Housing Risk Management N I G E L I R E L A N D, C M I I A, C I S A, P R I N C E 2 P R AC T I T I O N E R 17 A P R I L 20 1 5 @ n d i s o l u t i o n s w w w. b a r c u d s h a r e d s e r v i c e s. o r g. u k w w w. n d i b u s i n e s s o l u t i o n s. c o. u k
Objectives Overview of risks facing the sector and the importance of risk management Recap on what risk and risk management are Provide an update on current good practice developments Get a high level understanding of key roles Understand how risk management is a useful tool for your organisation
Challenges to the sector Immense Challenges Ever Increasing Demand and Threats Pressure on Value for Money New Requirements / Standards Ambitious Targets
HCA Regulatory Framework
HCA Regulatory Framework In addition: including that the framework will ensure:
Changes in Risk Management Much higher profile Move from RISK-DRIVEN to OBJECTIVE-DRIVEN PART OF business planning processes Better IT systems Better links with quality and compliance functions TOOL not bureaucracy
What is risk? The threat that an event or action will affect an organisation s ability to achieve its business objectives and execute its strategies Note: the above definition does not state whether the effect is: negative (threat / downside); or positive (opportunity / upside).
Significant risks to the sector Welfare reform including Universal Credit General election in May Availability / cost / security of finance Fraud risk Information security & data protection Health & Safety / Duty of Care Business diversification
How does this affect me? Business diversification (Cosmopolitan 2014): Understanding of financial risks Complex financial arrangements Board over-sight / governance skills? Strategic alignment Rules? Independent specialist advice
How does this affect me? National Strategic Assessment of Serious and Organised Crime 2014: Number of reported fraud offences has increased Loss per annum (UK): 21.2 billion from private sector 20.6 billion from public sector 9.1 billion from individuals 147.3 million from the charity sector Recent 196k fraud in Wales
How does this affect me?? National Strategic Assessment of Serious and Organised Crime 2014
How does this affect me? Information Security & Data Protection: Tenant profiling information keeping it up to date Protecting personal data from unauthorised access or disclosure Disposing / deleting data Transmitting data securely Use of new technologies / agile working?
How does this affect me? Information Security Confidentiality, Integrity and Availability (C,I,A) Common misunderstandings: E-mail is a secure method of communication Word and Excel passwords are secure Electronic data is accurate Our staff are low risk Staff would challenge an imposter We won t need business continuity / disaster recovery
How does this affect me? Information Security & Data Protection: PWC Data Breach Survey, 2014
How does this affect me? Health & Safety: Duty of care: gas servicing, fire safety, legionella, asbestos, trees, slips and trips liability? Safety of staff Safety of the public Coordination with stakeholders Business continuity & emergency planning
How does this affect me?
So, what is risk management? Being able to identify the risk cause at the earliest opportunity, measure the risk effect and apply a proportionate level of resources to mitigate, or take advantage of, the risk and obtaining assurance that the controls on which the organisation relies for mitigating the risk are effective.
Risk Cause & Effect OBJECTIVE: Build and let ten new properties by 31 March 2016 CAUSE CAUSE 1 Inadequate planning / research CAUSE 2 Failure to deliver the programme due to ineffective project management RISK Financial loss EFFECT EFFECT 1 Unexpected costs incurred or write off of expenditure EFFECT 2 Rent loss due to properties being overdue
Jargon Inherent (raw) and residual risk Risk appetite Significance / impact / consequence Likelihood / probability Risk register / map / heat map
Risk Appetite The level of risk (taking into account both impact and likelihood) that the organisation is willing to tolerate. It can be at the organisational, departmental or individual risk level. Risk Appetite
Risk Appetite
Risk in business / strategic planning Build and let ten new properties by 31 March 2016 Commence a development programme during 2015/16 - Is our objective realistic? - How can we sign off to say it is complete? - Is it tangible? - Can we afford it? - Refine & improve - Commence <> outcome - What is success? - What are we going to develop? - Stakeholder challenge?
Operational risk Should still be linked to objectives: Corporate / Strategic Operational Service Level Departmental Individual / Staff
Roles & responsibilities Audit Committee Internal Audit External Audit Senior Management Staff
What is good risk management? Greater likelihood of achieving business objectives More focus on doing the right things properly More likelihood of change initiatives being successful Fewer unwelcome surprises Support strategic planning (challenging objectives) Enhances communication Promotes continual improvement Quicker grasp of new opportunities
Common pitfalls Over familiarity Reluctance to change Perception of Risk Awareness of Risk Over complexity Unknown Unknowns
To succeed Tool, not burden (link to objectives is vital) Being risk aware not risk averse Informed risk taking under a risk management framework should be encouraged It needs to be led from the top
Thank you NIGEL IRELAND @ n disolutions w w w.ndibusinessolutions.co.uk w w w.barcudsharedservices.org.uk