Upload
bdjewel
View
400
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Workshop Presentation - Save the Children, USA, Bangladesh Country Office
Citation preview
SAVE THE CHILDREN, USABangladesh Country Office
open session onPROGRAM RISK MANAGEMENT
April 19, 2010
ASSURANCE AND RISK MANAGEMENT DEPARTMENT(ARM – DEPT.)
objectiveThe objective of this session is to identify and minimize risks and maximize opportunities during all phases of
the project’s life cycle.
Its an open session where the participants will:
discuss the concepts, principals, and definitions of risk management, internal audit and monitoring;
understand and appreciate the risk management framework;
understand the differences between internal audit, compliance, investigation and partners monitoring
discuss the concerns and inputs of the program management regarding risks identification and mitigation
discuss the expectations of the program management from Assurance and Risk Management Department and as well as from the Program Support and Management Service
agenda1. Definitions2. Introduction to Risks3. Program Risk Criteria and Factors4. What do we do about risks?5. Your participation;
• Learning from “Proud and Pain” • Potential Risks in your project• Expectations from us
Assurance• Internal Control• Compliance• Audit Services (Internal, External)•Ombudsman/Investigation
Risks Management• Reduction• Protection
Operational Support (with some limitations)
• Tools• Training/Knowledge Sharing
Assurance and Risk Management Department
Definition – Internal ControlInternal Control
Systematic process instituted by an organization to…
Conduct its business in an orderly and efficient manner Safeguard its assets and resources Deter and detect errors, fraud, and theft Ensure accuracy and completeness of its accounting data Produce reliable and timely financial and management information Ensure adherence to its policies and plans.
Effective Internal Controls can help our Country Effective Internal Controls can help our Country Office get where it wants to go, and avoid pitfalls Office get where it wants to go, and avoid pitfalls
and surprises along the way.and surprises along the way.
Definition - Internal AuditInternal Audit
Internal Audit is an independent, objective assuranceand consulting entity designed to
Ensure the internal control as above happenedAdd value and improve an organization's operations
(through Internal Control System). Provide SOME LEVEL of comfort and assurance to Country
Director and Save the Children.
Definition - ComplianceCompliance
Certification or Confirmation that Country Office meets the requirements of accepted practices, laws, legislation, prescribed rules and regulations, policies, specified standards, or the terms of a contract.
Definition - InvestigationInvestigation
Detailed inquiry or systematic examination tocarefully search thoroughly and discover facts.
Definition – Project AssuranceProject Assurance
“Assure that agency delivers quality services (program qualityprogram quality) to the targeted beneficiaries/stakeholders in accordance to Donor’s intention (purpose of fundspurpose of funds), and implements/manages a project in the most efficiency and cost effectiveness (usage of fundsusage of funds) within the set terms and conditions (compliancecompliance)”
Program Quality:Program Quality:
• Impact + Outreach
• Stakeholders Satisfactory
• Sustainability/Scale Up
• Model of Excellence
Purpose of Funds:Purpose of Funds:
• Relevance
• Intentional
• Create “change(s)”
Compliance:Compliance:
• Contractual Compliance
• Standard Practices
• Host Country’s Laws
Usage of Funds:Usage of Funds:
• Reasonable / Allocable
• Consistency
• Acceptable
• Auditable / Justifiable
Definition - Monitoring & EvaluationMonitoring & Evaluation
• MonitoringMonitoring is the systematic, regular collection and occasional analysis of information to identify and possibly measure changes over a period of time.
• EvaluationEvaluation is the analysis of the effectiveness and
direction of an activity and involves making a judgment about progress and impact.
“The uncertainty of an event occurring that could have an impact on the achievement of objectives.”
Definition - RisksRisks
risk acronym: carescompliance with laws, regulations and contracts
accomplishment of goals and objectives
reliability and integrity of financial and operational information
efficient and effective operations
safeguarded Assets
Risk management is a central part of any organization's strategic management. It is a process methodically address the risks across the portfolio of all activities attaching the goal.
risk management
PROTECTION
REDUCTION
Risk management is everyone's business
Identification and treatment of risksAdd maximum sustainable value to all the activitiesIncrease probability of successReduce both probability of failure and the uncertainty of achieving the organization's overall objectivesSupports accountability, performance measurement and reward, thus promoting operational efficiency at all levels
purpose of risk management
risk management framework;
Set of components that provide the foundations and organizational arrangements for
designing, implementing, monitoring, reviewing and continually improving
risk management processes throughout the organization
Risk Methodology
4.
5.
1. ReviewEnvironment
2.
3.
6.
• Treat
• Take
• Transfer
• Terminate
• Impact
• Likelihood
• Acceptability
• Trend in Controls
• Fiduciary
• Program
• Reputation
• Viability
• Assure/Insure
• Manage Performance
• Train
• Inform
• Nature of Business
• Organizational Culture
• External Environment
• Regulatory Environment• Specific
• Measurable
• Achievable
• Realistic
• Timely
EstablishObjectives
IdentifyRisks
AssessRisks
ApplyResponses
Monitor &Communicate
Risk assessment is the process of: Enumerating risks Determining their classifications Assigning probability and impact scores Associating controls with each risk
risk assessmentA systematic process for assessing and integrating
professional judgments about probable adverse conditions and / or events.
