Developing An Enterprise Risk
Management Framework
Management Framework
East AFRITAC-IMF
Customs Risk Management Workshop October 29 –November 1 , 2013
Nairobi, Kenya Kebede Lidetu
Wednesday, June 11, 2014 ERMF 1
Outline
1. Introduction 2. Definition
3. Why implement ERM?
4. ERM and existing risk management approaches 5. Key Features of the ERMF
6. Benefits of the ERMF 7. ERMF component parts
8. Key elements for a successful ERM program
9. The essential elements of ERM organization structure 10. Common Challenges In ERMF Implementation
11. Standardised Approach To The Process Of Risk Management 12. Roles And Responsibilities
13. Steps in Developing ERMF
14. ERMF Reporting and risk Champion/Committee 15. ERCA Enterprise Risk Categories
In today’s challenging global economy, business opportunities and risks are Constantly changing.
O i ti f ki d f i t l d t l
Introduction
Organizations of any kind face internal and external
factors and influences that make it uncertain whether, when and the extent to which they will achieve or exceed their objectives. The effect that this uncertainty
has on the organization’s objectives is “risk”.
Risk management can be applied across an entireRisk management can be applied across an entire organization, to its many areas and levels, as well as to specific functions, projects and activities.
Example for Customs and Domestic tax case selection.
Wednesday, June 11, 2014 ERMF 3
All activities of an organization involve risk.
Risks can impact an organization in the short, medium and long term. These risks are related tooperations, tactics and
Introduction…
strategy.
Risk is everywhere. It pervades every level of an organization whether it is a company or a government institution.
It impacts normal “business as usual”, operational activities as well as projects and programs that bring change
as well as projects and programs that bring change.
Any organization that effectively manages risk will experience significant benefits throughout its functionalities.
1. It is the chance of something happening that will have an impact on the organization objectives
Measured in terms ofconsequencesand likelihood
What is a risk?
The failure
[of someone or something]
to
[prevent something
from happening]
leading to
[an impact on objectives]
E.g. The failure of ERCA to maintain high quality of staff supported by appropriate recruitment, selection and placementwill leadnot to meet ERCA’s objectives .O Or
2. [Something happens] {caused by someone or something through a mechanism} leading to [an impact on objectives]
Wednesday, June 11, 2014 ERMF 5
Enterprise risk management is a process, effected by
an entity’s board of directors, management and other personnel, applied in strategy setting and across the
What is Enterprise Risk Management (ERM)?
enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Source :-Committee of Sponsoring Organizations of the Treadway Commission (COSO) ( )
ERM is about establishing the oversight, control and discipline to drive continuous improvement of an entity’s risk management capabilities in a changing
What is ERM?...
operating environment.
It is a Structured and Systematic method of:
Identifying
Analysing and
Managing RiskManaging Risk
ERM has emerged through the need to balance stability
and innovation
Wednesday, June 11, 2014 ERMF 7
What is an Enterprise Risk Management
Framework (ERMF)?
“a set of components that provide the foundations and
organisational arrangements for designing
organisational arrangements for designing,
implementing, monitoring, reviewing and continually
improving risk management throughout the
organisation.”
Risk management - principles and guidelines ISO 310000:2009
Components of a framework
Wednesday, June 11, 2014 ERMF 8
Roles and responsibilities 1 Process, tools and capabilities 2 Controls and governance 3
The overriding objective for implementing ERM is to
Provide reasonable assurance to an entity’s
management and board that the entity’s business
Why implement ERM?
management and board that the entity s business objectives are achieved
ERM provides a framework for management to
effectively deal with uncertainty and associated risk and opportunity, and thereby enhance its capacity to build value.
There are six fundamental reasons for implementing
ERM. Each serves to help elevated risk management to a strategic level. The six reasons are:
Wednesday, June 11, 2014 ERMF 9
1. Reduce unacceptable performance variability
through
Evaluating likelihood and impact of major events
Why implement ERM?....
g p j
Developing responses to prevent events from
occurring or manage their impact if the do occur 2. Align and integrate views of risk management in to
management activities
3. Build confidence of investment community and stake h ld
holders.
4. Enhance corporate governance.
5.Successfully respond to changing environment 6. Align strategy and corporate culture.
