Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 2 – Risk Management Process

Published byAubrey Terry Modified over 5 years ago

Similar presentations

Presentation on theme: "Lecture 2 – Risk Management Process"— Presentation transcript:

1 Lecture 2 – Risk Management Process www.notes638.wordpress.com
BBK3253 | Risk Management Prepared by Khairul Anuar Lecture 2 – Risk Management Process

2 Definitions Risk is defined as 'the chance of something happening that will have an impact on objectives'. It is, therefore, important to understand what the objectives of the company, subsidiary, work unit or your position, are, prior to attempting to analyse the risks.

3 Definitions Risk Management is defined "the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, assessing, treating, monitoring and communicating".

4 What is Risk Management?
A process to Identify Assess Manage and Control potential events or situations to provide reasonable assurance regarding the achievement of organizational objectives.

5 The Risk Management Process
It is an iterative process that, with each cycle, can contribute progressively to organisational improvement by providing management with a greater insight into risks and their impact. Risk management can be applied to all levels of an organisation, in both the strategic and operational contexts, to specific projects, decisions and recognised risk areas.

6 The 8 Step Risk Management Process
Identify the Risks 2. Identify the Causes 3. Identify the Controls 4. Establish your Likelihood and Consequence Descriptors 5. Establish your Risk Rating Descriptors 6. Add other Controls 7. Make a Decision 8. Monitor and Review

7 The 8 Step Risk Management Process
Identify the Risks: List the things that might inhibit your ability to meet your objectives. You can even look at the things that would actually enhance your ability to meet those objectives eg. a fund-raising opportunity. These are the risks that you face eg. loss of a key team member; prolonged IT network outage; delayed provision of important information by another work unit/individual; failure to seize a commercial opportunity etc. Look at history and future estimates.

8 The 8 Step Risk Management Process
1. Identify the Risks: This involves driving events/conditions from: External Environment Economic-price movements, lower barriers Natural environment-floods, fire Social-changing demographics, life priorities Technological Internal Environment Infrastructure, personnel, process.

9 The 8 Step Risk Management Process
2. Identify the Causes: Try to identify what might cause these things to occur Eg. the key team member might be disillusioned with his/her position, might be head hunted to go elsewhere; the person upon whom you are relying for information might be very busy, going on leave or notoriously slow in supplying such data; the supervisor required to approve the commercial undertaking might be risk averse and need extra convincing before taking the risk etc.

10 The 8 Step Risk Management Process
3. Identify the Controls: Identify all the things (controls) that you have in place that are aimed at reducing the Likelihood of your risks from happening in the first place and, if they do happen, what you have in place to reduce their impact (consequence) Eg. providing a friendly work environment for your team; multi-skill across the team to reduce the reliance on one person; stress the need for the required information to be supplied in a timely manner; send a reminder before the deadline; provide additional information to the supervisor before he/she asks for it etc.

11 The 8 Step Risk Management Process
4. Establish your Likelihood and Consequence Descriptors The organisation will be required to determine the likelihood and consequences of a risk occurring in the given environment.   These ratings might include the likelihood of a catastrophic outcome or it could be a very unlikely outcome with limited consequences to the function of the organisation.

12 The 8- Step Risk Management Process
4. Establish your Likelihood and Consequence Descriptors Remembering that these depend upon the context of your analysis ie. if your analysis relates to your work unit, any financial loss or loss of a key staff member, for example, will have a greater impact on that work unit than it will have on the organisation as a whole Those descriptors used for the whole-of-organisation (strategic) context will generally not be appropriate for the departments, other work unit or the individual eg. a loss of $300,000 might be considered insignificant to the organisation, but it could very well be catastrophic to your work subsidiary.

13 The 8 Step Risk Management Process
5. Establish your Risk Rating Descriptors: What is meant by a Low, Moderate, High or Extreme Risk needs to be decided upon ahead of time. Because these are more generic in terminology though, you might find that the organisation’s strategic risk rating descriptors are applicable.

14 The 8 Step Risk Management Process
6. Add other Controls: Generally speaking, any risk that is rated as High or Extreme should have additional controls applied to it in order to reduce it to an acceptable level. What the appropriate additional controls might be, whether they can be afforded, what priority might be placed on them etc is something for the group to determine in consultation with the senior management. Head of the work unit (subsidiary) who, ideally, should be a member of the group doing the analysis in the first place.

15 The 8 Step Risk Management Process
7. Make a Decision: Once the above process is complete, if there are still some risks that are rated as High or Extreme, a decision has to be made as to whether the activity will go ahead. There will be occasions when the risks are higher than preferred but there may be nothing more that can be done to mitigate that risk ie. they are out of the control of the work unit but the activity must still be carried out. In such situations, monitoring the circumstances and regular review is essential.

