The risk management model comprises six phases:
- Identifying risks
This phase involves a general risk review. It involves sequenced steps:
- Collect and analyse data;
- Produce information on the basis of such data;
- Analyse risks;
- Map risks.
- Prioritizing risks
This phase involves analysis of:
- The frequency of different risks;
- The consequences of risks (financial and immaterial, such as the public image of social security).
- Analyse the causes of risks
This phase should make it possible to distinguish between:
- The complexity of administrative processes;
- The lack of clarity in rules;
- The existence of grey zones, gaps or unsupervised areas;
- The efficiency of existing controls;
- Problems related to skills and the lack of adequate resources to detect, prevent and address EEF;
- Lack of communication with beneficiaries and contributors;
- Conflict with other public policies and initiatives.
- Defining initiatives to address and correct EEF
This relates specifically to:
- Deterrent actions that may result in sanctions.
- Planning and implementing
This phase involves implementing, in a planned manner, prevention, detection and deterrent actions.
- Monitoring and evaluating
This phase involves evaluating the measures taken to inform an update of the risk assessment strategy. The strategy as a whole should be revised.