Chapter No 1.ppt

8/10/2019 Chapter No 1.ppt

1/50

Context of RiskManagement


2/50

What is Risk?

- Uncertainty about the outcome of an event

- The effect of uncertainty on objectives

- The combination of the Probability of an

event and its consequences


3/50

What is Risk Management?

- A process that organizations follow tomanage their risks.

- Concerned with avoiding or limitingundesirable consequences of possibleevents.

- Risk Professionals attempt to anticipatemisfortune and minimize its impact.


4/50

Risk Prone Vs. Risk Averse

Risk Prone : Enjoy and use risk

Risk Averse: Want to avoid risk

Some people are between two extremes


5/50

Risk and Consequence

Organizations Risks:-

- Organizations face a wide range of risk- Within Organization

- Around the Organization

- Responsibilities and others


6/50

Risk Consequences

Understanding the Nature of Risk

- Could it happen?- How bad would the loss or damage be?

- How often could it happen?


7/50

Strategy and Speculative Risk

- Directors and Senior Managers make a

range of decisions;- A single Wrong Decision may be

devastating;

- Strategy Risk is concerned with thisdecision making.


8/50

Strategy and Speculative Risk

- Speculative Risk is where someone

choose to place money or other resources atrisk.

Examples:-

- Investment risk- Start New operations


9/50

Operational Risk

Risk encountered daily operations areoperational Risks.

Examples:

- Injury to person on Building

- Key designer suddenly leave fashionhouse


10/50

Risk Management Standards

- Risk Management as a profession began intwentieth century

- Currently UK Stock Exchange require new companiesto submit Risk Management reports.

- Professional Organizations have attempted to set BestPractice Standards e.g ISO 2009, ISO 31000 etc


11/50

Relationship Between Risk &Objectives of an Insurance

CompanyObjectives and Plans:

- All Organizations have range of Objectives;

- Some are more crucial than others;

- Larger Organizations need some formal focus to

communicate common objectives;- Risk Mangers will be more concerned with the

plans & objectives.


12/50


CompanyDependencies:

- Organizations have range of dependencies;

- Other organizations, resources or markets.

- Common set of dependencies are normally

stakeholders;- Dependencies are changing with modernization ofBusiness.


13/50


CompanyErrors and Deficiencies:

- Modern Business Model is different than that oftwenty years ago;

- It offers less margin for errors;

- Understanding this risk and it management iscritical.


14/50


15/50


CompanyStakeholders:- Employees

- Suppliers- Customers and other Recipients of Service

- Distributors

- Regulations

- The Media


16/50


CompanyStakeholders: Cont'd

- Private Investors

- Banking Industry

- Quoted Shareholders

- Business Partners- Environmental Group

- Other Groups


17/50


CompanyDamage or Loss:

- People- Assets

- Revenue and Cash Flow

- Legal Obligations


18/50

Organisational Risk

Damage:

An organisation has to consider the value andresponsibilities that it needs to safe from damage orloss.

Safety of people;

Assets owned by the organisation and those assetsbelonging to others for whom it carries;

The confidence in the business and thus the value of

brand name;


19/50

Organizational Risk

The avoidance of litigation costs;

The legality of the organization and compliancewith relevant regulators requirement; and

The operational ability to continue to manage theorganization effectively and deliver in time andquality on promises and contract.


20/50

Organizational Risk

People:

In relation to it people organization needs

Safe Environment for protection from accidentand crime;

A safe environment that protect employees andvisitors from illness.


21/50

Organizational Risk

Assets:

Intellectual Assets;

The reputation of, and confidence in, theorganization;

The network of critical supplies;

The distribution system;Customer Base.


22/50

Organizational Risk

Revenue and Cash Flows:

Financial control

Timely cash flowLegal Obligations:

Regulatory and Licence approval

Contractual responsibilities

Environmental Responsibilities

Fines and Penalties emerging from criminal Law


23/50

Organizational Risk

Expenses arising from litigation by employees andthird parties

Other Statutory responsibilities.

The need for and Value of Risk


24/50

The need for and Value of RiskManagement

Exploring Risks

Cost of Negligence

Death and injury


25/50

Loss of Money or other

Valuables

Loss of Physical Valuables

Loss of Intellectual AssetsLoss of Reputation, confidence and destruction of

brand values

Different organization needs


26/50

Global and Political Risks

Difference in National Risk: An organization cantassume that culture and legal system overseas arethe same as in the home country.

There will be physical and environmental

difference in infrastructure and supportingservices and deference in custom and practice.

Risk Professionals need to thoroughly understandinternational risk to absorb them into riskmanagement programs .


27/50

Arrangement of Insurance

Additional risks due to overseas working cannotalways be managed simply by additional insuranceor extensions to existing policies.

Such local regulatory demands could be onesrequiring certain compulsory insurance and mayinsist that some business is placed in the localinsurance

Tailored solutions are available.


28/50

Uncovered Events

In countries with political, national or religiousinstability an organization will have to be clearwhat compensation, if any is available for damage

caused by riots, disturbances, civil war, terrorattacks and other generally mensurable events.

Relevant information on international securityrisks should be sought from wide and variedsources appropriate to the risk being evaluated.


29/50

Internal Management

Organization possibly suffer greater loss frominternal miss-managed risks.

Common Policies designed at head office are notimplemented abroad.

Threats arise from distance managers signing poorcontracts, not managing cash flow and controlling

product liability.Threats of fraud and embezzlement or justpersonal incompetence going undetected.


