MODULE 1 - INTRODUCTION TO RISK -Technology, Tools & Vendor selection

MANAGEMENT -Project status reviews

- Deployment and Maintenance
WHAT IS RISK?
Risk Management Basics
-A risk is anything that may affect the achievement of • Risk (uncertainty) may affect the achievement of
an organization's objectives. objectives.
• It is the uncertainty that surrounds future events and -Effective mitigation strategies/controls can reduce
outcomes. negative risks or increase opportunities. -Residual risk
• It is the expression of the likelihood and impact of an is the level of risk after evaluating the effectiveness of
event with the potential to influence the achievement controls.
of an organization's objectives. • Acceptance and action should be based on residual
risk levels.
Alternatively:
• Risk is a potential event with negative
consequences that has not happened yet.
-Could also be an event with positive consequences.
•A possibility of loss - not the loss itself.
一A source of problem
一Find the root Cause arnd not the leaves. - - - -
-Something that makes the project special
- In the widest sense, everything is a risk
- Helps identify better ways of handling problems.

Why do we need Risk Management?

• The only alternative to risk management is crisis
management - and crisis management is much more
expensive, time consuming and embarrassing.
- James Lam, Enterprises Risk Management Risk identification technique
1.​ Brainstorming
• Without good risk management practices, the 2.​ Interviewing
government cannot manage its resources effectively. 3.​ Root cause analysis
Risk management means more than preparing for the 4.​ Checklists
worst; it also means taking advantage of opportunities 5.​ SWOT
to improve services or lower costs.
-Sheila Fraser, Auditor General of Canada

How does Risk Management help?

• Increase risk awareness and understanding -Allows
intelligent"Informed” risk taking.
• Focuses efforts - helps prioritize.
• Is proactive, not reactive - prepare for risks before
they happen.
• Improve outcomes - achievement of objectives. •
Enables accountability, transparency and
responsibility
• And maybe even mean survival.

Key Terms
• Risk- exposure to chance of hazard
• Risk Level - a measure to represent the significance
of the risk.
• Controls - Actions that could eliminate or reduce the
risk level.
• Residual Risk - Risk level after implementing
controls.
• Risk Response - An action on the risk, whether to
accept or not to accept

Who is involved? Categorizing risk - comprehensive

• Customer, end user, project team, senior
management, related project teams, vendors and
suppliers

When?
-A continuous process
- Starts from proposal stage
- Ends on project completion
-Review Stages
一Business Case analysis
- Project approval
- Project planning
 4.​ Extreme risk- severe impact

FOUR AREAS OF IMPROVEMENT

Strategy, because the risks associated with different

strategic options will be fully analysed and better
strategic decisions will be reached.
Tactics, because consideration will have been given
to selection of the tactics and the risks involved in the
alternatives that may be available.
Operations, because events that can cause
disruption will be identified in advance and actions
taken to reduce the likelihood of these events
occurring, limit the damage caused by these events
and contain the cost of the events.
Compliance will be enhanced because the risks
associated with failure to achieve compliance with
statutory and customer obligations will be recognized.

IMPACT OF HAZARD RISK

Hazard risk is the chance of something harmful

happening, like a fire, accident, or natural disaster.
Businesses manage it by spotting risks early,
improving safety, and having backup plans to handle
problems if they happen.

HAZARD RISK MANAGEMENT

Hazard risk management is concerned with issues

such as
1.​ Health and safety at work
2.​ Fire prevention
3.​ Avoiding damage to property
4.​ Defective products

ATTACHMENT OF RISK- refers to how different risks

are connected to various aspects of business.

FOUR MAIN AREAS OF ATTACHING RISKS

1.​ Corporate Objectives- Risks can be attached
to the goals the business wants to achieve.
2.​ Key Dependencies- These are the important
things the business relies on.
3.​ Stakeholder Expectations- Risks can be
attached to what customers, investors, or
employees expect.
4.​ Core Processes- These are the essential
tasks or activities that the organization relies
on to operate.

