Scribd
Upload
195 views30 pages

Introduction To Risk Management

Uploaded by

Gijo Tacas-tacas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
195 views30 pages

Introduction To Risk Management

Uploaded by

Gijo Tacas-tacas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
  • Introduction to Risk Management: The document begins by introducing the concept of risk management and its importance.
  • What is Risk Management?: Defines the process of risk management including identifying, assessing, addressing, and monitoring risks.
  • Why do we need Risk Management?: Explains the necessity of risk management for good governance and legal compliance.
  • What is a Risk?: Defines risks as uncertain events affecting organizational goals, explaining their nature and implications.
  • Goals and Purpose of Risk Management: Discusses the objectives of risk management, including identifying project risks and developing strategies to mitigate them.
  • The Uncertainty Spectrum: Explains the spectrum of uncertainty ranging from total uncertainty to complete certainty.
  • Uncertainty, Opportunity, and Risk: Highlights how uncertainty can lead to both opportunities and risks, emphasizing the dual nature of uncertainty.
  • Risk Management Cycle: Illustrates the cyclic process of risk management including policy confirmation, risk assessment, and monitoring.
  • Categories of Risks: Explains different categories of risks including financial, operational, reputational, governance, and strategic.
  • Risk Register: Defines a risk register, its components, and its use as a tool for managing risk data.
  • Parts of a Risk Register: Outlines different components and data captured within a risk register.
  • Risk Assessment Matrix: Describes a matrix used to assess risks based on impact and likelihood.
  • Tips for Success: Provides advice on successfully implementing a risk management process.
  • Why Risk Management May Fail: Examines common reasons for failure in risk management initiatives.

Introduction to

Risk Management
What is Risk Management?
It is a process to:

 Identify all relevant risks

 Assess / rank those risks

 Address the risks in order of priority

 Monitor risks & report on their management


Risk Management – why do we need it?

 Promotes good management

 May be a legal requirement depending upon industry or


sector

 Resources available are limited – therefore a


focused response to Risk Management is needed
What is a Risk?
 A risk is an uncertain event which may occur in the future

 A risk may prevent or delay the achievement of an


organization’s or units' objectives or goals

A risk is not certain – Its likelihood can only be estimated

Note: Not all risk is bad, some level of risk must be


taken in order to progress / prevent stagnation.
Goals of risk
 To identify project risks and develop strategies which either
significantly reduce them or take steps to avoid them
altogether
Purpose of risk
 Specifically identify factors that are likely to impact the
objectives of Scope, Quality, Time, and Cost
 Quantify the likely impact of each factor
 Give a baseline for non-controllables
 Mitigate impacts by exercising influence over controllables

lies somewhere between the two extremes of total certainty and


total uncertainty
Uncertainty, Opportunity, and
Risk
 It can be visualized that unknowns about the future may turn out to be
either favorable or unfavorable , but lack of knowledge of future
events constitutes uncertainty.
 The probability of outcomes which are favorable are viewed as
OPPORTUNITY, while the probability of those outcomes which are
unfavorable represent RISK.
Risk Management Cycle
Risk Management Cycle – Step 1

Mission
• Define Purpose

Strategy
• High level Plan

Goals
• Unit Specific Targets
Risk Management Cycle – Step 2

Risk Identification – what are the threats and uncertainties


associated with the organization’s or units' objectives?

• Separate out the risk into its cause & possible effect

• Be concise & clear

• Do not concentrate on symptoms only


Risk Management Cycle – Step 2 cont.
• Assess the risks

 Impact

 Likelihood

• Prioritize the risks

Hint: Get input from appropriate individuals


Risk Management Cycle – Step 3
Challenge & Evaluate Controls

Control: Policy, action, procedure or process designed to


prevent risk or to limit its impact

Do they work, are they effective?

Residual Risk only should be measured


Risk Management Cycle – Step 4

Take Action!

 For serious risks where controls are


A) Weak
B) Absent

 For risks where the Risk Appetite is exceeded

 Examine Cost vs. Benefit


Risk Management Cycle – Step 4 cont.

Types of Action

A) Tolerate
B) Treat
C) Substitute
D) Terminate

(The choice of the above will be decided upon by your risk


appetite)
Risk Management Cycle – Step 5
Monitor & Report

 Use a standard format for capturing risk data e.g., a “Risk Register”

 Review all risks at least annually

 Serious risks to be reviewed more often depending on circumstances

 Report on risk to senior management / Board

 Make Risk Register available to stakeholders to show good


governance
Categories of Risks

 There are multiple ways into which risks can be


categorized
 Final categories used will depend upon each
organizations / unit’s circumstances
 Goal is to cluster risks into standard, meaningful &
actionable groupings
 What follows is one example of a type of
categorization
Categories of Risks

Financial
 Reduction in funding
 Failure to safeguard assets
 Poor cash flow management
 Lack of value for money
 Fraud / theft
 Poor budgeting
Categories of Risks

Operational
These risks result from failed or inappropriate policies,
procedures, systems or activities e.g.

 Failure of an IT system
 Poor quality of services delivered
 Lack of succession planning
 Health & Safety risks
 Staff skill levels
 No process to track contractual commitments
Categories of Risks

Reputational
• Organization engages in activities that could
threaten its good name
 Through association with other bodies
 Staff / members acting in a criminal or
unethical way

• Poor stakeholder relations


Categories of Risk

Governance & Compliance


• Lack of oversight by Board
• Segregation of duties not defined formally
• Ensuring compliance with funders terms and conditions
• Compliance with applicable legislation
 Safeguarding of vulnerable individuals
 Taxation Law
 Data Protection
 Health & Safety Law
Categories of Risk

Strategic
• Engages in activity at
variance with its
stated objectives

• Fails to engage in an activity that would


support its stated objectives
Risk Register

a) What is it?

b) Components

c) How to report on it
Risk Register
 is a management tool used to record relevant
details relating to risks.

 It is a database of information on risks.

 Best kept simple to begin with!


Risk Management – Register Example
Parts of a Risk Register
Risk Description – Clear description of risk, its cause & consequence

Controls / Actions already in place – List what is actually happening now which reduces the
impact of a risk or its likelihood

Impact – scale of 1 to 5 (1 = minor, 5 = catastrophic) (Note this is to be


residual impact only)

Likelihood – scale of 1 to 5 (1 = remote, 5 = unavoidable)


(Note this is to be residual likelihood only)

Weighting – Its Risk Ranking: a calculated figure i.e., impact x likelihood


Risk Owner – The administrative unit, management position or group who
are in the best position to manage the risk on an on-going basis

Further Actions
Required – The controls / solutions which have yet to be
acted upon which could reduce the impact or likelihood of a risk

Date – The expected date as to when the actions shown under further
actions required will be in place & effectively addressing the risk
Tips for Success

 Involve all levels of staff & management in the process

 Check controls are relevant & effective

 Ensure risk owner takes responsibility for management of


risks under their control

 Focus on risk cause, not its symptoms


Why Risk Management May Fail
 Limitations of scope

 Lack of top management support

 Did not engage all stakeholders

 Failure to share information

 RM not embedded within planning & management


system
Thank You

You might also like