Governance, Risk and Compliance

How Resolver Helps Schools Assess Risk Using Risk Assessment App

0 +

David Powell is no stranger when it comes to Enterprise Risk Management, but those working in the risk management space may find his journey to becoming an entrepreneur—advising on risk management and facilitating risk assessments in education—an inspiring one. Based in Adelaide, Australia, David joined Touche in 1994 after graduating from the University of Adelaide, receiving an undergraduate degree in IT and Accounting. He worked for four years doing IT audits before moving with the firm to Vancouver.

Coming back to Australia, he spent a few more years with Touche before joining Deloitte—as a side note, the two firms never merged in Australia. He became a partner with Deloitte in the risk group spending six years consulting in ERM, Internal Audit, and IT Audit. After leaving Deloitte, David moved to Ernst & Young for six years. If you are keeping up with the math, that makes 25 years with big consulting and 10 years as a partner.

David reached a point where the “big firm” wasn’t where he wanted to be. Seven years ago, he decided to go out on his own, providing services to boards and audit committees. This is where Powell & Co enters the picture.

Risk for the School Market

In Adelaide, the majority of the school system is largely a private versus public system. David found a niche in working with schools in the capacity of providing risk management services. Currently David works with 18 different schools and created an offering called Risk4Schools.

“The school market is an interesting one,” states David. “When speaking to schools, they are at the early stages of risk maturity. Risks may be related to health and safety risks, or risks around school excursions. Typically, schools are not thinking about key strategic or operational risks, or documenting competition and reputational risk”.

In Adelaide, a city of 1.2M people, there are about 120 private schools. These organizations don’t have full-time risk managers. What David has developed is an approach that works for the school market.

David’s Risk Assessment Process

Step 1: Present

“The process starts with a 30 minute ‘Risk 101’ presentation. It explains the key concepts of risk using the ISO 31000 framework. We define risk, risk management, consequence, and likeliness. We document inherent and residual risk.”

Step 2: Brainstorm

“Next, we run a brainstorm session. What are the issues for the school? We describe concerns or risks. Not all are risks, some could be controls, causes or consequences. Then we filter the list down to the risks.”

Step 3: Vote

“We then do a workshop and vote on the risks using Ballot. Typically there are 4-16 participants. We go right into the workshop from the brainstorm which for me means fast fingers on the keyboard as I enter the risks from the brainstorming session into Ballot in a short window of time. We use then use the “clickers” to capture input anonymously. The process is quick and easy, and keeps the group focused.”

Experience with Resolver Ballot for Risk Assessment

David was introduced to Ballot during his years in Enterprise Risk Services at E&Y. He’s continued using the product for the facilitation of risk assessment workshops with his work through Risk4Schools. “The Ballot product is an important part of the risk assessment process” states David. “It allows for anonymous voting which equalizes the dominant voices in a room”. David also comments on the immediate results that are shared with the group. “The instant heat map visualization keeps up engagement”. While Ballot supports mobile entry, David prefers the RF keypads to keep people focused on the task at hand versus their mobile device, which can lead to distraction.

What Happens after the Workshop?

Following the workshop, David produces report for them, which documents each risk. This report includes a snapshot of the heat map, and risk template. Essentially a “risk in a page” that includes risk description, who owns it, inherent risk, controls, treatment plans, causes and consequences. The client will take that document and use it themselves to review risks going forward. David checks in with their progress with the goal being to get them to a stage where they can manage and monitor risk on their own.

Request a Demo

Fill out this form and a member of our team will contact you shortly