Risk Management & MPTF Portfolio Analysis at Programme Level for UN Somalia
This session delves into the world of risk management and portfolio analysis at the programme/project level, specifically focusing on the Risk Management Unit of the United Nations Somalia. It covers enterprise risk management standards, planned risk management actions, the role of RMU, joint risk management strategies, ISO 31000 risk management principles, defining risk and risk management, and types of risk management approaches. The aim is to equip individuals with the knowledge and tools necessary to identify, analyze, assess, treat, and monitor risks systematically.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Introduction to Risk Management & MPTF portfolio risk analysis (programme/project level) Risk Management Unit, United Nations Somalia
Todays Objectives Enterprise risk management standards and processes Have the knowledge to produce planned Risk management actions using the Risk Management processes and methodologies Role of RMU (current and future) Joint Risk Management Strategy for SDRF Funds MPTF programme level risk analysis, observations and recommendations
Risk Management Unit Introduction to Risk Introduction to Risk Management Management
Risk Management Unit ISO 31000 Risk Management Standard Principles Set of principles, guidelines and processes to follow in managing risk Widely regarded as Best Practice. Systematic approach to risk management. Not specific to particular industries and can be applied to any sector. The Standard offers three main components Framework RM Process
Risk What is Risk? Why Do We Have Risk Management? Silo Approaches Donor Requirements Lack of useable information Reputation Organisational change
Defining Risk Management Risk Management is a range of coordinated activities that direct and control an organisation with regards to Risk. Many dynamics feed into this. It is important to promote a positive risk culture to allow everyone the opportunity to have buy-in from the top down and from the bottom up!
Risk Management Entails Systematic Application of: Management Policies Procedures and Practices With The Objective Of: Identifying; Analysing Assessing Treating; and Monitoring RISK
Types of Approaches Qualitative Likelihood + Consequence = Risk level The UNCT RMU utilises a Qualitative approach to Risk Management
Effective Risk Management Aspects For the effective management of risk, there are a number of aspects that need to be recognised: Risk is present in all work It requires a decision framework It needs a holistic approach It needs to be integrated throughout an organization It requires Quality Information Risk Management should be methodical You will never manage ALL risk (or have a risk free environment) Management of risk requires encouragement and support from the top down
ISO 31000 Risk Management Process The area encircled by the box is known as the Risk Assessment Process. This is where Risk identification, Analysis and evaluation occur and is at the core of this process This is the ISO 31000 Risk Management Process. It is a step by step activity and is at the heart of your risk management strategy Communication and Consultation Establish Context Identify Risks Analyse Risks Evaluate Risks Treat Risks Document, Monitor and Review
Communicate & Consult Communicate and consult with key individuals participating or interested in the activity Establish Context Identify Risks Analyse Risks Evaluate Risks Treat Risks What are you trying to achieve? What are the sources of risk? What is the likelihood of the risk occurring? Is the level of risk acceptable? Treatment Options Avoid Who has an interest in your activity? What are the risks? What are the potential consequences? Reduce What are the risk impacts? Accept Risk No What level of risk is acceptable? What is the overall level of risk? Transfer Who has responsibility for treatment? Risk Assessment Yes Document, Monitor & Review Document your decisions / actions & Monitor and Review treatment and changing circumstances
Communication and Consultation Risk Management Process Establish Context Identify Risks Analyse Risks Evaluate Risks Treat Risks Risk Treatment Document, Monitor and Review Tolerate The activity of selecting and implementing appropriate control measures to modify the risk. Should provide efficient and effective internal controls. Treat Is a cyclical process Effectiveness of internal controls is the degree to which Transfer the risk will either be eliminated or reduced by the proposed control measures. The cost-effectiveness of internal controls relates to the Terminate cost of implementing the controls compared to the risk reduction benefits achieved.
Joint Risk Management Strategy "Do No Informed Fiduciary Increased Harm" / Decision Conflict Accountability Impact Making Sensitivity Robust risk management should enhance the impact of the funds Inform strategic decisionmaking for portfolio management Mitigate the risk of doing harm through fund operations Ensure funds are used for their intended purpose The purpose of this Risk Management Strategy is to support the delivery of the SDRF strategic objectives, within the risk context in which the funds operate.
