1 / 56

OPH Risk Management

OPH Risk Management. Planning & Performance Management Team July 2016. Objectives. Key concepts and definitions Roles and responsibilities Risk identification and assessment Risk management Process and timelines Tips & annexes. We do it all the time …. Key Concepts &

denisl
Download Presentation

OPH Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. OPH Risk Management Planning & Performance Management Team July 2016

  2. Objectives • Key concepts and definitions • Roles and responsibilities • Risk identification and assessment • Risk management • Process and timelines • Tips & annexes

  3. We do it all the time …

  4. Key • Concepts & • Definitions • Tips & Annexes Risk Management Roles & Responsibilities Risk Identification and Assessment • Processes & Timelines Key Concepts & Definitions

  5. What is “Risk”? Outputs / Outcomes Deliver key activities, address strategic directions, close gaps, improve quality Objectives / Mandates / Obligations RISK Anything that may have a negative or positive impact on you reaching the expected outputs/outcomes Identify, Assess, Prioritize & Mitigate

  6. Categories & Subcategories of Risks Objectives / Mandates / Obligations Outputs / Outcomes

  7. What is Risk Assessment ? A structured approach for identification,  evaluation, and estimation of the level of uncertainty/risk involved in a situation, their comparison against  benchmarks or standards, and determination of an acceptable level of risk.

  8. Riskofdeathby a lightningstrike inCanada: 3 in10million How acceptable can be accepted

  9. What is Risk Management ? Risk management is a systematic approach to setting the best course of action under risk/uncertainty by identifying, assessing, understanding, acting on, and communicating risk issues.

  10. Why Risk Management • Proactive vs. reactive • Improve outcomes • Reduce likelihood, negative impacts, or both • Meet objectives • Prioritize efforts more effectively • Support decision-making • Support accountability, transparency and responsibility obligations • and simply put … good management

  11. Risk Management is Critical at All Levels Strategic (Emerging regulatory changes) OPH level Branch level Strategic > Operational (Lack of surge capacity) Program level Operational > Strategic (Competingpriorities) Team level Operational (implementation) Project level

  12. Inherent Risk • The risk that a condition or an activity would pose if no controls or other mitigating factors were in place (the gross risk or risk before controls)

  13. Residual Risk • After considering the controls already in place, is there still a risk that will prevent the team/branch/program/organization from meeting its objectives • Risk – current controls = residual risk • If the score for the residual risk score is greater than 10, then a mitigation plan (quality improvement initiative) is required.

  14. Some Helpful Definitions

  15. Key • Concepts & • Definitions • Process & Timelines • Tips & Annexes Risk Management Risk Identification and Assessment Roles & Responsibilities Roles & responsibilities

  16. Board of Health • Understand the risks inherent in OPH’s strategies and operations • Be alert for any organizational behaviours that can lead to excessive or insufficient risk taking • Provide feedback, guidance and support to OPH management regarding critical risks or mitigation strategies • Escalate significant risks when warranted

  17. MOH and Deputy Directors • Assume overall responsibility for OPH risk management • Ensure the effective implementation of the risk management activities throughout OPH • Exercise due diligence to ensure that no significant risks are overlooked • Acknowledge and approve, whenever applicable, the periodic internal and external risk reports • Escalate significant risks when warranted

  18. Branch and Program Managers • Are accountable for own risks (PM/BM) • Sign off on own risks, mitigation plans, and progress status (PM/BM) • Oversee the timely implementation of the developed mitigation plans (PM) • Acknowledge and provide input into the progress of mitigation plans to their assigned risks (PM/BM) • Acknowledge and provide input into internal and external risk reports (PM/BM) • Escalate significant risks when warranted (PM/BM)

  19. Supervisors and Employees • Be aware of OPH’s risk management system and procedure, and City of Ottawa enhanced risk management framework • Consider risk management as an integral part of their roles • Document, and communicate risks which may impact their team, program, or the organization, to their supervisors and/or managers • Assist in implementing the required actions • Escalate significant risks when warranted

  20. Learners and Volunteers • Recognize that risk management as a part of their role • Communicate risks that may impact the team, program, or the organization, to the employee they work with • Escalate significant risks when warranted

  21. Roles & Responsibilities Risk Identification and Assessment Risk Management Process & Timelines • Tips & Annexes • Key • Concepts • & Definitions Risk Identification and Assessment

  22. 1. Identify the Risks • Previous risk assessments • Brainstorming, mind-mapping • Past & current performance (evidence) • Prediction and forecasting • Focus groups and interviews • Information from other jurisdictions • Knowledge of the environment, program, clients, providers, gap in compliance to OPHS, OPHOS … • Professional judgment

  23. ComplianceThis is the risk that the City fails to comply with new and/or changing laws, regulations, policies, directives or legal agreements. The risk includes the ability to demonstrate adherence to mandated requirements.

  24. Continuity of OperationsThis is the risk that the availability of the City’s priority programs and/or services could be disrupted. This includes an interruption of routine services to the public. The goal is to ensure the continued availability of programs and services.

  25. Financial This is the risk that the City’s funds are not sufficient to support and ensure the provision of City programs and services. There is also a risk that the City’s planned project and programming activities exceed available funding resulting in key planned activities and initiatives not being realized. There is the concurrent risk that funding via the annual budget cycle may make it difficult for the City to plan and resource longer term activities and strategies. This may limit the City’s ability to initiate new programs that meet the needs of its stakeholders. This is not an opportunity to lobby for additional funding

  26. HR ManagementThis is the risk that the City is challenged to recruit and maintain appropriate skill sets (competencies, knowledge and availability) to provide its programs and services. It includes the experience and skills of staff and their capability to fulfil evolving work tasks, and advancing technical applications, as well as the ability to identify/develop future leaders (succession planning). It also includes the City’s ability to provide a safe and healthy working environment.

