Professional Documents
Culture Documents
4.risk Management Process
4.risk Management Process
4.risk Management Process
07/23/2020
▒ COVERAGE
• Risk Management Process
• Risk Assessment
• Risk Treatment
07/23/2020
▒ COMMUNICATION AND CONSULTATION
• Communication and consultation is the continual
and iterative process that an organization
conducts to provide, share or obtain information
and to engage in dialogue with stakeholders
regarding the management of risk.
07/23/2020
▒ COMMUNICATION AND CONSULTATION
– Consultation is a two-way process of informed
communication between an organization and its
stakeholders on an issue prior to making a
decision or determining a direction on that
issue. Consultation is:
• A process which impacts on a decision
through influence rather than power; and
07/23/2020
▒ COMMUNICATION AND CONSULTATION
• A consultative team approach plays the crucial role:
– Helps establish the context appropriately;
07/23/2020
▒ COMMUNICATION AND CONSULTATION
• A consultative team approach plays the crucial role:
– Ensures that different views are appropriately considered
when defining risk criteria and in evaluating risk;
07/23/2020
▒ COMMUNICATION AND CONSULTATION
• Communication and consultation with
stakeholders is important as they make
judgments about risk based on their perceptions
of risk.
07/23/2020
▒ COMMUNICATION AND CONSULTATION
• Stakeholders views can have significant impact
on the decisions made therefore stakeholders’
perceptions should be identified, recorded, and
taken into account in the decision making
process.
07/23/2020
▒ COMMUNICATION AND CONSULTATION
• Activities of the Communication and Consultation
may consist of:
– Creating risk management policy
–Risk Escalation
07/23/2020
▒ COMMUNICATION AND CONSULTATION
• Internal Risk Communication and Reporting
–Risk Communication and Awareness Programs
• Risk Management Workshops
• Internal Emails
07/23/2020
▒ COMMUNICATION AND CONSULTATION
• External Risk Communication and
Reporting
–Disclosure _Risk Management Report
• Crisis Communication
07/23/2020
How is risk management communicated in
your organization?
07/23/2020
▒ESTABLISHING THE CONTEXT
– Procedure Manuals
• Capabilities,
understood in terms of resources and
knowledge(e.g capital, time, people, processes, systems,
and technologies);
07/23/2020
▒ESTABLISHING THE CONTEXT
• Establishing the internal context
– Internal context can include….:
• The relationships with and perceptions and values of internal
stakeholders;
07/23/2020
• Form and context of contractual relationships.
▒ESTABLISHING THE CONTEXT
• Establishing the context tools and techniques:
– Financial Analysis Tools
– SWOT Analysis
– PEST Analysis
– Stakeholders Analysis
– Industrial Analysis
07/23/2020
▒ESTABLISHING THE CONTEXT
• Financial Analysis Tools
– Financial ratios are used to examine different aspects of
financial position and performance and are widely used
for planning, control and evaluation process.
07/23/2020
▒ESTABLISHING THE CONTEXT
• Using Management Models _ SWOT Analysis
07/23/2020
▒ESTABLISHING THE CONTEXT
–SWOT ANALYSIS FOR ACC
07/23/2020
▒ESTABLISHING THE CONTEXT
• Using Management Models_PEST Analysis
–Political
Political changes can affect both the cost and
demand. Issues to consider are:
• Fiscal Policy(Government Income and Expenditure):
– Income taxes may influence consumers spending attitude
– Corporate taxes charged on profit may affect the level of profit
and return to shareholders
– VAT may affect cost of products and services
– Monetary policy and Regulations can have dramatic impact on
the business environment including higher administrative
expenses
– Education and training have a long-term impact on business’s
07/23/2020
ability to recruit suitably qualified staff
▒ESTABLISHING THE CONTEXT
• Using Management Models_PEST Analysis
–Economic
Changes in economic factors can affect the income
and expenditure position of the organization. The
following factors should be considered:
• Business cycle: identify sectors that are more susceptible
to the impact of business cycles
• Employment levels: high level of employment drives the
aggregate demand.
• Inflation: high inflation affects administrative expenses.
• Level of interest rates: High interest rates increases the
cost of capital and may affect business’s ability to expand.
07/23/2020
▒ESTABLISHING THE CONTEXT
• Using Management Models_PEST Analysis
–Social
Globalization has changed the speed at which
social and demographic change can be expected
to increase. The following factors should be
considered:
• Population growth: population growth affects both the
revenue and expenditure.
