Scribd
Upload
45 views

Introduction To Risk Management

Uploaded by

Gijo Tacas-tacas
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
45 views

Introduction To Risk Management

Uploaded by

Gijo Tacas-tacas
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 30

Introduction to

Risk Management
What is Risk Management?
It is a process to:

 Identify all relevant risks

 Assess / rank those risks

 Address the risks in order of priority

 Monitor risks & report on their management


Risk Management – why do we need it?

 Promotes good management

 May be a legal requirement depending upon industry or


sector

 Resources available are limited – therefore a


focused response to Risk Management is needed
What is a Risk?
 A risk is an uncertain event which may occur in the future

 A risk may prevent or delay the achievement of an


organization’s or units' objectives or goals

A risk is not certain – Its likelihood can only be estimated

Note: Not all risk is bad, some level of risk must be


taken in order to progress / prevent stagnation.
Goals of risk
 To identify project risks and develop strategies which either
significantly reduce them or take steps to avoid them
altogether
Purpose of risk
 Specifically identify factors that are likely to impact the
objectives of Scope, Quality, Time, and Cost
 Quantify the likely impact of each factor
 Give a baseline for non-controllables
 Mitigate impacts by exercising influence over controllables

lies somewhere between the two extremes of total certainty and


total uncertainty
Uncertainty, Opportunity, and
Risk
 It can be visualized that unknowns about the future may turn out to be
either favorable or unfavorable , but lack of knowledge of future
events constitutes uncertainty.
 The probability of outcomes which are favorable are viewed as
OPPORTUNITY, while the probability of those outcomes which are
unfavorable represent RISK.
Risk Management Cycle
Risk Management Cycle – Step 1

Mission
• Define Purpose

Strategy
• High level Plan

Goals
• Unit Specific Targets
Risk Management Cycle – Step 2

Risk Identification – what are the threats and uncertainties


associated with the organization’s or units' objectives?

• Separate out the risk into its cause & possible effect

• Be concise & clear

• Do not concentrate on symptoms only


Risk Management Cycle – Step 2 cont.
• Assess the risks

 Impact

 Likelihood

• Prioritize the risks

Hint: Get input from appropriate individuals


Risk Management Cycle – Step 3
Challenge & Evaluate Controls

Control: Policy, action, procedure or process designed to


prevent risk or to limit its impact

Do they work, are they effective?

Residual Risk only should be measured


Risk Management Cycle – Step 4

Take Action!

 For serious risks where controls are


A) Weak
B) Absent

 For risks where the Risk Appetite is exceeded

 Examine Cost vs. Benefit


Risk Management Cycle – Step 4 cont.

Types of Action

A) Tolerate
B) Treat
C) Substitute
D) Terminate

(The choice of the above will be decided upon by your risk


appetite)
Risk Management Cycle – Step 5
Monitor & Report

 Use a standard format for capturing risk data e.g., a “Risk Register”

 Review all risks at least annually

 Serious risks to be reviewed more often depending on circumstances

 Report on risk to senior management / Board

 Make Risk Register available to stakeholders to show good


governance
Categories of Risks

 There are multiple ways into which risks can be


categorized
 Final categories used will depend upon each
organizations / unit’s circumstances
 Goal is to cluster risks into standard, meaningful &
actionable groupings
 What follows is one example of a type of
categorization
Categories of Risks

Financial
 Reduction in funding
 Failure to safeguard assets
 Poor cash flow management
 Lack of value for money
 Fraud / theft
 Poor budgeting
Categories of Risks

Operational
These risks result from failed or inappropriate policies,
procedures, systems or activities e.g.

 Failure of an IT system
 Poor quality of services delivered
 Lack of succession planning
 Health & Safety risks
 Staff skill levels
 No process to track contractual commitments
Categories of Risks

Reputational
• Organization engages in activities that could
threaten its good name
 Through association with other bodies
 Staff / members acting in a criminal or
unethical way

• Poor stakeholder relations


Categories of Risk

Governance & Compliance


• Lack of oversight by Board
• Segregation of duties not defined formally
• Ensuring compliance with funders terms and conditions
• Compliance with applicable legislation
 Safeguarding of vulnerable individuals
 Taxation Law
 Data Protection
 Health & Safety Law
Categories of Risk

Strategic
• Engages in activity at
variance with its
stated objectives

• Fails to engage in an activity that would


support its stated objectives
Risk Register

a) What is it?

b) Components

c) How to report on it
Risk Register
 is a management tool used to record relevant
details relating to risks.

 It is a database of information on risks.

 Best kept simple to begin with!


Risk Management – Register Example
Parts of a Risk Register
Risk Description – Clear description of risk, its cause & consequence

Controls / Actions already in place – List what is actually happening now which reduces the
impact of a risk or its likelihood

Impact – scale of 1 to 5 (1 = minor, 5 = catastrophic) (Note this is to be


residual impact only)

Likelihood – scale of 1 to 5 (1 = remote, 5 = unavoidable)


(Note this is to be residual likelihood only)

Weighting – Its Risk Ranking: a calculated figure i.e., impact x likelihood


Risk Owner – The administrative unit, management position or group who
are in the best position to manage the risk on an on-going basis

Further Actions
Required – The controls / solutions which have yet to be
acted upon which could reduce the impact or likelihood of a risk

Date – The expected date as to when the actions shown under further
actions required will be in place & effectively addressing the risk
Tips for Success

 Involve all levels of staff & management in the process

 Check controls are relevant & effective

 Ensure risk owner takes responsibility for management of


risks under their control

 Focus on risk cause, not its symptoms


Why Risk Management May Fail
 Limitations of scope

 Lack of top management support

 Did not engage all stakeholders

 Failure to share information

 RM not embedded within planning & management


system
Thank You

You might also like