(These are notes from a workshop conducted in November 2014. In turn, it is a highly summarized form of a series of lectures intended to run over a semester, designed for policy officers.)
„ Risk
Management Standard ISO 31000:2009 -
Risk is defined as the “effect of uncertainty on objectives”.
„ Emphasises
effect rather than event. For example, risk is not an earthquake but the chance
that an earthquake might impact objectives.
„ Risk
to be managed in an integrated way.
„ Principles
for managing risk stress the need for risk management to:
„ create
value
„ be
an integral part of organizational processes
„ be
part of decision making
„ explicitly
address uncertainty
„ be
systematic, structured and timely
„ be
based on the best available information
„ be
aligned to a specific organisation and its objectives
„ take
human and cultural factors into account
„ be
transparent and inclusive
„ be
dynamic, iterative and responsive
„ facilitates
continual improvement
„ Traditional
Approach
„ Identification:
What could happen?; How and where it could happen?; Why it could happen?; What
is the impact or potential impact?
„ Analysis:
Identify the causes, contributing factors and actual or potential consequences;
identify existing or current controls; assess the likelihood &
impact/consequence to determine the risk rating
„ Evaluation:
Is the risk acceptable or unacceptable?; Does the risk need treatment or
further action?; Do the opportunities outweigh the threats?
„ A
preferential list is given for managing risk:
„ Avoiding
the risk by deciding not to start or continue with the activity that gives rise
to the risk
„ Accepting
or increasing the risk in order to pursue an opportunity
„ Removing
the risk source
„ Changing
the likelihood
„ Changing
the consequences
„ Sharing
the risk with another party or parties (including contracts and risk financing)
„ Retaining
the risk by informed decision
„ Supplementary
Standards (risk assessment, continuous communication, consultation)
„ AS/NZS 5050:2010 Business continuity –
Managing disruption-related risk (28 June, 2010) - emphasises the
need to undertake proactive risk treatment and preparation during periods of
routine management before a risk event is identified. These proactive controls can minimise the
occurrence or severity of future disruptive events (eg, building evacuation
drills, off-site computer backups). Once
an event commences, a non-routine management techniques need to be embraced
emphasising stability, continuance of critical business functions and recovery,
during the transition to routine management.
„ HB 266:2010 – Guide for managing risk in
not-for-profit organisations (12 August, 2010)
„ HB 246:2010 Guidelines for managing risk in
sport and recreation organisations (18 August, 2010)
„ Critique
„ ISO
31000-2009 and the related standards provide a sensible basic and generic
framework for risk management planning.
They provide a basis for categorising some risk types and planning to
deal with risks.
„ However,
as witnessed by the need for a subsequent standard dealing with
disruption-related risk (AS/NZS 5050:2010 Business continuity), this is still a
developing area and there remains debate about how the standards will change
over time.
„ Insufficient
emphasis is given to proactive action prior to risks emerging. Further, while useful tools have emerged as a
result of ISO 31000-2009, the reports generated using it all too often end up
collecting dust.
„ A
Strategic Risk Policy approach goes beyond ISO 31000-2009 to deal with risk in
complex pre-existing situations – where the risk is endemic to a market (eg.
international deals requiring bilingual contracts), can emerge swiftly from
regulatory or environmental conditions (eg. grounding of airlines due to
volcanic ash) or where it arises from circumstances that can only be dealt with
at a whole-of-market level (eg. market insurance arrangements).
„ While
a Risk Matrix (mapping likelihood against consequence) is a useful planning
tool, it suffers a number of problems:
„ Matrices
fail to capture vulnerabilities (which defy simplistic likelihood/consequence
analysis). Vulnerabilities fall outside
the definitions of risk in ISO 31000-2009 (the effect of uncertainty on
objectives). Vulnerabilities, if
addressed, may eliminate or significantly reduce risk.
„ Local
matrices are hostage to inefficient management structures.
„ Sometimes
matrices serve to prioritise expenditure.
For this reason, the financial cost of dealing with the risk may be
taken into account in assessing the likelihood of a risk emerging. Financial cost must be rigorously excluded
from any risk assessment methodology.
„ Exercise:
Deconstruct a wicked problem
„ Kaci
Hickox: A Maine judge rejected Maine’s
request to quarantine Hickox in her home, ruling that the Doctors Without
Borders nurse does not pose enough of a health risk to justify her forced
confinement.
„ Judge
Charles LaVerdiere’s order states that Hickox "currently does not show
symptoms of Ebola and is therefore not infectious." However, Chief Medical
Officer had considered the risk justified quarantine measures.
„ Identify
Vulnerability, Risk, Wicked Problem elements.
Consider the framing of the statutory provision (including discretions
which could be attacked)
2. Tools
„ The
nature of legal norms. Public, private legislation differentiated from
decisional law and judicial decisions.
