1 / 51

12.30pm - Registration and lunch  1.30pm - Welcome and introduction from the chair

12.30pm - Registration and lunch  1.30pm - Welcome and introduction from the chair 1.45pm - Peter Heap, Ark Risk Consulting – Looking beyond basic compliance, bringing your risk register to life and working on risk with your trustee board.  2.45pm - Coffee break 

zan
Download Presentation

12.30pm - Registration and lunch  1.30pm - Welcome and introduction from the chair

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 12.30pm - Registration and lunch  1.30pm - Welcome and introduction from the chair 1.45pm - Peter Heap, Ark Risk Consulting – Looking beyond basic compliance, bringing your risk register to life and working on risk with your trustee board.  2.45pm - Coffee break  3.15pm - Nick Buxton, PKF, managing risks in partnership work. 4.15pm - Questions to the speakers facilitated by the chair. 

  2. Risk Beyond Compliancebought to you by...Sponsored by... (event commences at 1.30 pm – please complete ‘before section’ on your evaluation form)

  3. Bringing risk to life Peter Heap Consultant Ark Risk Consulting

  4. Why manage risk? • Knowing what could affect your outcomes enables you to put controls in place • Your staff and volunteers can operate with greater confidence • Your Trustee Board can rest easier knowing that potential threats have been quantified • It is part of overall internal control which also includes: • Insurance • Contingency planning • Reserves policy

  5. Why manage risk ? • Whilst SORP requires you to put risk management in place, this should not be the main driver. • The process must involve the whole organisation and be a practical tool for management.

  6. Who is responsible? • The Trustee Board • Has ultimate responsibility for ensuring correct implementation of process • May delegate authority for implementation but cannot delegate responsibility • Must ensure process is linked to charity’s operational objectives • Must ensure that process is embedded within organisation • Regularly monitor and review the process.

  7. Who is responsible ? • The Executive • May be delegated the authority to develop the process • Must report regularly to Board as required. • Must ensure that staff and volunteers are aware with and comply with process • Ensure that process is embedded within organisation • Staff and volunteers • Must be kept informed about organisation risk strategy • Comply with laid down procedures • Have the opportunity of contributing knowledge and experience of their own operational areas

  8. Identification Monitor and review Measurement Action plans The process

  9. Risk Consequence Impact score Likelihood score Total score Current controls Net score Monitoring process Responsibility Further action Target date Responsibility A model risk register

  10. What are the risks? • Use all knowledge within the organisation • Staff and volunteers may know more than the Trustees • List all identified risks • Brainstorming and/or interviews • Be clear about cause and consequence Loss of reputation is not a cause – it is a consequence !

  11. What are the risks? • Ensure that all risk areas are examined. • Suggested headings: • Strategic risks • Governance, economic, political, compliance etc • Financial risks • Investment, cash flow, fraud, core cost funding • Operational risks • Property, IT, Events, Business continuity, fire, flood etc etc. • People risks • Health & safety, training, employers liability, vulnerable people etc

  12. How should risk be measured? • Score for Impact and likelihood assuming no controls in place: • Impact • What effect would occurrence of the event have on the organisation? • Financial • Reputation • Scale e.g. • 1. Negligible • 2. Slight • 3. Moderate • 4. Severe • 5. Catastrophic

  13. How should risk be measured? • Likelihood:-How likely or how often is the event likely to occur? • Scale e.g.1. Very unlikely e.g over 15 years2. Rarely e.g 10 – 15 years3. Possible e.g. 5 – 10 years4. Likely e.g. 2 – 5 years5. Probable e.g under 2 years

  14. How should risk be measured? • Total score (Gross risk) is multiple of Impact and Likelihood scoresE.G Impact score 3 Likelihood score 4Gross risk = 12. • The controls that are in place will reduce impact and/or likelihoodThis represents net (or current) risk

  15. Impact Likelihood

  16. Putting controls in place • Transfer • Insurance • Contract • Avoid • Reduce • Contingency Planning • Accept

  17. Insurance • Your insurance programme must mirror your risk register. • Your insurers must fully understand what you do and provide the right levels of cover. • Work with insurers and/or brokers who understand the sector

  18. Monitoring • Ongoing by Board and Executive • Frequency of Board reporting • Embed the process and culture • Importance of two way communication:- • Board to staff • Knowledge of process, updates, progress etc • Staff to Board • Knowledge of individual risks, suggestions etc

  19. Examples of risks • Governance • Failure to recruit Trustees • Trustee turnover • Communication between Board and Management • Operational • IT failure • Failure to achieve outcomes • Partnership working • Fundraising events

  20. Examples of risks • Financial • Failure to cover core costs • Fall in investments • Fraud • People • Dependence on key staff • Sickness absence • Injury to staff/general public