Practical ERCA case
The approach to risk management within ERCA was
focused on only to the compliance risk management of
WHY ?...
customs and domestic tax and documented in the
“ERCA Risk Management Policy and Strategy”
document.
However, this strategy was not incorporated into the
planning and governance processes of ERCA.
Th i t ti f ERMF i th f t d t it
The intention of ERMF is therefore to expand past its
current state to a wider, more corporate consideration and to provide the broad framework required to bring the intent to life.
Wednesday, June 11, 2014 ERMF 11
Traditional risk management approaches are focused on
protecting the tangible assets reported on a company’s balance sheet(more on the compliance aspect).
ERM and existing risk management approaches
The emphasis of ERM however, is on enhancing
business strategy. The scope and application of ERM is much broader than protecting physical and financial assets. With an ERM approach the scope of risk
management is enterprise wide and the application of
risk management is targeted to enhancing as well as risk management is targeted to enhancing as well as protecting the unique combination of tangible and intangible assets comprising the organization business model.
Underlying principles:
Every entity, whether for-profit or not, exists to realize
value for its stakeholders.
ERM and existing risk management …
Value is created, preserved, or eroded by management
decisions in all activities, from setting strategy to operating the enterprise day-to-day activities.
ERM supports value creation by enabling management to:
Deal effectively with potential future events that createDeal effectively with potential future events that create uncertainty.
Respond in a manner that reduces the likelihood of
downside outcomes and increases the upside.
Wednesday, June 11, 2014 ERMF 13
Land - Customers
Physical Customer
The five broad categories of assets representing sources of value, and examples within each category, are Buildings - Cannels Equipment - Affiliate Inventory Cash Receivables Investments - Employees Equity - Suppliers Prepaid - partners P id Physical Assets Customer assets Financial assets Employee supplier assets Organiza tional Assets Prepaid And other Leadership -reputation Strategy - Innovation Knowledge - Systems Values - Process
Key Features of the ERMF
A top down risk categorisation that assigns enterprise responsibility to senior executives for all identified risks
A uniform approach to risk rating and tolerance setting
A tiered approach from localised, less resource intensive (tactical) to organisation wide, resource appropriate (enterprise) risks.
This allows a ground up identification, management and escalation of risks, enabling an informed Strategic Risk discussion to take place
Wednesday, June 11, 2014 ERMF 15
p
The ERMF provides transparency and allows information sharing across the enterprise
Integration into our governance, budget, and planning processes
Benefits of ERMF
For Executive
Clearer view of all risks and their status
Greater end-to-end responsibility for risks
Less noise from ‘over-rated’ risks
Natural linkage point from risks into the planning
process
For Risk Owners
Greater visibility of risk pools strategies and control
Wednesday, June 11, 2014 ERMF 16
Greater visibility of risk pools, strategies and control
effectiveness in their area
Benefits …
For Risk Owners …
More explicit risk tolerance statements
Shared framework with their colleagues
For other staffs
Clearer risk guidance
Wide adoption and use of common toolset
Common lang age for managing risk across nits
Wednesday, June 11, 2014 ERMF 17
Common language for managing risk across units
Line of sight on how individual effort contributes to
enterprise risk mitigation
A successful implementation of an Enterprise Risk Management Framework will have the following benefits for the
organization:-Benefits …
Customer satisfaction Modern tax administration
Good organizational Image Increase revenue collection
Improved risk identification Ethical behaviour of staff
T d f ilit ti I d li
Trade facilitation Improved compliance
ERMF component parts
Wednesday, June 11, 2014 ERMF 19
Key elements for a successful ERM program
Executive Commitment
Policy & Procedures
•accountabilities
Operational Framework
•Roles & responsibilities
•approach
•methodology
•structure
•structure
Training & Education
Monitor & Review
•
The board of directors
The essential elements of ERM organization
structure
•
The Top Management
•
The R.M executive committee.
•
The ERMF owner/ Chief Knowledge officer
•
The risk management owner
g
•
Business units
•
Assurance unit (internal Audit)
Wednesday, June 11, 2014 ERMF 21
Common Challenges In ERMF
Implementation
Identifying executive sponsors for ERM.
Describing the entity's risk appetite
Identifying and describing the risks
Implementing a risk-ranking methodology to prioritize
Establishing a risk committee and or Senior risk officer
Establishing ownership for particular risks
Developing action plans to ensure the risks are
appropriately managed appropriately managed.
