Risk Management Plan for the Department of Education, Employment and Workplace Relations - Case Study Example

DEEWR RISK MANAGEMENT PLAN REPORT Introduction Risk management plan in any organization plays a significant role in managing the business related risks. Its aim is to initiate vital information and promote good practice to individuals involved in managing risk. There are various considerations when initiating this process in an organization namely, (a) identification of risk, (b) assessing the risk, (c) planning for the risk, (d) monitoring or tracking the risk and (e) Communicating the risk. To create effectiveness in this process, all individuals within the organization should be responsible for identification and management of risk in relation to Risk Management framework of an organization. Risk management also provides a system for the setting of priorities when there are competing demands on limited resources. Program summary In Australia, the Department of Education, Employment and Workplace Relations (DEEWR) is a leading government agency providing national leadership in education and workplace training, transition to work and conditions and values in the workplace. The department works in collaboration with the states and territories and has offices and agencies throughout Australia and overseas allowing an active, national and client-focused approach. The Department is accountable to the Australian Government, Parliament and to the public for all issues including risks and the main objectives, such as development of national economic potential, increase of workforce participation, shareholders involvement and being innovative. 1. Have the organisational, strategic and risk management contexts been appropriately established does the risk management plan take appropriate account of these? The organizational, strategic and risk management contexts have been appropriately established in the company. These contexts have taken into account the fact that there lies a great danger in the organization owing to the status of the pedestrian crossings which have been dilapidated over time. This entails the dire need for the human traffic to be protected thus forcing the organization to have a detailed plan which takes the objectives into account. This means that the contexts have been considered in the plan. 2. Does the organisation have a Risk Management Policy and is risk management sufficiently embedded in the team/organisation? Since the establishment of DEEWR on December 3, 2007, it has shown great commitment in developing efficient and effective culture of risk management. The Departments of Education, Science and Training (DEST) together with Employment and Workplace Relations (DEWR) has come up with risk management policies and frame works embedded within the operations of this department. This very strong foundation has enabled the department to progress its planning for risk management. The executive to this department recognizes the need to have involvement, endorsement and continuos development and support from the senior department heads for risk management to be efficient. The practice of risk management has been integrated with fraud control, insurance, project management, business continuity, procurement and finance. The executive ensures that day to day making of decisions and undertaking the various activities is doe in respect to risk management principles. Please refer to the risk management plan document attached with this assignment. Risk Management is the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects within the DEEWR environment. The department conducts its business in an inherently high risk environment and the risks identified are extremely relevant to the strategic plan. The strategic plan reflects on Government Funding, Professional Service Delivery and Recruitment of Right people at the Right time for Right job. Major issues like Security, OH&S and Changes to Legislation are an embedded part of the department which is the most significant section in all Government decisions and policies. Other major risks are also considered such as financial, strategic, organization and political risks (Australian Government, 2008). 3. Have stakeholders been sufficiently identified and described and is the communications plan effective? According to Baker, W.,Reid,H., ‘Identifying and Managing Risk’(2005), page 131 internal and external stakeholders are people or organisations that have an interest in or pose a risk to the activities of an organisation. DEEWR Stakeholders are people or organisations that have a share interest or pose a risk to activities of an organisation. DEEWR being a government agency comprise a variety of stakeholders from both private and public sector. They include, local community, sectors of local government, professional bodies, federal and state government, unions, HR branches and insolvent experts among others. Stakeholders actively been involved and greatly contributed to risk analysis, which has helped them aware of risks involved and identify their agenda, strength and vulnerabilities with the risk. Good professional relationships with the stakeholders and their regularly interaction with the DEEWR has been crucial. The active involvement of the organization’s members of staff in risk management processes that involves provision of training is one way through which effective communication has been maintained. With the government, DEEWR ensures that they work in accordance to the government’s requirement; this includes ensuring accurate and timely input to ANAO audits, AGD Annual Fraud Control Return, Annual reports among others. Regular meetings with stakeholders as well as having relevant documentation have boosted the confidence levels of shareholders. The shareholders updates have been though website, email, monthly newsletters, use of fliers and regular meetings. A table format is as shown below. Stakeholder Stakeholder’s agenda Strengths Vulnerabilities of Stakeholders ACT Government HR Department SES Staff (Includes Ministerial staff) Manager Service providers Community Provides funding Effective delivery of policy Achievement of Business goals Security of staff and clients Timely and accurate advice Meet legislative requirements Delivery/implementation of Australian Government Initiatives Appoints new SES board Expertise in the field Experience Established procedures Documented plans Corporate Knowledge Time constraints Staffing constraints Stakeholder has unrealistic expectations Resources may be difficult to access in a timely fashion Lack of skills and expertise http://dnet.hosts.network/org05/50005286/DocumentsLibrary/Financial Reports/IEG 08-09 Reports 4. Are