Risk Management Systems in Major UK Public - PowerPoint PPT Presentation

Loading...

PPT – Risk Management Systems in Major UK Public PowerPoint presentation | free to view - id: 706a65-Mjc2M



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Risk Management Systems in Major UK Public

Description:

Risk Management Systems in Major UK Public & Private Sector Organisations: A tale of contrasting cultures Professor Margaret Woods Aston Business School – PowerPoint PPT presentation

Number of Views:77
Avg rating:3.0/5.0
Slides: 32
Provided by: Preins166
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Risk Management Systems in Major UK Public


1
Risk Management Systems in Major UK Public
Private Sector Organisations A tale of
contrasting cultures
  • Professor Margaret Woods
  • Aston Business School

2
Case Study Comparisons of Risk Management
Systems in Major Public Private Sector Entities
  • Structure of Presentation
  • Background to the paper
  • Cases methodology
  • Key findings- similarities differences
  • Contingency explanation of variations
  • Conclusion

3
Background
  • CIMA funded project
  • Public private sector cases
  • Interview based
  • Pre credit-crunch

4
Cases
  • Tesco
  • RBS
  • Department of Culture Media Sport
  • Birmingham City Council

5
Methodology
  • Interviews senior rm internal audit staff plus
    operational managers users of the system.
  • Public sector both staff and politicians
    interviewed e.g. Chief Executive Secretary of
    State
  • Observation
  • Internal documents
  • Information systems

6
Contribution to the Literature
  • Need for studies looking at use of MCS at
    different levels of the organisation (Langfield
    Smith,1997)
  • Call for research which distinguishes between the
    existence and use of MCS (Langfield Smith,1997)
  • Risk management dimension barely covered in
    existing organisational literature

7
Definitions (1)
  • Management Control
  • the process by which managers ensure that
    resources are
  • obtained and used effectively and efficiently in
    the accomplishment
  • of the organisations objectives. (Anthony,
    1965)
  • Risks
  • uncertain future events which could influence
    the achievement of
  • the organisations strategic, operational and
    financial objectives.

  • (IFAC,1999)
  • Risk Management
  • process of understanding and managing the risks
    that the entity is
  • inevitably subject to in attempting to achieve
    its corporate objectives.
  • (CIMA 2005)

8
Definitions (2)
  • Public versus private organisations
  • Three criteria used to distinguish them
  • Ownership
  • Source of financial resources
  • Model of social control ( market v polyarchy)
  • (Perry Rainey,Academy of
  • Management Review, 1988)
  • Result two public two private (at time of
    study)

9
Views from the Literature
  • Fone Young (2000) Mcphee (2005)
  • Anecdotal evidence that public sector risk
    management is distinctive different
  • Power (2004)
  • Risk management of everything alignment of risk
    management with good governance
  • Collier et al (2006)
  • Basic risk management structures are common
    across all large organisations (private sector
    only)
  • Miller et al (2008)
  • Risk management standardised practices now
    central to both public private sector
    organisations
  • Power (2009)
  • Need to shift from rule based compliance to use
    of critical imagination in risk management
  • Mikes (2009)
  • Calculative cultures typologies of ERM
    interpretation

10
Key Findings
  • Each case is different
  • but
  • Strong similarities e.g. between public private
    sector
  • and
  • Wide variations e.g. public sector more advanced
    in thinking re partnership risk and linking risk
    management to performance management
  • Two questions
  • WHAT ARE THE SIMILARITIES/DIFFERENCES?
  • WHY DO THEY EXIST?

11
Summary of Similarities Differences
  • Similarities
  • Perceived role of risk management
  • Timing of the formalisation of systems
  • Overall methodologies or models
  • Risk management tools
  • ICT support
  • Control via self assessment
  • Differences
  • Application of the models and tools
  • Overall structure for risk management
  • Dependence upon quantitative tools for evaluation
    measurement
  • Link from strategic objectives to operational
    performance risk management as a bureaucratic
    structure versus an embedded process/mindset

12
Similarities (1) Perceived Role of Risk
Management
  • Tesco
  • One of the reasons we are a successful company
    is because of risk management.
  • RBS
  • At the end of the day, risk management is
    nothing other than good husbandry on how you
  • drive your business forward.
  • Birmingham City Council
  • Risk management is very much looking at
    achieving your objectives and whats going to
    stop
  • you.
  • DCMS
  • Risk management is concerned with the culture,
    processes and structures directed
  • towards the effective management of potential
    opportunities and threats to the
  • Department achieving its objectives.

