Professional Documents
Culture Documents
Week1-Pre Class
Week1-Pre Class
Week1-Pre Class
Operations Definition
Ongoing execution of activities to produce a repetitive service/product
2
Risk terminology
3
Why is Risk Management so Important?
• Corporate Collapses
• Dynegy (Energy)
• Dick Smith (Retail)
• Wirecard (Banking)
• FTX (Cryptocurrency)
• Natural disasters:
• Bushfire
• Cyclone
• …
• COVID-19 pandemic
4
Risk scenarios – two main elements
5
RISK MANAGEMENT STANDARD
(ISO31000)
ISO 31000 is an international standard that provides guidelines and principles for
effective risk management. It was first published by the International
Organization for Standardization (ISO) in 2009 and has since been revised in
2018.
The ISO 31000 standard provides a framework for managing risk that is
applicable to any type of organization, regardless of its size, sector, or activities.
It provides a systematic and structured approach to identifying, assessing,
treating, and monitoring risks, and is designed to be flexible and adaptable to
the unique needs and circumstances of each organization.
6
RISK MANAGEMENT STANDARD (ISO31000)
2.
3.
4.
5.
8
Step 1 - Establishing risk context
1.2. Define Roles and Responsibilities (To ensure that stakeholders are
aware of their expected roles in a risk assessment exercise, it is
important to state them clearly upfront).
9
Step 1 - Establishing risk context 1.1. Risk tolerance
10
Step 1 - Establish risk context
Chief Executive: Establish and maintain a culture of risk awareness and intelligence
Executives and Senior Management: Nominate influential and motivated team members to
undertake the role of Risk Assessment Facilitators (RAF)
Risk Assessment Facilitators (RAFs): Facilitate quarterly reporting within their area of
responsibility
Project team: Actively support and report to RAFs, demonstrating active contributions to the
risk management process
11
1.
RISK
MANAGEMENT
PROCESSES 2.
(ISO31000)
3.
4.
5.
12
Step 2 - Risk identification
SAFETY
2.1. What are critical project objectives (on-time completion, zero accidents, zero
asset failures,…)?
Example: R1 => Increasing the cost of steel rebars may prevent the foundation stage
to be completed within budget. 25% of all project lifts
R2=> Blind lifting of panels by tower cranes may result in safety breaches in
façade installations.
R3=> Inferior quality of parts may prevent the job to be certified.
R4=> …
13
Step 3 - Risk Analysis
14
Step 3 – Risk analysis
3.1. Likelihood rating
Likelihood rating Probability
Rare 1% to 20%
Unlikely 21% to 40%
Possible 41% to 60%
Likely 61% to 80%
Highly likely 81% to 100%
15
Step 3 – Risk analysis
16
1.
RISK
MANAGEMENT
PROCESSES 2.
(ISO31000)
3.
4.
5.
17
Step 4 - Risk evaluation
18
Step 4- Risk evaluation 4.1. Risk matrix (5 by 5 example)
Risks with
medium/low
priority level
19
20
1.
RISK
MANAGEMENT
PROCESSES 2.
(ISO31000)
3.
4.
5.
21
Step 4 - Risk evaluation (continued)
4.2. Risk register for communication to project stakeholders
It should minimally contain the following:
• Unique risk ID
• Risk scenario – A scenario articulating how a threat event could compromise project objectives
• Identification date – The date when the risk scenario is identified.
• Treatment plan – The planned activities (e.g. deploying additional measures) and timeline to
treat the current risk to an acceptable level (i.e. within risk tolerance level).
• Progress Status – The status of implementing the treatment plan.
• Residual risk – The determined risk level (combination of likelihood and impact) of risk scenario
after treatment plan is implemented (i.e. current risk with additional measures applied).
• Risk owner – The individual or group responsible for ensuring that the residual risks remain
within the organisation’s tolerance level
22
Risk Register – Example
23
Risk Register – Example
24
Step 5 - Risk treatment (Response)
25
Step 5 - Risk treatment (response)
Acceptance = Retention
Risk acceptance means undertaking risk as it is without introducing further
actions to reduce it. Risk should only be accepted when it falls within the
organisation’s tolerance level.
26
Step 5 - Risk treatment (response)
27
Step 5 - Risk treatment (response)
Risk mitigation means putting in place measures to reduce the risk level. This
can be achieved through the deployment of security controls.
28
Step 5 - Risk treatment (response)
Risk Transfer
Risk transference means sharing a portion of risk with other parties or entities.
Such a treatment option typically reduces the “impact” component of risk.
29
Recap 1.
RISK
MANAGEMENT
STANDARD
(ISO31000)
2.
3.
4.
5.
30
Thank you