Key concept: Risk

From Future of Local Services to the Public

first posted by Guy Taylor Jan 2009

Contents 1 What is meant by risk? 2 What is risk management? 3 What are the potential benefits from having an effective risk management process? 4 What role do managers play in managing risk? 4.1 The managers job, therefore, is to: 4.1.1 a. Set the tone and influence the culture of risk management within the whole organisation. 4.1.2 b. Determine the appropriate risk appetite or level of exposure for the organisation: 4.1.3 c. Actively participate in major decisions affecting the organisation's risk profile or exposure: 4.1.4 d. Monitor the management of significant risks to reduce the likelihood of unwelcome surprises: 4.1.5 e. Satisfy itself that the less significant risks are being actively managed, possibly by encouraging a wider adoption of risk management. 4.1.6 f. Report annually on the organisation's approach to risk management, with a description of the key elements of its processes and procedures. 5 Asking yourself the right questions on risk

What is meant by risk?

It is important to have a common definition of risk within an organisation of any size or purpose and one frequently used is:

'‘The threat or possibility that an action or event will adversely or beneficially affect an organisation’s ability to achieve its objectives.’'

All organisations have expressed or implied objectives. Why is it important to do this? Because individuals make up the thinking behind the organisation, and bring their attitudes, perceptions and behaviour relating to risk from their own life's experiences to the organisation everyday and like risk this is dynamic in every sense of the word.

What is risk management?

Risk management is a systematic management process  which should if applied in the right way actively support the achievement of those objectives. It is not a process for avoiding risk: when used well it can actively allow an organisation to take on activities that have a higher level of risk (and therefore could deliver a greater benefit), because the risks have been identified, are understood and are being well managed, and the residual risk is thereby lower. Risk management is not just negative (ensuring that bad things are less likely to happen) but also positive (making it more likely that good things will happen.)

What are the potential benefits from having an effective risk management process?

• Supports strategic and business planning
• Enables the newly identified opportunities to acted upon
• Potential to reassure stakeholders
• Fewer shocks and unwelcome surprises
• Enhances communication between all staff of the organisation
• Supports effective use of resources
• Promotes continual improvement of the institutions systems
• Greater likelihood of achieving required outcomes through identifying of key objectives

What role do managers play in managing risk?

They have a fundamental role to play in the management of risk. They are entrusted with funds, both public and private, and therefore has a particular duty to observe the highest standards of corporate governance. They must ensure that the institution has a sound system of internal management and control, and delivers value for money from public funds.In the context of risk management managers should, as a minimum, ensure that there is an ongoing process for identifying, evaluating, and managing the risks faced by the organisation, and should review this process regularly. Most managers will also wish to consider the most significant risks facing their organisation at appropriate intervals.

The managers job, therefore, is to:

a. Set the tone and influence the culture of risk management within the whole organisation.

For example:

•  is it a ‘risk taking’ or ‘risk averse’ institution?
•  which types of risk are acceptable and which are not?
• is the portfolio of risk suitably balanced between high risk/high return and low risk/ low return?
• what are the expectations of staff with respect to conduct,ethics and probity?
• is there a clear policy that describes the risk culture, defines scope and responsibilities, assesses resources and defines performance measures?

b. Determine the appropriate risk appetite or level of exposure for the organisation:

• for example, is an activity with a potential loss of 5 per cent of total income acceptable, or should the risk be spread by working with another organisation or transferred through the use of insurance?

c. Actively participate in major decisions affecting the organisation's risk profile or exposure:

• for example, major financial investment, local or overseas partnerships or other stakeholder engagement.

d. Monitor the management of significant risks to reduce the likelihood of unwelcome surprises:

• for example, by receiving regular reports from team members focusing on key performance and risk indicators (probably no more than 20), supplemented by audit and other internal and external reports.

e. Satisfy itself that the less significant risks are being actively managed, possibly by encouraging a wider adoption of risk management.

f. Report annually on the organisation's approach to risk management, with a description of the key elements of its processes and procedures.

Asking yourself the right questions on risk

Managers will need to strike the right balance between keeping an overview and avoiding involvement in day to day management. Again, there is not one single right approach, since managers will play different roles in different organisations.

Nevertheless managers could consider asking themselves the following questions:

• Do I know the key risks being faced by this organisation and are they being adequately managed?
• Is there a clear risk policy for the institution?
• Do the work priorities of the organisation and its committees appropriately focus on the key risks to the institution?
• Are management communications with board members timely, candid, relevant and sufficiently comprehensive with respect to the key risks?
• Does management have an ongoing risk assessment process to identify and measure the impact and likelihood of risks?
• What are the mechanisms to provide the managers and board members with an early warning of unwelcome surprises from others in the organisation.