1 / 46

This project is co-financed by the European Union and the Republic of Turkey

Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance on Institutional Building for the Implementation of RCOP in Turkey. This project is co-financed by the European Union and the Republic of Turkey.

lise
Download Presentation

This project is co-financed by the European Union and the Republic of Turkey

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance on Institutional Building for the Implementation of RCOP in Turkey This project is co-financed by the European Union and the Republic of Turkey Areas to be improved in the Risk management methodology Todor Yankulov, t.yankulov@globaladvisers.eu

  2. Content This project is co-financed by the European Union and the Republic of Turkey • Control environment and risk management • Strategy and procedures • Risk appetite • Direct monitoring and reporting • Clear responsibilities • Coordination between sub-structures and third parties • Areas to be improved in the different stages of the risk management process

  3. Risk management strategy This project is co-financed by the European Union and the Republic of Turkey • Risk management philosophy - Ton of the Top • Could be manifested by a Strategy – one ore more documents • The Strategy should: • Be officially approved • Clearly communicated and accepted – publicly available, declarations showing that everybody is familiar with it. 3

  4. Risk management strategy This project is co-financed by the European Union and the Republic of Turkey • The Strategy should contain: • Common terminology • Status – there is an appropriate basis in the Manual – some clarifications are needed • The risk appetite of the organization • Status – there is only brief theoretical description, no specific risk appetite statement 4

  5. Risk management strategy This project is co-financed by the European Union and the Republic of Turkey • The Strategy should contain: • The stages of the Risk management • Status – the stages are described. Could be clarified in some aspects • The responsible persons and the deadlines • Status – a clear statement of the responsibilities of different levels (top management, middle management, experts, IA, externals) could be developed 5

  6. Risk management strategy This project is co-financed by the European Union and the Republic of Turkey • The Strategy should contain: • The channels of communications • Status – specific procedures of communication about risks, measures etc. between the internal and between internal and external parties could be developed • The instruments of monitoring • Specific methods and instruments for risk management monitoring, and respectively… • …specific procedure for actualization could be developed 6

  7. Risk management strategy This project is co-financed by the European Union and the Republic of Turkey • The Strategy should be cascaded/developed in detailed procedures, covering it’s aspects • The procedures could be supported by templates of working documents (mandatory)… • …and by guidelines for different stages – lists of sample objectives, lists of sample risks, description of tools and techniques, benchmark data etc. (optional, sample) 7

  8. Risk appetite at control environment This project is co-financed by the European Union and the Republic of Turkey • The risk appetite has to be set by the Top management (Board) • The risk appetite is closely related with objective settings • The risk appetite have to use measurable units/limits – financial, time frames, geographical and/or structural scope 8

  9. Direct monitoring and reporting This project is co-financed by the European Union and the Republic of Turkey • The management has to dispose with instruments for direct monitoring • The management has to state his willingness to receive and use adequate monitoring information • The management has to support the direct reporting in appropriate cases 9

  10. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Top management: • is responsible for enterprise risk management • ensures the presence of a positive internal environment • is responsible and aware of the risk appetite at organizational level • ensures that that all enterprise risk management components are in place 10

  11. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Middle management: • is responsible for managing risks related to their unit's objectives • They guide and apply the risk management activities in accordance with the risk appetite • Each manager is accountable to the next higher level 11

  12. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Experts: • Are familiar with the risk management strategy and with their related obligations • Are familiar with the reporting channels including these outside the normal reporting lines • When they are “risk owners” they work on the risk mitigation and monitoring • A system of trainings and motivation measures are in place 12

  13. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Risk officers: • Organize the implementation of the risk strategy • Organize and are responsible for the effective implementation of the risk management procedures • They are not “owners” so they could be supported by specific or ad-hoc working group (“owners”) 13

  14. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Internal audit: • Assist management and the board or audit committee in the process by monitoring, evaluating, reporting recommendations. • The IA reports have to be taken as sources of information. Close coordination with IA. • Has consulting functions without taking responsibility • Has to be supported and accepted as a partner 14

  15. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Third parties: • Mechanisms are in place to receive relevant information from parties interacting with the organization • An exhaustive list of the direct partners is set, including the inputs and the outputs of the communication • Common terminology and methodology should be achieved, common data bases could be used 15

  16. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Internal coordination: • D02, p. III.4 “Risk management must be : a process, ongoing and flowing through the whole DIS-Turkey set up, applied across all institutions, at every level and unit” • The role of each level and unit has to be reflected in rules and procedures 16