RISK AND REWARD

MODULE 2 - IMPACT OF RISK ON In risk management, organizations often take risks to

ORGANIZATIONS achieve potential rewards. A business, for example,
may launch a new product because it anticipates
Risk affects an organization’s operations, decisions, greater profit from its success. However, this involves
and success, potentially causing setbacks or losses. putting resources at risk, and the organization must
Effective risk management helps identify threats, ensure that the level of risk taken aligns with its risk
minimize impacts, and turn challenges into tolerance. Before proceeding, it should have a full
opportunities, ensuring resilience and growth. understanding of its risk exposure, confirming that the
risk is within acceptable limits and that it has sufficient
LEVELS OF RISK resources to handle any negative consequences.
Risk levels are to understand the likelihood and
potential impact of something bad happening. Low
risk means a small chance of a minor consequence,
while extreme risk means a high chance of a serious
outcome. We use risk levels to make decisions about
our safety, finances, and even career choice.
1.​ Love risk- minimal impact, low likelihood
2.​ Moderate risk- manageable impact
3.​ High risk- significant impact
 In general terms, long-term risks will impact several
years, perhaps up to five years, after the event occurs
or the decision is taken. Long-term risks therefore
relate to strategic decisions. When a decision is taken
to launch a new product, the result of that decision
(and the success of the product itself) may not be fully
apparent for some time.

Medium-term risks have their impact some time after

the event occurs or the decision is taken, and typically
this will be about a year later. Medium-term risks are
ATTITUDES TO RISK
often associated with projects or programmes of work.

Different organizations will have different attitudes to

Short-term risks have their impact immediately after
risk. Some organizations may be considered to be
the event occurs. Accidents at work, traffic accidents,
risk averse, while others will be risk aggressive.
fire and theft are all short-term risks that have an
immediate impact and immediate consequences as
Risks cannot be considered outside the context that
soon as the event has occurred.
gave rise to them. It may appear that an organization
is being risk aggressive, when in fact, the board has
FOUR TYPES OF RISK
decided that there is an opportunity that should not be
missed. However, the fact that the opportunity entails
1.​ Compliance risk- category of risk that is
high risk may not have been fully considered
associated with the management of
mandatory obligations.
One of the major contributions from successful risk
2.​ Hazard risk- category of risk that is
management is to ensure that strategic decisions that
associated with the management of pure
appear to be high risk are actually taken with all of the
risks or perils- the effects of hazard risk
information available.
needs to be mitigated.
3.​ Control risk- a category of risk that is
Key benefits for businesses that arise from EU
associated with the management of
membership include:
uncertainty.
-​ The existence of a single market: there are
4.​ Opportunity risk- a category of risk that is
no tariffs or other barriers to trade;
associated with the benefits of speculative
-​ The freedom to provide services and
opportunities.
freedom of establishment;
-​ ‘passporting’ that allows financial services to
EMBRACE OPPORTUNITY RISK
be traded across the EU;
-​ Visa-free migration of people within the EU;
Opportunity risks are the type of risk with potential to
-​ Access to EU free-trade agreements with 53
enhance (although they can also inhibit) the
countries around the world.
achievement of the mission of the organization.

RISK AND TRIGGERS

MANAGE UNCERTAINTY RISK

Risk and triggers is sometimes defined as

Uncertainty is an inherent aspect of project
uncertainty of outcomes. This is a somewhat
implementation. Organizations must accept and
technical, but nevertheless useful, definition and it is
manage control risks, which can lead to deviations
particularly applicable to the management of control
from expected outcomes. Effective control risk
risks. Control risks are the most difficult to identify and
management ensures that projects are delivered on
define, but are often associated with projects.
time, within budget, and meet the required
specifications. This report explores the nature of
Tolerance in relation to control risks can be
control risks, the importance of contingency planning.
considered to have the same meaning as in the
manufacture of engineering components, where the
MANAGE UNCERTAINTY RISK
components must be of a certain size, within
acceptable tolerance limits.A means of representing
Understanding Control Risks- Control risks arise due
the risk management process so that it becomes
to uncertainties in project execution and
more accessible to managers and other stakeholders
organizational operations. These uncertainties may
concerned with risk management activities is
lead to:
constantly developing. One of the tools for
• Delays in project timelines
representing risk management activities that has
• Budget overruns
recently been developed is the bow-tie.
• Failure to meet project specifications
• Reduction in expected benefits
MODULE 3 - TYPES OF RISKS
MANAGE UNCERTAINTY RISK
TIMESCALE OF RISK IMPACT
The classification of risks as long-, medium- and
Contingency Planning- To manage control risks
short-term impact is a very useful means of analysing
effectively, organizations should incorporate
the risk exposure of an organization. These risks will
contingency measures in project planning, such as:
be related to the strategy, tactics and operations of
• Contingency Funds
the organization, respectively. In this context, risks
• Time Buffers
may be considered as related to events, changes in
• Flexible Resource Allocation
circumstances, actions or decisions.
 -Pace of change in business ever increases
These measures allow organizations to absorb -Impact of e-commerce on all aspects of business life
unexpected shocks without compromising project -Increased reliance on information technology (IT)
outcomes. systems
-Increasing importance of intellectual property (IP)
MITIGATE HAZARD RISKS -Greater supply chain complexity/dependency
These risks will be hazard risks, control risks and -Reputation becomes more and more important
opportunity risks. Organizations need to tolerate -Reputational damage – especially to worldwide
hazard risk exposure, accept exposure to control risks brands
and invest In opportunity risks. -High-profile losses and failures ruin reputations
-Regulatory pressures continue to increase
-Changes/variation in national legislative
requirements
-Joint ventures becoming more common