„ Using
symbolic logic to represent legal statements: Deontic Logic (fm deon – Gk –
that which is proper). A basic syntax
„ Ox
– It is obligatory that x
„ Px
– It is permissive that x
„ O(not)x
– It is obligatory that not x
„ P(not)x
– It is permissive that not x
„ Ox/a
– It is obligatory that x in case a
„ Basic
propositions: Deontic Logic
„ D: (not) (Ox (and) O(not)x) Coherence – you cannot be obliged to do 2
mutually inconsistent things
„ D: (Ox/a (and) O(not)x/b) (only if a (not) b) Coherence – you can be obliged to do
inconsistent things in different circumstances
„ D: (Px
(and) P(not)x) Permission is different
to Obligation
„ Examples
„ You
must not kill. Ox (x = kill a human being)
„ You
may sing on Sunday. Px/a (x = sing, a =
on Sunday)
„ Exercise:
Use Symbolic logic to represent the following norms from the Road Transport Act
30(1) A person must
not, without lawful authority or excuse, possess—
(a)
an Australian driver licence or external driver licence issued to
someone else; or
(b)
an Australian driver licence or external driver licence that has
been forged, fraudulently changed or changed in a way calculated to deceive; or
(c)
anything resembling an Australian driver licence or external
driver licence that is calculated to deceive.
Maximum penalty: 20 penalty
units.
40. The road transport authority
may refuse to issue, replace, renew or vary a driver licence or proof of age
card if—
(a)
the applicant has not gone to a place designated by the road
transport authority and had a photograph taken, by a person authorised by the
authority to take photographs for this Act, that is suitable for use on the
driver licence or proof of age card…
„ Basic legal
technique
v Prohibition
(Ox)
v Rights (Px)
v Permissive
(eg, note special example of a licence, which is a hybrid
prohibition/permissive state. Ox AND Px
… or a conditional prohibition Ox/a)
v Status (eg,
note special example of ownership which may require a hybrid prohibition/permissive
approach. Ox AND Px … or a
conditional prohibition Ox/a)
v Public
Arranging (eg, expenditure of public money)
v Private Arranging
(eg, private legislation, contracts)
v Exercise –
Provide a symbolic logic representation of each technique using deontic logic
operators Px and Ox
v Advanced
techniques
v Legislating
a Product (eg, a graphical tool) (eg, a simple piece of legislation paired with
a product which shows outcomes in different situations)
v Detailed
example – apprenticeship: integrated cost/benefit/contract
„ Exercise 1: Applying tools to vulnerabilities
Exercise 2: Apply
each technique to the Motorbike injury scenario. Contrast the different
schemes, having regard to cost and effectivity. Discuss how, in reality, some
of these measures are already being used.
Observe that, over time, multiple measures can be deployed.
3. Environments
„ Federalism
„ Vertical
financial imbalance
„ Horizontal
financial imbalance
„ Present
confusion about which level of government is responsible for imposing and
spending tax. (Local political public arranging choices have NO
immediately recognisable taxation consequences.)
„ Re-orientation
of functions
„ The missing
element – the missing Interstate Commission
„ Decentralisation
„ Paul
Collits, Manager Regional Policy NSW Department of State and Regional
Development said in 2002:
"Policy development and policy change are complex processes with multiple dimensions and explanations. In Australia, with its three tiered system of government, short term 6 electoral cycles, spatially differentiated electorates, vigorous political debates, varying geography and widely (and increasingly) divergent regional issues, it is not surprising that regional policy would be subject to shifts in emphasis, changing levels of resources, and the comings and goings of intellectual fashions. Regional policy is also, of course, hostage to many other areas of policy which inevitably have varying and often unforeseen impacts on regions."
"Policy development and policy change are complex processes with multiple dimensions and explanations. In Australia, with its three tiered system of government, short term 6 electoral cycles, spatially differentiated electorates, vigorous political debates, varying geography and widely (and increasingly) divergent regional issues, it is not surprising that regional policy would be subject to shifts in emphasis, changing levels of resources, and the comings and goings of intellectual fashions. Regional policy is also, of course, hostage to many other areas of policy which inevitably have varying and often unforeseen impacts on regions."
„ Example –
Ebola, changing ‘facts’
„ In a
sensible effort to deal with fear, a great deal of effort has been spent on
good news stories about how the virus is being beaten. On 29 October the
WHO fuelled hopes that the rate of infection has stopped growing exponentially
and is starting to level off. WHO has been under pressure for its initial
response to the virus and these releases take some of the pressure off the
reformed local response team from WHO.
„ The
view from the ground is not so good. On 30 October 2014 the first clinical
analysis from the present outbreak was published (Tulane University). The
results have not been widely published. The virus is far more
deadly that has been reported. 94% of those contracting Ebola over 45 years
of age died. 57% of those contracting Ebola under 21 years of age died. Western
health authorities have been claiming mortality levels of less than 30%.
It appears that this number is being calculated from comparing those who have
contracted with those who have died, in circumstances where in the majority of
cases the virus has not run its course.
„ Activity: Discuss
how this changes vulnerability, risk, wicked problem
4. Issues in
risk based regulation
„ Vulnerability
v Risk
„ Complexity
v Risk
„ Rule
Shifting v Reduction of Rule Burden
„ Challenge
of Deregulation
„ Activity
– Information based system supported by norms
„ A
typical example is employment in any of our large service industries – for
example motor repair shops, electricians or hairdressers. These service
industries engage a lot of young people entering the workplace, yet educators
and industry observers say that many of these arrangements fail, to the cost of
both parties.
„ The
problem is simple. The rules dealing with employment in these industries
are a mess. There is significant confusion of Commonwealth legislation
and awards that govern the area. For a small business, with limited time
to decide whether to engage an apprentice and the cost impacts – and for a
young apprentice, just out of school – this is a serious problem.
More than any other single issue, this strategic risk is one of the most
serious regulatory problem facing small business – acting as a significant
disincentive to employment.
No comments:
Post a Comment