the risks identified relevant to the strategic plan? Have they been described appropriately in a risk register so that treatments can be identified? DEEWR risk identification has been relevant to the strategic plan. This has been done in line with a risk register. The aim is not to eliminate risk, rather to manage the risks involved in all DEEWR activities to maximise opportunities and minimise adversity. The risks identified are relevant to the strategic plan which has been described in the risk register so that the treatments can be identified. This has been achieved through a strategic focus, forward thinking and proactive approaches to management, balance between the cost of managing risk and the anticipated benefits, and contingency planning in the event where critical threats have been realized. The risks of the organization, both long term and short term, which include strategic, operational as well as tactical have been well addressed in the strategic plan that advocates for the use of risk watch as an effective way of managing the various risks and of documenting the various decisions and assessments. In order to be able to control and tat any risks within any given organization, information about the possible risks must be available. Such information may include the possible causes of the risks, effects of the risks on the organization, magnitude of the risk, stake holders or people affected and possible solutions to these risks. A deep analysis of all possible risks at DEEWR makes it very possible to have the risks treated/ controlled. 5. Have detailed risk plans been prepared? Have the chosen treatments been implemented as planned? A detailed risk plan that identifies the possible risks likely to affect DEEWR , the relevant strategies that can be used to prevent these risks, the effectiveness of these strategies and those responsible in mitigating these risks has been prepared. The strategies provided in the plan are those that aim at preventing the occurrence of the identified possible risks. However, the plan does not identify the possible control measures or ways of dealing with these risks if they occur. This questions the quality of the plan. DEEWR has definitely implemented the various mitigation strategies in their system. In the risk to do with inadequate information as well as quality control during communication and transfer of information for example, DEEWR has ensured that all members of staff are trained and made aware of the various procedures and processes of enhancing risk management and principles of risk management. This is as stipulated in the plan. RISK REGISTER Inherent Risk Residual Risk No Risk Event Likelihood Consequence Rating Risk Mitigation Strategy Effectiveness Likelihood Consequence Rating Responsibilities 1 Effect of Global Financial Crisis leading to less funding by government 3 3 9 Prioritise funding according to importance Changing contractors who are less expensive. New Marketing strategies introduced to get alternative funding to increase the revenue Effective 3 2 6 Management 2 Fraud – Unauthorised or inappropriate use or disclosure of information 3 2 8 Adherence to minimum standards with regards to training, reminders in all staff meetings and frequent reinforcement of adherence to privacy and information management guidelines ‘fraud prevention plan’ (2007) Fully effective 4 2 6 Management 3 Competition with other emerging and existing departments may result in staff leaving 5 2 9 Keep competitive marketing strategies to keep experience staff by introducing different working environment Effective 4 2 9 Marketing and HR Staff 4 Failure to declare conflict of interest 4 2 7 Annual reminder to staff when negotiating their performance agreement of the need to complete a conflict of interest form as required Very effective 3 2 6 All staff, Managers and Team Leaders 5 Inappropriate destruction of data or loss of access to data 3 4 9 Relevant training and development for staff in System Access Request (SAR) access and user manual available on department website. Effective 2 2 4 IT Security Operations Manager 6. Inadequate information and quality control in communicating information and advice to minister and key stakeholders. 3 3 8 Relevant training and development in monitoring and communication with ministerial staff. Have a flexible work environment and always have the work life balance approach. 2 2 4 HR Staff and Team Leaders Likelihood Impact 1=R=Rare 1=N=Negligible 2=U=Unlikely 2=L=Low 3=P=Possible 3=M=Medium 4=L=Likely 4=V=Very High 5=A=Almost Certain 5=E=Extreme LIKELIHOOD IMPACT 1 RARE 2 UNLIKELY 3 POSSIBLE 4 LIKELY 5 ALMOST CERTAIN Negligible 1 2 3 4 5 Minor 2 4 6 8 10 Moderate 3 6 9 12 15 Major 4 8 12 16 20 Catastrophic 5 10 15 20 25 RISK ACTION PLAN RISK RANKING (eg: low, med, high, extreme) TREATMENT OPTION (eg: reduce, avoid, transfer, share etc) DATE 1 March 2011 1. Fraud – Unauthorised or inappropriate use or disclosure of information High Risk Avoid 22 April 2011 2. Inadequate information and quality control in communicating information and advice to minister and other key stakeholders. High Risk Reduce 28 April 2011 3. Failure to declare conflict of interest Medium Risk Avoid 1 May 2011 1. Objective Implementation of effective and efficient fraud control measures and treatments Safeguard Assets, manage running costs Ensure appropriate usage of programme monies administered by DEEWR 2. Objective Time Management and Organisation skills develop across the whole team to be able to deliver within the deadline Undertake strategic measures not to damage the reputation of the department Maintain very good relationship with stakeholders. 3. Objective Make sure that the reputation of the department is not affected Security information is always confidential and is not compromised at any cost. All staff has access to departmental information to do their jobs Steps to take Who is Responsible When Resources Cost 1. Relevant training and development and frequent security checks to take place Safety security officers Before and After each project Training and Resources $60,000 per annum 2. Extra care taken in delivering outputs when a ministerial is involved. Eg. Signature from the team leader before being despatched All staff, Manager and Team Leaders After discussions with weekly meetings Correspondence with ministerial staff through telephone and email $20,000 according to seriousness 3. Annual reminder and implement practical guides, rules and regulations regularly updated Managers During every departmental meeting Nil Cost of hiring external training if needed. Risk plan DEEWR has prepared a detailed risk plans, ranking the risk as either low, medium or high together with the date of