2.​ Changes in the Marketplace

-Changing commercial and marketplace environment

-Globalization of customers, suppliers and products
-Increased competition in the marketplace
-Greater customer expectations, often led by
competitors
-Need to respond more rapidly to stakeholder
expectations
-More volatile markets with less customer loyalty
-Diversification leads to working in unfamiliar areas
MINIMIZE COMPLIANCE RISK -Constant need to make bold strategic decisions

Minimizing compliance risk means taking steps to

make sure a business follows all the laws, rules, and
regulations it has to, to avoid problems like fines, legal
issues, or losing the right to operate.

MODULE 4 - SCOPE OF RISK MANAGEMENT

ORIGINS OF RISK MANAGEMENT

Risk management is a practice with diverse origins

and is applied across various professional fields. One
of the early developments in risk management Short-term success required, without long-term
emerged in the United States, primarily within the detriment
insurance industry. Over time, it has evolved into a -Product innovation and continuous improvements
broader discipline that addresses multiple aspects of -Rapid changes in (consumer) product technology
risk across organizations. -Threats to world/national economy
-Threat of influenza or other pandemics
-​ Insurance as the Initial Focus -Threat of influenza or other pandemics
-​ Expansion of the Risk Considerations -Increasing occurrences of civil unrest/political risks
-​ European Influence in the 1970’s -Extreme weather events resulting in population shift

DEFINITION OF RISK MANAGEMENT DEVELOPMENT OF RISK MANAGEMENT

Risk management, which helps businesses handle

risks, started over 100 years ago with insurance. It
grew as companies needed better
ways to manage things like cargo safety, and over
time, training and rules were created to guide this
process. By the 1980s, standards for
managing risk became more formal, and specific
industries, like finance, developed their own methods.
In the 2000s, companies appointed Chief Risk
Officers (CROs) to focus on risk management,
especially after new laws like the Sarbanes-Oxley Act.

SPECIALIST AREAS OF RISK MANAGEMENT

Risk management is about identifying and handling
IMPORTANCE OF RISK MANAGEMENT risks to protect businesses and organizations from
potential problems. It started in the insurance industry
1.​ Managing the Organization but has expanded into many areas, including finance,
healthcare, and IT.
-Variable cost or availability of raw materials
-Cost of retirement/pension/social benefits Some well-known areas of risk management
-Desire to deliver greater shareholder value include:
-Greater transparency required from organizations
Health and Safety at Work
Disaster Recovery and Business Continuity Planning Ma. Anncel Alcantara Panganiban Spence
Quality Management FEU
BS in Commerce Major in Finance
Other specialist areas of risk management Doctorate degree in Business Ad. In Colegio de San
includes: Juan, Intramuros
Project risk management; Dec. 12,1980. 44 yrs old
Clinical/medical risk management; Dec.12,2015. Anak. 12 yrs old
Energy risk management;
Financial risk management; PLDT, GLOBE, TIP, NCBA, APC, FEU (nag work siya)
IT risk management Annulment is ongoing

SIMPLE REPRESENTATION OF RISK

MANAGEMENT

8(R’s) & 4(T’s)

1.​ Recognition of risks

2.​ Rating of risks
3.​ Ranking against risk criteria
4.​ Responding to significant risks
-​ Tolerate
-​ Treat
-​ Transfer
-​ Terminate
5.​ Resourcing controls
6.​ Reaction (and event) planning
7.​ Reporting of risk performance
8.​ Reviewing the risk management system

ENTERPRISE RISK MANAGEMENT

Another area where the risk management discipline

has developed in recent times is the approach that is
referred to as enterprise or enterprise-wide risk
management (ERM). When an organization considers
all of the risks that it faces and how these risks could
impact its strategy, projects and operations, then the
organization is embarking on an enterprise risk
management approach. Enterprise Risk Management
(‘ERM’) is a strategic
business discipline that supports the achievement of
an organization’s objectives by addressing the full
spectrum of its risks and managing the combined
impact of those risks as an interrelated risk portfolio.

LEVELS OF RISK MANAGEMENT

SOPHISTICATION

This chapter describes the different styles of risk

management that are currently practised. More
professions and disciplines are now involved in risk
management than in previous years. This
adds diversity to the development of the risk
management discipline.