risk analysis presentation latvia 2013
DESCRIPTION
Presentation: of integrity risk assessment methodology. Within Ducth government more than 20 years of experience with these tools.TRANSCRIPT
1
Risicoanalyse integriteit
‘van kwetsbaar naar weerbaar’
SAINT
Risk Assessment Methodology
Alain Hoekstra
National Integrity
Office
2
Dutch National Integrity Office
Since:
• 2006: Ministry of the Interior and Kingdom Relations
• 2009: ‘independent’ but still subsidized
Philosophy:
• To support all government organizations in such a way that they themselvescan give substance to ethics and integrity policy
How:
• collect & dessiminate integrity related knowledge: publishing reports, research, formal policy documents -> website
• network function: host various platforms for sharing experiences and best practices, connecting experts/scholars, anual conferences
• develop & provide ‘ready to use’ instruments to work on integrity
• influencing the strategic policy agenda: conducting research for instance on the impact of recession on public sector ethics
Clients:
• Integrity officers, management, integrity counsellors
Organisation:
• Small core, extensive but extensive complementary network: independent advisors, scholars, leading experts -> co-production
Foucs:
• Integrity not (anti) corruption
3
History of National Integrity Office
• 2003-2006: ‘triggers’ for establishment
- impact of building fraud
- policy evaluations: implementation deficit
- changes in Civil Servants Act
- need for assistance and support
• 2006-2008: Official establishment NIO
- within departement Public Sector Management of ministry
• 2009: NIO ‘independent’
- functioning within departemental political/ policy environment
- More distance and independency required by UN convention against
corruption 2003 (art.6)
4
Integrity versus Corruption
Integrity:
- broad: complying with relevant public moral values, norms & standards
- positive: focus on stimulating ethical conduct in the public service (prevention)
- based on: ethics and morality
- bottom-up: awareness raising/ internalisation
(Anti-)corruption:
- narrow: receiving gifts/ advantages for acting in the interest of a specific actor
- negative: avoiding wrongdoing and private gain
- based on law, control and punishment (repression)
- top-down: imposition of rules and guidelines/ enforcement
5
6
Building components ethical organisation
House rules
Foundation & structure
Climate & atmosphereClimate & atmosphere
7
Integrity framework: 7 elements
8
Instruments: some examples
1. Online Quick-scan to check status of integrity policy
2. Model code of conduct
3. SAINT: risk assessement methodology
4. Integrity Cube: dilemma training dvd
5. Guideline for conducting integrity investigation
6. Monitoring implementation
7. Training integrity officers/ guideline for integrity plans
9
Risk Analysis Methodology
• Not focused on detecting wrongdoing of individual employees
• Not about investigating misconduct
• Not aimed at removing/ firing/ prosecuting ‘bad apples’
Instead
• Focused on detecting vulnerable processes and integrity risks
• Organizational system failures (structure, culture, context)
• Aimed at ‘bad barrels’ that can spoil the apples
10
“Discarding bad apples generally won’t solve an
organization’s problem with unethical behavior.
The organization must scrutinize itself to determine if
there’s something rotten inside the organization
that’s spoiling the apples”
Trevino & Nelson (2004). Managing Business ethics:
Straight talk about how to do it right (p.10)
Why?
11
SAINT: pre-assumptions & characteristics
- all public organizations are vulnerable
- eliminating vulnerabilities/ risks/ temptations –> protecting employee
- responsibility of employer
- risks assessments provision in Civil Servants Act (NL)
- internal in stead of external audit
- bottom-up process: making use of employees knowledge & experience
- employees formulate recommendations: enhances support/ implementation
- quick scan of biggest integrity risk areas and how to deal with them
12
SAINT: the system
1. which department/ unit?
2. what are the most vulnerable
processess/ integrity risks?
3. how effective is integrity framework/
measures (hard/ soft/general)?
4. is integrity framework complete/
strong enough considering risks?
5. what do we miss/ can we do better?
13
Vulnerable processes: some examples
Areas dealing
with the public or
with the private
sector
Collecting Taxes, fees, charges, etc.
Contracting Procurement, tenders, orders, assignments, etc.
Paying Subsidies, social benefits, allowances, grants, etc.
Granting/ issuing Permits, passports, driving licenses, identity cards, etc.
Public services Health care, education, garbage collection, etc.
Inspection/
enforcement
Inspections, investigation, prosecution, detention
Areas dealing
with government
property
Information Confidential/ secret information, documents, etc.
Money Cash, budgets, expenses, bonuses, allowances, etc.
Goods Buying/selling government material
Real estate Buying/selling buildings / land
14
SAINT: the system
1. which organisation/ department/ unit?
2. what are the most vulnerable
processess/ integrity risks?
3. how effective is integrity framework/
measures (hard/ soft/general)?
4. is integrity framework complete/
strong enough considering risks?
5. what do we miss/ can we do better?
15
Questionaire: effectiveness control systems
Hard Controls Soft Controls General Controls
Legislation/ regulation Values/ code of ethics Commitment/ vision
Reporting systems/
whistleblowing
procedures
Exemplary behaviour/
role modelling
Integrity policy/ documents/
Seggregation of
functions,
Integrity awareness/
education/ training
Integrity officer/ entity
disclosure of side jobs
acceptance of gift
declaring expenses
purchasing/ contracting
Culture/ openness / Trust
safe/ fairness
Rewarded/
Monitoring/evaluating
Policies/ Risk analysis
16
SAINT: the system
1. which organisation/ department/ unit?
2. what are the most vulnerable
processess/ integrity risks?
3. how effective is integrity framework/
measures (hard/ soft/general)?
4. is integrity framework complete/
strong enough considering risks?
5. what do we miss/ can we do better?
17
Gap analysis
• Level of vulnerabilities compared with level of integrity controls
determines what remains to be done in order the achieve…
• Balance: reducing vulnerability or enhancing controls
Remaining
Vulnerability
18
SAINT: the people
• 14 persons
• carefully selected
• critical but constructive attitude
• knowledge/ experience
• processess/ structures/ systems
• vulnerabilities/ risks
• worked for longer time
• different positions
• combination
- primary process/ workfloor
- management
- staff (HR/ finanace/ legal)
19
SAINT: the setting
• GDR
• Interconnected laptops
• Moderator
• ‘Firing’ questions
- ranking vulnerable processess
- describing specific risks
- evaluating existing measures
- formulating solutions
• Answers directly entered system
• Anonymous
• Equal opportunities
• Input aggregated
• Report
20
SAINT: some advantages
• Fast
• Time efficient
• Cheap
• Peridiotic repetition
• Safe
• Trained/ experienced moderator
• Consistency
• Bottum-up
- Inspiring
- Involvement
- Support implementation
21
SAINT: some limitations
• Suitable for smaller units
• Initial investments required
• Partial Analysis
- most vulnerable processess
- biggest risks
• Quality workshop depends on
quality/ honesty participants
• Report may be confronting for
management
• Management is responsible for/
has to decide on follow-up
22