Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation 3: Applying Risk: Key Risk Management Tools Andrew Graham School of Policy Studies Queen’s University Kingston, Canada Workshop on Risk and.

Published byDiane Eaton Modified over 9 years ago

Similar presentations

Presentation on theme: "Presentation 3: Applying Risk: Key Risk Management Tools Andrew Graham School of Policy Studies Queen’s University Kingston, Canada Workshop on Risk and."— Presentation transcript:

1

2 Presentation 3: Applying Risk: Key Risk Management Tools Andrew Graham School of Policy Studies Queen’s University Kingston, Canada Workshop on Risk and Enterprise Risk Management Southern Africa Development Community April, 2014 Gaborone, Botswana

3 Section 1: Risk Ranking and Risk Tolerance

4 Establish the Context Consider the outcomes you want to achieve in your activity Consider the environment in which your organization operates Identify internal and external stakeholders Develop risk evaluation criteria. For example, you may decide that one criterion for deciding whether a risk is acceptable or not is that the cost of managing the risk must be less than the financial loss if the risk occurred.

5 Understand Your Control Environment Most organizations already have many controls for risks – know what they are and how they are working for you. Remember that existing safeguards and levels of preparedness can deteriorate over time. Circumstances can change People can change, taking valuable expertise with them Key role for corporate support functions and Internal Audit in making an organizations total control framework

6 Identify Risks Select the best methods to identify potential risks Examine all sources of possible risks Identify all potential risks whether they are random, internal or external to the organization Examine each risk from the perspective of both internal and external stakeholders.

7 Possible Sources of Risks human behaviour technology and technical issues occupational health and safety legal political property and equipment environmental financial/market natural events. This list is exemplary not definitive – you have to figure out the label on the ‘ elephant in the room ’.

8 Internal Methods of Identifying Risks Establish responsible office for process, e.g., Internal Audit or Risk Group, Examine the results of personal, local or international experience. Arrange interviews and discussions with stakeholders. Distribute surveys and questionnaires to stakeholders. Conduct audits and physical inspections. Directly observe the activity. Analyze specific scenarios.

9 External Methods of Identifying Risks Employ professional consultants, e.g. lawyers, accounts and workplace health and safety officers. Engage external consultations groups Employ industry specialists, e.g. marketers, business consultants and risk consultants. Consult associated professional organizations. Conduct your own research using industry publications, newspapers and insurance tables.

10 Some Good Questions to Ask What are the best methods to identify risks which are likely to occur in this activity? Who should I consult to assist me in identifying risks? What sources of risk are relevant to this activity? What risks are likely to occur? Are the risks internal, external or random? What would be the perspective of both internal and external stakeholders on these risks?

11 Analyze the Risks Evaluate the likelihood of a risk occurring, according to the ratings you use. Evaluate the consequences if the incident occurred, according to the ratings. Calculate the level of risk by finding the intersection between the likelihood and the consequences.

12 Example of a Risk Management Model for Decision-Making Considerable management required Must manage and monitor risks Extensive management essential Risks may be worth accepting with monitoring Management effort worthwhile Management effort required Accept risks Accept, but monitor risks Manage and monitor risks Increasing Management Focus

13

14 Consider Risk Velocity as well as Traditional Axes of Impact and Likelihood Risk Prioritization Matrix Incorporating Risk Velocity Impact—What is the maximum damage this risk could cause? Probability—How likely is this risk to materialize? Speed—At what speed will this risk impact the organization? RISK A—High Severity and Likelihood but Low Speed of Onset Increased employee attrition will have a significant impact on the organization and is very likely to happen. The risk is forecast to materialize across the course of the next 18 months. RISK B—High Severity and Likelihood and High Speed of Onset A new competitor will have a significant impact on the organization and is very likely to happen. The risk is forecast to materialize within the next two months when the new competitor begins trading. Source: Deloitte; Risk Integration Strategy Council Research..

15 Evaluating and Setting Risk Tolerances You must start be determining: the importance of the activity you are risk managing and its outcomes the degree of control you have over the risk the potential and actual losses which may arise from the risk the benefits and opportunities presented by the risk.

16 You may decide that a risk is acceptable because: the risk level is so low that it does not warrant spending time and money to treat it the risk level is low and the benefits presented by the risk outweigh the cost of treating it the opportunities presented by the risk are much greater than the threats. Accepting Risk Make sure that your list of acceptable risks is confirmed by others. An acceptable risk is omitted from the risk treatment process but others may feel that a specific risk is unacceptable and therefore, needs to be treated.