Developing consolidated reporting for various
stakeholders.
Enterprise Risk Management Framework Owner…
The ERMF Owner is the capability leader for risk management in ERCA and is responsible for:
Roles And Responsibilities
management in ERCA and is responsible for:
Developing and maintaining ERCA’s risk
management capability and providing assurance of conformance in relation to risk management, including the Risk Management Certificate of Assurancessu a ce
Consulting, developing and issuing corporate risk
requirements in the form of Corporate Management Procedures and Instructions
Wednesday, June 11, 2014 ERMF 23
ERMF Owner….
Actioning non-conformance with the corporate risk
requirements
Roles And Responsibilities….
requirements
Developing and maintaining ERCA’s Enterprise
Risk Register
Identifying risk management training solutions for
ERCA
Updating, maintaining and initiating reviews of thep g, g g
Enterprise Risk Management Framework
Promoting and enabling stronger linkage between
risk and issues management, and corporate planning.
Enterprise risk owners
Enterprise risk owners are responsible for specific risk categories at the enterprise level. Enterprise risk owners
d l t t f i k t t Ri k
Roles And Responsibilities…
may delegate aspects of risk management to Risk Managers. Generally they are responsible for:
Working with Operational risk owners to understand
the risks and the implementation of the mitigation strategies
Ensuring the coherence of the overall risk assessmentEnsuring the coherence of the overall risk assessment process and mitigation strategy for their specific risk category
Directing the overall grouping and aggregations of
risks at the enterprise level
Wednesday, June 11, 2014 ERMF 25
Enterprise risk owners…
Coordinating risk mitigation efforts between
Operational risk owners
Roles And Responsibilities…
p
Initiating periodic risk reviews in line with the annual
planning cycle
Tracing risk interdependencies across risk categories
and systemic issues maintaining consequence tables
Monitoring the implementation of mitigation
i strategies
Updating risk management information in the
Operational risk owners
Operational risk owners have accountability and responsibility for managing a discrete risk population or
Roles And Responsibilities…
responsibility for managing a discrete risk population or group (risk pool) within an enterprise risk category. Operational risk owners are responsible for:
Working with Enterprise risk owners to create a
whole-of-enterprise view of related risks and controls
Monitoring changes in the risk environmentg g
Assessing and evaluating risks
Designing treatment, including design of risk controls
Defining and monitoring measures of effectiveness.
Wednesday, June 11, 2014 ERMF 27
Risk managers have responsibility for managing risk
controls treatment or mitigation and aspects of risk
Roles And Responsibilities…
Risk Managers
controls, treatment or mitigation, and aspects of risk assessment and identification as directed by an enterprise risk owner.
Risk managers do not have overall responsibility for
the management of risks at the enterprise or operational level.
We need to follow the formal risk management process which are shown below in ERMF
Standardised Approach To The Process
Of Risk Management
Steps in Developing an Enterprise Risk
Management Framework (ERMF)
Identify success goals for the framework
Planning For Success
How will we evaluate success?
Distributed or centralised ownership and responsibility
Developing Level 0 risks
What are the organization’s intent, principles and
bj i ?
objectives?
What are the outcomes or deliverables of each
objective?
Example of ERCA strategic themes
Goals/ Themes Outputs and
deliverables
Obstacles Goal/Theme 1
Human Resource Mgt & Development
More than one outputs /deliverable
More than one obstacles Goal/Theme 2
Modern Information System
“ “
Goal/Theme 3
Customers Education and Communication
“ “
Goal/Theme 4
Customers Service and Support
“ “
Customers Service and Support Goal/Theme 5 Law Enforcement “ “ Goal/Theme 6 Revenue collection “ “
Identify those outputs and/or deliverables that would
need to be achieved by the objectives or themes.
For each of these outputs or deliverables, the next
Developing Level 0 risks…
For each of these outputs or deliverables, the next step is to then try to identify any obstacles that might prevent the outputs or deliverables from being achieved.
From the list of obstacles identified, cluster the
obstacles into categories and then to articulate each of those categories as a risk.
