Supervisors and Managers Training Self-Study Guidelwstaticcontent.s3.amazonaws.com/...Management/...Study-Guide.pdf · Case Study: General Motors ... In this session you will be introduced

Supervisors and Managers Training

Risk Management

Self-Study Guide

Self-Study Guide

Velsoft LearningWorks Training

Copyright All rights reserved world-wide under International and Pan-American copyright agreements. No part of this document can be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise.


How to Use This Guide This Self-Study Guide is designed and laid out in a way that will guide student learning much in the same way that an instructor would. This workbook is comprised of modules called Sessions. Each Session focuses on a major concept in the course. In each Session, we have included short-answer and (in some instances) multiple choice questions which relate directly to the Session material. Throughout the guide, you can take the opportunity to internalise what you have learned by completing the self-reflection exercises entitled “Making Connections.”


Table of Contents Session One: Course Overview ........................................................................................................ 1

Learning Objectives ................................................................................................................ 1 Session Two: Understanding Risk .................................................................................................... 3

Defining Risk and Risk Management ...................................................................................... 3 The Benefits of Risk Management .......................................................................................... 6 Establishing Your Risk Management Context ......................................................................... 7 Making Connections ............................................................................................................... 8 Key Models ........................................................................................................................... 10

Session Three: Risk Management Activities .................................................................................. 13 The Key Activities of Risk Management ................................................................................ 13 Making Connections ............................................................................................................. 14

Session Four: Assessing Risk .......................................................................................................... 15 A Risk Assessment Process ................................................................................................... 15 Making Connections ............................................................................................................. 18 Evaluation Method ............................................................................................................... 19 Case Study: General Motors ................................................................................................. 21 Making Connections ............................................................................................................. 27

Session Five: Responding to Risks ................................................................................................. 28 Risk Responses ...................................................................................................................... 28 Case Study: GM Risk Responses ........................................................................................... 30

Session Six: Resourcing Controls ................................................................................................... 31 Identifying and Evaluating Controls ...................................................................................... 31 Case Study: GM Risk Controls ............................................................................................... 32

Session Seven: Reaction Planning ................................................................................................. 33 The Worst-Case Scenario ...................................................................................................... 33 Case Study: GM Reaction Plan .............................................................................................. 34

Session Eight: Reporting and Monitoring ...................................................................................... 35 A Reporting Hierarchy........................................................................................................... 35 Items to Report ..................................................................................................................... 36 Making Connections ............................................................................................................. 37

Session Nine: Reviewing and Evaluating the Framework ............................................................. 38 A Review Checklist ................................................................................................................ 38 Back at Work ......................................................................................................................... 39 Making Connections ............................................................................................................. 39

Session 10: A Personal Action Plan................................................................................................ 41 Starting Point ........................................................................................................................ 41 Short-Term Goals and Rewards ............................................................................................ 42 Long-Term Goals ................................................................................................................... 42

Summary........................................................................................................................................ 43 Recommended Reading List .......................................................................................................... 44

Risk Management |


1

Session One: Course Overview

Course Overview

Risk management has long been a key part of project management, but in recent years, it has become an increasingly important part of organisational best practices. Corporations have realised that effective risk management can not only reduce the negative impact of crises; it can provide real benefits and cost savings. In this course you will learn a risk management framework that is flexible enough for any organisation. You can apply it to a single project, a department, or use it as a basis for an enterprise-wide risk management programme.

Learning Objectives

By the end of this course, you will be able to:

Define risk and risk management

Describe the COSO ERM cube and ISO 31000

Establish their risk management context

Describe the 7 R’s and 4 T’s that form the framework of risk management activities

Design and complete a basic risk assessment

Determine the appropriate response to risks and create a plan for those responses

Describe the key components of reporting, monitoring, and evaluation of a risk management programme

You will be performing several exercises throughout the course in order to help you produce an effective risk management programme in your organisation.

Risk Management |


2

Consider your own experiences with risk management. Why did you decide to take this course? Take a moment to write down your personal objectives:

Risk Management |


3

Session Two: Understanding Risk

In order to develop a risk management plan in your organisation, you must have a solid foundation of the concepts and terms used in this course. In this session you will be introduced to the foundational ideas informing the study of risk management. The information presented here is essential to your learning experience.

Defining Risk and Risk Management

What is Risk?