17 Hierarchy of Risk Control Measures Low Management Effort  High Management Effort Avoid – eliminate risk Substitute – change to a less risky alternative Isolate – separate risk from impacted group Reduce – amount of exposure Protect – provide controls

18 17 How Does It Work? Risk Tolerances Filter

19 Risk Analysis and Management Toolkit Risk Tolerances Risk Tolerances Setting tolerances involves a mix of qualitative and quantitative measures Not always straightforward It takes experimentation and time Issue of how public they are is important Equally important is how politically sensitive they are: is there a tolerable murder rate? Wrong tolerance! 5 Worst Case 4 Severe 3 Major 2 Moderate 1 Minor TYPCIAL RISK TOLERANCE GRID

20 Risk Analysis and Management Toolkit Risk Tolerances Employee confidence Widespread departures of key staff with scarce skills or knowledge. Sharp, sustained drop in employee survey results; departures of key staff with scarce skills or knowledge. Sharp decline in employee survey results; sharp increase in grievances. Modest decline in employee survey results; modest increase in grievances. Less than planned improvemen ts in employee survey results. SEVERITY RISES WHEN DO YOU ACT AND HOW?

21 Section 2: Building an Effective Risk Culture

22 The Relevance of Culture in Applying Risk The culture of a group arises from the repeated behaviour of its members. The behaviour of the group and its constituent individuals is shaped by their underlying attitudes. Both behaviour and attitudes are influenced by the prevailing culture of the group. You cannot understand, identify, analyze, prioritize and effectively manage risk without a culture than enables it.

23

24 What Does an Effective Risk Culture Look Like? A distinct and consistent tone from the top from the board and senior management in respect of risk taking and avoidance (and also consideration of tone at all levels). A commitment to ethical principles, reflected in a concern with the ethical profile of individuals and the application of ethics and the consideration of wider stakeholder positions in decision making.

25 What Does an Effective Risk Culture Look Like? A common acceptance through the organisation of the importance of continuous management of risk, including clear accountability for and ownership of specific risks and risk areas. Transparent and timely risk information flowing up and down the organisation with bad news rapidly communicated without fear of blame. Encouragement of risk event reporting and whistle blowing, actively seeking to learn from mistakes and near misses.

26 What Does an Effective Risk Culture Look Like? No process or activity too large or too complex or too obscure for the risks to be readily understood. Appropriate risk taking behaviours rewarded and encouraged and inappropriate behaviours challenged and sanctioned. Risk management skills and knowledge valued, encouraged and developed, with a properly resourced risk management function and widespread membership of and support for professional bodies.

27 What Does an Effective Risk Culture Look Like? Professional qualifications supported as well as technical training. Sufficient diversity of perspectives, values and beliefs to ensure that the status quo is consistently and rigorously challenged. Alignment of culture management with employee engagement and people strategy to ensure that people are supportive socially but also strongly focused on the task in hand.

28 Section 3: Eleven Tough Questions on Risk Control and Management

29

30

31

32

33 Risk tolerance and zero tolerance

34

35 Risk Assessment and Vulnerability Analysis Open Issues and Questions How accurately can experts estimate the likelihood and consequences of disasters of hurricanes of different magnitudes and intensities? Can one characterize the types of uncertainties that currently exist in assessing risk, and suggest ways to improve these estimates in the future? What are the expected costs and benefits of undertaking specific risk-reducing measures in hurricane-prone areas, and can one rank them on the basis of cost effectiveness? What are the interdependencies in the system (e.g. infrastructure damage affecting supply of electricity, water, telephone/telecommunications, and other services to residences and businesses)? How do these interdependencies affect the direct and indirect losses that would result from a future natural disaster? 34

Download ppt "Presentation 3: Applying Risk: Key Risk Management Tools Andrew Graham School of Policy Studies Queen’s University Kingston, Canada Workshop on Risk and."

Similar presentations

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Integrity and impartiality

Integrity and impartiality
Succession and talent management

Succession and talent management
Child Safeguarding Standards

Child Safeguarding Standards
Note: Lists provided by the Conference Board of Canada

Note: Lists provided by the Conference Board of Canada
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.

ACCOUNTING ETHICS Lect. Victor-Octavian Müller, Ph.D.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
REPRESENTING EMPLOYER ORGANIZATIONS THROUGHOUT THE WORLD HOW THE EMPLOYERS ORGANISATIONS CAN INFLUENCE THE PRIORITIES AND OUTCOMES OF DWCPS Presentation.

REPRESENTING EMPLOYER ORGANIZATIONS THROUGHOUT THE WORLD HOW THE EMPLOYERS ORGANISATIONS CAN INFLUENCE THE PRIORITIES AND OUTCOMES OF DWCPS Presentation.
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
The Risk Management Process

The Risk Management Process
1 Risk management and Investigation Peter Roberts

1 Risk management and Investigation Peter Roberts
Bureau of Workers’ Comp PA Training for Health & Safety (PATHS)

Bureau of Workers’ Comp PA Training for Health & Safety (PATHS)
Trinidad & Tobago Corporate Governance Code 2013

Trinidad & Tobago Corporate Governance Code 2013
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
61 What is hazard risk management?. 62 Emergency risk management is “a systematic process that produces a range of measures that contribute to the well.

61 What is hazard risk management?. 62 Emergency risk management is “a systematic process that produces a range of measures that contribute to the well.

Similar presentations

Ads by Google