SAVE THE CHILDREN, USABangladesh Country Office

open session onPROGRAM RISK MANAGEMENT

April 19, 2010

ASSURANCE AND RISK MANAGEMENT DEPARTMENT(ARM – DEPT.)

objectiveThe objective of this session is to identify and minimize risks and maximize opportunities during all phases of

the project’s life cycle.

Its an open session where the participants will:

discuss the concepts, principals, and definitions of risk management, internal audit and monitoring;

understand and appreciate the risk management framework;

understand the differences between internal audit, compliance, investigation and partners monitoring

discuss the concerns and inputs of the program management regarding risks identification and mitigation

discuss the expectations of the program management from Assurance and Risk Management Department and as well as from the Program Support and Management Service

agenda1. Definitions2. Introduction to Risks3. Program Risk Criteria and Factors4. What do we do about risks?5. Your participation;

• Learning from “Proud and Pain” • Potential Risks in your project• Expectations from us

Assurance• Internal Control• Compliance• Audit Services (Internal, External)•Ombudsman/Investigation

Risks Management• Reduction• Protection

Operational Support (with some limitations)

• Tools• Training/Knowledge Sharing

Assurance and Risk Management Department

Definition – Internal ControlInternal Control

Systematic process instituted by an organization to…

Conduct its business in an orderly and efficient manner Safeguard its assets and resources Deter and detect errors, fraud, and theft Ensure accuracy and completeness of its accounting data Produce reliable and timely financial and management information Ensure adherence to its policies and plans.

Effective Internal Controls can help our Country Effective Internal Controls can help our Country Office get where it wants to go, and avoid pitfalls Office get where it wants to go, and avoid pitfalls

and surprises along the way.and surprises along the way.

Definition - Internal AuditInternal Audit

Internal Audit is an independent, objective assuranceand consulting entity designed to

Ensure the internal control as above happenedAdd value and improve an organization's operations

(through Internal Control System). Provide SOME LEVEL of comfort and assurance to Country

Director and Save the Children.

Definition - ComplianceCompliance

Certification or Confirmation that Country Office meets the requirements of accepted practices, laws, legislation, prescribed rules and regulations, policies, specified standards, or the terms of a contract.

Definition - InvestigationInvestigation

Detailed inquiry or systematic examination tocarefully search thoroughly and discover facts.

Definition – Project AssuranceProject Assurance

“Assure that agency delivers quality services (program qualityprogram quality) to the targeted beneficiaries/stakeholders in accordance to Donor’s intention (purpose of fundspurpose of funds), and implements/manages a project in the most efficiency and cost effectiveness (usage of fundsusage of funds) within the set terms and conditions (compliancecompliance)”

Program Quality:Program Quality:

• Impact + Outreach

• Stakeholders Satisfactory

• Sustainability/Scale Up

• Model of Excellence

Purpose of Funds:Purpose of Funds:

• Relevance

• Intentional

• Create “change(s)”

Compliance:Compliance:

• Contractual Compliance

• Standard Practices

• Host Country’s Laws

Usage of Funds:Usage of Funds:

• Reasonable / Allocable

• Consistency

• Acceptable

• Auditable / Justifiable

Definition - Monitoring & EvaluationMonitoring & Evaluation

• MonitoringMonitoring is the systematic, regular collection and occasional analysis of information to identify and possibly measure changes over a period of time.

• EvaluationEvaluation is the analysis of the effectiveness and

direction of an activity and involves making a judgment about progress and impact.

“The uncertainty of an event occurring that could have an impact on the achievement of objectives.”

Definition - RisksRisks

risk acronym: carescompliance with laws, regulations and contracts

accomplishment of goals and objectives

reliability and integrity of financial and operational information

efficient and effective operations

safeguarded Assets

Risk management is a central part of any organization's strategic management. It is a process methodically address the risks across the portfolio of all activities attaching the goal.

risk management

PROTECTION

REDUCTION

Risk management is everyone's business

Identification and treatment of risksAdd maximum sustainable value to all the activitiesIncrease probability of successReduce both probability of failure and the uncertainty of achieving the organization's overall objectivesSupports accountability, performance measurement and reward, thus promoting operational efficiency at all levels

purpose of risk management

risk management framework;

Set of components that provide the foundations and organizational arrangements for

designing, implementing, monitoring, reviewing and continually improving

risk management processes throughout the organization

Risk Methodology

4.

5.

1. ReviewEnvironment

2.

3.

6.

• Treat

• Take

• Transfer

• Terminate

• Impact

• Likelihood

• Acceptability

• Trend in Controls

• Fiduciary

• Program

• Reputation

• Viability

• Assure/Insure

• Manage Performance

• Train

• Inform

• Nature of Business

• Organizational Culture

• External Environment

• Regulatory Environment• Specific

• Measurable

• Achievable

• Realistic

• Timely

EstablishObjectives

IdentifyRisks

AssessRisks

ApplyResponses

Monitor &Communicate

Risk assessment is the process of: Enumerating risks Determining their classifications Assigning probability and impact scores Associating controls with each risk

risk assessmentA systematic process for assessing and integrating

professional judgments about probable adverse conditions and / or events.