Cluster or group Articulate as a risk
1
2
HRM and Development Obstacles
Improper recruitment and selection of staff
Lack of proper training
High staff turnover
Developing Level 0 risks…
The failure of ERCA to maintain high quality of staff supported by appropriate recruitment, selection and placement will lead not to meet ERCA’s objectives . rates Lack of specialised training centres Lack of experience sharing Lack of knowledge about how to handle complaints
Lack of integrity
HRM and Development
The risk should be expressed as a threat posed to achieving the business intent rather than in terms of observed behaviours.
Wednesday, June 11, 2014 ERMF 33
Poor service delivery
Poor handling of customers Lack of commitment and accountability Customer service and support
Steps …
Developing level 1 risks
Separate out the sub-categories of the risk based on
obstacles identified in step 2 obstacles identified in step 2.
Articulate each sub category as a risk to meeting the
Articulate level 1 risks
The failure of ERCA to Employee Retain Failure to retain experienced RetainBased on the obstacles identified – articulate sub risks
HRM and Development ERCA to maintain high quality of staff supported by appropriate recruitment, selection and experienced employee Employee recruitment Failure to recruit qualified personnel to deliver our services and Recruit placement will lead not to meet ERCA’s
objectives .
engage with clients.
Develop employee’s capacity Failure to upgrade employee’s capacity Develop
Steps …
Developing consequence and likelihood criteria
1. Brainstorm observable evidence of “failure and success” – working off existing risk categories
2. Prioritise and group evidence into key factors
3. Place each factor as a starting point in the Consequence criteria matrix
4. Draft first cut of risk consequence criteria for an example risk
Consequence Criteria
Consequence Levels
Low Medium High Very High Extreme
Corporate image The perception The perception The perception The perception The perception
EXAMPLE: ERCA ER (Integrity)
Developing consequence and likelihood criteria...
image The extent to which ERCA practice sound working relationship with customers and p p of tax payers to ERCA is poor p p of tax payers to ERCA is very poor p p of tax payers to ERCA is bad p p of tax payers to ERCA is very bad p p of tax payers to ERCA is worse The perception of stakeholders The perception of stakeholders The perception of stakeholders The perception of stakeholders The perception of stakeholders stakeholders to ERCA is poor to ERCA is very poor to ERCA is bad to ERCA is very bad to ERCA is worse Corruption The extent to which ERCA staff liable to corruption The number of corrupted staff <0.5% The number of corrupted staff is between 0.6-1% The number of corrupted staff is between 1.1-1.5% The number of corrupted staff is between 1.6-2% The number of corrupted staff >2.1% Likelihood
Developing consequence and likelihood criteria…
Likelihood rating Risk probability
Rare 0-5% chance of occurring
Unlikely 6-30% chance of occurring
Even Chance 31-70% chance of occurring
Even Chance 31 70% chance of occurring
Likely 71-95% chance of occurring
Developing consequence and likelihood matrices
Developing consequence and likelihood criteria…
ERCA – Enterprise level risk matrix
Extreme High† High† Severe Catastrophic Catastrophic
Consequence
Very High Significant Significant High Severe Severe
High Moderate Significant Significant High High
Medium Low Moderate Significant Significant Significant
Low Low Low Moderate Moderate Moderate
Rare Unlikely Even Chance Likely Almost Certain Likelihood
Management action for Enterprise level risks Risk level Actions to be taken
C t t hi C i i t Di t G l ith d i
Developing consequence and likelihood criteria…
Catastrophic Crisis management - Director General with advice to the Government
Severe ERCA board level response. High Enterprise risk owner response. Significant Divisional executive response. Significant Divisional executive response.
Moderate Directorate level response, may involve monitoring only.
Steps …
Assigning roles and responsibilities
1.Decide Ownership of level 1 risks – must have
appropriate level of sponsorship and overseeingpp p p p g
governance. Who will be responsible for the outcomes? Must be linked to performance indicators of the individual
2.Assign risk managers to drive the development of consequence criteria. Who will manage the operational
d h ?
aspects and report to the sponsor?
Wednesday, June 11, 2014 ERMF 41
Steps
…Developing a forward plan Establishing periodic
review and maintenance of the risk and criteria
Scheduling:
review and maintenance of the risk and criteria
1.Decide what risk deliverables are possible in 6 months, 12 months, or longer term
2.What other deliverables are required? (tools, products and processes)
• What are the first steps?p
• What will we have in 6mths time? • Who is responsible?