• Age structure: Age structure drives business dynamics
• Social and cultural shifting: Norms and values may
influence attitude towards certain products and
services.
07/23/2020
▒ESTABLISHING THE CONTEXT
• Using Management Models_PEST Analysis
–Technological
Changes in technology can have a rapid and
dramatic impact on the economy. Issues to
consider include:
• Level of research and development by competitors: this
will provide an indication of whether any changes in
technology-driven service delivery should be
anticipated
• Rate of adoption of new technology
• Service delivery method; how might technology be
utilized to improve service delivery
07/23/2020
▒ESTABLISHING THE CONTEXT
• Stakeholders Analysis
07/23/2020
▒ESTABLISHING THE CONTEXT
• Stakeholders Matrix
07/23/2020
▒ESTABLISHING THE CONTEXT
• Industrial Analysis
– Perform Industrial Analysis and Organizational
market position using the Porter’s Five Forces Model
to identify whether:
• Other organizations are strong competitors in the industry.
• There exists substitute for the services and products
offered by the organization.
• The suppliers of materials and technology required to
deliver the required services and products can influence
the expected results.
• The existing and potential customers/buyers have powers
that may influence key decisions.
• Threat of other organizations to enter the industry.
07/23/2020
▒ESTABLISHING THE CONTEXT
• Industrial Analysis _ Michael Porter’s Five Forces Model
07/23/2020
▒ESTABLISHING THE CONTEXT
• Establishing the context of the risk management process
– The objectives, strategies, scope and parameters of the activities
of the organization, or those parts of the organization where the
risk management process is being applied should be established
07/23/2020
▒ESTABLISHING THE CONTEXT
• Defining Risk Criteria-Combined Risk
Assessment Matrix(RAM)
07/23/2020
▒ESTABLISHING THE CONTEXT
• ACC _ Risk Assessment Matrix(RAM)
07/23/2020
▒ESTABLISHING THE CONTEXT
• ACC _ Risk Assessment Matrix(RAM)
07/23/2020
▒RISK ASSESSMENT
• Risk assessment is the overall process of risk
identification, risk analysis, and risk evaluation
–Risk identification is the process of finding, recognizing
and describing risks.
– Availability of information
• Quality, quantity, integrity, accuracy, reliability, consistency,
data history, capacity to collect etc
– Complexity
• Complexity of risks, of the techniques, of the system,
07/23/2020
dependencies etc.
▒RISK IDENTIFICATION
• Issue-based risk identification
– How significant threat does the following risk pose to your organization’s
business operations today?
• Reputation risk (e.g. events that undermine public trust in your
products/services)
• IT network risk (e.g. IT Systems /Software, network security etc)
• Foreign exchange risk (risk that exchange may worsen)
• Human capital risks (e.g. skills shortages, succession issues, loss of staff)
• Regulatory risk (Problems caused by new or existing regulations)
• Country risk (Problems of operating in a particular location)
• Credit risk( risk of bad debt)
• Market risk (risk that the market value of asset will fall)
• Political risk (danger of change of government)
• Financing risk( difficulty raising finance)
• Terrorism
• Crime and physical security
• Natural hazard risk ( e.g. hurricanes, earthquakes, floods etc)
07/23/2020
▒RISK IDENTIFICATION
Describing a risk
07/23/2020
▒RISK IDENTIFICATION
• Examples of risk description
07/23/2020
▒RISK IDENTIFICATION
QUIZ: RISK IDENTIFICATION
07/23/2020
▒RISK ANALYSIS
07/23/2020
▒RISK ANALYSIS
07/23/2020
▒RISK ANALYSIS
• Risk Analysis – tools and techniques
–Structure What if(SWIFT)
–Decision tree
07/23/2020
▒RISK ANALYSIS
07/23/2020
▒RISK EVALUATION
07/23/2020
▒RISK EVALUATION
07/23/2020
▒RISK EVALUATION
07/23/2020
▒RISK EVALUATION: Risk Universe
07/23/2020
▒RISK EVALUATION: Risk tolerance and Risk
appetite
07/23/2020
▒RISK EVALUATION
• Risk evaluation tools and techniques:
– Expected Monetary Value(EMV)
– Probability tree
– Investment appraisal
– Sensitivity analysis
07/23/2020
▒RISK EVALUATION
Factors affecting aggressiveness to risk
07/23/2020
▒RISK EVALUATION
• Risk evaluation outputs:
–List of risks that will be accepted as they are;
–List of risks that deserve further treatment
–List of risks that need escalation to
management
07/23/2020
▒RISK ASSESSMENT OUTPUT
• Risk Register
07/23/2020
▒RISK TREATMENT
• Risk treatment involves selecting one or more
options for modifying risks, and
implementing those options.