  17. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Internal coordination: • PIM H 3.3. “the Procurement Division shall …Identify the risks directly linked to tendering issues … • …Propose to the Head/Deputy Head of RCP-CID mitigation measures.” • What are the methods, the tools? • Is there coordination with the RM process at institutional level? • A specific procedure or an appropriate reference to the common procedure should be set. 17

  18. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Internal coordination: • PIM H 4.2. “the QACD …performs a check-list based control: as a minimum for the most risky documentation submitted by the Procurement Division .” • Who performs the risk analysis? • What is the procedure? • These questions have to be clarified by a reference or a specific procedure. 18

  19. Risk management stages This project is co-financed by the European Union and the Republic of Turkey • Some of the RM stages in D02 are not developed – monitoring, reporting • Some of the stages could be misleading – Identification of mitigation measures – what is the purpose as it is described? • The standard stages from the Best practices models could be used. • All stages should be developed in the Manual 19

  20. Clear responsibilities This project is co-financed by the European Union and the Republic of Turkey • Internal coordination: • PIM D 4.1. “The risk management at project level shall be evaluated when the Annual on-the-spot plan is prepared .” (respectively PIM M 1.4 etc.) • What is the methodology for the RM at project level? • Who is responsible? • Is there a coordination between the RM at project and at institutional level? 20

  21. Objective setting This project is co-financed by the European Union and the Republic of Turkey • The risk management is impossible without adequate objectives • D02, IV.1 – “The objectives of the risk identification are…at the level of each institution involved in the DIS-Turkey, to identify the key objectives and the related processes and activities” • An exhaustive list of objectives has to be developed at each level/unit • Categorization of objectives could facilitate the process 21

  22. Objective setting This project is co-financed by the European Union and the Republic of Turkey • Strategic objectives/related objectives 22

  23. Risk identification This project is co-financed by the European Union and the Republic of Turkey • Risk categories facilitate the risk identification – no single category is missed • Best practices – inherent/control risks, internal/external risks, strategic/operational risks, by units/activities – financial, legal, technological • D02 “Distinction will be made between Inherent risks and Control risks.” • The other also could be used – point on the objectives or overcome the tendency to look in one direction (inside/outside) and help to cover all the aspects 23

  24. Risk identification This project is co-financed by the European Union and the Republic of Turkey • D02 – “Inherent risk -Inherent Risks arise when there are external forces that can affect the DIS-Turkey performance or make obsolete or ineffective” • COSO ERM – “Inherent Risk – The risk to an entity in the absence of any actions management might take to alter either the risk’s likelihood or impact.” • In the manual definition the term “external” could be restrictive. The risk of lack of motivation or indifference is inherent and could be provoked by internal forces 24

  25. Risk identification This project is co-financed by the European Union and the Republic of Turkey • The risk description is crucial for the effective risk management • Best practices - CAUSE - EFFECT – INFLUENCE • “It is possible an event to appear (cause), leading to a situation of another event (effect), whose consequences have a negative impact” • “It is possible amendments in a law to be made, leading to more complex requirement in the public procurements area, that will result in increase of the time for procedure preparation” 25

  26. Risk identification This project is co-financed by the European Union and the Republic of Turkey • Examples in D02 – “Regulatory risk - Change in EU regulations, Change in the Turkish regulation…” • In Risk assessment and mitigation plan the descriptions are better but differs from the Manual – uses external and internal categories, uses “functional” categories • It is good the different parts of the methodology to be aligned – a key for sustainability and effectiveness 26

  27. Risk identification This project is co-financed by the European Union and the Republic of Turkey • D02 - “In risk identification, due attention should be paid to: internal factors (i.e. quality and motivation of the staff, etc.), external factors (i.e. amendment of legislation, force majeure, etc.)…” • No specific rule for the use of these factors • “Could be developed in risk categories” 27

  28. Risk identification This project is co-financed by the European Union and the Republic of Turkey • It could be useful to have a list of risk examples as an annex to the Manual – it could be easily updated or changed • In the Manual just the risk categories that have to be used and the rule for risk description could be presented 28

  29. Risk identification This project is co-financed by the European Union and the Republic of Turkey • D02 – “A variety of tools and techniques may be used in the process of information-gathering for the purpose of risk identification” • When the Risk management process is relatively new and the staff is inexperienced the use of strictly predefined tools and techniques could be considered – ensure continuity and sustainability. Help the staff to follow the process from the beginning to the result. 29

  30. Risk identification This project is co-financed by the European Union and the Republic of Turkey • Exemplary model of risk identification • The stage is performed by a specific Working group, composed of representatives of all divisions assisted by the RM division – more operational approach than the entire staff participation • Two sources of risk identification are used – predefined and pre - distributed questionnaires for all the staff; questionnaires for the WG members 30