Category Criteria
Organizational
New Sub-RecipientInexperienced Sub- RecipientStaffing ChangesChange in Legal Applicant / Focal Person
Programmatic
Low Quality Programmatic PerformanceInadequate Performance MeasuresMulti-Site ProgramParticipant Enrollment / RetentionInnovative / Untested Program / Project DesignMajor Changes in Project Design / Scope
FinancialLarge Recipient / Multiple AwardsLarge Unexpended BalancesFinancial Weakness Identified
Compliance
Incomplete / Late Progress ReportsIncomplete / Late Financial Status ReportsNon-Responsive RecipientOpen Audit Findings
Program Specific One or More Partners or Subcontractors
program risk criteria
ScopeThe scope of the project is poorly definedThe program requirements of the project are unclear or complexHigh number of estimated effort hoursThe quality of current data is poor and difficult to convertPackage implementation is a new product or release
ScheduleThe projects major milestones and/or operational dates are fixed. They were pre-established by an operational commitment or legal requirements beyond control of the project team.Long estimated project duration
examples of risk factors in program
management
Budget and GrantsProgram budget was not established with any proven experiencesGrant funding is unstable and less than the estimated costDonor funding involved complex conditions and matching
Project LinkagesThe project is highly dependent upon completed and quality deliverables form another separate linkage project or support
Human ResourcesProgram management processes involve extensive outsourcing and consultancy worksProgram implementation team is located in dispersed locations
examples of risk factors in program management
(Continued)
Organizational ImpactsBusiness processes and policies require substantial changeChanges to organization structure are significant
TechnologyThe project technology is new and unfamiliar (or new releases)The technical requirements are new and complexSubject matter is not well known by the project team
examples of risk factors in program management
(Continued)
qualitative risk analysis The goal is to focus on the most
critical risks.
Subjectively evaluate and assess the likelihood and impact of identified risks to determine their magnitude and priority.
probability and consequences
Probability Likelihood of the event
Consequences Impact on Finance, Reputation, Time
Something different to everyoneAssign understandable values, then seek group agreementDocument thought process if necessary or appropriate
high, medium, and low
high 5medium 3-4
low 1-2
Likelihood Score
Likelihood title
Example descriptions
1 Rare
Extremely unlikely or virtually impossible
Less than 5% chance of happening Unlikely to occur in a 5 -10 year period
2 Unlikely
Could occur at some point 6% to 20% chance of happening Unlikely to occur within a 2-5year
period
3 Possible
Fairly likely to occur 21% to 50% chance of happening Likely to occur once within a 1-2 year
period
4 Likely / Probable
Will probably occur in most circumstances
51% to 80% chance of happening Likely to occur once within a one year
period
5 Almost Certain
Expected to occur in most circumstances
More than 80% chance of happening Likely to occur once within three
months
likelihood of risks
Score Definition
5 – Extreme /catastrophic
Loss of operations for more than 7 days; loss of life/fatalities; Major financial loss that threatens the partnerships existence; non delivery of partnership objectives; loss of trust or reputation of Save the Children and extended local media coverage, extremely damage to local environment
4 - Major
Loss of operations for more than 48 hours but less than 7 days; Extensive injuries, possible loss of life; Severe financial loss that puts the partnership objectives at risk; Significant impact upon the partnership objectives; damage to reputation and extended local media coverage; major damage to local environment.
3 - Moderate
Disruption to operations for limited time; short term illness, injury or serious threat to injury; significant financial loss; partial failure to achieve partnerships objectives; damage to reputation; moderate damage to local environment.
2 - MinorSome disruption to operations; minor injuries; some financial loss; little effect on delivering partnership objectives; possible damage to reputation; minor damage to local environment.
1 - Insignificant
Little disruption to operations; no injuries; small financial loss; no effect on delivering partnership objectives; no damage to reputation; no or insignificant environmental damage
risk impact
risk scoring matrix
Risk Category Risk Score Actions
HIGH RISK 12 - 25
Immediate action required by the partnership. Risk is reported through to Country Director or similar for senior management involvement where necessary.
MEDIUM RISK 6 - 10
Partnership to ensure effective monitoring arrangements are in place and effective response procedures have been implemented. Close monitoring and review of the risks are required.
LOW RISK 1 - 5
Partnership to ensure risks are managed by routine procedures - regular monitoring is carried out of current risk status.
what actions should we take for risks in partnership?
what do we do about risks?
Treat or Manage– management controls—proactive
Take or Accept– Low likelihood and impact
provides low exposure—inactive
Transfer or Insure– Obtain a policy
to cover for loss—reactive
Terminate or Avoid– Stop all activity related to
undesirable risk—non-active
5.
monitor & communicateKeeping risk in the conversation
Risk management trainingPerformance reviewsManagement reviewsProgram reviewsRisk-based auditsTools to manage monitoring and communication
Risk Register
6.
QUESTIONS?