  21. Summary • Valuable management tool to improve efficiency and protect stakeholders • Not just compliance ! • Value is in mitigation of risk • Contingency planning is key element • Involves everyone within organisation

  22. ARK RISK CONSULTING Independent consultancy on all aspects of risk and insurance www.arkriskconsulting.co.uk Contact: Peter Heap Tel:- 01279 817823 Mobile: 07776 258538

  23. Refreshment break

  24. Managing risks in partnership working

  25. Contents • Background • Structure • Risks • Controls

  26. Ways of working in partnership • Outsourcing • Shared service agreements • Longer term agreements • Partnerships • Working towards merger

  27. Benefits • Shared costs • Access to skills • Greater resilience • Allows organisations to focus on what they are best at

  28. Growth in partnerships • PKF/CFDG annual risk management survey “Managing risk – operating in the new world” • externalisation already widespread and continuing to expand • 59% have already externalised activity • two thirds in the last 2 years • definition between partnership and outsourcing is blurred • two thirds expect externalisation to increase

  29. Growth in partnerships

  30. Drivers for growth • Two key drivers • 74% identified access to skills • 64% identified costs savings • Other factors • joined up service provision – 35% • pressure from stakeholders – 10%

  31. Successes? • Half thought arrangement had entirely or substantially delivered the benefits expected • 20% didn’t know • Cost improvement aims most likely to be delivered • Other aims more difficult to deliver even where performance indicators agreed

  32. Partnerships that do not work • Few partnerships fail entirely • Features behind partnerships that have been terminated • lack of clarity on aims • lack of communication • changing expectations • weak specification of the service • selecting partners on the wrong basis • partners over promising • lack of honest dialogue

  33. Partnership structures • Take multiple forms dependent on: • aims • trust • extent to which there is a desire to transfer risk • Two key factors are important: • style – formal or informal • role – task focused or responsibility for delivery

  34. Partnership structures

  35. Task focused risks • Misunderstanding of requirements • Disruption or cessation of service • Reduction in service levels or quality • Increase in costs • Damage to reputation • Inability to change to meet circumstances

  36. Task related controls • Will be dependent on: • impact of error or failure • ease of rectification • Misunderstanding of requirements • clear service specification • clearly defined boundaries of responsibility • mechanism to flag issues • agreed timely response to issues • Disruption or cessation of service • ongoing due diligence • periodic reviews

  37. Task related controls • Reduction in service levels or quality • joint agreement of disruption risks and how managed • disaster recovery arrangements • periodic reviews • Increase in costs • prompt follow up of service slippage • clarity on basis of payment • link payments to activity

  38. Task related controls • Damage to reputation • agree behaviours and controls over: • data handling • records • people • other sensitive areas • Inability to change to meet circumstances • agreements specify variations in service • mechanisms to flag changes • hand over mechanisms

  39. Responsibility related options • Much more challenging to set up • Delegating delivery of a service • Still accountable to funders and beneficiaries • Damage to reputation can be critical • Degree of trust inevitably higher

  40. Achieving trust • Managed contracts • setting out clear values • setting objectives and standards • clear performance levels • ongoing monitoring • key performance indicators

  41. Achieving trust • Shared contracts • shared values • strength of relationship • must have confidence • often shared dependency through choice or necessity

  42. Responsibility approach • Two key steps • choice of partner • determination of scope of activity • Long term association brings confidence • Always a role for robust due diligence • Robust contracts can transfer more risk

  43. Responsibility related controls • Risks relevant to task focused partnerships will apply but at a higher level • Service does not match values or does not meet expectations • establish that desired values already apply in partner • agreement of service objectives • agreement of monitoring arrangements • periodic joint service reviews

  44. Responsibility related controls • Disruption of service • joint agreement of risks and management • tested disaster recovery arrangements • Cessation of partnership • ongoing due diligence • periodic reviews

  45. Responsibility related controls • Increase in costs • clarity on basis of payment • link payments to activity • pre agreement of changes in service levels • Damage to reputation • agree behaviours and controls over: • data handling • records • people • other sensitive areas

  46. Responsibility related controls • Partner becomes dependent • ensure work is not so large that partner would fail without it • consider basis for winding up partnership prior to entering it

  47. Controls – the reality • Most charities entering into partnerships are putting in place some safeguards • There are potential exposures: • 21% have entered into agreements with no formal contract or service level agreement • less than half have agreed and are monitoring performance measures • only 21% have considered business continuity arrangements • only 19% have considered their partner's controls • 4% have no safeguards in place

  48. Summary • Partnerships are likely to remain popular • Numbers and strategic importance of partnership workiing will increase • Essential that charities consider potential exposure • Adopt a structure and control mechanisms that fit needs

  49. Questions Nick Buxton Partner PKF (UK) LLP nick.buxton@uk.pkf.com 01603 756916

  50. Questions from the floor(please complete evaluation forms)

More Related