Joint risk management strategy - Principles Risk sharing Risk acceptance trade offs Regular dialogue Pro-active approach Risk diversification Risk dashboard: Assessment Treatment Monitoring High Priority Risks High priority risks to be discussed in consultations with fund stakeholders Brief description of the risk and its current status. e.g. Has it improved, worsened, or stayed the same? Which factors are contributing to this trajectory? Brief description of the current treatment and proposed options, if relevant. What is already being done about this risk? What could be done differently and who should take responsibility? Monitor treatment measures for effectiveness and second order risks
Joint risk management strategy Fund-level risks are grouped into three categories: SDRF Governance & Strategy:Risks related to the aid architecture and the funds strategies Contextual: Risks emanating from the broader country context Programme & Operational: Risks related to the implementation of fund operations and programs/projects Risk management framework Risk Assessment Monitoring Plan Treatment Options Risk Level Risk Risk Drivers Risk outcome Likelihood Impact Responsibility Regularity Sources Mitigation Adaptation & Trajectory Effects the risk would have on fund objectives and operations The party responsible for monitoring the risk (individual or team) Estimated chance of a risk occurring Potential for a defined adverse event or outcome to occur Factors that influence the realization of a risk Estimated severity of the risk outcome The The sources of information used for monitoring Measures taken to reduce the impact and/or probability of a risk before it is realized Identified contingency measures to reduce the impact of a risk after it is realized frequency at which a risk should be monitored (e.g. weekly, monthly, quarterly) Risk level = Likelihood x Impact Trajectory = Direction of risk level since last assessment
Consequence Result Likelihood Occurrence Frequency An event leading to massive or irreparable damage or disruption An event leading to critical damage or disruption An event leading to serious damage or disruption An event leading to some degree of damage or disruption An event leading to limited damage or disruption Extreme Twice a month or more frequently The event is expected to occur in most circumstances The event will probably occur in most circumstances The event might occur at some time The event could occur at some time The event may occur in exceptional circumstances Very Likely Major Moderate Minor Insignificant Once every two months or more frequently Once a year or more frequently Likely Possibly Once every three years or more frequently Once every seven years or more frequently Unlikely Level of risk Result Rare Immediate action required by executive management. Mitigation activities/treatment options are mandatory to reduce likelihood and/or consequence. Risk cannot be accepted unless this occurs. Very High Consequences Immediate action required by senior/ executive management. Mitigation activities/treatment options are mandatory to reduce likelihood and/or consequence. Monitoring strategy to be implemented by Risk Owner. Senior Management attention required. Mitigation activities/ treatment options are undertaken to reduce likelihood and/or consequence. Monitoring strategy to be implemented by Risk Owner. Management attention required. Specified ownership of risk. Mitigation activities/treatment options are recommended to reduce likelihood and/or consequence. Implementation of monitoring strategy by risk owner is recommended. Insignificant (1) Moderate (3) Likelihood Minor (2) Major (4) Extreme (5) High Very likely (5) Likely (4) Possible (3) Unlikely (2) Rare (1) Medium (5) High (10) High (15) Very High (20) Very High (25) Medium (4) Low (3) Low (2) Low (1) Medium (8) Medium (6) Low (4) Low (3) High (12) High (9) Medium (6) Medium (3) High (16) High (12) Medium (8) Medium (4) Very High (20) High (15 High (10) High (5) Medium Low
Communication and Consultation Risk Management Process Establish Context Identify Risks Analyse Risks Evaluate Risks Treat Risks Evaluate Risks Document, Monitor and Review Consequences Insignificant Minor Moderate Major Extreme Almost Certain Medium High High Very High Very High Medium Medium High High Very High Likely Likelihood Low Medium High High High Possible Low Low Medium Medium High Unlikely Low Low Medium Medium High Rare
