390 likes | 480 Views
A risky business Civil Society facing tough choices in a new world of risk. 2 nd November 2010 Paul Emery Head of Community and Social Organisations Bridget Colloby Marketing Manager. Agenda. Introductions What this session is about Contributor input, group work Feedback and conclusions
E N D
A risky businessCivil Society facing tough choices in a new world of risk. 2nd November 2010 Paul Emery Head of Community and Social Organisations Bridget Colloby Marketing Manager
Agenda • Introductions • What this session is about • Contributor input, group work • Feedback and conclusions • Wrap
The two agendas for risk management Why should you be interested in risk management?
Controls / Assurance / Audit / Inspection C2 What are the legal requirements for charities in relation to risk management? Charities that are required by law to have their accounts audited must make a risk management statement in their trustees' annual report confirming that “...the charity trustees have given consideration to the major risks to which the charity is exposed and satisfied themselves that systems or procedures are established in order to manage those risks.” (Charities (Accounts and Reports) Regulations 2008) Major risks are those risks that have a major impact and a probable or highly probable likelihood of occurring. If they occurred they would have a major impact on some or all of the following areas: • governance; operations; finances; environmental or external factors such as public opinion or relationship with funders; a charity's compliance with law or regulation. Any of these major risks and their potential impacts could change the way trustees, supporters or beneficiaries might deal with the charity.
Is this why for many charities… • Risk management is a paper exercise? • They feel they gain limited benefit from undertaking risk management? • It is a once a year process with limited involvement from the Board?
What is risk based decision making? • All organisations exist to achieve their objectives. • The purpose of (business) risk management is to manage the barriers to achieving these objectives. Treasury 2000 (OGC)
There are two types of risks: • Direct threats (damaging events) which could lead to a failure to achieve objectives. • Opportunities (constructive events) which if exploited could offer an improved way of achieving objectives , but which are surrounded by threats.
Business v Operational risks • Business risks Those which have been identified as potentially damaging to the achievement of the organisation’s objectives. • Operational risks Risks which managers, staff and volunteers are likely to encounter in day-to-day work situations.
80% of risks faced by organisations are not insurable! ‘Chance or choice’ - SOLACE/ZMMS What about insurance? “Risk Management is not just about insurance”
What is the context? • Significant crises impacting on organisations’ abilities to continue are now becoming one in five year events. • Hardest hitting recession for many years. • With funding resources scarce, partners want confidence that you understand and are managing your key risks. • The charity sector has become one of the major suppliers to Local Government in terms of commissioned services (estimated at over £12bn) • Society is less forgiving of failure.
What is your role in this? So, in effect, a [strategic] leader has (only) two jobs?? Identifying the opportunities that will lead to success (<25% of the job) and Managing the risks / issues / concerns which might get in the way (>75%of the job)
What is a business risk? - definition Risk is the variation in outcomes around an expectation (in effect, risk management is scenario planning and management)
Less risk averse Achieve objectives Corporate Governance Audit requirements Focus on (financial) priorities Better (performance)management The two agendas Risk-based decision making Controls / assurance / audit / inspection Improved forward planning Demonstrate improvement Better option appraisal
The practical exercise What risks does your organisation face?