Category Criteria

Organizational

New Sub-RecipientInexperienced Sub- RecipientStaffing ChangesChange in Legal Applicant / Focal Person

Programmatic

Low Quality Programmatic PerformanceInadequate Performance MeasuresMulti-Site ProgramParticipant Enrollment / RetentionInnovative / Untested Program / Project DesignMajor Changes in Project Design / Scope

FinancialLarge Recipient / Multiple AwardsLarge Unexpended BalancesFinancial Weakness Identified

Compliance

Incomplete / Late Progress ReportsIncomplete / Late Financial Status ReportsNon-Responsive RecipientOpen Audit Findings

Program Specific One or More Partners or Subcontractors

program risk criteria

ScopeThe scope of the project is poorly definedThe program requirements of the project are unclear or complexHigh number of estimated effort hoursThe quality of current data is poor and difficult to convertPackage implementation is a new product or release

ScheduleThe projects major milestones and/or operational dates are fixed. They were pre-established by an operational commitment or legal requirements beyond control of the project team.Long estimated project duration

examples of risk factors in program

management

Budget and GrantsProgram budget was not established with any proven experiencesGrant funding is unstable and less than the estimated costDonor funding involved complex conditions and matching

Project LinkagesThe project is highly dependent upon completed and quality deliverables form another separate linkage project or support

Human ResourcesProgram management processes involve extensive outsourcing and consultancy worksProgram implementation team is located in dispersed locations

examples of risk factors in program management

(Continued)

Organizational ImpactsBusiness processes and policies require substantial changeChanges to organization structure are significant

TechnologyThe project technology is new and unfamiliar (or new releases)The technical requirements are new and complexSubject matter is not well known by the project team

examples of risk factors in program management

(Continued)

qualitative risk analysis The goal is to focus on the most

critical risks.

Subjectively evaluate and assess the likelihood and impact of identified risks to determine their magnitude and priority.

probability and consequences

Probability Likelihood of the event

Consequences Impact on Finance, Reputation, Time

Something different to everyoneAssign understandable values, then seek group agreementDocument thought process if necessary or appropriate

high, medium, and low

high 5medium 3-4

low 1-2

Likelihood Score

Likelihood title

Example descriptions

1 Rare

Extremely unlikely or virtually impossible

Less than 5% chance of happening Unlikely to occur in a 5 -10 year period

2 Unlikely

Could occur at some point 6% to 20% chance of happening Unlikely to occur within a 2-5year

period

3 Possible

Fairly likely to occur 21% to 50% chance of happening Likely to occur once within a 1-2 year

period

4 Likely / Probable

Will probably occur in most circumstances

51% to 80% chance of happening Likely to occur once within a one year

period

5 Almost Certain

Expected to occur in most circumstances

More than 80% chance of happening Likely to occur once within three

months

likelihood of risks

Score Definition

5 – Extreme /catastrophic

Loss of operations for more than 7 days; loss of life/fatalities; Major financial loss that threatens the partnerships existence; non delivery of partnership objectives; loss of trust or reputation of Save the Children and extended local media coverage, extremely damage to local environment

4 - Major

Loss of operations for more than 48 hours but less than 7 days; Extensive injuries, possible loss of life; Severe financial loss that puts the partnership objectives at risk; Significant impact upon the partnership objectives; damage to reputation and extended local media coverage; major damage to local environment. 

3 - Moderate

Disruption to operations for limited time; short term illness, injury or serious threat to injury; significant financial loss; partial failure to achieve partnerships objectives; damage to reputation; moderate damage to local environment. 

2 - MinorSome disruption to operations; minor injuries; some financial loss; little effect on delivering partnership objectives; possible damage to reputation; minor damage to local environment. 

1 - Insignificant

Little disruption to operations; no injuries; small financial loss; no effect on delivering partnership objectives; no damage to reputation; no or insignificant environmental damage 

risk impact

risk scoring matrix

Risk Category Risk Score Actions

HIGH RISK 12 - 25

Immediate action required by the partnership. Risk is reported through to Country Director or similar for senior management involvement where necessary.

MEDIUM RISK 6 - 10

Partnership to ensure effective monitoring arrangements are in place and effective response procedures have been implemented. Close monitoring and review of the risks are required.

LOW RISK 1 - 5

Partnership to ensure risks are managed by routine procedures - regular monitoring is carried out of current risk status.

what actions should we take for risks in partnership?

what do we do about risks?

Treat or Manage– management controls—proactive

Take or Accept– Low likelihood and impact

provides low exposure—inactive

Transfer or Insure– Obtain a policy

to cover for loss—reactive

Terminate or Avoid– Stop all activity related to

undesirable risk—non-active

5.

monitor & communicateKeeping risk in the conversation

Risk management trainingPerformance reviewsManagement reviewsProgram reviewsRisk-based auditsTools to manage monitoring and communication

Risk Register

6.

QUESTIONS?

bdjewel@live.com