Risk Management Unit (RMU) What we do Integrated Office UN Somali People Our Clients Donors UNSOM NGOs Government Agencies Risk Risk Risk Development of Common Approaches Data Base & Information Sharing MPTF Risk Management Advice and analysis Best Practice Dissemination Our Services Assessments & Analysis Management Advice Management Training Monitoring Increasing Impact & Accelerating Delivery Protecting Beneficiaries / Do No Harm Capacity Building through Partnerships Our Vision Protecting the UN Continue to build a shared understanding across the UN, Donors and NGOs Further develop UN wide risk management solutions Develop complementary and harmonised approaches across the aid community Improve the international community s contextual and strategic risk analysis and its links to risk management practice Our Objectives
Opportunities Ahead: RMU Opportunities Ahead: RMU Available Resources Challenges Information Databases Skill Sets Roles Unclear Silo Approach Wider Network Data Data Availability Verification Enhanced Services Incentives / Awards Analytical Support Training Online / Class Referrals / Links Best Practice Products Perception Impartiality Lack of Reciprocity Client Support Integrated Office UN Donors UNSOM NGOs Agencies Governm ent
MPTF risk analysis Risk analysis framework Intent of this exercise Role of RMU Current overview of programme risks Most common risks How to strengthen risk management The way forward
Risk analysis framework and approach ISO 31000 Joint Risk Management Strategy for SDRF Funds 2015 Individual MPTF programme risk analysis
MPTF risk analysis Intent of the analysis This exercise analyzes understanding and approach to risk and strengthens risk management of MPTF. To ensure coherence and consistency among PUNOs and JPs and supports strengthening of risk management
MPTF Portfolio ($ 150 million) Programme Title PSG JP State Formation and Federalism JP Constitutional Review JP Electoral Support JP Parliament Inclusive JP Support to Stabilization JP Rule of Law JP Youth Employment JP Local Governance National Window Service Delivery JP Capacity Development JP Enablers JP Charcoal Reduction and Alternative Livelihoods 1. 2. 3. PSG-1 4. 5. 6. PSG-1 & PSG-1 7. PSG-4 8. PSG-5 9. 10. 11. Cross-Cutting 12.
Current overview All programmes/projects have identified and introduced risk treatment at the design stage Main risk categories: contextual, strategic and programme/ operations implementation risks Not all projects have analyzed the risks (likelihood + probability) There is lack of coherence on rating and treatment measures across programmes Risk updates in several cases is incomplete High risk working environment Limited communication on risk management among PUNOs
Common risks Risk Risk Level Trajectory Risk Factors Elections, next military campaign? Security impact over the programme implementation High Elections, state formations, lack of legislations, etc? Political High Tension between states and federal government High Internal controls, low capacity etc Fiduciary (mismanagement of funds) High Resources not mobilized, delay in donor contribution, speed of delivery among different UN agencies? Lack of funding High Not established institutions, high turnover, Capacity of the implementing partners High Low capacity, security, lack of Delay in the programme implementation High
Challenges Thee risks at the project/programme level are managed according to the rules, regulations, policies and procedures of each fund administrator and its recipient agencies. / Agencies have different risk appetites and RM procedures
Additional observations Risk management within MPTF is very complex due to involvement of different UN agencies with different risk appetite and different risk management approaches All project documents reflect the initial risk assessment and not the residual risk Risk ownership and qualitative/quantitative indicators to monitor the risk and mitigation measures have not been identified The risk response is not consistent. New risks that the programs might have been exposed during the reporting period. All projects provide updating on the risks status in the quarterly reports (PBF funded projects send updates every 6 months). Risk updates are not very consistent among different programmes some put more efforts than the others that just copy/paste from the initial document. Several programmes though do clearly make reference to the risks identified in the project document and provide updates which are easy to read Some projects may address the risks through different mechanisms, even though it is not reflected in the regular updates
Way forward Improve risk rating in compliance with both international standards and Risk Management strategy Identify risk ownership, monitoring tools and measurable indicators Update the risk rating on regular basis Apply an integrated approach on treatment Ensure consistency in the risk management process among programmes and agencies Whenever possible, identify the cost, time and quality implications of the risk, if occurred. Risk management capacity development class / online course
Discussions & Questions Discussions & Questions