1 / 29

bsbrsk401a identify risk and apply risk management processes

bernad
Download Presentation

bsbrsk401a identify risk and apply risk management processes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. BSBRSK401AIDENTIFY RISK AND APPLY RISK MANAGEMENT PROCESSES

    2. 2

    3. 3 ASSESSMENT Assessment for this unit will be based on: Your workshop participation and contribution levels The completion of the learning activities during the workshop Completion of a final assessment task which will be explained at the end of the training.

    4. 4 UNIT OVERVIEW In this unit we will discuss: The reasons why it is necessary to identify, and manage the risks associated with your organisation's operations Tools you will take away from this session include: the ability to identify, document, report on and manage risks understanding of the relationships between risk management and business sustainability methods of auditing and reviewing risks and risk controls

    5. 5 In this section we will discuss the methods you can use to: access and use appropriate tools for identifying and assessing risk identify and assess risk document identified risks

    6. 6 RISK TYPES Risk and contingency management form an integral part of an organisation's planning processes Risks can be categorised as pure or speculative and include: organisational risks environmental hazards business process and asset risks information hazards technological risks

    7. 7 THE BUSINESS WORLD

    8. 8 ACTIVITY 1 In groups Discuss  Record Report 10 minutes

    9. 9

    10. 10 RISK ANALYSIS A hazard is any event, incident or situation that might detrimentally affect business operations, people or the environment Risk is the likelihood that: the event or situation will occur, and actual harm will result from the event or situation

    11. 11 WHO SHOULD RISK MANAGEMENT BENEFIT? Risk management should benefit all stakeholders including: employees customers suppliers investors lenders regulators the community at large An over-focus on any one set of stakeholders inevitably cheats others

    12. 12 ACTIVITY 2 In groups Discuss  Record Report 25 minutes

    13. 13 IDENTIFYING RISKS To manage risk you must firstly identify the hazards and potential hazards ASK: What things must be done to achieve your organisation's goals and objectives? What constraints or other conditions might prevent achievement of these objectives? What damage might be caused by pursuing these objectives? What systems can be put in place to identify and manage risk – to reduce or control damage?

    14. 14 TOOLS Approaches to risk identification include combinations of: checklists judgments based on experience records – organisational, government etc. flow charts brainstorming systems analysis scenario analysis systems modelling

    15. 15 Collect information from stakeholders Use: testing and experimentation techniques surveys audit questionnaires fishbone diagrams force field analysis SIPOCC analyses SWOT analyses Use business journals, newspapers, and employees as sources for risk information Ask worst case scenario questions

    16. 16 SIMULATIONS Simulations are mathematical projections that provide, in very simplistic terms, methods of generating answers to the questions 'What if…?" or, "If condition X exists and condition Y is likely to occur, what are the probability results?“ The Monte Carlo simulation is a commonly used tool

    17. 17

    18. 18 OTHER TOOLS Fault tree analysis identifies, for instance, the probability of a system failure Event tree analysis operates in the opposite way to fault tree analysis by taking a situation and asking to what system states it might lead Focus groups can be used to audit risks and create risk files for a business or operations unit. These are then linked to whole of organisation performance Econometric models or diagnostic models involve the collection of accurate, timely data which is formulated into a risk inventory, incorporating key questions, indicators of performance, goals and simple scoring tables. Risk/reward ratios provide a balance of risk against benefit

    19. 19 DATA/INFORMATION

    20. 20 PROBLEM SOLVING

    21. 21 ACTIVITY 3 In groups Discuss  Record Report 15 minutes

    22. 22 CONTINGENCIES Contingency plans are the plans or processes that can be put in place in the case of an emergency, truly unexpected or non-forecast event or threat. They are back-up and disaster or problem recovery Plans. They comprise, therefore, part of the risk management process.

    23. 23 FOR INTERACTIVE DISCUSSION What are the core issues that should be covered by contingency plans? What sorts of contingencies might apply in your industry or to your organisational operations?