07/23/2020
▒RISK TREATMENT
• Preparing and implementing Risk Treatment
Plans
–The information provided in the treatment plan
should include:
• Proposed actions;
• Resource requirements including
contingencies;
• Performance measures and constraints;
• Reporting and monitoring requirements;
• Responsibilities and accountabilities; and
• Timing and schedule.
07/23/2020
▒RISK TREATMENT
• Risk Response options for downside risks
07/23/2020
▒RISK TREATMENT
• Guidance: Harzads Risks
07/23/2020
▒RISK TREATMENT
• Risk Response options for Upside risks
07/23/2020
▒RISK TREATMENT
• Strategies for Upside risks
07/23/2020
▒RISK TREATMENT
• Risk Treatment Plan
07/23/2020
▒MONITORING AND REVIEW
• Both monitoring and review should be a
planned part of risk management process and
involve regular checking or surveillance either
periodic or ad hoc
07/23/2020
▒MONITORING AND REVIEW
• The purpose of Monitoring and review is:
– to ensure that controls are effective and efficient in
both design and operations;
– to obtain further information to improve risk
assessment;
– to analyze and learn lessons from events(including
near misses) changes, trends, successes, and failures;
– to detect changes in the external context, including
changes to risk criteria and the risk itself which can
require revision of risk treatments and priorities; and
– To identify emerging risks
07/23/2020
▒MONITORING AND REVIEW
• Monitoring and review activities
– Reacting to early warning indicators to forewarn
Management of the need to make risk management
interventions.
– Monitoring
– Controlling
– Reporting
07/23/2020
▒MONITORING AND REVIEW
• Execution of risk response actions
– Risk response actions should be executed as
planned.
07/23/2020
▒MONITORING AND REVIEW
• Execution of risk response actions
– To ensure that planned response actions are
executed, Risk Owners and Control Owners
should accomplish the following key roles for
execution of treatment plans: -
• sign an attestation statement by a set date to kick
start the implementation process;
07/23/2020
▒MONITORING AND REVIEW
• Monitoring
– Data collected from the Key Risk Indicators, and Key
Control Indicators will help draw Management
attention to the level of effectiveness of risk
management and whether changes are necessary. It
is the primary responsibility for Risk Owners and
Control Owners to maintain the required data and
share the information with the Office of Chief Risk
Officer.
07/23/2020
▒MONITORING AND REVIEW
• Monitoring
– Monitoring activities should include an understanding of
whether: -
• People with responsibility to monitor risks and
implement controls are working together successfully;
• The risk register and statement are reviewed and updated regularly;
and
07/23/2020
▒MONITORING AND REVIEW
• Controlling
– Controls must satisfy the following specifications:
• Controls must be economical: The less effort to gain
control of the process, the better the control
design. The fewer control required, the more
effective they will be.
07/23/2020
▒MONITORING AND REVIEW
• Controlling
– Controls must satisfy the following specifications:
• Controls have to be appropriate to the character and
nature of the phenomenon measured: The controls
must give the right information for effective action.
07/23/2020
▒MONITORING AND REVIEW
• Risk reporting _Risk Profile – KRI
07/23/2020
▒MONITORING AND REVIEW
• Risk reporting
– Risk treatment actions implementation status
• The Risk Treatment Actions Report contains
a status update on progress against
approved risk treatment actions.
07/23/2020
▒MONITORING AND REVIEW
• Risk reporting
– Risk treatment actions implementation status
• Therefore this report increases
accountability for deliver against agreed risk
management actions.
07/23/2020
▒MONITORING AND REVIEW
• Risk reporting
– Assurance of Key Risks
• The Assurance Coverage of Key Risks Report
indicates which risks have been covered by
assurance activities in the previous year and
which are proposed to be covered over the
coming year.
07/23/2020
Thank You
07/23/2020