Tolerance settings are an important aspect of Enterprise
Risk Management. They establish the threshold at
which the various risk owners should start to become
Tolerance Setting for Risks
concerned about the extent to which their risk is manifesting.
Enterprise level
Enterprise level risk owners are responsible for
developing risk specific consequence descriptions for enterprise level risks Enterprise level risk owners enterprise level risks. Enterprise level risk owners should add criteria specific for their risk category and levels that are equivalent to the levels outlined in the enterprise risk consequences table.
• Regular reports made available to executive
management board and audit committees that inform how key risks (Enterprise wide risks, strategic risks
ERMF Management Reporting
and emerging risks) are being managed
• Some of the basic questions that the reports should
answer include:
• What are the risks and the level of each risk?
• What has been done about them?
• Who is responsible for managing the risk?
• Has the level of risks changed as a result of
implementing risk treatment?
Reporting…
• What are the risks that need to be escalated to strategic
risks?
• What are the risks that are no longer regarded as
strategic risks and why?
• In ERCA Every risk owner should report to the ERMF
Owner (Risk Management Directorate) about the status of each risk. The ERMF owner is responsible to check and monitor the status and need to support each risk owner and also report to the risk management
Wednesday, June 11, 2014 ERMF 45
risk owner and also report to the risk management committee / risk champion.
ERMF Committee
If there is already a risk champion/committee no need to form again a new committee it can be used for ERMF as well
ERCA Enterprise Risk Categories
The following lists are the current working set of high level enterprise risks for ERCA. In the language of an ERMF these risks are referred to as Level 0 and level 1 risks.
Level 0 Level 1
Human Resource Management
Retain Recruit Develop Ethi / l
ERCA Enterprise Risk Categories
Ethics/values
Integrity Fraud Corruption and Control Knowledge Management
Revenue Revenue tracking
Payment compliance Governance
Resources/ Facilities
Education, Communications and awareness
Wednesday, June 11, 2014 ERMF 47
Research
Service delivery Debt Management Channel management Compliance Customs Turnover Tax VAT Income Tax
AMESEGNALEHU
AMESEGNALEHU
THANK YOU
Case Study on
h C
l h f
i i
Integration of a Risk Management
Model into ASYCUDA World
The Commonwealth of Dominica
29-October-2013
The Commonwealth of Dominica
~65,000 people
Relatively small but
skilled customs department
An excellent country to test new methods!
Motivated risk staff
Complex regional setting
Modern IT infrastructure
Migrated to ASYCUDA World
Migrated to ASYCUDA World from ASYCUDA++ in 2010
ASYCUDA risk management concepts originated from Ethiopia
3 year program
12 countries
Focused on:
1. Tax Administration 2. Customs Management 3. Public Financial Management 4. Regional Training & ICT Support
51
Has benefited from the experience of others around the world (ex: Ethiopia)
Presentation Agenda & Key Messages
Part 1: Basic Information Technology Concepts Risk management concepts are heavily dependent on IT
A basic understanding is important (only 3 slides)!!
Part 2: Overview of the SEMCAR Standard Reference Model
Designed to be comprehensive
Spans agencies (tax, customs and others)
Comprised of 9 components that work together
52
Part 3: Integrating ASYCUDA World
Primarily focused on selectivity
Integration achieved using a 10 step process
Information Technology
Part I
Technology – ETL Example
55
ADS Infrastructure
The Standard Reference Model
Part II
Reference Model Concepts
– 4.1 - Master Lists
– 4 2 The Taxpayer / Trader Lookup
– 4.2 - The Taxpayer / Trader Lookup
– 4.3 - Automated Data Exchange
– 4.4 - Core Inconsistency Checks
– 4.5 - Entity Profiling
– 4.6 - Customs Transactions Control
– 4.7 - Internal Process Controls4.7 Internal Process Controls
– 4.8 - 360° Reporting
4.1 – Master Lists
• Purpose– To define and administer, in a single location, a structured view of the world • Components
– Risk Register
– Risk Response/Intervention Action Items
– Debtors List
– Fraud List
– Watch List
– Non-Filer/Stop-Filer List
– Profiling Exceptions List C Ri k Cl ifi i Li
– Country Risk Classification List
– Customs Codes (Tariff) Risk Classification List
– Customs Procedure Codes (CPC) Risk Classification List
– Sector (Activity) Code Risk Classification List
– Bonded Warehouse Risk Classification List
– Customs Clearance Points Risk Classification List
59
Classification lists enable the development of sophisticated analytical models
All risk lists should use a matrix scoring approach
Key question
Key question – “Risk of/to what?”
