230 likes | 399 Views
RISK MANAGEMENT Training Overview. July 2014. Thinking about risk. Which of the following has a higher risk? Losing money on buying a lottery ticket Being killed in a commercial plane crash. Introduction. Objectives for this session:
E N D
RISK MANAGEMENTTraining Overview July 2014
Thinking about risk Which of the following has a higher risk? Losing money on buying a lottery ticket Being killed in a commercial plane crash
Introduction Objectives for this session: Basic understanding of the AS/NZS ISO 31000:2009 Risk Management process Basic understanding of the context and background in developing our approach to Risk Management
Risk Management Overview COMMUNICATE AND CONSULT AS/NZS 31000:2009 ESTABLISH THE CONTEXT MONITOR AND REVIEW IDENTIFY RISKS RISK ASSESSMENT ANALYSE RISKS EVALUATE RISKS TREAT RISKS
Risk Management Process COMMUNICATE AND CONSULT ESTABLISH THE CONTEXT MONITOR AND REVIEW IDENTIFY RISKS RISK ASSESSMENT ANALYSE RISKS EVALUATE RISKS TREAT RISKS
Risk Management Process COMMUNICATE AND CONSULT ESTABLISH THE CONTEXT MONITOR AND REVIEW IDENTIFY RISKS RISK ASSESSMENT ANALYSE RISKS EVALUATE RISKS TREAT RISKS • ESTABLISH THE CONTEXT • External context (market/client base, competitors, government policy, SWOT analysis, community, etc.) • Internal context (overall strategy, business objectives, structure, etc.) • Risk management context (scope, elements of the structure, locations, etc.) • Risk criteria
Company context • Mission, Vision and Values • Strategic Plan • Relationship with key stakeholders: • E.g…… • Respective roles of the Board & CEO • Organisation chart and role of staff/volunteers • Functions and activities of the organisation • E.g……
Risk Management process COMMUNICATE AND CONSULT ESTABLISH THE CONTEXT MONITOR AND REVIEW IDENTIFY RISKS RISK ASSESSMENT ANALYSE RISKS EVALUATE RISKS TREAT RISKS
Risk Management process COMMUNICATE AND CONSULT ESTABLISH THE CONTEXT MONITOR AND REVIEW • IDENTIFY RISKS • What is the source of the risk? • What can happen, where and when? • Why and how can it happen? • What controls exist, why would they fail? • “Something happens (relative to the source of risk) leading to outcomes expressed in terms of impact on objectives” IDENTIFY RISKS(Session 1) RISK ASSESSMENT ANALYSE RISKS(Session 2) EVALUATE RISKS(Session 3) TREAT RISKS
Risk Management process COMMUNICATE AND CONSULT ESTABLISH THE CONTEXT MONITOR AND REVIEW IDENTIFY RISKS RISK ASSESSMENT ANALYSE RISKS EVALUATE RISKS TREAT RISKS
Risk Management process COMMUNICATE AND CONSULT ESTABLISH THE CONTEXT MONITOR AND REVIEW IDENTIFY RISKS RISK ASSESSMENT ANALYSE RISKS ANALYSE RISKS Determine consequences Determine likelihood EVALUATE RISKS Estimate the level of risk TREAT RISKS
Analysing Risks Consequences can be assessed under different categories, for example: Health and safety impacts Environmental impacts Customer/public perception impacts Employee perception impacts Quality compliance impacts - includes legislative and regulatory compliance issues Financial/profitability impacts
Risk Management process COMMUNICATE AND CONSULT ESTABLISH THE CONTEXT MONITOR AND REVIEW IDENTIFY RISKS RISK ASSESSMENT ANALYSE RISKS EVALUATE RISKS TREAT RISKS
Risk Management process COMMUNICATE AND CONSULT ESTABLISH THE CONTEXT MONITOR AND REVIEW IDENTIFY RISKS RISK ASSESSMENT ANALYSE RISKS EVALUATE RISKS TREAT RISKS • EVALUATE RISKS • Compare against criteria – what level of risk are you prepared to accept? • Set risk priorities based on categorisation of low/medium/high/extreme
Risk Tolerance (Criteria) What is our attitude towards and tolerance of the risks involved with running the organisation? Health & Safety Financial Political/Regulatory People Any other criteria
Risk Management process COMMUNICATE AND CONSULT ESTABLISH THE CONTEXT MONITOR AND REVIEW IDENTIFY RISKS RISK ASSESSMENT ANALYSE RISKS EVALUATE RISKS TREAT RISKS
Treating Risks There are different ways of treating risks including: Avoiding risk by deciding not to start or continue with the activity that gives rise to the risk Removing the risk source Changing the consequences of an event Changing the likelihood Sharing the risk with another party or parties (e.g. insurance) Retaining the risk by informed decision (e.g. if you are the best to manage the risk or cost prohibitive to do otherwise) It is not always possible to completely get rid of a risk and thus, after applying the risk treatment, you are left with the residual risk.
Communicate and Consult Compiling the Risk Matrices should never bedone in isolation. Do we have all the ‘smarts’ to put together the Risk Matrices ourselves? Who else needs to have inputs? Some of the Risk Treatments will need to be undertaken (or are already undertaken) by others – how do we engage them in this process?
Monitor and Review • Need to decide on what is an appropriate process for the level and frequency that risks are reviewed. • For example: • High/Extreme risks – reviewed and reported on by CEO to Board at each monthly or quarterly Board meeting? • Medium risks – reviewed and reported on by CEO to Board at 6-monthly intervals? • Low risks – review annually as part of the regular/annual review of the Risk Matrices? • The occurrence of an incident may also generate a trigger to review the Risk Treatment Strategy or Risk Matrices. • Also need to understand how we will monitor external changes (legal, government policy, etc) and feed this in to our changing approach to risk management.
Summary Which of the following has a higher risk? Losing money on buying a lottery ticket This has a high likelihood and low consequence so would be classified as a ‘High’ risk. Being killed in a commercial plane crash This has a low likelihood and high consequence so would be classified as a ‘High’ risk.
About Principal Consultant Andrew Ellis has substantial experience across a number of organisations in strategy, risk management and sales & marketing. Andrew had a 15-year career at NYSE-listed engineering firm KBR with roles as engineer, project manager, quality manager, sales director, and over four years on the Australian Board. His qualifications include a Bachelor of Engineering (Mechanical) and Masters’ degrees in project management and business administration. He is a Member of the Australian Institute of Company Directors and Engineers Australia. He has gained significant industry contacts across engineering firms, construction firms, client and government organisations through his corporate and project experience. Andrew currently sits on a number of boards for commercial and not-for-profit organisations in the engineering, IT, overseas aid and sporting/recreation sectors. He has experience working in numerous businesses across a range of industries including: defence, infrastructure, mining/minerals, sport/recreation and overseas aid. Andrew has a consulting practice (AJE Consulting Pty Ltd) providing advice on strategic planning, risk management, sales and marketing. Ph: 0412 150 772 | Em: ajellis@adam.com.au