Topic: Risk Management ModelBY: Sadia Hanif

Risk Management Model includes;1.Indentifying Risks2.Assessing Risks3.Addressing Risks4.Review and Reporting Risks5.Communication and learning6.The extended enterprise7.Risk environment and context

To make risk management effective there is need to balance number of interwoven elements that interact with each other. This risk management model helps to balance such elements.

Building risk profile Two phases in risk identification

1. Initial Risk Identification2. Continuous Risk Identification

In both cases1. Assess and prioritized in relation to objectives.2. Carefully define Generic risks3. Clarify cause of the impact and impact to

objective

Approaches used 1. Commissioning a Risk Review2. Risk Self-Assessment

Principles for assessing Risks1. Ensure clearly structured process2. Record the assessment of Risks3. Clarify inherent and residual risks

Types of Risks1. Numeric Risks2. Reputational Risks

Assessment should care of following1. Unbiased independent assessment2. Avoid confusing objective assessment3. Assess both likelihood and impact of risks4. Risks should be categorized by scaling

Purpose : To turn uncertainty to the organization’s benefit by constraining threats and taking advantage of opportunities.

Five key aspects of addressing Risks1. Tolerate2. Treat

1. Preventive control2. Corrective control3. Directive control4. Detective control

3. Transfer4. Terminate5. Take the opportunity

“ The overall risk management process should be subjected to regulate review to deliver assurance that it remains appropriate and effective”

Principles of review process1. all aspects of risks reviewed once a year2. Risks review done with appropriate frequency3. Make alert to new risks or changes to existing

risks

Tools and techniques used1. Risk Self-Assessment ( RSA)2. Stewardship Reporting3. Risk Management Assessment Framework4. Internal audit

“It is not a distinct stage, it runs through whole risk management”

The aims are;1. Maintaining a good network of communication

with relevant parties/people2. Communication within organization about risks3. Communication with partner organization4. Communication with stakeholders

“No organization is entirely self-contained – it will have a number of inter-dependencies with other

organizations. These inter-dependencies are sometimes called the ‘extended enterprise’ and

will impact on the organization's risk management.”

Other Government organizations Have a relationship with bodies which they

either “parent” or which have a “parent” role over them.

Probably all government organizations will have dependencies on contractors or other third parties, although the extent of these dependencies will vary.

“ Beyond the boundary of the ‘ extended enterprise’ other factors contribute to the environment in which risk has

to be managed”

Laws and regulations, can have an effect on the risk environment

The economy For government organizations is

Government itself. Every organization is also constrained by

stakeholder expectation.

“Our lives improve only when we take chances- and most difficult risk we

can take is to be honest with ourselves”

Walter Anderson