  27. Infrastructure The risk associated with the impact on programming, revenue generation or costs resulting from issues with City Infrastructure Assets, including significant periods of construction, critical infrastructure failure, the quality and integrity of existing infrastructure and demand for new level of service and associated lifecycle costs. It also focuses on the interplay between infrastructure renewal, service delivery, operation/maintenance and citizen mobility. City Infrastructure Assets include the transportation network (such as roads and bridges), underground services, lands and all community buildings.

  28. Partnerships This risk relates to the reliance and/or shared responsibility with other stakeholders both internal and external to the City. Included are elected officials, senior management, departments, the media and third parties. The risk also includes the ability to define clear lines of communication, roles and responsibilities and to communicate critical information to the appropriate audience.

  29. Technology Any risk related to information technology and the delivery of IT services and/or support. The category includes a multitude of risks that are relevant to IT and the processes it supports. The risk includes: internal and external clients, who may suffer service disruptions or losses arising from system defects such as failures, faults, or incompleteness in computer operations, or illegal or unauthorized use of computer systems; and, gaps between business requirements and the availability of enabling technology grows that could affect service delivery.

  30. 2. Assess Your Current Control Measures • What are you already doing to deal with this risk? • What are others (other teams, senior management) doing to deal with this risk? • Are there partners who deal with this risk? • After considering what the team and others are doing, do you still need to put in additional work to mitigate this risk? • Are you planning to spend more time or effort on an issue than you do now? Is this a risk?

  31. 3. Write Your Risk Statement* * Based on the Residual Risk after you have taken into account your on going controls

  32. 4. Defining the Risk Score while considering the Existing Controls • Use the assessment tool to help define likelihood and impact • Score ≤ 9: • low priority, monitor for escalation. • Score ≥ 10: • high priority, mitigation plan required. • Set priorities for risks requiring mitigation plans (heat map, Mitigation Strategy Assessment Matrix)

  33. Future Event Likelihood Rating

  34. Risk Impact Measurement Tool

  35. Heat Map / Prioritization Matrix Risk Impact

  36. Risk Acceptability

  37. Risk Management • Tips & Annexes Risk Identification and Assessment Roles & Responsibilities • Process & Timelines • Key • Concepts • & Definitions Risk MANAGEMENT

  38. OPH Risk Management Objectives • Anticipate, prepare for, and respond to changing social, environmental, legislative and other requirements. • Embed risk management into teams’ culture, and day-to-day operations • Develop internal risk management competencies • Encourage employees, learners and volunteers to report risks without fear of retribution, retaliation or reprisal • Regularly re-assess risks and report on progress • Escalate whenever warranted

  39. 5. How to Deal with the Risk • Use all available resources • Identify and analyze the available options (evidence, best practices, experience) • Benefits and repercussions • The basic 4 responses • Avoidance: will not engage in the activity • Acceptance: risk is accepted given its benefits • Transfer: shift the risk to another party • Control: adopt specific strategies to reduce the risk likelihood, severity, or both.

  40. 6. Considerations When Developing a Mitigation Strategy • Scientific evidence • Cost-effectiveness • HR & financial implications • Convenience • Timeliness

  41. 7. Potential Mitigation Strategies • Preventive – (strategies that are designed to prevent risk from occurring) • Focus on the cause of the risk • Reduce likelihood • Detective – (strategies that are designed to detect the occurrence of risk early) • Focus on either the cause or the consequence(s) of the risk • Allows early intervention • Reduce impact • Recovery / Corrective – (strategies that are designed to respond to the impact if risk occurs) • Focus on the impact • Reduces impact

  42. 8. Risk Mitigation Plan Template

  43. 9. Implementing Your Plan • Timely implementation • Look for efficiencies • Mid course corrections • Optimum utilization of allocated resources • Stay focus on objectives

  44. 10. Monitoring and Reporting • Monitor the Plan Effectiveness, deviations, delays, or change in scope • Monitor the risk for changes to the score or status Reduction. Escalation • Closure of Risk End of existence of the risk; i.e. project closed, law passed • Acceptance of Risk Level of risk remaining after mitigation is acceptable. • Continued mitigation Risk still exists, and mitigation plan is still in full action mode. • Sign-off reports by the accountable manager(s) prior to circulation

  45. 11. Documentation • Fully document the mitigation plan (rationale to outcome) include as a quality improvement initiative • Sign off by the accountable manager(s) • Team/program-level risks: Maintained and managed within the respective team/program • OPH-level risks:Overseen by the accountable manager, maintained and reported by the PPM team.

  46. Roles & Responsibilities Risk Management Risk Identification and Assessment Process & Timelines • Tips & Annexes • Key • Concepts & • Definitions Process and timelines

  47. OPH Risk Management Procedure

  48. Risk Management Timelines

  49. Process & Timelines Risk Management • Tips & Annexes Risk Identification and Assessment Roles & Responsibilities • Key • Concepts & • Definitions Tips & Annexes

  50. Myths • Risk is the concern of management only • Risk is restricted to compliance to PHFAAs, and OPHS standards and protocols • Risk only needs to be thought about during operational planning (i.e.Once a year) • Risk is an opportunity to ask for more funding • Everyone assesses risk the same way

More Related