Introduction to Risk Mangement
-
Upload
muhammad-usman-hamid -
Category
Documents
-
view
22 -
download
2
description
Transcript of Introduction to Risk Mangement
Introduction to Risk Management
Kannan SubbiahDirector, Operations
Knowledge Universe Technologies India1
Objectives Understanding Risk Risk Management as a process Exercise Q & A
2
How to learn Risk Management? http://www.youtube.com/watch?v=laKprX-HP94&feature=related
3
What is a Risk?
A risk is ANYTHING that may affect the achievement of an organization’s objectives.
It is the UNCERTAINTY that surrounds future events and outcomes.
It is the expression of the likelihood and impact of an event with the potential to influence the achievement of an organization’s objectives.
4
Alternatively …
Risk is a potential event with negative consequences that had not happened yet Could also be an event with positive consequences
A possibility of loss – not the loss itself A source of problem Find the root cause and not the leaves
Something that makes the project special In the widest sense, everything is a risk Helps identify better ways of handling problems
5
Why do we need Risk Management?
The only alternative to risk management is crisis management --- and crisis management is much more expensive, time consuming and embarrassing.
JAMES LAM, Enterprise Risk Management, Wiley Finance © 2003
Without good risk management practices, government cannot
manage its resources effectively. Risk management means more than preparing for the worst; it also means taking advantage of
opportunities to improve services or lower costs. Sheila Fraser, Auditor General of Canada
6
How does Risk Management help?
Increase risk awareness & understanding Allows intelligent “informed” risk-taking. Focuses efforts –helps prioritize. Is proactive…. not reactive – Prepare for risks
before they happen. Improve outcomes – achievement of objectives Enables accountability, transparency and
responsibility And maybe even mean survival
7
Key Terms Risk – Exposure to chance of hazard Risk Level – A measure to represent the significance of the risk Controls – Action(s) that could eliminate or reduce the risk
level Residual Risk – Risk level after implementing controls Risk Response – An action on the risk, whether to accept, or
not to accept
8
Exercise - I Think of a risk in your daily life Determine the probability of occurrence Make an assessment of an impact, if it occurs.
9
1
Who is involved? Customer End user Project Team Senior Management Related Project teams Vendors and suppliers
10
When? A continuous process
Starts from proposal stage
Ends on project completion
Review stages Business case analysis
Project approval
Project planning
Technology, Tools & Vendor selection
Project status reviews
Deployment and Maintenance
11
Risk Management Basics
12
Risk (uncertainty) may affect the achievement of objectives.
Effective mitigation strategies/controls can reduce negative risks or increase opportunities.
Residual risk is the level of risk after evaluating the effectiveness of controls.
Acceptance and action should be based on residual risk levels.
INHERENT
A Simple Framework
13
Evaluate & Take Action
EstablishObjectives
IdentifyRisks & Controls
AssessRisks & Controls
Monitor& Report
Step 1 Step 2 Step 3 Step 4 Step 5
Communicate, learn, improve
Risk Identification Techniques
Brainstorming Interviewing Root cause analysis Checklists SWOT
14
Risk Management is critical to ALL levels of decisions
UNCERTAINTY
Strategic Strategic
Programme Programme
Project & Operational Project & Operational
Strategic Decisions
Decisions transferring strategy into action
Decisions required for implementation
15
Decisions can be categorized into three types. The amount of risk (uncertainty) varies with the type of decisions. Most decisions are concerned with implementation.
