Improving the practice of risk management at Roosendaal

Roosendaal is a midsized town in the south of the Netherlands with a population of around 78,000 inhabitants, located between Rotterdam and Antwerp, Belgium. Almost three years ago the Municipality decided to improve its risk management practice.

According to Dick Maaskant, Business Controller of the municipality, this decision was influenced by several internal and external forces. For example, risk management had become a political issue not only due to the rise of principles of governance but also due to new legislative reporting rules concerning risk control within annual reports and budgets. However, of even more importance , was senior management’s growing consciousness that risk management should be an important tool in achieving strategic and operational goals.

Back in 2006, risk management in Roosendaal was not embedded within the organisation’s mainstream business. No policy, standard procedures or systematic approach towards risk management were available. When projects were being discussed, there would be a question of identifying risks during the decision stage but this had little impact on the outcomes. There was  reluctance to talk about risks arising, mostly out of fear for their inhibitory effect on the acceptance of new initiatives. Discussing risks was not part of business culture – in reality a pretty risky situation.

 

City Manager Jack Kruf and the Board of Mayor and Aldermen, pushed for the integration of risk management into existing business practices by laying out their aims and objectives in its  four year activity program.  Accordingly, the Board  allocated a substantial budget to facilitate the required process to establish  this goal.

 

Dick Maaskant became the Project Manager and at  the end of 2006, his proposal was approved by the Board.

 

The project approach was based on the following insights:

          Whilst tools and sufficient management / employee technical skills are important in developing risk management, risk awareness and changing attitudes / behaviour towards risk management are equally so. This is a precondition for the successful implementation of risk management;

          on the scale of a city such as Roosendaal, integrating risk management into business processes is a matter of  making  small steps which will take several years to be accomplished: a multi phased approach was required;

          top-down implementation is necessary: The tone at the top is essential for changing behaviours.

 

The project plan was scheduled to run for a period of three years.

During  2007, the  year the project started, the focus was on developing risk awareness at the managerial level ie.   The Board,  top management, departmental managers and project managers. Several workshops were organised to demonstrate the added value of risk management,   including themes such as ‘how can risk management contribute to decision making processes on a strategic level ?‘ and ‘how can  risk management contribute to the control of operational goals?’.

 

Risk analysis sessions, conducted in conjunction with various external agencies, were also carried out.  Analysis of  a real estate project ( new school ),  the introduction of  new  legislation around  social services at  local level and on a process design for a new way of communicating with neighbourhoods about improving their environment took place.

In addition a quick scan of the main operational risks and their effects on required reserves was carried out to  meet the reporting rules requirements  regarding  2008 budgets

Year two was a year of investing in the education and skills of employees. Initial focus was on risk management processes –  how to identify,  analyse and quantify risk, and how to  implement  and evaluate control measures

 

Following this exercise all department managers were asked to make an analysis of the 10 main  operational risks in their area of responsibility . A software tool to systematically register their performances on risk analysis was made available. This software system includes a statistical function (Monte Carlo analysis) which can calculate  the level of financial reserves  needed to cope with the overall financial risk that Roosendaal is exposed to. The amount of reserves required  for  this purpose is based on the degree of certainty chosen in relation to the required  adequacy of reserves. On this, a policy was agreed with the Municipality, also resulting in estimating a minimal performance value at a ratio expressing total amount of financial risk related to the financial reserves of Roosendaal. That ratio is called the ’risk resistance ratio’.

 

With regard to  risk ownership, a manual was created which included  procedures on reporting and  managing risks. Department managers are the initial risk owners but depending on the potential financial impact of a risk or its control measure, the risk has to be reported and shared with higher management levels. The basic rule is that the higher the financial risk, the higher the managerial level  involved.

 

In the last year of the project  (2009) the focus is  on integrating risk management into the mainstream business. Risk management is introduced as an activity in the subsequent project phases for large projects, risk management is applied to risk management processes. Risk management accountability is secured in the planning and control process, both in the annual program budget and report as internal accountability and reporting to senior management and the Board.

 

According to Dick Maaskant “As we near the end of the project have I think our views at the beginning of the project have proved correct. There has been a  significant investment of time and money but we have achieved our goal in that t risk is now on the agenda for  not only  the administration and management in general but also  the wider employee base. Risk awareness has improved and we have developed a systematic way of working to deal with risks. We have integrated risk management into our business. Understanding of the risks we run has been improved, which also results in a less tense atmosphere when we talk about risk.”

 

But we can also make further steps in the future. Discussion about measures concerning risks can still  become more indepth and require more attention. Our risk perception should not be limited to incidental or financial risks.  We still need to expand into other risk categories such as legal , environment , political  and strategic risk to further grow awareness . But, the foundation is there.