230 likes | 354 Views
Implementing Risk Management Strategically and Effectively in Regulatory Practice. Andrew Archer (Former Department for Business and Ministry of Justice Official ). Key Issues. Is the regulator’s strategy informed by good risk analysis?
E N D
Implementing Risk Management Strategically and Effectively in Regulatory Practice Andrew Archer (Former Department for Business and Ministry of Justice Official)
Key Issues • Is the regulator’s strategy informed by good risk analysis? • The link between targeting efforts where the risk is greatest and having our efforts strategically focused where the opportunity/challenge is greatest
Opening Thoughts • “A regulatory system will be difficult to justify – no matter how well it seems to be performing – if critics can argue that a different strategy would more relevantly achieve relevant objectives” (Baldwin et al – ‘Understanding Regulation’) • Strategy is as much about what you do not do as much as what you actually do
Risk “In reality, risk management is as much the art of managing people, processes and institutions as it is the science of measuring and quantifying risk.” (Thomas Coleman ‘A Practical Guide to Risk Management’)
The Essence of Strategy "Unlike a standalone decision or goal, a strategy is a coherent set of analyses, concepts, policies, arguments, and actions that respond to a high-stakes challenge” Richard P Rumelt • Strategy has to address the HOW.
Creating Strategy • Correctly understand challenge and context (diagnosis) • Understand the intended outcome without attachment to specific means (guiding approach) • Work out how specifically to address challenge and achieve outcome • Work out leverage points which multiply effort • Decide how to focusaction.
Behaviours Values Purpose Strategy Strategy requires alignment…
Bad strategy • Fluff • Failure to face the challenge – the key risk or opportunity • Mistaking goals for strategy • Bad strategic objectives. Conflict can arise whenever this is pointed out…
Where conflict can arise • Agreeing the diagnosis (correctly understanding the challenges, risks and context) • Agreeing the guiding approach (understanding the intended outcome without attachment to specific means) • Agreeing the specific strategy (working out how specifically to address challenge and achieve outcome) • Working out leverage points which multiply effort • Deciding how to focusaction.
Plentiful supply of skills Shortage of skills High economic growth Scenario 2 Scenario 3 Scenario 4 Scenario 1 Low economic growth Scenario Planning
Different Possible Futures (Scenarios) Strategy Development Mandate Environmental Scan Vision Mission Values Strategic Objectives “Action "Strategies Plans Evaluation
Why, What, How model Environmental Shifts Customers Competitors Stakeholders Economy Government Technology Society The Why Organisational Responses Strategy Structures Mission Products Practices Technologies The What Personal Implications Roles Responsibilities Methods Thinking Values Behaviours The How
Risk Issues? • Hazard identification – inherent ability to cause harm • Risk assessment – likelihood that harm will occur • Risk management – minimising risk • Risk communication – making the outcomes known • (NB distinction between risk as rationale for regulation and risk of unintended consequences of regulation – latter will be explored in later session)
Risk and Organizations: A View • “The art of risk management is not just in responding to anticipated events but in building a culture and organisation that can respond to risk and withstand unanticipated events. In other words, risk management is about building flexible and robust processes and organizations” Thomas Coleman (‘A Practical Guide to Risk Management’)
H Probability L H L Impact • Any course of action will contain an element of uncertainty • Those options that measure well against the desirable criteria should be assessed for inherent risk Decision Making - Risks Step One – Identify inherent risks Step Two – Assess risk against probability and impact
Managing Risk”5Ts” • Transfer - by insurance or finding another way to get someone else to bear the risk • Tolerate - if you can’t do anything about the risk or the cost of doing something far outweighs the benefit • Treat - contain the risk to an acceptable level (by internal control or action taken within the organisation) • Terminate - you may find the only way to deal with the risk is to stop the activity causing it • Take the opportunity – entertain a level of risk for the potential benefit that a certain course of action might take.
Risk and Regulation- Hampton • Need risk based, targeted regulation • “Unless risk assessment is carried through into resource allocations and regulatory practice, it is wasted effort.” • Risk assessment needs to be comprehensive, and inform all aspects of the regulatory lifecycle from the selection and development of appropriate regulatory and policy instruments through to the regulators work including data collection, inspection and prosecution • This implies risk should inform STRATEGY
Embracing Uncertainty • “We must give up any illusion that there is certainty in this world and embrace the future as fluid, changeable and contingent” (Thomas Coleman)
Public Perception of Risk • High level of public anxiety – public may not understand risks (behavioural insight) • Public and media perception creates high pressure on Government to act as if it can deal with more risks that is really possible • Government cannot take responsibility for ALL risk • Has to communicate trade-offs in managing risk • Must avoid making long term mistakes in response to a pressured situation.
Perception vs Evidence “There is a view that the policy dilemma at the heart of risk management is that policies responding to lay-people’s perceptions of risk tend towards over- regulation, while policies based entirely on scientific evidence will be seen as an inadequate response and will not be supported by the public” (Better Regulation Commission 2006)
Communication • Public perception of risk may pull government / regulator away from a strategic approach e.g. panic that led to Dangerous Dogs Act • Need to communicate and show one is listening to concerns • Need to ensure misunderstandings about risk do not push regulator into approach that is not strategic.
A Good Risk Management Strategy- Summary • Learn about risks in general and risks in the business sector regulated (including how people respond) • Learn about specific exposures and risks that may affect the strategy of a regulator • Make sure the regulator’s strategy addresses key risks (and opportunities) • Consider organisational risks (group dynamics and human factor) • Ensure regulations and enforcement are focused on the biggest risks. • Big question: the role of a regulator in ensuring the regulated address the above