    24. 24 A benchmark is a standard by which something can be measured or judged When identifying risks and developing control methods it is a good idea to utilise information and information about the successful practices used by other organisations

    25. 25 THE PROCESS Risks should not be evaluated as they are identified Ensure adequate definition of risks State risks clearly and concisely Do not make your focus too narrow Use more than one method to identify risk Generate a number of alternatives - do not simply select the first or the most obvious strategy Identification and assessment must lead to practical applications Do not forget that risks have good and/or bad impacts- good outcomes must be improved, bad outcomes diminished

    26. 26 SECTION 2ANALYSE AND EVALUATE RISKS

    27. 27 RISK ANALYSIS Strategic risks relate to earnings consistency, competitive advantage, productivity, capital utilisation and branding Business risks are those risks that are inherent in normal business operations Process risk assessments identify and evaluate process and operations risks as well as current control practices, procedures and quality management applications

    28. 28 SOURCES For instance: environmental changes anomalies or deficiencies in current processes or systems errors and mistakes inadequate information flows – poor communication facility or equipment malfunction poor leadership inappropriate or unrealistic performance expectations or incentives

    29. 29 ACTIVITY 4

    30. 30 COST MINIMISATION Cost reductions = increased profits Effective risk management contributes toward cost reductions by improving quality, making the best possible use of resources and minimising waste, mistakes, down time and re-work

    31. 31 THE ENVIRONMENT ASK: “How will our activities impact on the people and the entities that are our stakeholders?" Pure risks: security, health and safety - the best that can happen is that the particular hazard will not produce an undesirable effect Speculative risks: political, financial and strategic risks - have the potential improve an organisation’s competitive advantage

    32. 32 FOR INTERACTIVE DISCUSSION How can you and other stakeholders influence your organisation's risk management and sustainability policies and practices?

    33. 33 ANALYSIS AND PRIORITISATION Consider risks in terms of hazard/risk life cycles Relate them to: past activities current activities planned and forecast (potential) activities normal operating conditions abnormal operating conditions incidents, accidents and emergencies unexpected events

    34. 34 MATRIXES Make a judgement of likelihood and severity: Map severity against likelihood. The expected outcome/severity of identified hazards can be rated as:

    35. 35

    36. 36 Frequency of occurrence or exposure can also be rated. Identified risk situations can be mapped (whereappropriate) against likelihood and/or severity by using an assessment matrix.

    37. 37

    38. 38 High category risks are unacceptable and must be treated Medium category risks become increasingly unacceptable as risk increases, therefore must be managed Low category risks might require monitoring only, at this stage

    39. 39 An alternate system might present risk in a format similar to the following:

    40. 40

    41. 41

    42. 42 A risk register – the records kept regarding the risk assessment - might also take the following form

    43. 43 RISK CONTROLS As risks are interdependent and interconnected, they also encompass: global risk (including social and environmental) markets politics regulations legal lability operations BUT - Do not forget to acknowledge the other face of risk – reward or benefit

    44. 44 ACTIVITY 5

    45. 45 SECTION 3TREAT RISKS In this section we will discuss the methods you can use to: design and develop controls asses the strengths and weaknesses of controls and proposed controls continuously monitor risk refer risks relevant to the whole of the organisation, or those having an impact beyond your own work area, to relevant personnel or divisions

    46. 46 ACTION PLAN

    47. 47 ACTIVITY 6

    48. 48 TREATMENT Risk management options are usually cited as risk handling options – how to best handle the risk – and are integral to the notion of Duty of Care Control processes can be subdivided into: avoidance control assumption transfer knowledge and research

    49. 49 Risk can also be considered in terms of: elimination engineering administration Substitution The objective of a risk management program is to make work, workplaces and work effects safe and to eliminate hazards or at the very least to minimise them to the extent that the risk is acceptable

    50. 50 IMPLEMENTATION When implementing risk controls: compare the identified risks with both legal and industry acceptable criteria prioritise and document intended actions and controls design risk controls test risk controls put controls into place

    51. 51 RISK TREATMENT SCHEDULE AND PLAN

    52. 52 FOR INTERACTIVE DISCUSSION With whom do you and your organisation need to share information about risks?