The ISO guide about risk management defines risk as, “the effect of uncertainty on objectives.” Risks are typically related to one of four areas:

The organisation’s long-term strategy (three years, five years, and beyond)

The way that an organisation manages change (for example, during mergers and restructuring)

The day-to-day operations of the organisation

The general financial health of an organisation Risk can be positive, negative, or neutral—it is simply a deviation from the norm. Risk is often defined as an event or a consequence.

Examples of Risks

Some risks associated with business include:

Interruptions of the business cycle or business processes arising from government regulation, economic conditions, social conditions, weather systems, natural disasters, and other sources

Unforeseen changes in existing strategic partnerships, key business relationships, and vendor/supply sources

Changing labour market conditions affecting labour force availability and costs

Issues arising from integrations of computer systems, communications networks, accounting systems, and other systems

Access to information may be prevented by government or legal restrictions, privacy concerns, or other frameworks that are put in place

Security conditions might arise that affect operations

Risk Management |


4

Types of Risks

There are two general types of risk. Quantitative risks are those that can clearly be quantified. They have an impact on time, people, money, or other resources.

An example could be lost revenue, lost production, or delayed time. Qualitative risks are those that cannot easily be clearly quantified. This may be because you do not have sufficient historical data to determine the likelihood of the risk and/or its impact is not understood well enough for a qualitative impact to be associated with it.

For example: Your organisation is opening an oil rig in a new area. You have no concrete data for this particular type of machinery in poor weather, but you do know that other facilities in the area have their production affected in varying amounts each year because of weather.

You should always strive to make all qualitative risks quantitative, if possible, by collecting and analysing data.

Risk Management |


5

What is Risk Management?

Risk management is defined as a set of principles and processes that help minimise the negative impacts of risks and maximise the positive impacts. Risk management should identify risks, assess them, determine a suitable response, and implement that response. In order for risk management to be successful, it must be integrated into the culture and the day-to-day activities of the organisation. Your risk management process should be PACED:

Proportionate to the size of your organisation

Aligned to your organisation’s mission

Complete

Embedded into the culture of the organisation and its day-to-day activities

Dynamic and responsive

Exercise: Risk Management in Your Life

Can you provide examples of risk management processes and plans that you already use in your everyday life? Think of your personal property and assets.

Here are a few examples of risk management processes and plans that you may have created (or obtained for yourself), or you may be a participant in.

House insurance

Disaster recovery plans

Succession planning

Risk Management |


6

The Benefits of Risk Management

How are these plans beneficial to you as an individual or to your organisation? They allow you to be compliant with regulations and laws. They also allow you to make better decisions. Some other benefits include:

Reduced operating and legal costs

More accurate reporting

Improved image in the community, marketplace, and/or industry

Competitive advantage

Exercise: Additional Benefits

Can you think of any additional benefits to developing a risk management plan?

Risk Management |


7

Establishing Your Risk Management Context

Each organisation is unique, and it is crucial that you identify the context in which your risk management framework must operate. When you are developing a Risk Management Plan for your business, consider the following:

The regulatory or legal environment you operate in with respect to both internal practices (e.g. labour laws and regulations, liability claims, etc.) and how you relate to your customers and vendors.

Communication methods you will use to notify and communicate with your stakeholders, as a range of techniques may be required to suit different stakeholder groups.

The size of the organisation in terms of the number of divisions, revenue of business lines, size of markets, and budgets of functional groups.

Labour relations in the organisation.

The structure of the organisation, which can affect risk analysis, planning, and implementation.

The culture of the organisation with respect to risk tolerance. Is your organisation a conservative family business or an edgy risk-taker?

Risk Management |


8

Making Connections

Identifying Your Risk Management Context

Can you identify the context in which your organisation’s risk management framework must operate? Describe and analyse three different factors (business environment, structure, or culture) that could potentially influence your risk management process. Factor 1:

Factor 2:

Risk Management |


9

Factor 3:

Risk Management |


10

Key Models

There are two key models which can be used to construct a risk management plan.

The COSO ERM Cube

ISO 31000 Standard and Guide 73

Model 1

COSO ERM Cube

In 2004, the Committee of Sponsoring Organisations of the Treadway Commission (COSO) published a risk management standard known as the COSO ERM (Enterprise Risk Management) cube. It was designed to match up to Sarbanes-Oxley regulatory requirements for organisations in the United States, and is therefore quite popular.

