Organisational Risk Management Plan: The Application of FMEA Methodology

Introduction

The public organisations are subject to strong pressures due to the need for a constant updating, the growing complexity inherent to the introduction of new procedures and technologies, and due to a greater involvement of citizens. These pressures may cause failures in the internal control system, exposing organisations to a high number of risks, such as corruption and related infractions, which are unexpected, inopportune, and which can also reach large proportions (Domnişoru, Ogarcă & Dragomir, 2017). Thus, organisations should identify and assess the risks which threaten their activity in order to implement control mechanisms to mitigate them, without hindering the accomplishment of objectives and the sustainability of the organisation (Pinho, 2014).

A good internal control system can help create conditions for limiting illicit activities and is a good method of combating corruption, and for this reason has been adopted for this purpose by several governments and organizations (Shu, Wang, Zhao & Zheng, 2014; Lonescu, 2015) So, the Portuguese municipalities have been focused on identifying and validating risks associated with corruption and related infractions, and have been developing adequate control mechanisms to prevent them, through the creation of the PPRCRI, recommended by the Council for Prevention of Corruption (CPC), through recommendation Nº. 1/2009 of 1^st July (DR no. 140, 2nd series, of July 22, 2009). On 7 April 2010, the CPC reinforced the need for the preparation of prevention plans and their publication on the Internet site, recommendation no. 1/2010. In 2011 the CPC approved two recommendations: one on July 6 “prevention of risks associated with privatization processes” and another on September 14 “plans for risk prevention in the tax area”. The CPC approved on November 7, 2012, a recommendation regarding “conflict management of public sector interests”, this recommendation expresses the duty to include a reference to this in the reports on the implementation of the risk prevention plans. In 2015, three recommendations were approved, the first to January 7 on “Prevention of Corruption Risks in Government Procurement” and the second and third, on July 1, one recommends that the Plans should appoint sector managers and a general execution and monitoring and that the entities develop training, dissemination, reflection and clarification of these Plans and another is about “combating money laundering”. Finally, in 2017, the recommendation “Permeability of the Law to risks of fraud, corruption and related infractions” was approved on May 4, 2017. The creation of the Plan for Prevention of Risks of Corruption and Related Infractions (PPRCRI) should take into account that risk management, associated with any organisational activity, is essential to ensure its success, considering that an ineffective risk analysis can lead to non-detected failures which may have a considerable impact on the organisational performance and outcomes. However, the above recommendation does not include any guiding methodology, and thus, this task is left up to the team responsible for the creation of the PPRCRI. Having identified this failure, the authors propose, in this work, to adopt the methodology Failure Mode and Effects Analysis (FMEA) for risk management while developing the plan (Ochrana, Milan & Michal, 2015).

The authors will apply this methodology specifically to the contract works service of Oliveira de Azeméis City Council, a council of the metropolitan area of Porto located in the north of Portugal with an area of approximately 164 Km² and a few more than 20,000 inhabitants. This service is usually integrated in the Municipal Division of Contract Works and Concessions and exists in all the remaining Portuguese municipalities, transferring considerable amounts of funds and affecting many and varied local interests. In this study, the effects, the causes of occurrence, and the risk priority numbers (RPN) will be identified, taking into account the risk management standard of the Federation of European Risk Management Associations (FERMA), FMEA methodology (Pinho, 2014), and the guide suggested by the Portuguese court of auditors (see Annex 1).