The ACT government has developed a unique cradle-to-grave risk analysis, mitigation and, treatment tool which it is confident will help reduce the risk associated with IT projects and minimise wasteful spending of citizen’s tax dollars.
The Australian first government-wide risk management framework, which has just been rolled out, is expected to provide significant benefits to individual agencies as well as the community.
“Effective risk management will lead to better program and service delivery and allow agency resources to be directed to managing program and service delivery rather than being diverted to unexpected issues and crises,” says Treasurer Ted Quinlan.
“The framework is a uniform approach for departments and agencies to assess, manage and report key risks to government programs. My ambition in endorsing this forward looking policy is for every ACT Public Servant to be aware of potential risks in delivering the high quality public services Canberrans have come to expect.”
The framework will take agencies from the start of the procurement process right through to contract management and system management.
Tom McDonald, Director of Legal Insurance Policy, says the framework had its inception in the government’s response to the insurance crisis as community organisations and small businesses struggled to understand business risks as they battled for insurance cover.
To help meet these organisation’s needs the government built a web-based flow-through system allowing them to profile, plan, manage and report on their insurance risks, then exercise mitigation strategies. “That is unique. No-one else has ever done it,” McDonald says.
Now the government — drawing on its own and other organisation’s past experiences — is establishing a series of risk benchmarks and standards that agencies will be able to apply to particular types of projects, in much the way Gartner advices organisations on various types of financial risk or of the danger of hardware and software “fall overs.”
“We’re going to be able to identify a series of pattern risks which we can then program into our online risk planning tool, and that’s now able to be replicated right across government,” McDonald says.
Employees involved in IT and other projects will be able to select a risk profile and receive a standardised set of risk exposures online in an AS4360 compliant risk matrix backed up by information and assistance tools to help them identify and mitigate operational risk.
“Under the ACT procurement rules for government, a procurement plan has to be prepared for procurements above a certain level. In addition to that they have got to do a root plan, but once that’s done, then the operational risk side of the deal is something that in my view has not been well covered,” McDonald says. “What this will do is (provide) a cradle-to-grave risk analysis, mitigation and treatment tool which will take them right from the start of the procurement process right through to contract management and system management.”
To ensure that the framework is implemented rigorously all Senior Executive Performance Agreements will include a risk management framework indicator written into contract.
Quinlan has asked senior executives within the ACT Government to show leadership in building a risk management culture within their organisations and in ensuring risk management becomes embedded across all aspects of agency practice.
The ACT Insurance Authority (ACTIA) established as a statutory authority under the Insurance Authority Act 2000, manages a fund established to finance the cost of insurable risk for ACT Government agencies, excluding workers’ compensation risks.
Its objectives are to: — enable the Territory to meet the cost of its claims and losses in an orderly, timely and cost effective manner; — ensure the costs are fully reflected in the Territory’s accounts in accordance with accrual accounting principles; — protect the budget from the risk of very large claims; and — aid and improve risk management practices in agencies.
ACTIA is financed through risk-based levies that reflect the asset holdings and liability risks faced by each agency.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.