Risk Management |


11

The COSO ERM Cube lays out four categories of risk management objectives:

Compliance

Operational

Reporting

Strategic This is followed by eight rows of components that are needed to achieve those objectives.

Control Activities

Event Identification

Information and Communication

Internal Environment

Monitoring

Objective Setting

Risk Assessment

Risk Response The third dimension illustrates an organisation’s various business units:

Subsidiary

Business Unit

Division

Entity Level Source: Enterprise Risk Management Integrated Framework, Executive Summary (September 2004), Committee of Sponsoring Organisations of the Treadway Commission

Model 2

ISO 31000 Standard and Guide 73

In 2009, the International Organisation for Standardisation published a guide and a standard for risk management. ISO Guide 73 defines generic risk management terms to provide a consistent foundation for frameworks and processes. ISO Standard 31000 provides best practice principles about risk management. Because this is an international standard, much broader based, and very recent, this is the standard that we will focus on during this course.

Risk Management |


12

Exercise: Key Models

Using two sentences, restate the most important aspect of each of these key models.

Model 1 - COSO ERM Cube

Model 2 - ISO 31000 Standard and Guide 73

Risk Management |


13

Session Three: Risk Management Activities

There are several activities that must be performed as you manage risks. These activities proceed from identifying and evaluating the risk, to planning your reaction, monitoring performance, and finally to reviewing your risk management framework. This session provides an overview of these activities. You will be referring to this process later on in the course.

The Key Activities of Risk Management

This graphic shows the seven R’s and four T’s that traditionally represent the key activities of risk management:

Recognise and identify risks

Rank and evaluate risks

Respond to significant risks: Tolerate, Treat, Transfer, or Terminate

Resource controls

Plan your reaction

Report and monitor performance

Review the risk management framework

Risk Management |


14

Making Connections

Seven R's and Four T's

After studying the graphic on the previous page, select one activity and elaborate on why you think it is included as a key activity of risk management.

Risk Management |


15

Session Four: Assessing Risk

Identifying potential risks for your business or organisation is the essential element in the risk assessment process. As well, evaluating the probability of a particular risk is another aspect included in this process. In this session you will learn and practically apply the components of a risk assessment process to your own experiences.

A Risk Assessment Process

Types of Processes

The first step in risk management is to recognise and identify risks. Remember, your risk assessment process should be proportionate to your organisation. If you have a large, complex organisation, you will need a formal, complex risk identification process. If you have a small organisation, a short, informal process may suffice. Either way, you need to spend time recognising and identifying risks.

Templates

You should have (or create) a template to track and record all relevant information. The template will vary in complexity according to your organisation’s needs, but basic information should include:

A risk identifier, such as a number or code

A description of risk o Classification (usually based on organisation’s business or operating units, but

should be customised for each organisation) o Why is it a risk? o Is this a hazard, opportunity, or uncertainty? o Tangible impact (people, time, money, etc.) o Non-tangible impact (reputation, morale, objectives, etc.) o Data gathered or studies completed

A timeline o When might the risk occur? o How long could it last? o Could it reoccur? o What signals or alarms will we see?

Risk Management |


16

The scope of risk. o What could happen as a result of this risk? o What is the likelihood of the overall risk and each consequence? o What data do we have about the consequences of this risk? o What other risks could occur from this risk?

An impact rating and likelihood: A rating of the impact of the particular risk (low, medium, or high),and the likelihood of the risk (likely, neutral, not likely)

Any previous experience with this risk

The risk attitude: A description of the organisational tolerance for the risk

Existing risk systems. o Existing controls and estimated effectiveness o Monitoring procedures o Improvement recommendations and information

Related policy or procedural information

Sample Template

This example of a risk identification template is based on the General Motors Case Study found at the end of this session.

Risk: New technologies such as hybrid vehicles

Description: The marketplace is beginning to ask for hybrid vehicles but these products are not included in our lineup.

Area: Legal Regulatory Marketplace Financial Operating Other (describe)

Possible Tangible Effects (such as money, time, and resources): Loss of market share, reduced profit

Possible Intangible Effects (such as morale and reputation): Could affect GM’s reputation as a cutting-edge auto manufacturer and industry leader

Impact: Low Medium High

Likelihood: Unlikely Neutral Likely

When might this occur? Rival automakers have their product launch scheduled for Q3 next year.

