Upload
sadia-razzaq
View
81
Download
0
Tags:
Embed Size (px)
Citation preview
Topic: Risk Management ModelBY: Sadia Hanif
Risk Management Model includes;1.Indentifying Risks2.Assessing Risks3.Addressing Risks4.Review and Reporting Risks5.Communication and learning6.The extended enterprise7.Risk environment and context
To make risk management effective there is need to balance number of interwoven elements that interact with each other. This risk management model helps to balance such elements.
Building risk profile Two phases in risk identification
1. Initial Risk Identification2. Continuous Risk Identification
In both cases1. Assess and prioritized in relation to objectives.2. Carefully define Generic risks3. Clarify cause of the impact and impact to
objective
Approaches used 1. Commissioning a Risk Review2. Risk Self-Assessment
Principles for assessing Risks1. Ensure clearly structured process2. Record the assessment of Risks3. Clarify inherent and residual risks
Types of Risks1. Numeric Risks2. Reputational Risks
Assessment should care of following1. Unbiased independent assessment2. Avoid confusing objective assessment3. Assess both likelihood and impact of risks4. Risks should be categorized by scaling
Purpose : To turn uncertainty to the organization’s benefit by constraining threats and taking advantage of opportunities.
Five key aspects of addressing Risks1. Tolerate2. Treat
1. Preventive control2. Corrective control3. Directive control4. Detective control
3. Transfer4. Terminate5. Take the opportunity
“ The overall risk management process should be subjected to regulate review to deliver assurance that it remains appropriate and effective”
Principles of review process1. all aspects of risks reviewed once a year2. Risks review done with appropriate frequency3. Make alert to new risks or changes to existing
risks
Tools and techniques used1. Risk Self-Assessment ( RSA)2. Stewardship Reporting3. Risk Management Assessment Framework4. Internal audit
“It is not a distinct stage, it runs through whole risk management”
The aims are;1. Maintaining a good network of communication
with relevant parties/people2. Communication within organization about risks3. Communication with partner organization4. Communication with stakeholders
“No organization is entirely self-contained – it will have a number of inter-dependencies with other
organizations. These inter-dependencies are sometimes called the ‘extended enterprise’ and
will impact on the organization's risk management.”
Other Government organizations Have a relationship with bodies which they
either “parent” or which have a “parent” role over them.
Probably all government organizations will have dependencies on contractors or other third parties, although the extent of these dependencies will vary.
“ Beyond the boundary of the ‘ extended enterprise’ other factors contribute to the environment in which risk has
to be managed”
Laws and regulations, can have an effect on the risk environment
The economy For government organizations is
Government itself. Every organization is also constrained by
stakeholder expectation.
“Our lives improve only when we take chances- and most difficult risk we
can take is to be honest with ourselves”
Walter Anderson