Risk Management

Situation

A large NSW Government client requested that we evaluate the maturity of the Enterprise Risk Management (ERM) frameworks operating across 27 distinct agencies within their portfolio.

Task

The project utilised a diagnostic maturity model to assess the degree to which ERM had been successfully implemented in each agency. The second phase of the project was then to accelerate the implementation of ERM in a number of smaller agencies where it was not yet mature.

Action

The engagement required the deployment of a bespoke ERM ‘diagnostic tool’ (which we developed) as a maturity assessment model. This diagnostic tool was based on various requirements under ISO 31000, NSW Treasury requirements and our own ‘best practice’ benchmarks. The tool was constructed and pre-approved by the Ministry before deployment across the various agencies. The project then included:

• Interviewing various stakeholders with each agency to gain an understanding of their current risk management practices. The stakeholders included officers at a CEO, CFO and ARC Chair level.
• Reviewing various risk management documentation including governance policies and procedures, reporting lines and Risk Registers themselves.
• Benchmarking the maturity of each agency’s ERM framework using the diagnostic tool.

Results

The review highlighted areas where ERM implementation was deficient across the agencies, and resulted in many recommendations for improvements being made both at the specific agency and whole-of-portfolio levels. Many of the recommendations for improvement to the way ERM is designed and implemented were incorporated into a new Policy Directive issued by the central agancy. For four smaller agencies where their ERM framework was not mature at all, we subsequently assisted them in developing and implementing an improved risk management framework including initial Risk Registers.