16 The 8 Step Risk Management Process
8. Monitor and Review: The monitoring of all risks and regular review of the unit's risk profile is an essential element for a successful risk management program.

17 Risk Assessment Risk evaluation involves determining the significance of the level and type of risk and working decisions about future activities. In determining the significance of the risks, normally a risk assessment matrix is used. Figure below shows an example of a Risk Assessment Matrix (RAM). Almost Certain 4 M4 S8 S12 H16 Likely 3 M3 S6 S9 Unlikely 2 L2 Rare 1 L1 Negligible Minor 2 Major 3 Critical 4 L I KE HOOD CONSEQUENCES

18 Risk Assessment Using the RAM and the rating of consequences and likelihood earlier, you can then find the risk rating by multiplying the scale of likelihood with consequences for each risk event. After the risk rating has been determined, we need to decide on the future action. In determining the action, we can establish a Risk Action Table as shown in the previous table Using the table, the appropriate action can be decided immediately.

19 Risk Assessment Example of Risk Action Table

20 Treatment of Risk Risk treatment involves identifying the range of options for treating risk, assessing those options, preparing risk treatment plans and implementing them. The options available for the treatment of risks include: Retain/accept the risk Reduce the Likelihood of the risk occurring Reduce the Consequences of the risk occurring Transfer the risk Avoid the risk

21 Treatment of Risk Retain/accept the risk - if, after controls are put in place, the remaining risk is deemed acceptable to the organisation, the risk can be retained. However, plans should be put in place to manage/fund the consequences of the risk should it occur. Reduce the Likelihood of the risk occurring - by preventative maintenance, audit & compliance programs, supervision, contract conditions, policies & procedures, testing, investment & portfolio management, training of staff, technical controls and quality assurance programs etc.

22 Treatment of Risk Reduce the Consequences of the risk occurring - through contingency planning, contract conditions, disaster recovery & business continuity plans, off-site back-up, public relations, emergency procedures and staff training etc. Transfer the risk - this involves another party bearing or sharing some part of the risk by the use of contracts, insurance, outsourcing, joint ventures or partnerships etc.

23 Treatment of Risk (5) Avoid the risk - decide not to proceed with the activity likely to generate the risk, where this is practicable.

24 Risk Likelihood Descriptors
Rating Description Likelihood of Occurrence 1. Rare/Highly unlikely, but it may occur in exceptional circumstances. It could happen, but probably never will. 2. Unlikely/Not expected, but there's a slight possibility it may occur at some time.

25 Risk Likelihood Descriptors
3. Possible - The event might occur at some time as there is a history of casual occurrence at the organization &/or similar organizations. 4. Likely/There is a strong possibility - the event will occur as there is a history of frequent occurrence at the institution and/or similar institutions.

26 Risk Likelihood Descriptors
5. Almost Certain/Very likely -The event is expected to occur in most circumstances as there is a history of regular occurrence at the company/organisation.

27 What mode do you go into if Risk Management fails
Question What mode do you go into if Risk Management fails

28 Case studies for next week
1. Risk Management in Vodafone plc Refer pages 51, 32 – 37 of 2015 Annual Report 2.. Singapore Airlines Risk Management Framwork

Download ppt "Lecture 2 – Risk Management Process"

Similar presentations

The Risk Management Process (AS/NZS 4360, Chapter 3)

The Risk Management Process (AS/NZS 4360, Chapter 3)
More than OH&S. Definitions of Risk Risk is virtually anything that threatens or limits the ability of a community or non-profit organisation to achieve.

More than OH&S. Definitions of Risk Risk is virtually anything that threatens or limits the ability of a community or non-profit organisation to achieve.
RISK ANALYSIS.  Almost all of the things that we do involve risk of some kind, but it can sometimes be challenging to identify risk, let alone to prepare.

RISK ANALYSIS.  Almost all of the things that we do involve risk of some kind, but it can sometimes be challenging to identify risk, let alone to prepare.
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Mindari Session Scoutsafe and Risk Management By RL Brian See

Mindari Session Scoutsafe and Risk Management By RL Brian See
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.

Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.
Project Management.

Project Management.
Risk Analysis & Management. Phases Initial Risk Assessment Risk Analysis Risk Management and Mitigation.

Risk Analysis & Management. Phases Initial Risk Assessment Risk Analysis Risk Management and Mitigation.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Risk Management Infection prevention and control (IP&C) professionals have, amongst other things, duty to identify unsafe and hazardous IP&C practices.

Risk Management Infection prevention and control (IP&C) professionals have, amongst other things, duty to identify unsafe and hazardous IP&C practices.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
1 Risk management and Investigation Peter Roberts

1 Risk management and Investigation Peter Roberts
8 Managing Risk Teaching Strategies

8 Managing Risk Teaching Strategies
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.

Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.

Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
Chapter 11: Project Risk Management

Chapter 11: Project Risk Management

Similar presentations

Ads by Google