    53. 53 FOR INTERACTIVE DISCUSSION What information needs to be shared with employees? How does this encourage employee contribution and early identification of risk?

    54. 54 ACTIVITY 7 In groups Discuss  Record Report 20 minutes

    55. 55 Planning to achieve goals - the process:

    56. 56 CONTROL PROGRAMS Control programs and the resultant risk management policies and procedures should be: well structured formatted to clearly indicate allocated roles and responsibilities integrated into strategic and operations plans linked with KPIs supported by effective systems subject to monitoring, evaluation and review included in continuous improvement and quality management functions compliant with current legislative and industrial standards and requirements

    57. 57 ROLE ALLOCATION Employees need to know: what they should be doing when they should do it why it is necessary what will happen if they do not do it what the limits of their responsibility are what the responsibilities of other employees and of management are what they should monitor and how it should be monitored who they should report to and when to report what records should be kept how to access the necessary resources to do their job

    58. 58 ACTIVITY 8 Individually Discuss with whole group 20 minutes

    59. 59 SECTION 4MONITOR AND REVIEW EFFECTIVENESS OF TREATMENT OF RISKS In this section we will discuss the methods you can use to: regularly review risk treatments contribute to risk audits use review and audit results to improve the treatment of risks

    60. 60 AUDITS An audit is: an inspection of policies, processes, and practices by trained and qualified personnel It involves observation, inspection, examination, evaluation and assessment

    61. 61 IMPROVEMENT Improvement should be driven by: constant environmental change changes in customer/ stakeholder perceptions and opinions new technology new information pro-activity the fact that everything CAN be improved competition best practice benchmarks customer/stakeholder focus

    62. 62 PDCA

    63. 63 FOR INTERACTIVE DISCUSSION How does continuous improvement – Kaizan or the PDCA Cycle apply to the risk management process?

    64. 64 RESPONSIBILITY Everyone should be aware of: what needs to be monitored how and how often it should be monitored the data collection, reporting and recording processes involved Everyone should have access to risk reporting documents, processes and the freedom to make reports without fear of censure

    65. 65 MONITORING consultation with experts will provide scientific and analytical information consultation with shareholders and stakeholders will provide quantitative (and experiential) data plus subjective opinions and ideas consultation with employees will provide first hand knowledge of risks applicable to their work areas records and reporting results will confirm ideas and opinions constant observation and measurement will enable early identification of problems

    66. 66 ACTIVITY 9

    67. 67 PERFORMANCE DATA

    68. 68 ACTIVITY 10 Individually Discuss with whole group 10 minutes

    69. 69 INFORMATION SYSTEMS Documentation relevant to risk monitoring and risk management should be integrated into the organisation's information system. The system should enable access to the records, measurements and performance information necessary to all employees involved in risk management. Effective information systems aid communication (information sharing) between the various sections of the organisation As a result risk becomes easier to control

    70. 70 ACTIVITY 11 In groups Discuss  Record Report 20 minutes

    71. 71 COMPETENCIES An organisation is only as good as the employees who work for it They in turn can only be as good as the training they receive and the resources that are supplied to enable them to do their jobs

    72. 72 ACTIVITY 12 Individually Record Discuss 5/10 minutes

    73. 73 SUMMARY The elements of a risk management program are: identify the risks analyse the risks establish the context and boundaries assess and prioritise the risks plan the control program treat or control the risks monitor and review the program

    74. 74 ASSESSMENT Assessment for this unit will be based on: Your workshop participation and contribution levels The completion of the learning activities during the workshop Completion of the final assessment task

More Related