MOE ERM Process Guide Card

ERM Process Guide Risk Heat Map1. Establish ContextUnderstand current contexts and define key objectives, policies and strategies inconsideration of internal and external contexts pertaining to the risk.• Internal context: mission & vision, strategic objectives, policies, culture, practices, relationship with internal stakeholders, etc.• External context: social, technological, cultural changes, etc.; key trends; relationships with external stakeholders, etc.Prepared by: MOE ERM Secretariat (OD Division) |2018|

2. Identify RiskIdentify risk or events (uncertainties) that might affect the achievement of set objectives.Steps:• Use tools/methods such as Bow-Tie, Fish-bone diagram, SWOT analysis, etc. for risk identification• Determine the root causes and impact (consequences) of each risk.• Leverage on internal and external sources by asking: - What worries you in the context of ensuring the smooth running of operations and continuity (when a negative event occurs)? - What is the general sensing of the risk at this moment? - Is there any supporting information to support your sensing?• Output: Formulate risk statement (describe the risk with clarity of why this risk is important).3. Analyse RiskAnalyse risk using appropriate tools.Steps: Use the Bow-Tie method, Impact-Likelihood Analysis, etc.• Analyse the risk event and root causes by use of data/ information (quantitatively, e.g. use of key risk indicators; or qualitatively)• Quantify each specific risk – determine impact and likelihood - Split or combine specific risks, as needed - Review and refine the analyses Note: Analyse using Bow-Tie method - 1: Determine risk event - 2: Determine root causes (likelihood) - 3: Determine impact - 4: Determine the mitigation strategies that can be applied • Check if additional interventions are needed • Change management plan • Communications plan / CEG engagement • Red Team formation (Challenge current ways of working, check effectiveness of plans, ask “what if…so what” questions)

4. Evaluate RiskEvaluate the risk by checking whether the analysis:• meets the expectations or objectives set (established as context)• is well ‘synchronised’ with other risks (using the Impact-Likelihood Table/Heat Map), including prioritisation of risksSteps: Involve MOE Senior and Divisional Management in the risk evaluationOutput: Clear understanding of risks, their priorities (shown in Heat Map) and constraints5. Treat RiskTreat risk by selecting appropriate options for modifying risk and implementing them.Steps:• Decide whether to accept, avoid, or adapt risk: - Accept Risk (Risk Acceptance) (Retain risk as an informed decision. How can we better prepare for the event?) - Avoid Risk (Risk Transference) (What can be done differently to remove the risk? Can the risk be transferred?) - Adapt Risk (Risk Reduction) (What can be done to reduce the likelihood of the event happening? What can be done to limit the scope of the damage?) - Evaluate and compare risk reduction options (How much does it reduce the risk? Does it reduce other risk? Is it feasible?)o Plan and implement selected risk options (mitigate identified risk)• Assess the effectiveness of mitigation strategies: - Testing (dry-run) of Risk Management/Mitigation Plan (Run through plan in detail, check blind spots, establish checkpoints, make changes)• Output: Mitigation StrategiesMonitor and Review (ongoing process)Monitor and review risk:• Monitor risks and indicators regularly and ensure controls are effective and efficient (Who needs to know? Who do I check with? What is going on currently? What has/needs to be changed?)• For risk events that have occurred and/or mitigation strategies implemented: conduct AAR with project team; analyse and learn lessons from events (including near-misses)• Monitor changes and trends in operating environment• Look out for black swans and emerging risk• Output: Updated Risk Register & Assessment Report (during assessment cycle)

Exemplar 1. Establish Context Strategic Objective: MOE will emphasise ‘out-of-classroom’ education for all subjects by ensuring at least 25% of the students’ learning takes place outside the classroom. This ensures students are exposed to different learning environments to be future-ready. Public Position: Schools will work actively with vendors and partners (community, parents, etc.) to implement ‘out-of-classroom’ learning. 2. Identify Risk Steps: Division conducted a SWOT analysis of the policy to identify opportunities and risk. Bow-Tie analysis was used to analyse selected risks in deeper detail. Output: Key risks surfaced include: • Risk of incidents outside of school resulting in injury (Safety Risk) • Risk of improper conduct by vendors and partners (Misconduct Risk) 3. Analyse Risk Steps: Analysis conducted with key indicators below: • General Indicators: type and scale of activities in schools. • Safety Risk: No. of incidents resulting in injury (including near-misses); analysed by type of activity and severity of injury (minor, serious, etc). • Misconduct: No. of cases of misconduct, qualitative, qualitative feedback on vendor/partner; analysed by nature of activity and type of vendor/partner Output: Assessment report • Increased likelihood of injuries, especially for minor (low impact) injuries. • Low likelihood of vendor/partner misconduct but the impact is much higher • Suggested preliminary mitigation strategies. 4. Evaluate Risk Steps: Discussion on risks and implementation of policy at cross-divisional, Wing Head meetings and DM. Output: Consensus of DM that the benefit was worth the potential risks and to allocate the funding to support it. 5. Treat Risk Steps: Mitigation strategies were included in discussion at DM. Output: Two mitigation strategies were selected • To reduce the impact of injuries, all teachers would be trained in basic first aid. • To reduce the likelihood of misconduct, at least a teacher or designated parent must be present with the students at all times.