13
Similarities (2)
  • Timing of the formalisation of risk management
    systems
  • Pressure from financial scandals in 1980s
  • COSO (1992)
  • Cadbury Code (1992)
  • Private sector initiatives mirrored in public
    sector
  • Cadbury triggered Treasury Note (1994) Green
    Book (1997)
  • Turnbull (1999) followed by NAO Report (2000)
  • work is underway on the appropriate method
    of adapting the principles of the Turnbull Report
    to the central government sector. (NAO, 2000
    39).
  • Transfer from central to local government
  • CIPFA/SOLACE governance framework (2001)

14
Similarities (3) Generic Risk Management
Methodologies
Identify
Source
Measure
Mitigate
Monitor
Economist Intelligence Unit (1995)
15
(No Transcript)
16
The ERM Framework
  • ERM considers activities at all levels
  • of the organization
  • Enterprise-level
  • Division or
  • subsidiary
  • Business unit
  • processes

17
Similarities (4) SystemTools
  • Assessment Evaluation
  • Likelihood consequences matrices
  • Traffic lights
  • Response
  • Risk registers
  • Ownership
  • Escalation of responsibilities

18
Ranking by Likelihood and Consequence

High       3
Significant        
Medium     6, 14  
Low 2       5
  Low Medium Significant High
LIKELIHOOD
IMPACT
19
RAG Assessment (DCMS)
  • Red The control(s) are not in place or will not
    reduce the risk to an acceptable level.
  • Amber The control(s) is insufficient to reduce
    risk to the tolerable level, or is not yet in
    place but is expected
  • Green The control(s) is in place and working
    effectively to reduce the risk to a tolerable
    level.

20
Similarities (5) ICT Support
  • RBS dedicated rm software for quantitative
    analysis
  • Birmingham City Council Magique
  • Tesco ERP systems, customer facing data
    collection
  • DCMS sharing of partnership risks

21
Similarities (6) Self Assessment
  • Private Sector
  • Combined Code, Section C2, p.14
  • The board should, at least annually, conduct a
    review of the
  • effectiveness of the groups system of internal
    controls and should
  • report to shareholders that they have done so.
    The review should
  • cover all material controls, including financial,
    operational and
  • compliance controls and risk management system.
  • Public Sector
  • Statement of Internal Control standard format
    (DAO,2003)
  • For the year ended 31 March 2009, that opinion
    concluded that there were no significant control
    issues arising that require disclosure in this
    Statement.
  • NOTE MAJOR DIFFERENCE IN DETAIL!!!!

22
Differences (1) Overall Structure for Risk
Management
  • Separate function determined by regulation
  • Tesco having a risk management function
    probably gets in the way of actually managing the
    risks because people are thinking about the risks
    as opposed to thinking about the customer.
  • RBS Function essential under banking regulations
    and supervisory process (ARROW)
  • DCMS Head of Risk at Departmental level
  • Birmingham Sits within internal audit
  • Job titles professional risk officer

23
Differences (2) Dependence upon quantitative
tools
  • RBS Extensive use for market, credit, liquidity
    monitoring. Essential as part of the Basel
    capital requirement regulations
  • Tesco Hourly monitoring of sales statistics
    daily pricing of standard basket steering wheel
    targets e.g financials staff turnover
  • DCMS Limited and primarily financial in nature
  • Birmingham Performance monitoring for CPA
    targets e.g. Trading standards visits

24
Differences (3) Link from strategic objectives
to operational performance
  • Integrated
  • Tesco
  • people do it without actually knowing they are
    doing it, its part of their accountabilities.
    They are held to account. We monitor things on
    such a micro level.
  • Birmingham
  • Forms part of the CPA evaluation and is risk
    forms part of individual performance review at
    operational levels.
  • Divorced
  • RBS
  • Risk management defined by compliance with
    regulatory targets. Bonus culture separates
    remuneration from risk exposure.

25
Problem
  • DiMaggio Powell (1983) suggest coercive,
    mimetic normative pressures may encourage
    similarity in search for legitimacy
    but..institutional theory also suggests a need
    for strategic fit i.e. scope for variation
  • Does answer lie in distinguishing between
    existence and use of rm controls?

26
Contingency Explanation for different levels of
use
  • Complexity of business model
  • Level and nature of regulatory controls and
    accountability
  • Organisational culture informal controls over
    risk
  • Criteria used to evaluate risk management
    compliance v performance

27
Complexity of Business Model
  • RBS complex interdependent businesses. Go for
    silo approach.
  • Tesco very simple value chain. What drives
    value?
  • Birmingham complex, multiple interdependencies
    partnerships. Learning via CPA.
  • DCMS Multiple partnership risks. Still
    learning.

28
Level Nature of Regulatory Controls
Accountability
  • Regulations
  • RBS subject to intense regulatory oversight -
    drives tools of control
  • Tesco greater discretion under Combined Code.
  • Birmingham DCMS limited strategic choice
    have to manage risks accountability tight via
    SIC (and CPA for Birmingham)

29
Organisational Culture Informal Controls
  • Ouchi (1979) clan controls
  • Is performance against objectives high on the
    agenda and pervasive? e.g.Tesco slogans shelf
    stacker
  • Is performance measured purely in financial terms
    shareholder value?
  • Risk champions
  • Isolated risk function RBS 5th Floor

30
Criteria Used to Evaluate Risk Management
  • Two different mindsets
  • are we within prescribed risk boundaries laid
    down either externally or internally?
  • OR
  • are we achieving the results we promised

31
Conclusion
  • Simons (1991)
  • Control systems may be diagnostic or
  • interactive.
  • Cases suggest that diagnostic use equates to a
    compliance mindset
  • Interactive use fits with a performance oriented
    mindset.
  • Orientation depends upon a range of factors both
    internal and external to the organisation
  • Only in latter does rm guide organisational
    learning via the application of critical
    imagination.
About PowerShow.com