Think about your organisation’s Vision Objectives Strategies Plans And the potential barriers to success
LAs C&SOs Housing Health Education CEO’s Profile of risk Contrast of opinion and importance View of capability to mitigate risk And, manage change Public Experts Zurich CSR Big Society Change Introduction to research report • Public sector and wider Civil Society scope • Research undertaken by leading third party research agency, Ipsos Mori • Different perspectives on long term risks facing the public sector and wider Civil Society’ • Key sources – Public and Civil Society CEO’s, independent risk experts and academics, public poll, Zurich experts
Agree A more Agree B more A: Individuals should have more responsibility for delivering local public services because they know what the local area needs B: It is the council’s job to deliver local public services, as they have the expertise to do so B: It is the government’s job to provide public services and they should not rely on charities and volunteers to fill the gap A: Charities and voluntary groups should take on a bigger role in the delivery of public services Base: All adults aged 15+ randomly allocated question (336), fieldwork dates: 30th July - 5th August 2010 – SOLACE 2010 Taking the public with you Which of these statements comes closest to your views on local councils / charities
Base: 8,768 British adults, Fieldwork dates: April 2008 - March 2009 – SOLACE 2010 People are less likely to volunteer in deprived areas
Importance/ability to deal with risks Lower importance, Higher importance, Lower ability to deal Lower ability to deal Climate change Changes in government policy Budget Social risk uncertainty Data security Working with other Workforce organisations Operational risk management Reputation management Lower importance, Higher importance, Good ability to deal Good ability to deal *Base: 100 telephone interviews, 12 – 28 July 2010 CEO viewpoint
CEOs: Top risk issues Budget uncertainty / Loss of funding 94%
Fear Security at site New Agenda Fire safety Paralysis Less Control Environment Capabilities Health & Safety New ways Housekeeping Opportunity Electrical wiring Pricing Contracts The backdrop
Major uncertainty Spending Review Some certainty? More certainty January 2010 October 2010 2010/11 2012+ Transition from uncertainty to certainty…
In your control Employees Volunteers What you do Contracts that you tender for Change management Cost control Spread of revenue streams Fixed costs Within your influence Local authority stance Spending of others What happens re: full cost of recovery What services are required Local community agenda Government strategy Memorandum and articles Managing the transition to budget certainty
Importance/ability to deal with risks Lower importance, Higher importance, Lower ability to deal Lower ability to deal Climate change Changes in government policy Budget Social risk uncertainty Data security Working with other Workforce organisations Operational risk management Reputation management Lower importance, Higher importance, Good ability to deal Good ability to deal *Base: 100 telephone interviews, 12 – 28 July 2010 CEO viewpoint – data security
Transparency – OCS wants more! Consortia / Partnership working – Who’s got your data? Instant media – When things go wrong they go wrong quickly! Value of donor base to you and others – Cyber attack? Measuring impact – more and more data, is it secure? Technology – USB where is yours? Data security – what’s driving the risk?
Partnership Working Mergers Security at site Fire safety Outsourcing – Supply Chains Shared Services / Systems Scope of Risk Capabilities Social Networking Public Sector Delivery Health & Safety Housekeeping Electrical wiring Other Fraud Cyber Attack Data security – can you see the risk?
Risk – Data securityWhat are the potential consequences? Reputational Damage • Public / corporate donors • Local Authorities and Health providers • Volunteers • Employees • Trustees / Patron • Beneficiaries • Third party suppliers • Information Commissioners Office / Fine Crisis response and impact on BAU
Fine Zurich case study – the tip of the iceberg
Zurich case study – the rest of the iceberg! Fine Audit and Consulting Fees Indemnity Policies and Claims Identity theft Redress payments Customer Communications Exercise Impact on BAU Employees on project Customer acquisition / retention Organisational Change Technology costs Ongoing internal comms (cultural shift) New processes and procedures Office adaptations and new equipment Increased operational costs
In your control Partnership principles and governance Shared services contracts and controls Policies on social networking – communications framework Fraud procedures, controls and systems Crisis planning Public sector contracts that you tender for. Within your influence Social networking and new media (external) Emerging fraud Risk – data security
Importance/ability to deal with risks Lower importance, Higher importance, Lower ability to deal Lower ability to deal Climate change Changes in government policy Budget Social risk uncertainty Data security Working with other Workforce organisations Operational risk management Reputation management Lower importance, Higher importance, Good ability to deal Good ability to deal *Base: 100 telephone interviews, 12 – 28 July 2010 Conclusions
The practical exercise How does your original list of risks look now?
Your organisation’s Vision Objectives Strategies Plans And the potential barriers to success
RISK IDENTIFICATION MONITORING RISK ANALYSIS RISK MANAGEMENT PRIORITISATION The risk management cycle
The practical exercise Let’s do a risk ranking exercise
Likelihood (over 2 years) Very high High Significant Low Very low Almost impossible Likelihood - definition >90% 55% to 90% 15% to 55% 5% to 15% 1% to 5% 0% to 1%
STRATEGIC RISK PROFILE Organisation Name: Likelihood: A Very high B High C Significant D Low E Very low F Almost impossible Impact: I Catastrophic II Critical III Marginal IV Negligible The risk profile template
Conclusions • Any questions / observations • ‘Tough Choices’ launches on 8th November 2010 • Access the report via www.NewWorldofRisk.com or complete the form to receive your copy