  31. Risk identification This project is co-financed by the European Union and the Republic of Turkey • Exemplary model of risk identification • The WG performs the task at two steps • Nominal group technique with questionnaire for risk identification • Brainstorming for treatment of the risks identified on the first stage and by the pre-distributed questionnaires – the risk are described properly, systematized and listed 31

  32. Risk identification This project is co-financed by the European Union and the Republic of Turkey • Exemplary model of risk identification • The result is list of risks per categories • This exercise must be held at least early and in ad-hoc cases (when big changes are at place) 32

  33. Risk identification This project is co-financed by the European Union and the Republic of Turkey • Exemplary model of risk identification • Separate rules for identification and reporting of new risks by the staff have to be at place – reported to the RM division • In case of ongoing reporting the RM division has to make a preliminary assessment of the risk and based on this evaluation has to take decision whether to inform the Working Group or to postpone reporting of risk to its next collection 33

  34. Risk assessment This project is co-financed by the European Union and the Republic of Turkey • D02, V. “Risks should be assessed regularly...” • How often? Ho initiates the process? • D02, V2. - Current control effectiveness is evaluated. There is no step for control identification, linkage with risks etc. • What is evaluated? 34

  35. Risk assessment This project is co-financed by the European Union and the Republic of Turkey • Likelihood and impact assessment is subjective • Exemplary criteria could be included as a Manual annex in order to facilitate the process • Additional sources of information could be prepared – historical data, benchmark indicators etc. • When more than one criterion is applicable for the impact or likelihood the heaviest has to be taken into consideration 35

  36. Risk assessment This project is co-financed by the European Union and the Republic of Turkey • Exemplary impact criteria 36

  37. Risk assessment This project is co-financed by the European Union and the Republic of Turkey • Exemplary model of risk identification • The same model as for the risk identification could be used • The questionnaires for all the staff are not needed – the evaluation require professional experience above the average. • As alternative the Delphi method could be used – require motivation about when there are deviations from the average score 37

  38. Risk appetite This project is co-financed by the European Union and the Republic of Turkey 38

  39. Risk appetite This project is co-financed by the European Union and the Republic of Turkey • D02 – “Little impact - Elimination and control of such risks is a relatively non-effective activity and taking into consideration the principle that the sums spent on control should not exceed the achieved prevention of loss or economy, few or no resources should be used for such activity.” • These are kind of systemic risks – because of the high likelihood they could accumulate and then the impact could increase. They have to be monitored on a regular basis. Some measures for likelihood reduction are needed 39

  40. Risk appetite This project is co-financed by the European Union and the Republic of Turkey • D02 – “Conditional risks - control efforts should be directed at preventing the occurrence of undesirable events” • The likelihood in this case is low and the impact is high – there is a room to take measures for impact reduction in which case the risk could become insignificant 40

  41. Risk appetite This project is co-financed by the European Union and the Republic of Turkey • D02 – “Insignificant risk - there is no need to address the alleged risk ” • It means these are the risks covered by the risk appetite. There are function of likelihood and impact assessment. Having in mind that the assessment is subjective good criteria and tools for reducing subjectivity are needed. 41

  42. Risk response This project is co-financed by the European Union and the Republic of Turkey • D02 – “Transferring the risk - Transferring all the risk to another party. Outsourcing” • Best practice models uses only sharing • The risk can not be transferred totally – the responsibility remains. Some negative impact remains. It could be misleading as a term 42

  43. Risk response This project is co-financed by the European Union and the Republic of Turkey • D02 – Short description about the mitigation plan in the Manual • “Should include tasks / activities proposed…” Who elaborates the measures? How detailed? • “Must be reviewed and evaluated regularly” How often? Who initiates? • These questions could be answered by more detailed procedure 43

  44. Risk reporting This project is co-financed by the European Union and the Republic of Turkey • This stage is not developed in Annex D02 • Rules are needed about the communication of risk appetite, risks identified, mitigation measures etc.– in the organization and with the external parties • The communication have to be timely and reliable 44

  45. RM Monitoring This project is co-financed by the European Union and the Republic of Turkey • This stage is not developed in Annex D02 • Rules for ongoing monitoring are needed • Rules for separate evaluation are needed – techniques, frequency, responsible officials • Rules for external source of information – audit reports, checks from other institutions etc. 45

  46. Questions/Discussions This project is co-financed by the European Union and the Republic of Turkey • Thank you for your attention! 46

More Related