30/50

Control Transactions andInterpretation

Part of risk management is Security of process ,procedures and internal controls;

What one group people accept may be totally aliento another, leading to different interpretation andmisinformation arriving at head office.

Properly designed IT system may help but also

threat in not lead properly.


31/50

Global Risks

Events and trends that potential global impactare unknown as global risks.

Global trends such as population growth andclimate change affect everyone as resourceshave to be shared and natural environment asthreatened.

Five categories of Risk are:-Economics,environmental, Social, Technological,Geopolitical.


32/50

Economic Risk

Financial issues that affect particular market sector orglobal trading environments examples include:

Food Price VolatilityOil Price RisesReduction of Chinese economics growthRevaluation of the US DollarWorld banking crises

Assets price collapse.

Fiscal policy, market Reassessment and price structure can help to manage theserisks .


33/50

Global Environmental Risks

It can be Natural phenomena, Weather related orman-made activity;

Large Earthquakes, droughts, flood air pollution andbiodiversity.

Private organization should follow local activitieswhich will determine their responsibilities and

liabilities in emergency situations and long termprecautions they may need.


34/50


35/50

Technological Risk

Internet or satellite failure;Result in breakdown of commercial distribution and customerservice facilities.Relate to Data loss, data fraud on global scale.'Millennium Bug' threatened to stop all the computers at century turnis an example of technological risk.


36/50

Geopolitical Risk

Arise when a group of nation disagree, causing tension and the riskof armed conflict;or where a particular nation's philosophy andbehavior is seen as a general threat to the other.Example: Middle East Discontention of Palestine issue.Solution would diplomacy, discussion and mediation.


37/50

The Risk Management Process

Establish the context

Identify Risks

Analysis Risks

Evaluate Risks

T r e a t R i s k

Communication Monitor &Review


38/50

The Risk Management Process

Steps to manage Risk in more detail are asfollow:-

Clarify the brief & context; Understand what threats there are; Understand the potential within those threats; Understand the likely frequency; Decide risk level;

Take action on acceptable Risk Upgrade and maintain the risk level Communicate information to all departments.


39/50

Steps of Risk Management

Developing Risk Management Philosophy: The statement may define different levels of

perceived threat, likelihood and impact, each requiredifferent responses.

A clear organization wide, risk managementphilosophy enables individual risk work to be donewithin framework of long-term objectives and decisionmaking.

It include how Risk is monitored, reported, role andkey responsibilities of key people involved and riskmanagement communication.


40/50

Write a Risk Policy StatementA pu b l i shed doc um en t des igned to com m unica te

the r i sk management ph i losophy tha t hasbeen developed.

Inc ludes th ings as : Role & o bjec t ive of Risk m anagement func t ion Statem ent of o rg anizat ion al at t i tud e. Risk cu l tu re Risk appet i te Risk archi tec ture Risk assessm ent Risk doc um en tat ion


41/50

Write a Risk Policy Statement

Risk Mit igat ion Moni tor ing of chang e Risk Managem ent Training Alloca t ion of respo ns ib i li t ies Risk act iv i t ies and pr io r i t ies Criter ia fo r m on i tor ing chang e Risk m i t iga t ion requ i rem ents Each organization have its own philosophy,

objectives, strategy, architecture andmethods.Each will also have its own budgetrequirements depending on employed resources.


42/50

Identify Risk

Risk do need to be identified formally. Individual function managers are often best

able to understand what threats they carry. The debate need to start with clear

objectives with a definition of the tasks and

contribution from all those that can add to

debate.


43/50

Analyze Risks

Once risk have been identified as existingwe need to analyze them.

Both likely frequency of the risk incidenthappen and potential severity of damageare relevant to these considerations.

There are tools to measure risk impact. Risk policy statement continue to be the

foundation stone


44/50

Risk and Impact Control

Organizations have a number of choices

available when setting out to control anunacceptable risk. They can also prepare contingency plans

that will enable them to manage themselves

through an incident in a way that will avoidunacceptable levels of damage.


45/50

Reducing the Risk

Prior to a loss occurring, an organization hasplenty of opportunity to reduce the chance of riskincident happening.

Physical Control can include fire protection, health& safety measurement, security controls,duplication offsite of computer data etc.

Non-physical Controls can include effective staffrecruitment and other procedure that remove anunacceptable concentration of people risk.

Throughout all these measures, employeeawareness and training are vital risk tools.


46/50

Retaining the Risk

An organization may consider that if aparticular risk incident occurs 'worst case'damage would not be sufficient to divertthat organization from its objectives andresponsibilities.

Decision would be made to accept theconsequences if that risk incident were tooccur.


47/50


48/50

Continuity Planning

A process whereby an organization willanticipate an incident and then prepareitself so that it can manage through theconsequences to the point that the incidentcould not destroy the vital organs of thatorganization.

Examples: Backing u data, storing backuptapes offsite,

Continuity Planning can prepare for a rangeof incidents.


49/50

Updating and Communication

Organizations stand still and neither do theenvironment they operate in.

Consequently, all our risk management process

must recognize and plan for change. Not all change will be significant of course, but

those that must be identified and their significanceevaluated.

Different organization will adopt different rulesand review periods according to their attitude torisk and resources they are willing to deploy.


50/50

Quality Control

All organizations adopt some from of qualitycontrol.

Large organizations arrange audit reporting etc. In small organizations managers personally

assess the quality of work. Where an organization has dedicated risk

professionals they too will interested in quality, toassesses risk involved in failing to meet either

contractual or statutory requirement in productsand services supplied. Organizations must establish effective internal

controls e.g ISO Compliance.

Chapter No 1.ppt

Documents