Try to clearly segment types of classifications: 1. Security 2. Revenue 3. Strategic O i l Impact 60 4. Operational
Language and definitions
The method of determining a risk classification depends on the list
For HS Codes, we’re using a
blend of statistical functions and local knowledge
Basic lists can be generated
and administered in Excel, no
hi ti t d IT ft
61
sophisticated IT software or systems are required
Example: HS Codes
4.2 – The Taxpayer / Trader Lookup
• Purpose
1. To validate identity of a physical person or entity
2. To communicate a cohesive message from across institutions 3. To “route” the taxpayer / trader for special handling, if required
• Characteristics
– Minimum of one input parameter (taxpayer identifier)
– May return photographs & basic registration information
– May return identification information from identification cards—proof of existence!
– Returns the results of “list checks” – ex: Debtor, Fraud & Watch, Non- & Stop-Filer
63
4.3 – Automated Data Exchange
• Purpose
1. To facilitate cohesive compliance activities across institutions 2. To construct a comprehensive view of a taxpayer
2. To construct a comprehensive view of a taxpayer
3. To open-up the possibility for developing regional risk-based controls
• Characteristics
– Automated exchange is key!!
– Soft-media (excel, email, CDs, USB drives) should be avoided
– Packages for exchange to be scheduled in a single location on a dedicated ETL server
– “Push” vs. “Pull”Push vs. Pull
• Partners
– Domestic: Tax, Customs, Treasury, Business Registration, Property Tax, Motor Vehicles, Internal Affairs?
– International (Regional): Tax, Customs, Interpol, Anti-Money Laundering Agencies 64
Automated Data Exchange
65
4.4 – Core Inconsistency (“Fraud”)
Checks
• Purpose
1. To identify and systematically investigate obvious inconsistencies 2. To identify and respond to cases of potentialfraud
• Characteristics
– Inconsistencies should be added to appropriate lists (“Fraud”) in a tentative status
– Both automated and manual checks (via reports) should be developed
– Checks should also account for internal discrepancies
• Key Partners
– Domestic: Tax, Customs, Treasury, Property Tax, Motor Vehicles
Dashboard: Inconsistency Reports
67
4.5 – Entity Profiling
• Purpose
1. To objectively measure the relative risk and impact of a taxpayer on revenue
2. To provide a basis for allocating and directing compliance resources
3. To provide a basis for enforcing internal process controls
• Characteristics
– Risk measurements are to source data from multiple organizations
– Measurements are to be organized into two dimensions
– The compilation of measurements results in a risk “profile”
– Profiles are to be calculated daily
– High risk taxpayer profiles are to be automatically added to the “Watch List"
Approach to Entity Profiling (Revenue)
•
X
statistical deviant
–Mandatory domestic audit Matrix Model
–Auto-add to watch list
–Key input to ASYCUDA selectivity
•
Population:
tax center / tax year
X X X X X X X X X X X X X
X X X X X X XX X X X
X X X X X XX X X
X X X X X X X
X X X X X
tax center / tax year
X X X X XX X X
Financial Importance (FI)
4.6 – Customs Transactions Control
• Purpose
1. To objectively measure the relative risk & impact of a transaction
2. To maximize compliance/control resources
• Characteristics
– Requires a selectivity function (technical)
– Measurements to be organized into two dimensions
– Processes inputs from declarations / manifests
– Compares inputs against historical values, lists and shared risk profiles
– Computes a score, per-transaction
– Routes transactions through standard channels for handling
71
4.7 – Internal Process Controls
• Purpose
1. To objectively control key processes on the basis of risk profiles
2. To empower administrations by limiting discretion in sensitive areas
3. To route sensitive requests for special handling
• Characteristics
– Requires access to calculated risk profiles
• Key Processes – Audit Case Selection
– Refund Approvals
– Changes to Registration
– Clearance Certificates
Internal Process Controls
73
4.8 – 360° Reporting
• Purpose
1. To provide actionable, comprehensive views of taxpayers and events 2 To provide basic analytics management operational and other reports 2. To provide basic analytics, management, operational and other reports
