The decision of the Osnabrück Administrative District to build up a systematic, holistic and structured opportunity and risk management might be termed unusual. Such a step is not at all widespread in the “municipal world”. The professional software was a replacement for the self-constructed Excel solution and is used for all opportunities and risks with financial relevance. The aim was to achieve software support for the long-term implementation of risk and opportunity management for controlling.
- Osnabrück Administrative District: (Area: approx. 2,120 km2 / population approx. 353,000 )
- Communities within the district: 21 towns, communities and joint communities Tasks of the Administrative District: Social welfare, youth welfare, school operator,
- maintenance of the district road network (640 km), integration of refugees,
- regulatory authority and civil protection, protection of the environment and of nature, buildings protection,
- health protection for people and animals Total assets approx. 540 million € Profit and loss account approx. 560 million €
In the search for a new software solution for information security management (ISMS), the tendering process was based on a decision matrix developed by the district itself, which was applied to several products of various providers. Important criteria were:
- Taking over the risk matrix previously in use
- Revision of the existing data
- Intensive price-performance ratio comparison
With the information security module of the R2C_SECURITY software solution, Schleupen AG offered a product as targeted as it was future-protected; the great amount of experience in the energy sector and the attractive price-performance ratio were also convincing arguments in deciding on Schleupen AG.
For municipalities such as the Osnabrück Administrative District, many risks are prescribed by tasks that must be considered obligatory and cannot be avoided. Control actions are therefore often “reduce” or “accept”. In this process, due to the wide range of tasks, about 120 opportunities and risks must be identified and assessed. The knowledge gained by this transparency then enables an earlier reaction, from an overall perspective, to changing framework conditions. The aim of a municipality is also not to maximise profit, but from a financial point of view to cover costs.
A standard risk atlas, such as for example that of R2C_risk to chance, the Schleupen risk management tool, does not meet these special conditions and has to be tailored to the special needs of a municipality. This must take place with the special consideration of making the survey process easier and optimising assessment options. That is to say: simply achieving better results.
The Osnabrück Administrative District was able to test R2C_risk to chance for four weeks. During this process it became clear that the software, designed for private companies, could be adapted to municipal requirements. After the decision in favour of R2C, all members of the house-wide project group received two hours of training by the central risk controller for the Osnabrück Administrative District. The trained users make use of the web interface; the focal point of their activities lies in the input and processing of opportunities and risks (including evaluation) together with assessment options. The risk inventory is dealt with by 16 employees of the Osnabrück Administrative District; more employees per organisational unit are indirectly involved in the processes.
With the support of the software, a risk inventory is performed three times a year. Report deadlines are 30th June and 30th September for drawing up the budget plan as well as for control reports. The further development of the risk and opportunity management, as well as the maintenance of the risk management manual together with the optimisation and further development of the methods and instruments, is taken over by central controlling jointly with decentralised controllers.
CONTROL IS PERFORMED ON TWO LEVELS
- Individual opportunities and risks via the decentralised organisational units
- The total result flows into the control decisions at the overall level (administrative board, policy)
Monitoring operates primarily at the decentralised controller level by checking the opportunities and risks recorded for relevance and evaluation as well as for the effectiveness of the control actions initiated.
The sequence of the risk management process involves four steps: survey, evaluation and assessment, control and monitoring. Decentralised controllers in the organisational units survey and evaluate, together with the involvement of managers and other employees, the opportunities and risks.
EVALUATION IS MADE
- With regard to the impact based on quantitative measurement in € and the resulting division into in 5 categories
- Regarding the probability of occurrence, based on the division into 5 different categories
The requirements made of R2C were met to their full extent; the employees of the Osnabrück Administrative District involved are well able to handle the software. It supports the realisation of added values aimed for with the risk and opportunity management and that will also be aimed for in future.
With the introduction of holistic risk and opportunity management and the R2C_risk to chance software, transparency and comparability have increased. Risks are discussed internally in a more open manner, possible impacts are met efficiently by control effects. Opportunities are also accepted with greater awareness. Altogether, the financial situation of the Osnabrück Administrative District can now be more accurately assessed. The district has become stronger to deal with future developments.
We would be happy to advise you on all matters to do with risk management!
In a personal discussion, we will consider with you which software solution would be the perfect match for your risk management process. You will also have the opportunity of taking a look at our software solution in a free webinar – get in touch with us!