110 likes | 274 Views
Embedding risk management in the public sector – a rain check. Colette Kane Northern Ireland Audit Office Promoting better use of public money. Overview. Good practice in Risk management Key messages we wanted to promote How public sector bodies are doing Where additional focus is needed.
E N D
Embedding risk management in the public sector – a rain check Colette Kane Northern Ireland Audit Office Promoting better use of public money
Overview • Good practice in Risk management • Key messages we wanted to promote • How public sector bodies are doing • Where additional focus is needed
Good Practice in Risk Management-key messages • Process should be specific to each body. • Managed risk taking can present opportunities. • A clear understanding of roles and responsibilities in the process is key. • Contingency planning is important for every organisation. • Not all risks need to be accepted/treated. • Good communication is key. • Horizon scanning is recommended. • Identify and communicate risk appetite. • Consider fraud risk. • Be clear on assurances.
A rain check! We have observed; • An increased emphasis on risk management. • As finances get tighter risk management is seen as more important. • More conversations on risk around the board and audit committee table. • Risk discussed at all levels within the organisation. • Risk appetites being explored. • More emphasis on the high risks. • More movement on risks than before.
Could do better? Areas of risk management requiring more focus; • Braver managed risk taking. • Too many risks being recorded and monitored. • Risk assessment very cautious and without regard to appetite. • The controls being relied upon are sometimes non existent. • Horizon scanning not widely used. • Fraud risk assessments not being prepared. • Contingency planning still relatively weak and rarely tested. • Disclosure in Governance Statements still being developed.
Governance Statements The governance statement should reflect the organisation’s governance, risk management and internal control arrangements and how they operate in practice. The Governance Statement should provide a sense of the organisation’s vulnerabilities and resilience to challenges.
Key Recommendations • Focus more on the assessment of risk and particularly where risks have materialised and how these were addressed. • New risks identified should be disclosed.