Risk description training 22_dec12

Enterprise Risk Management


Risk Description Training


Introduction & Objectives

What is risk?

How to write risk descriptions?

What is risk register?

How to identify risks?



What is risk?





INDIA (3)

What is Risk ?

“the chance of something happening that will

have an impact on objectives” (AS/NZS 4360:2004)

“effect of uncertainty on objectives”(ISO 31000:2009)

“Any uncertain event or set of circumstances that, should it occur, would have an effect on one

or more objectives”

(Association for Project Management 2004)


Risk and Objectives:

Risk is not the same as uncertainty.

Risk arises when uncertainty has the potential to affect objectives.

There are uncertainties that cannot affect objectives, and which are therefore

not risks.


Risk versus Reward:

Risk and Reward are two sides of the same coin.


Positive Risks• Increased business

opportunities• Reduction in the

maintenance cost

Negative Risks• Loss of key resources• High staff turnover• Poor talent management



What is risk?






As a result of (Definite cause), (an uncertain event/risk) may occur, which would lead to (an impact on objectives)

Risk Description

Cause Risk eventConsequen

ce

Improper server maintenance may result in failure of SAP server and loss of data which would lead to business interruption.


As a result of band screen choke, all sea water intake pumps will trip, leading to plant black out.

As a result of high staff turn over, production and quality will get affected, leading to loss of revenue.

Delay in payment may cause vendors to stop supplying chemicals, leading to plant shutdown.

Insufficient purchase specification may result in inappropriate product procurement which will affect quality requirements.

Technical

HR

Finance

SCM

CauseRisk event

ConsequenceRisk Description Examples


Risk Event

consequence

Cause

1 2

All elements present / Needs Improvement

Risk Description 1

CauseRisk event

Consequence

All elements present / Needs Improvement

Risk Description 1

Risk Description Activity

Comments

Comments

1. Identify 2 risk events in your area2. Determine the consequence and causes3. Describe the risk in the box


Cause Risk eventConsequen

ce

Good risk descriptions shall have at least these

3 elements.

Which objective will be affected and to what extent?

Which uncertain event can go wrong and how?

Which reason will trigger the uncertain event?


RISK TRIGGER

An indication that a risk has occurred or is about to occur. They sometimes are called risk symptoms or warning signs. Triggers may be

discovered in the risk identification process and watched in the risk monitoring and control process.


Causal taxonomy of risk


Flood risk from the householder perspective


Interchangeability of concepts depending on perspective




What is risk?







RISK REGISTER

Control Number

Controls

Control AttributesManual / Automated / Both

Preventive / Detective

Frequency

Control Rating

Residual Risk Impact

Residual Risk Likelihood

Residual Risk Rating

Risk Response (Mitigation Plan)

Risk owner

Timeline

Function Name

Process Name

Risk Category

Risk #

Risk Description

Link to Entity Risk Register

Inherent Risk Impact

Inherent Risk Likelihood

Inherent Risk Rating

B /A YX - 001

PlantC Corporate

S SIWPP

E Expansion

Q SQIWPP

B Barge

Y Qurayyah

R Rabigh

J Jeddah office

FunctionOPN Operation

MTC Maintenance

PLG Planning

QAC Quality Assurance and control

IMS Integrated Management System

SCM Supply Chain Management

HRD Human Resource Development

HSE Health, Safety & Environment

FIN Finance & Accounting

ITC Info. Tech & Communication

LGL Legal & Contracts

CBD Commercial & Business Development

CompanyN NOMAC

R ROMCO

S SunE NOMAC

Risk/ControlR Risk

C Control

Risk/Control Number

Risk/Control Coding System

Z / $



Sl. No.

Risk Description

1 Organization Scalability & Business Readiness Risk

2 Bid Management Risk

3 Design & Redundancy Risk

4 Construction Risk

5 Mobilization, Training & Handover Risk

6 Maintenance Risk

7 Unplanned Outage Risk

8 Quality Management Risk

9 Contractual Risk

10 Business Management Risk

11 Integration Challenge Risk

12 Commodity Risk

13 Health & Safety Risk

Sl. No.

Risk Description

14 Regulatory & Environment Risk

15 Technical Planning Risk

16 Procurement Planning Risk

17 Procurement Efficiency Risk

18 Inventory & Warehouse Management Risk

19 Warranty Management Risk

20 Manpower Planning Risk

21 Recruitment and Retention Risk

22 Challenges resulting from Saudization Targets

23 Working Capital Risk

24 Information for Decision Making Risk

25 Accounting & Reporting Risk

26 Information Technology Risk

NOMAC – Entity Risk Register


Risk Assessment Criteria MatrixIMPACT LIKELIHOOD

Score

RatingFinancial

Impact (SAR)Organizational & Operational

ScopeReputation & HSE

ImpactScore Rating Certainty

Frequency

5 Critical > 15 Mn

- Inability to continue normal business operations (e.g. Catastrophic failure, termination etc)

- Non compliance to environmental regulatory requirements.

- Fatality- Failure to obtain,

maintain and renew approvals required under the law

- International reputation impact

5 Expected > 90% Often

4 Significant 10 to 15 Mn

- Extended unplanned Availability losses.

-Heat Rate / Specific power consumption in excess of contracted values for an extended period.

- Loss of multiple key resources.

- Permanent disability- Loss of trust of partners- Trend of adverse events- Inefficient crisis

management- National reputation

impact

4 Highly Likely < 90% 3-4 times a

year

3 High 7 to 10 Mn

- Unplanned Availability losses in excess of contracted values.

- Heat Rate / Specific power consumption in excess of contracted values.

- Loss of 2-3 key resources.- Disputes with off-taker / Project Company

- Major Injury/Major ill health

- Isolated adverse events- Considerable reputation impact

3 Likely <60%Less than 2

times a year

2 Moderate 3 to 7 Mn

- Unplanned Availability losses within contracted values.

- Heat Rate / Specific power consumption in excess to the projected values

- Loss of key resources.

- Minor Injury/Minor ill health

- Non compliance to regulatory requirements (other than environmental).

- Limited reputation impact

2 Slightly <30% Once a year

1 Low <3 Mn Slight Impact 1 Not Likely <10% 3 Years and

Beyond


Immediate attention required to develop new mitigation plans so as to ensure treatment level is acceptable

Effectiveness and efficiency to be reviewed on periodic basis

Document exist for mitigation plans. Regular monitoring of risk and/or treatment required along with review of efficiencies and effectiveness.

Risks are mitigated but efficiencies and effectiveness to be reported on periodic basis

Attention required to ensure appropriate level of mitigation controls are in place and review of effectiveness to be carried out on periodic basis

Control Effectiveness

Risk Rating 1 - Excellent 2 - Good 3 - Fair 4 - Poor 5 - Unsatisfactory

5- Critical

4- Significant

3- High

2- Moderate

1- Low

Responsive Action Map




What is risk?





HOW TO IDENTIFY RISKS?

Your own experience

Ask yourself “What-if” questions

Challenging and questioning assumptions

Thinking wider than the known facts

Expert and specialist judgment

Audit findings

Historic data and future trends

Critical path analysis

Scenario planning

Root cause analysis

One to one interviews

Anonymous questionnaires

Team Brainstorming

Structured discussions & Workshops


This is not the end but just the beginning of Risk Management…

Thank you !