How long could it last? These vehicles will likely be slow to catch on but will quickly rise in popularity.

What other risks could result? If we are required to start manufacturing these new vehicles, we will face significant challenges in worker knowledge, manufacturing equipment, and product sourcing.

Risk Management |


17

Identifying Risks

How do you identify risks? There are a number of ways:

Using real or hypothetical case studies

Drawing on personal and organisational experience

Looking at similar projects and learning from their experience

Consulting experts

Mind mapping or brainstorming techniques

Considering points of failure

Extrapolating from past incidents reports or complaints

Interviewing and/or surveying stakeholder groups

Using systems analysis techniques like flow charting

Operational modeling

Formal auditing or inspections

Conducting new studies or consulting previous studies

Work breakdown structure analysis

Formal analyses such as: o SWOT: Stands for Strength, Weakness, Opportunities, and Threats. A good

system to create a broad picture of any situation. o PESTLE: Stands for Political, Economic, Social, Technological, Legal, and

Environmental. Used to assess the current market conditions and create a strategic plan.

o HAZOP: Stands for HAZard and OPerability study. Provides a structure and system to examine a process or operation to identify risks.

o FMEA: Stands for Failure Mode and Effects Analysis. A system that analyses system failures and their effects.

Risk Management |


18

Making Connections

Risk Assessment at Your Work

Compare the risk identification strategies that are listed on the previous page to the strategies of your own organisation.

Which do you do?

Which do you not do?

Which should you do?

A final note: Information gathering should always be a group activity. Gather hard data whenever possible.

Risk Management |


19

Evaluation Method

Once risks have been identified, you can evaluate them by choosing their rank based on their severity and likelihood. One common method is a 3 x 3 matrix.

Severity

Low Medium High

Like

liho

od

Likely

Focus efforts

here FIRST

Neutral

Not Likely Focus efforts

here LAST

This tool can be customised and even expanded to include additional levels of severity and likelihood.

Risk Management |


20

Exercise: A Severe Risk

Have you ever experienced a situation when you had to manage a severe risk? What techniques did you use to diffuse the potential risk? (If you have not had to manage a severe risk, can you imagine an example of a severe risk for a business or organisation in your industry?)

Risk Management |


21

Case Study: General Motors

This case study focuses on the company General Motors (GM). Your goal is to perform a risk assessment of GM's new approach. You will first identify three risks and then evaluate them.

Background Information

General Motors (GM) has long been the world’s number one manufacturer of cars and trucks. Their brand line has included Buick, Cadillac, GMC, Chevrolet, Pontiac, and Saab. Their business model includes overseas operations such as Vauxhall and Opel, Hughes Electronics, Allison Transmission, and GM Locomotive. They also have stakes in other brands, including Isuzu, Subaru, Suzuki, Fiat, and Daewoo. After years of a downward spiral in their market share, GM finally achieved two straight years of increase in 2002. In 2003, GM planned to continue this gain by launching 30 new gas-powered vehicles. (The questions are on the following pages.)

Risk Management |


22

General Motors Case Study Use the background information to identify three risks to GM’s approach and complete a risk assessment template for each. Present as much information as possible throughout your analysis. Be creative and identify research that they might want to complete if this were a real situation.

Risk One:

Description:

Area: Legal Regulatory Marketplace Financial Operating

Other: (describe)

Possible Tangible Effects (such as money, time, and resources):

Possible Intangible Effects (such as morale and reputation):



When might this occur?

How long could it last?

What other risks could result?

Risk Management |


23

Risk Two:

Description

Area: □ Legal □ Regulatory □ Marketplace □ Financial □ Operating

Other: (describe)



Impact: □ Low □ Medium □ High

Likelihood: □ Unlikely □ Neutral □ Likely




Risk Management |


24

Risk Three

Description:

Area: Legal Regulatory Marketplace Financial Operating

Other: (describe)








Risk Management |


25

Plot the risks

Now that you have identified analysed the risks, evaluate their severity and likelihood by plotting them on the evaluation grid.

