Presentation is loading. Please wait.

Presentation is loading. Please wait.

Determining Where Resources Are Most Needed

Published byNelson Baker Modified over 6 years ago

Similar presentations

Presentation on theme: "Determining Where Resources Are Most Needed"— Presentation transcript:

1 Determining Where Resources Are Most Needed
The Concept of Risk

2 Achieving Impact in Auditing

3

4 The Concept of Risk My early audits: Park chair audit.
Book of remembrance entries. Car park income.

5 What Is Risk? Does It Really Matter?

6 WHY DOES IT MATTER? “When anyone asks me how I can describe my
experience of nearly forty years at sea, I merely say uneventful. Of course there have been winter gales and storms and fog and the like, but in all my experience, I have never been in an accident in any sort worth speaking about. I have seen but one vessel in distress in all my years at sea... I never saw a wreck and have never been wrecked, nor was I ever in any predicament that threatened to end in disaster of any sort” from a paper presented by EJ Smith, 1907

7 IT MATTERS! On 14 April 1912, HMS Titanic sank with the
loss of 1500 lives..... One of which was its captain E J SMITH

8 But does any of this really matter
NOW?

9 Risk Management Casualties.
Barings BCCI Hoover Sumitomo Bank Enron World Com. Parmalat Andersons

10 Pressures Greater transparency Better governance
Better ethical standards Need for early warning systems Demands for higher quality services New legislation Systems reform/project management

11 What Is Risk? Definition of Risk.
The threat that an event or action will adversely affect an organisations ability to achieve its business objectives and execute its strategies successfully Source :- The Economist Intelligence Unit

12 Business Risk Definition 2
The chance of something happening that will have an impact on business objectives Source :-Aus/NZ Risk Mgt Standard

13 Surprises Any organization that has encountered unwelcome surprises or unexpected losses will realize that most were preventable. Such events will almost certainly have been caused by risks that were not fully understood, or the processes to mitigate those events being inadequate.

14 Wrong assumptions about risk
Risk is just something for finance and insurance to worry about Risk comes up on the agenda once a year Risk management is just another layer of unnecessary bureaucracy Risk management is about downside not creation of value Risk is a compliance issue

15 Risk Management International expectations are now that all organisations should: Identify, evaluate and manage their key risks and assess how they are controlled Ensure that all aspects of internal control and risk management are regularly reviewed on an appropriate cyclical basis Have regular board level reviews of reports on risk management and internal control

16 Risk Management And that:
Risk management and internal control should be: Embedded in the operations of an organisation Capable of responding to the changing risks it faces Include procedures for reporting major weaknesses immediately to appropriate levels of management

17 Risk Management In the UK all public bodies have been told:
“…it is important that authorities have arrangements in place for reviewing both the nature and severity of risks…such a review should not just be to “obvious tangible” risks such as arson,vandalism and other damage to property..risk management should be an integral part of an authority’s overall management arrangements.”

18 Risk Management It went on to add:
“In order to be successful it is likely that the approach will be cross-departmental and inter-disciplinary and that senior management will demonstrate commitment.”

19 The AUS/NZ Risk Management Process
Establish the context Identify risks Analyse Evaluate Treat Communicate Monitor and Review

20 Risk Identification and evaluation

21 Types of Risk Strategic Operational Reputation Information Financial
People Regulatory

22 Strategic Risks Risks that relate to doing the wrong things

23 Operational Risks Risks that relate to doing the right things in the wrong way

24 Information Risks Risks that relate to loss or inaccuracy of data ,systems or reported information

25 Financial Risks Risks that relate to losing monetary resources or incurring unacceptable liabilities

26 People Risks The risks associated with Employees and Management

27 Regulatory Risk The Risks related to the regulatory environment

28 Reputation Risk Risks that relate to the organizations brand or image

29 Inherent and Residual Risk
Inherent risk = Gross risk before controls/ mitigation Residual risk = Risk remaining after applying controls

30 Evaluation and Measurement of Risk
Risk is measured in terms of consequences (or impact) and likelihood (or probability)

31 Consequences Likelihood
Monetary (% of income or budget) Reputation Ability to recover Effect on Organisation Insignificant,Minor, Moderate,Major Catastrophic Rare (less than once in 20 years) Unlikely (once in years) Possible (once in 10 years) Likely (once in 3 years) Almost Certain (once a year)

32 Questions you need to answer
What are the worst things that could happen to us? How likely are they to happen? Are we taking sufficient steps to prevent them?

