Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
© Business Controls Training
Business Risk Management & Controls
© Business Controls Training
xxx So, what is risk? One origin of the concept of risk is the term ‘to dare’; which means risk is seen by many as being related to choice rather than fate.
Risk is ‘To Dare’
© Business Controls Training
xxx
RISK
Any uncertainty about future events that impact
an organization’s ability to achieve its objectives.
Risk is measured in terms of its impact
and the likelihood that it materializes.
We have come up with a generally agreed definition of risk as being about uncertainty which affects our objectives. Which means we all have to live with some degree of uncertainty but it just depends on how much we can control and how much we have to put up with.
What is Risk?
© Business Controls Training
Eurozone Crisis
Global Financial
Crisis
Middle East Uprising
Hurricanes and Storms
Bird Flu
Floods and Fires Employee
Fraud
Legal Claims
Regulatory Fines
Major Complaints
Shareholder Revolt
Failure of Strategy
Breach of Data Privacy
Rogue Traders
Major Product Recall
High Staff Turnover
Aggressive Takeover
Major Project Failures
Need for Huge Budget Cuts
Decline in Consumer Spending
Surge in Energy Costs
Withdrawal of Key Partner
Counterfeit Goods
Political Unrest
Death/Injury of Employees
Major Industrial
Unrest
Industrial Unrest
Loss of a Major Contract
A Risk tightrope?
Horsemeat found in food products
IT Systems Crash
Building Collapse in a Sweat Shop
© Business Controls Training
xxx
IMPA
CT
One way of assessing risk is to work out what impact it would have on your ability to succeed at work. And whether this impact would rate as high or low.
Impact/Likelihood
© Business Controls Training
xxx
LIKELIHOOD %
IMPA
CT
The basic impact/likelihood criteria is pretty much accepted world-wide where it is possible to plot the implications of a risk by locating it on a grid. The vertical line represents the impact of the risk. The horizontal line is the probability (%) that the risk will materialize – that is low, medium or high impact/probability.
Impact/Likelihood
© Business Controls Training
A risk might have a number of consequences, some positive and some negative. Managing the risk and its consequences could change a consequence, potentially from negative to positive.
BSI 31100: 2008
Page 18
British Standards: Risk Management Code of Practice
© Business Controls Training
xxx
LIKELIHOOD
IMPA
CT
Low impact and low likelihood risks become green risks and so cause no real concerns to management. However, the further you go towards the top right hand of the grid the scarier it gets.
Impact/Likelihood
© Business Controls Training
xxx
LIKELIHOOD
IMPA
CT
Yellow risks sit in the middle of our grid. Impact/Likelihood
© Business Controls Training
LIKELIHOOD
IMPA
CT
xxx Red risks have the capacity to cause problems and are also extremely likely to arise. These high impact risks shift our ability to succeed and will probably occur, so they need to be pinned down. Management will want frequent reports on these risks.
Impact/Likelihood
© Business Controls Training
xxx
2008 Global Financial Crisis
2010 Icelandic Volcano
2011 Japanese Earthquake
2011 Middle East Uprising
2012 Eurozone Crisis
Some serious risks come about as a result of a ‘perfect storm’ and are so hard to predict they can literally creep up on us.
Black Swans
© Business Controls Training
xxx
Let’s have a quick look at health and safety as most countries have laws that require businesses to protect their employees from hazards and the risk of accidents.
Health and Safety
A health and safety risk assessment must be 'suitable and sufficient', i.e. it should show that:
• A proper check was made.
• You asked who might be affected.
• You dealt with all the obvious significant hazards, taking into account the
number of people who could be involved.
• The precautions are reasonable, and the remaining risk is low.
• You involved your employees or their representatives in the process.
• Where the nature of your work changes fairly frequently or the workplace
changes and develops (e.g. a construction site), or where your workers move
from site to site, your risk assessment may have to concentrate more on a
broad range of risks that can be anticipated.
© Business Controls Training
xxx
Risk Identification
Formal Disclosures
As you make key business decisions, one way of working out which risks should be on your list, is to go through the rick cycle.
Risk Management Cycle
© Business Controls Training
Business Aims
Business Aims Start with working through your business aims and ensuring staff can see where risk mitigation fits in with their overall objectives.
Risk Management Cycle
© Business Controls Training
Business Aims
Risk Identification
Risk Assessment
Risk Identification The next stage is to work through the types of risks that could arise in your area of responsibility.
Business Aims Start with working through your business aims and ensuring staff can see where risk mitigation fits in with their overall objectives.
Risk Assessment This simply means working through the risks you identified and giving each one a score to reflect the relative importance of the risk.
Risk Management Cycle
© Business Controls Training
Business Aims
Risk Identification
Risk Assessment
Risk Management
Risk Identification The next stage is to work through the types of risks that could arise in your area of responsibility.
Business Aims Start with working through your business aims and ensuring staff can see where risk mitigation fits in with their overall objectives.
Risk Assessment This simply means working through the risks you identified and giving each one a score to reflect the relative importance of the risk.
Risk Management
Risk Management The next stage is problem solving where you will need to work through the measures that can be taken to mitigate the key risks as identified and judged to have an important impact on business success.
© Business Controls Training
Business Aims
Risk Identification
Risk Assessment
Risk Management
Review
Risk Identification The next stage is to work through the types of risks that could arise in your area of responsibility.
Risk Management The next stage is problem solving where you will need to work through the measures that can be taken to mitigate the key risks as identified and judged to have an important impact on business success.
Review This is about revisiting your risk reviews and keeping the findings and action plans up to date, particularly against a changing environment where new threats and opportunities are constantly changing.
Business Aims Start with working through your business aims and ensuring staff can see where risk mitigation fits in with their overall objectives.
Risk Assessment This simply means working through the risks you identified and giving each one a score to reflect the relative importance of the risk.
Risk Management Cycle
© Business Controls Training
Okay so what’s the problem? Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.
A Brief Conversation
© Business Controls Training
Okay so what’s the problem?
That’s not the way I see it. Risk management should sit with the way you work.
Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.
A Brief Conversation
© Business Controls Training
Okay so what’s the problem?
That’s not the way I see it. Risk management should sit with the way you work.
Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.
But I have a corporate strategy to guide me and a performance framework to measure how I’m doing. I really don’t need another head office routine.
A Brief Conversation
© Business Controls Training
Okay so what’s the problem?
That’s not the way I see it. Risk management should sit with the way you work.
I see it as a way of ensuring we build a sensible response to uncertainty into our work.
Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.
But I have a corporate strategy to guide me and a performance framework to measure how I’m doing. I really don’t need another head office routine.
A Brief Conversation
© Business Controls Training
Okay so what’s the problem?
That’s not the way I see it. Risk management should sit with the way you work.
I see it as a way of ensuring we build a sensible response to uncertainty into our work.
Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.
But I have a corporate strategy to guide me and a performance framework to measure how I’m doing. I really don’t need another head office routine.
But I still don’t see why I need to add another distraction into my work in terms of this risk cycle.
A Brief Conversation
HOW WOULD YOU ANSWER?
© Business Controls Training
Okay so what’s the problem?
That’s not the way I see it. Risk management should sit with the way you work.
I see it as a way of ensuring we build a sensible response to uncertainty into our work.
Okay - how about I show you how the risk cycle can sit inside your work rather than as a separate process. Have a look at part two.
Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.
But I have a corporate strategy to guide me and a performance framework to measure how I’m doing. I really don’t need another head office routine.
But I still don’t see why I need to add another distraction into my work in terms of this risk cycle.
A Brief Conversation