risk analysis presentation latvia 2013

1

Risicoanalyse integriteit

‘van kwetsbaar naar weerbaar’

SAINT

Risk Assessment Methodology

Alain Hoekstra

National Integrity

Office

2

Dutch National Integrity Office

Since:

• 2006: Ministry of the Interior and Kingdom Relations

• 2009: ‘independent’ but still subsidized

Philosophy:

• To support all government organizations in such a way that they themselvescan give substance to ethics and integrity policy

How:

• collect & dessiminate integrity related knowledge: publishing reports, research, formal policy documents -> website

• network function: host various platforms for sharing experiences and best practices, connecting experts/scholars, anual conferences

• develop & provide ‘ready to use’ instruments to work on integrity

• influencing the strategic policy agenda: conducting research for instance on the impact of recession on public sector ethics

Clients:

• Integrity officers, management, integrity counsellors

Organisation:

• Small core, extensive but extensive complementary network: independent advisors, scholars, leading experts -> co-production

Foucs:

• Integrity not (anti) corruption

3

History of National Integrity Office

• 2003-2006: ‘triggers’ for establishment

- impact of building fraud

- policy evaluations: implementation deficit

- changes in Civil Servants Act

- need for assistance and support

• 2006-2008: Official establishment NIO

- within departement Public Sector Management of ministry

• 2009: NIO ‘independent’

- functioning within departemental political/ policy environment

- More distance and independency required by UN convention against

corruption 2003 (art.6)

4

Integrity versus Corruption

Integrity:

- broad: complying with relevant public moral values, norms & standards

- positive: focus on stimulating ethical conduct in the public service (prevention)

- based on: ethics and morality

- bottom-up: awareness raising/ internalisation

(Anti-)corruption:

- narrow: receiving gifts/ advantages for acting in the interest of a specific actor

- negative: avoiding wrongdoing and private gain

- based on law, control and punishment (repression)

- top-down: imposition of rules and guidelines/ enforcement

5

6

Building components ethical organisation

House rules

Foundation & structure

Climate & atmosphereClimate & atmosphere

7

Integrity framework: 7 elements

8

Instruments: some examples

1. Online Quick-scan to check status of integrity policy

2. Model code of conduct

3. SAINT: risk assessement methodology

4. Integrity Cube: dilemma training dvd

5. Guideline for conducting integrity investigation

6. Monitoring implementation

7. Training integrity officers/ guideline for integrity plans

9

Risk Analysis Methodology

• Not focused on detecting wrongdoing of individual employees

• Not about investigating misconduct

• Not aimed at removing/ firing/ prosecuting ‘bad apples’

Instead

• Focused on detecting vulnerable processes and integrity risks

• Organizational system failures (structure, culture, context)

• Aimed at ‘bad barrels’ that can spoil the apples

10

“Discarding bad apples generally won’t solve an

organization’s problem with unethical behavior.

The organization must scrutinize itself to determine if

there’s something rotten inside the organization

that’s spoiling the apples”

Trevino & Nelson (2004). Managing Business ethics:

Straight talk about how to do it right (p.10)

Why?

11

SAINT: pre-assumptions & characteristics

- all public organizations are vulnerable

- eliminating vulnerabilities/ risks/ temptations –> protecting employee

- responsibility of employer

- risks assessments provision in Civil Servants Act (NL)

- internal in stead of external audit

- bottom-up process: making use of employees knowledge & experience

- employees formulate recommendations: enhances support/ implementation

- quick scan of biggest integrity risk areas and how to deal with them

12

SAINT: the system

1. which department/ unit?

2. what are the most vulnerable

processess/ integrity risks?

3. how effective is integrity framework/

measures (hard/ soft/general)?

4. is integrity framework complete/

strong enough considering risks?

5. what do we miss/ can we do better?

13

Vulnerable processes: some examples

Areas dealing

with the public or

with the private

sector

Collecting Taxes, fees, charges, etc.

Contracting Procurement, tenders, orders, assignments, etc.

Paying Subsidies, social benefits, allowances, grants, etc.

Granting/ issuing Permits, passports, driving licenses, identity cards, etc.

Public services Health care, education, garbage collection, etc.

Inspection/

enforcement

Inspections, investigation, prosecution, detention

Areas dealing

with government

property

Information Confidential/ secret information, documents, etc.

Money Cash, budgets, expenses, bonuses, allowances, etc.

Goods Buying/selling government material

Real estate Buying/selling buildings / land

14

SAINT: the system

1. which organisation/ department/ unit?

2. what are the most vulnerable

processess/ integrity risks?

3. how effective is integrity framework/

measures (hard/ soft/general)?

4. is integrity framework complete/

strong enough considering risks?

5. what do we miss/ can we do better?

15

Questionaire: effectiveness control systems

Hard Controls Soft Controls General Controls

Legislation/ regulation Values/ code of ethics Commitment/ vision

Reporting systems/

whistleblowing

procedures

Exemplary behaviour/

role modelling

Integrity policy/ documents/

Seggregation of

functions,

Integrity awareness/

education/ training

Integrity officer/ entity

disclosure of side jobs

acceptance of gift

declaring expenses

purchasing/ contracting

Culture/ openness / Trust

safe/ fairness

Rewarded/

Monitoring/evaluating

Policies/ Risk analysis

16

SAINT: the system

1. which organisation/ department/ unit?

2. what are the most vulnerable

processess/ integrity risks?

3. how effective is integrity framework/

measures (hard/ soft/general)?

4. is integrity framework complete/

strong enough considering risks?

5. what do we miss/ can we do better?

17

Gap analysis

• Level of vulnerabilities compared with level of integrity controls

determines what remains to be done in order the achieve…

• Balance: reducing vulnerability or enhancing controls

Remaining

Vulnerability

18

SAINT: the people

• 14 persons

• carefully selected

• critical but constructive attitude

• knowledge/ experience

• processess/ structures/ systems

• vulnerabilities/ risks

• worked for longer time

• different positions

• combination

- primary process/ workfloor

- management

- staff (HR/ finanace/ legal)

19

SAINT: the setting

• GDR

• Interconnected laptops

• Moderator

• ‘Firing’ questions

- ranking vulnerable processess

- describing specific risks

- evaluating existing measures

- formulating solutions

• Answers directly entered system

• Anonymous

• Equal opportunities

• Input aggregated

• Report

20

SAINT: some advantages

• Fast

• Time efficient

• Cheap

• Peridiotic repetition

• Safe

• Trained/ experienced moderator

• Consistency

• Bottum-up

- Inspiring

- Involvement

- Support implementation

21

SAINT: some limitations

• Suitable for smaller units

• Initial investments required

• Partial Analysis

- most vulnerable processess

- biggest risks

• Quality workshop depends on

quality/ honesty participants

• Report may be confronting for

management

• Management is responsible for/

has to decide on follow-up

22

23

Contact information

Alain Hoekstra

a.hoekstra@integriteitoverheid.nl

0031 (0)622614299