Organizations face many risks that can
impact the outcome of their operations. The events that may impact an
organization may inhibit its objectives (hazard risks), enhance them
(opportunity risks) or create uncertainty about the outcomes (control risks).
Risk management offers an integrated approach to evaluation, control and
monitoring of the three types of risk.
Conscious of the benefits of
integrating risk management in its modus operandi, AfricaRice’s Board of
Trustees approved the first version of the Center’s Risk Management Policy in
2005. The revised version of the Policy was approved by the Board at its
meeting in September 2014. The document has since been placed on the AfricaRice
website: www.africarice.org.
Training was subsequently provided to
senior management in 2006 and 2008. The operationalization of the policy was
reviewed in 2008 and 2012 and the corporate Risk Management Committee was
established in 2012.
With the aim of obtaining the best
returns from risk management activities at AfricaRice, the Risk Management
Committee set up the Risk Management Unit in August 2013 to ensure that the
Center’s risk management plan of activities gets full attention by the Center’s
constituencies. The specific role of the Unit is to significantly improve
AfricaRice’s risk management processes, and help the organization to
understand, evaluate and take action on all its key risks with a view to
increasing the probability of success and reduce the likelihood of
failure.
The expected outcome from the
activities of the Unit is to contribute to taking the Center’s level of risk
maturity from novice (risk management freshly embedded), to normalized
(structured risk management) or to natural (the organization has a risk-aware
culture with a pro-active approach to risk management in all its activities;
risk information is actively used and communicated to improve processes and
gain comparative advantage) in the next 5 years.
The following activities were implemented
between September and December 2014:
Sensitization/training
of staff
In order for AfricaRice to attain to
the highest level of risk maturity, a number of steps have to be taken:
- Sensitization of all staff on risk management and their roles and responsibilities in the risk management process
- Development of a risk register for each unit and station
- Development of a comprehensive risk register for AfricaRice
- Monitoring and review of the risk registers on a regular basis
- Development of a business continuity plan, including an evacuation plan, for headquarters and the stations
- Regular communication of risk management information at all levels within AfricaRice
While much progress has been made in
the past on each of these steps, the current attempt is to conduct all
activities in a more systematic and well documented manner. This started with the sensitization of staff
at all levels and at all stations and units on risk management. The exercise was conducted by members
of the Risk Management Unit (RMU), which comprises the Risk Management Officer,
Internal Auditor and Legal Advisor.
All staff in each unit and at each
outstation participated in the exercise. Each sensitization/training session
lasted typically three working days. Day 1 provided the theory and principles
of risk management while days 2 and 3 were devoted to the development of a risk
register for each unit/outstation. Topics covered included:
- Definition of risk;
- Definition of risk management;
- Roles and responsibilities of management and staff in risk management
- Risk management life cycle
- Identification
- Assessment
- Evaluation
- Treatment
- Reporting and communication
- Record keeping
- Monitoring and review
- Development and maintenance of a risk register
- can substantially expose the center to various losses if they do not undertake due diligence in the management of the risks inherent within the business processes under their care;
- is responsible for the risks that accrue due to the roles that they are responsible for;
- ought to consider the risks that are inherent given each of the business processes and the responsibilities assigned to them;
- should consider the nature and level of risk and also identify possible mitigation strategies accordingly;
- should understand, accept and implement risk management processes;
- should report inefficient, unnecessary or unworkable controls;
- should report loss events and near-miss incidents;
- should ensure that visitors and contractors comply with risk management procedures.
Risk
registers
The risk registers were subsequently
vetted by the Risk Management Unit and incorporated into the comprehensive
AfricaRice risk register. However, each unit/outstation reviews its risk
register on a monthly basis with a view to updating it based on developments in
and around the unit/outstation. Now that the comprehensive risk register has
been validated by the corporate Risk Management Committee and Board of
Trustees, it will be placed on the AfricaRice Intranet.
Risk
management officers
After the sensitization, Risk
Management Officers were appointed for each unit at headquarters and the
outstations. The roles of the Risk Management Officers include the
following:
- Monthly review of the risk register, including identification of new risks, analysis, evaluation and documentation of risks specific to the unit/station.
- Monthly meeting of the unit/station Risk Management Committee
- Monthly report on risk management in the unit/station to the Risk Management Officer at the headquarters – these reports should indicate actions taken as per the deadlines in the Risk Register and outstanding actions.
- Continuous monitoring of the implementation of actions recommended for improving risk management in the unit/station.
- Any other relevant action.