakdown
in key relationship.
Widespread negative
reporting in media.
Premier or Ministerial
involvement.

Serious
permanent
injury. Ongoing
widespread
morale issues.
High staff
turnover.

Ongoing widespread
negative reporting in
media. Leads to a
high-level independent
investigation with
adverse findings.

Death.
Entrenched
morale
problems.
Inability to
recruit staff with
necessary
skills.

Total loss of
confidence within
community leading to
dismissal of Board.

Major

Financial loss
> $500,000
and< $1 million

Permanent loss of critical

information, substantial disruption
to organization or external
intervention extending over 3
months or more. Major goals not
achieved.

Catastrophic

Financial loss
> $1 million

Organisation is totally
dysfunctional requiring
appointment of an administrator.

Level of Risk Matrix

CONSEQUENCES

Risk Analysis
(Level of Risk
- LOR)

Insignificant
1

Minor
2

Moderate
3

Major
4

Catastrophic
5

High

High

Extreme

Extreme

Extreme

Likely
4

Moderate

High

High

Extreme

Extreme

Possible
3

Low

Moderate

High

Extreme

Extreme

Unlikely
2

Low

Low

Moderate

High

Extreme

Low

Low

Moderate

High

High

Almost
Certa
in
5

L
I
K
E
L
I
H
O
O
D

Rare

3.2 What does a Risk Management

Policy & Framework help to achieve?

A systematic and consistent approach to considering

risk and opportunity integrated into all planning and
business activities.

Cultural change Reactive to Proactive to become

embedded into the departmental culture.

Risk Assessment Training

Duration (three hours) for all managers and

risk assessment facilitators on all aspects of
risk assessment including:

defining the risk assessment context;

Identifying, analysing & evaluating risk;
completing risk registers and
developing risk treatment plans.

NOTE: Registration fee of $55 (incl. GST)

QUESTIONS ???????
www.treasury.sa.gov.au