33 Risk Matrix Likelihood Impac t Most Severe Major Moderate Minor
Insignificant Rare Unlikely Possible Likely Almost Certain Impac t

34 Measurement of Risk:- Risk Matrix
6 8 9 3 5 7 1 2 4 HIGH Impact Of Risk LOW Unlikely Likely Likelihood of Occurrence

35 RISK MATRIX High 15 16 18 19 1 2 4 3 17 20 21 5 6 7 8 22 23 25 9 10 11 IMPACT 12 13 14 28 26 27 24 Low LOW HIGH LIKELIHOOD

36 Risk Matrix Over £5 million OR Questions raised in Parliament
Important risks – might potentially affect provision of key services or duties Key risk- may potentially affect provision of key services or duties Immediate action needed - serious threat to provision and/or achievement of key services or duties Monitor as necessary - less important but still could have a serious effect on the Monitor as necessary - less important but still could have a serious effect on the provision of key services or duties Key risks - may potentially affect No action necessary Monitor as necessary - ensure being properly managed Monitor as necessary - less important but still could have a serious effect on the provision of key services or duties £2million-£5 million OR Reported in National Press £500,000 - £2 Million OR Reported in Local Paper £100,000 - £500,000 OR Unacceptable levels of Complaints Under £100,000 OR Some complaints from individuals. Unlikely-Once in years Possible- Once in 10 years Likely-Once in 3years Certain- Once a year Rare- once in 20 years

37 Treatment of Risks How are we going to manage the risks that we have identified down to a level that we can live with.

38 Measure, Manage, Monitor, Report
Risk Treatment Risk Transfer Exposure Insure Outsource Determine Evaluate Recover Cost Reduce Control Loss reduction Contingency Plans BCP Measure, Manage, Monitor, Report Action Plans

39 RISK MAP High 15 16 18 19 1 2 4 3 17 20 21 5 6 7 8 22 23 25 9 10 11 IMPACT 12 13 14 28 26 27 24 Low LOW HIGH LIKELIHOOD

40 The Risk Management Process

41 Risk Management Framework
Embrace the issue of risk Manage not tolerate Make it a top down process Ensure a positive slant Make it the pulse of your organisation

42 The Risk Management Cycle
Risk Identification Monitoring & Review Risk Analysis Risk Control

43 Risk Identification Process
Clarification of Strategic Business Objectives Consideration of threats to achievement Identification of key risks and opportunities Sifting and clustering of output Evaluation of risks (by impact and likelihood of occurrence) Use of Workshops

44 Use of Workshops

45 Workshop Ingredients ACCURATE FACILITATOR ASSESSMENT CHALLENGER
FRAMEWORK And CONTROL RISK And CONTROL EXPERTISE PARTICIPANTS BUSINESS And PRACTICAL EXPERIENCE

46 Typical Agenda for a Workshop
Introduction Discussion of objectives/processes Brainstorming of risks Categorisation Assessment of risks

47 Risk Mitigation Process
Evaluation of actions in place to reduce risks Identification of risk exposures and latent opportunities Assessment of the effect of mitigation Development of focussed action plans Preparation of a Risk Register

48

Download ppt "Determining Where Resources Are Most Needed"

Similar presentations

The Risk Management Process (AS/NZS 4360, Chapter 3)

The Risk Management Process (AS/NZS 4360, Chapter 3)
More than OH&S. Definitions of Risk Risk is virtually anything that threatens or limits the ability of a community or non-profit organisation to achieve.

More than OH&S. Definitions of Risk Risk is virtually anything that threatens or limits the ability of a community or non-profit organisation to achieve.
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Mindari Session Scoutsafe and Risk Management By RL Brian See

Mindari Session Scoutsafe and Risk Management By RL Brian See
Chapter 14 Fraud Risk Assessment.

Chapter 14 Fraud Risk Assessment.
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
Enterprise Risk Management for Insurance Companies by George Orros Chief Executive, Universal Health Consultants.

Enterprise Risk Management for Insurance Companies by George Orros Chief Executive, Universal Health Consultants.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
The Risk Management Process

The Risk Management Process
1 Risk management and Investigation Peter Roberts

1 Risk management and Investigation Peter Roberts
PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting
Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk.

Systemise your compliance management Peter Scott Consulting
Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.

Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.

Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
What is Risk Management - Panel Discussion Tony Whitworth Vice-President Finance & Resources.

What is Risk Management - Panel Discussion Tony Whitworth Vice-President Finance & Resources.
RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.

RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.

Similar presentations

Ads by Google