Login required to access some wiki spaces. Please register to create your login credentials
|
Focus on: The risk management information system
Efficient IT tool is crucial for an effective risk management. The information system must be modulated and integrated with the quality management and performance management system.
CASE STUDIES:
Statistics Austria
In Statistics Austria a specific software tool for RM and the Internal Control System (named OBSERVAR) is in place. In Statistics Austria the OBSERVAR system provides:
- modular architecture (risk management dealing with corporation-wide risks (strategic level), Internal Control System dealing with risk in operational processes, Compliance Management System dealing with compliance risks;
- the whole RM process covered;
- specialized, user-friendly and scalable software product covering over 25 modules for EGRC (Enterprise Governance, Risk and Compliance) and MIS (Management Information System) solutions;
- web-based, integration of RM, ICS and CMS;
- individually customizable system;
- prioritization approach, focus on the real important issues;
- using the tool including tailor-made risk catalogues and questionnaire forms.
Risk treatment actions are monitored by using OBSERVAR. Staff members who are responsible for risk treatment actions have to report periodically (e.g. monthly, quarterly, yearly) on the implementation/execution of actions, adherence to guidelines respectively, within OBSERVAR. The Internal Audit also uses OBSERVAR for internal audits. Risk catalogue steps (within OBSERVAR) are as follows: 1. Qualitative assessment (risk identification and risk analysis), 2. Prioritization, 3. Quantitative assessment (risk measurement). In the OBSERVAR catalogue risks are subdivided into 1. Leading Processes, 2. Core Processes, 3. Supporting Processes, 4. External Influences and Stakeholders. Statistical as well as organizational risks are included in Statistics Austria risk catalogue: both categories are integrated within the RM software tool.
Statistics Lithuania (SL)
The monitoring and control mechanism is performed via electronic document management system named SODAS and later the implementation of the actions is reported to the senior management. When risky activity is identified, the situation’s causes are identified and analyzed via interviewing related staff, examination data from various systems (e.g. electronic document management systems SODAS, non-conformities and IT incidents registration system, time use recording system, providing detailed information on time used for different processes, and a specific system for recording quality characteristics of statistical surveys), performing causal-effect analysis or detailed statistical analysis. The monitoring and control mechanism is performed via electronic document management system SODAS.
The main features of the system are: effective and systematic documents management; fast and time cost saving sharing of documents; assurance of authenticity and reliability of stored documents; expeditious allocation of tasks and assignments, adequate monitoring of their implementation at all levels. The drawbacks and risky activities are registered online in special non-conformities recording system, which not only allows recording drawbacks and risky activities in a user friendly way, but also warns other staff members against possible threats.
Every staff member can inform process managers about the drawbacks and risks identified in their process via this system. It automatically informs Methodology and Quality Division, responsible for the management of the system, about new record. The system is also used for the documentation of the recorded risk analysis results and progress made in implementation of risk treatment actions.
From Statistics Lithuania Annual Report 2010: “As regards the realization of the vision of a paperless office, an electronic document management system Sodas was implemented at Statistics Lithuania at the end of 2009 and put into operation in 2010. The system – that has replaced the previously used system KONTORA – enables an efficient, automated and standardized management of institution’s documents, control over tasks and assignments”.
Statistics Sweden
All operational planning on agency/department/unit level, along with operational risks, are documented in a tool named Stratsys that is an operational support software used in the various phases of the strategic planning, implementation, analysis, operational planning, reporting. All managers also report within the system. The internal control plan and the reports from internal quality audits are documented in the system too (certified according to ISO 20 252). It may include more things in the future. All employees have viewing rights to the agency’s operational plan and to their own department’s action plan and all its units’ action plans. All managers have viewing access to everything, except quality audit reports concerning other units/departments than their own, and writing/creating permissions on everything on their unit/department level. Quality audits can be accessed by the auditors and the specific unit and department managers concerned. There are 3 business controllers at the Director General’s Office who have admin permissions.
Most of the set up in the system is made in house by the administrator, but a contract for consultant aid from the provider is available if needed. All data is saved in a database on servers managed by the provider or its sub-contractors. The information stored is not considered to be sensitive and according to the contract the servers are guaranteed to be located within Sweden. When the contract is terminated the database shall be returned to Statistics Sweden.
Especially risks, but also plans concerning core activities are carried over between years. For the risks, values and comments for previous periods and years can be seen in the screen. Reports can easily be downloaded in different formats.