3. To limit access to DBAs (IT) – and provide authoritative information in a single location – to force a shared view of the world
• Characteristics
– Requires direct access to data sources from C&TA – as well as Treasury/Motor Vehicles/Property Tax & Others
– Alternately, requires that data be imported daily through ETL operations
– Reports to be exposed on a general purpose reporting dashboard • Components
– Enterprise Reporting Dashboard
– Standard Compliance Model
• Internal Data
• External Data
• Risk Measurements
Dashboard: 360° Reporting
75
4.9 – Risk Maturity Scorecards
• Purpose
1. To provide a method of formally recording organizational risk maturity
2. To provide a means of publishing results and tracking progress over time
• Characteristics
– Assessed scores roll-up to summary – red/yellow/green performance indicators • Components – Summary Scorecard • Culture • Experience • Process • Application 76
77
Integrating ASYCUDA World
Approach to ASYCUDA Integration
– Achieved through customization of the selectivity module
– Designed to handle three categories of transactions:
1. Transactions associated with “gold card” traders 2. Transactions requiring mandatory intervention 3. All other transactions (representing “uncertainty”)
– Requires a fundamental shift in thinking – from criteriaRequires a fundamental shift in thinking from criteria based on selection percentages to analytical scoring
– Selectivity is structured for layered analysis (4 layers)
79
Risk Model: Layer 1 – Basic Selectivity
Risk Model: Layer 2 – Special Criteria
– Limited, mandatory selection criteria that is set by the RMU
– Alternately, criteria may be established by a policy directive of the
government
Any match against these
81 – Any match against these
criteria results in 100% routing to an appropriate channel
Risk Model: Layer 3 – Random
Selection
– Random selection is used to ensure that the Layer 1 model is valid
– The volume of
transactions selected for red / yellow lane processing should be higher during the
introduction of the model and gradually reduced
Risk Model: Layer 4 – Release & PCA
– If a declaration is not selected for channeling by Layers 1 through 3, it may be eligible for green may be eligible for green-lane or post-clearance treatment
– In Layer 4, only the [RA] dimension is used when analyzing the declaration
83 – If the trader has
“gold-card” status, then Layer1 (basic selectivity) is ignored but Layer 4 still applies
How to implement the model?
The 10-step process is described in the :“SEMCAR Quick Reference Guide – Configuring ASYCUDA World for the SEMCAR Risk-Based Selectivity Module”
84 At the senior management level, you should be aware of 4 principle components of implementation
Tariff Codes Country of Origin
ASYCUDA World
Steps 1 – 5: Configure ASYCUDA &
Import Classification Lists
CPC Codes
Customs Importer Profile Customs Declarant Profile Country of Consignment Special Requirements Special Classifications Others…
• Risk classifications are determined at a granular level, using a blend of statistical methods and local knowledge
Step 6: Run the Model Against
Historical Transactions and Determine
Steps 7 – 8: Create New Criteria &
Consolidate / Eliminate Old
– Three categories of criteria:1 L 1 B i S l ti it (i l d l i f “ ld d”
1. Layer 1 – Basic Selectivity (includes logic for “gold card” holders)
2. Layer 2 – Special (“Mandatory”) Criteria
3. Informational Criteria
– See appendices in the Quick Reference Guide for an example of the selectivity criteria code used for Layer 1
Step 10: Introduce the Model as a Pilot
– Select an office for the pilot where the type of transactions/trade is diverse
– Formally train officers in the concepts being implemented so they know what to expect
– To gauge success, you need to be certain that the model actually increases rather than decreases revenue
Collect statistics in advance of the pilot (revenueCollect statistics in advance of the pilot (revenue contribution, hit rates with existing criteria, etc.)
– Pilot for a minimum of 3 months; be aware of seasonal issues that could influence statistics
Challenges Encountered
– Non-commercial trade and simplified / short-forms
– Changing culture so that officers trust the model
– Getting high quality inspection act forms into ASYCUDA
– Abstract thinking and compartmentalizing risk-response
– Abstract thinking and compartmentalizing risk-response measures