The HM Treasury’s The Orange Book
Risk Environment
MOHLTC Extended Enterprise
External Risk Environment
MOHLTCRisk Environment
Laws &
regula
tions
Capacity
The Economy
Corporate Governance Requirements
Stakeh
older
expe
ctatio
ns
Political
Outcom
esPublic
Perception
Oth
er
Min
istrie
s
Partner-
Organizations
LHINs
Financial
Organizational
Governance
Human Resources
Information
Info
rmat
ion
Tech
nolo
gy
Lega
l/C
ompl
ianc
e
Operational
Strateg
ic/
Policy
Transfer Payment
Accountability &
Governance
Communication & Learning
Monitor
Evaluate
Assess
IdentifyEstablish
Communication& Learning
Communication& Learning
16
Internal
Extended
Categorizing Risk – Comprehensive
17 Slide 17
1. Political or Reputational Risk
2. Financial Risk
3. Service Delivery or Operational Risk
4. People / HR Risk
5. Information/Knowledge Risk
6. Strategic / Policy Risk
7. Stakeholder Satisfaction / Public Perception Risk
8. Legal / Compliance Risk
9. Technology Risk
10. Governance / Organizational Risk
11. Privacy Risk
12. Security Risk
13. Equity Risk
Risk Prioritization – likelihood and impact
Likelihood of a risk event occurring Very High: Is almost certain to occur
High: Is likely to occur
Medium: Is as likely as not to occur
Low: May occur occasionally
Very Low: Unlikely to occur
Risk Impact: Level of damage that can occur when a risk event occurs
Very High: Threatens the success of the project
High: Substantial impact on time, cost or quality
Medium: Notable impact on time, cost or quality
Low: Minor impact on time, cost or quality
Very Low: Negligible impact
18 Slide 18
Third dimension for rating risks - proximity
Immediate – nowLess than 6 months Between 6-12 monthsBetween 12 – 24 monthsBetween 24 – 36 monthsMore than 36 months
19
Risk rating …Combining impact and likelihood
20 Slide 20
LIKELIHOOD
IMPA
CT
1
1
2
2
3
3
4
4
5
5
RISKI x L
RISKI x L
RISKI x L
RISK PRIORITIZATION MATRIX
Risk reporting and communications
21
Risk Level Action and Level of Involvement Required
Critical Risk Inform Chief Executive Officer and Board of Directors Immediate action required
High Risk Inform Chief Executive Officer Strategy Team involvement/attention is essential to manage risks
– provide report to Board as appropriate
Moderate Risk Management mitigation and ongoing monitoring required Inform relevant Strategy Team members
Low Risk Accept, but monitor risks Manage by routine procedures within the program and site
22
Measure and report RM implementation progress
23
Excellent
• Advanced capabilities to identify, measure, manage all risk exposures within tolerances
• Advanced implementation, development and execution of ERM parameters• Consistently optimizes risk adjusted returns throughout the organization
Strong
• Clear vision of risk tolerance and overall risk profile• Risk control exceeds adequate for most major risks• Has robust processes to identify and prepare for emerging risks • Incorporates risk management and decision making to optimize risk adjusted
returns
Adequate
• Has fully functioning control systems in place for all of their major risks• May lack a robust process for identifying and preparing for emerging risks• Performing good classical “silo” based risk management • Not fully developed process to optimize risk adjusted returns
Weak• Incomplete control process for one or more major risks• Inconsistent or limited capabilities to identify, measure or manage major risk
exposures
Source: Standard & Poor
The Cyclist and the Risk Manager
24
Exercise II – 15 minutes
Identify risks that the cyclists faces in cycling to work. Report back.
25
1
RisksThreats: Death
Head Injury Injury Reputation Financial Damage to the bike Sunburn/frost bite
Opportunities: Exercise Sunlight Reputation Financial Role model Environment
26
Mitigation Strategies for threats
Death, head injury, other injury – helmet, bright clothes, lights, bell, CANbike course, obeying traffic laws, positive attitude, anger management course
Reputation – great outfit, change of wrinkle-free clothes, shower, time management
Financial – high quality locks, “beater”, stopping at stop signs
Damage to the bike – regular maintenance, avoiding pot holes
Sunburn/frost bite – sunscreen, mittens, hats, token/change Dehydration- filled water bottle
27
Acknowledgements Practical approach to Risk Management - by Finance Management Institute,
Toronto Chapter. Introduction to Risk Management for Outsourcing projects - by Peter Kolb
28
Questions?
29