implementation as shown in the table below. RISK RANKING (e.g.: low, med, high, extra) TREATMENT OPTION (e.g.: reduce, avoid, transfer, share etc) DATE 1 March 2011 1. Fraud – Unauthorised or inappropriate use or disclosure of information High Risk Avoid 22 April 2011 2. Inadequate information and quality control in communicating information and advice to minister and other key stakeholders. High Risk Reduce 28 April 2011 3. Failure to declare conflict of interest Medium Risk Avoid 1 May 2011 The chosen treatment has not yet been implemented. The projected date for the implementation is planned to start early next year. The fraud control measures and treatments are thought to be effective and efficient during the implementation process. This will help safeguard assets and manage the running costs as well as ensuring appropriate usage of program monies administered by DEEWR. http://dnet.hosts.network/projects/Risk Management Systems/Approved Project Team Documents/DN 15 Project Management Plan.doc 6. Are the chosen treatments working? Is the residual risk consistent with that predicted in the risk register? The chosen treatments have proved to be working provided that there is enough resources and management. In respect to the 2002 Commonwealth Fraud Control Guidelines and the 1997 Financial Management and Accountability Act, DEWR as well as DEST established fraud -control plans that are still applied in DEEWR up to date. Currently, the department coming up with a new, plan of fraud control that will cover the entire period of upto June 30, 2010. Fraud management has been integrated into this department’s annual planning of business cycle, as well as the establishment of fraud various control initiatives is oftenly informed by the numerous annual risk assessments on fraud that are carried out by group, territory and state offices. The residual risk is consistent with that predicted in the risk register and this is believed that the treatment process is going to be more effective. Risk Watch which is part of the Risk Register for DEEWR and which helps in the implementation a wide framework of risk management by enhancing consistency in planning processes, in addition to supporting the analysis of risk management data, has been made available to every member of staff at DEEWR. it provides managers and users with capacities to effectively review and monitor risk treatments. 7. Have any new problems emerged as a result of the implementation of the risk controls? Though the use of the identified control measures will help in mitigating and treating the identified possible risks, the implementation of these measures may result to a number of problems. Resignation of experienced members of staff for to work for the organization’s competitors is for example one risk whose mitigation measure is likely to result in a number of problems. According to the plan, this risk can be mitigated by introducing experienced staff to different environments of work. While this will help in retaining this staff, taking them to new environment or department requires new training for those taking over the left department. It also rids the department of an experienced staff who was efficient in his or her work Frequent training of staff members on risk management processes and procedures and ensuring that security checks are frequently done as way of avoiding fraud requires a lot of money to acquire resources such as training materials and to hire trainers. This is likely to cause financial strains on the organization and especially if proper budgeting is not done. 8. Is the risk management being appropriately monitored? Have resources been appropriately allocated to risk management? Risk management is part and parcel of DEEWR’s Business and Workforce Planning process. All programs within the department, key projects and procurements activities where risk management is a factor should also have a risk management plan developed. DEEWR staff are expected to continually manage risk, and complete a risk management plan in Risk Watch which is the best way of carrying out such activity and document assessments and decisions related to risk. The risk management is being appropriately managed with the allocation of duties and resources to respective officers. For example, relevant training and development plus frequent security checks to take place is vested in the hands safety security officers before and after each project. Internal and external auditing is done to ensure that risks, their control, business objectives and implementation procedures are efficiently carried out according to plan. The Australian National Audit Office (ANAO) monitors DEWR's procedures and practices of risk management in their process of auditing. Enough resources such as training facilities and cash have been allotted to realize its goals. Resources that have mostly been used during monitoring include finances/ money as well as labor. The organization has for example hired different members of staff who also take part in monitoring progress of the organization. Such members of staff include plan approvers that play the role of ensuring that the assess risk levels are relevant and action officers who assess and report progress. Recommendation The management of risks in DEEWR is definitely one way through which the organization has been able to manage its business. The risk plan is one that has effectively been done to ensure that all risks are identified and relevant mitigation measures identified. One strong hold for the organization is its active involvement of staff members in enhancing risk management. Providing them with training and creating awareness is one sure way of making them feel part and parcel of the entire process and of ensuring that they understand making implementation very easy and successful. All staff members are responsible for identifying and managing risks and opportunities. The organization requires to not only placing emphasis in risk prevention measures but also on the measures to be taken if this risks actually occurred. The organization should ensure that the risk plan is effectively planned and worked out in such a way that all possible problems likely to emerge are identified and possible solutions put in place. References Australian Government, (2008) Department of Employment, Education and Workplace Relations Annual Report. Baker, W. and Howard, R., (2005).’Identifying and Managing Risk’ A/NZ ‘Standard 4360.2004’Risk Management’ ‘Class reading book’ www.deewr.gov.au www.treasury.gov.au www.riskmanagement.com.au http://dnet.hosts.network/org05/50005286/DocumentsLibrary/Financial Reports http://www.annualreport.deewr.gov.au/2008/part_1/Overview_9.htm Read More