Severity

Low Medium High

Like

liho

od

Likely

Neutral

Not Likely

Risk Management |


26

Case Study Responses: Possible Risks

Some possible risks that GM might encounter include:

Volatile financial markets

Change in emissions standards

New technologies such as hybrid and electric vehicles

New automakers in the market

Changing currency rates

New hazard standards (such as a reduction in asbestos use)

Labour strikes and work stoppages

Political instability in overseas manufacturing areas

Fuel shortages and price changes

Increased pressure to produce may result in quality decrease

More new products increases the possibilities of defects and problems

Risk Management |


27

Making Connections

Managing Risk

Reflect on your own experiences. In your current job, are you responsible for identifying risks? How might the risk identification process and risk plot help you to manage potential problems that you might encounter at work?

Risk Management |


28

Session Five: Responding to Risks

After you have performed a risk assessment, the next step in risk management is choosing a plan of action. Considering these activities as you develop a risk management plan will be helpful when it comes time to deal with an immediate threat.

In this session, you will learn the ways that your risk management team can proceed after a risk has been identified.

Risk Responses

There are generally four ways that you can respond to risks. The best risk response plans usually provide a few options, ranked in order of preference.

Tolerate

Accept that the risk exists. Tolerate the possible consequences.

Treat

Perform an action to mitigate the risk. For example, if you know that the bank may not approve you for as much money as you need, you may want to look for other sources of funding.

Transfer

Transfer the responsibility or the consequences of the risk to a third party. This is often done through a guarantee or insurance.

Terminate

Stop the activity that causes the risk.

Risk Management |


29

Key Considerations

Keep the following points in mind when choosing a mitigation strategy.

Any strategy should do as much as possible to ensure normal business practices are not interrupted or are delayed as little as possible.

In any larger company a risk materialising will almost certainly require media engagement to make announcements, clarify details, and provide on-going information to stakeholders and the general public. They will want to be informed about what your organisation is doing to manage the risk. Managing the media should be part of your risk management plan.

Direct communication with stakeholders is critical. It should be either general but informative, or very specific to the impact the risk has on them.

If there is any chance that people may be injured or worse, you should include medical support in your planning. This can mean having an emergency response team standing by or simply providing emergency support numbers to your staff.

Depending on the risk, you may be required by law to obtain insurance against it occurring. If this is not the case, but insurance is available, you should perform a cost/benefit analysis to determine if insurance should be part of your risk mitigation strategy.

Example of responses to the General Motors hybrid risk described in the case study .

Tolerate Treat Transfer Terminate

Risk One (Emergence of Hybrids)

Do nothing and continue with existing plan

Add hybrids to lineup

Outsource production of new hybrids to another company

Risk Management |


30

Case Study: GM Risk Responses

In the previous session, you identified and evaluated three risks that General Motors might encounter with their new business approach. For this exercise, we would like you to outline one or more strategies for mitigating the previously identified risks.

Tolerate Treat Transfer Terminate

Risk 1:

Risk Management |


31

Session Six: Resourcing Controls

Once a risk has been identified as a potential reality, your risk control plan must be put into action. There are several possible actions which can be implemented in order to manage the situation.

In this session we will describe possible controls that can be used to mitigate the risk. You will then be presented with a series of risk evaluation questions you can ask as you manage a situation.

Identifying and Evaluating Controls

Once a risk has been identified, and you have chosen to treat it, it’s time to look at controls that can be put into place to mitigate the risk. Possible controls can include:

Re-allocating existing people or equipment

Additional people

New equipment

Skills and training

New information Your evaluation should answer the following questions:

Does the control meet laws and regulations?

How well does each control mitigate the risk?

What is the cost of the control vs. the implementation benefit?

What is the sustainability of the control?

What changes might have to be made to this control?

What other effects will this control have?

Risk Management |


32

Case Study: GM Risk Controls

Choose two risks you identified in the General Motors Case Study from Session 4. What controls could you use to mitigate that risk?

For example, with the emerging hybrid marketplace (risk), one control could form a team to monitor marketplace changes and trends, or a facility to build the vehicles.

Risk:

Control:

Risk:

Control:

Risk:

Control:

Risk Management |


33

Session Seven: Reaction Planning

As part of the risk management process, it is critical to build a contingency plan for each major risk that has been identified.

This session outlines the particular details that should be considered in your risk reaction. Knowing what to do if the risk occurs will add to a complete management plan.

The Worst-Case Scenario

You should build a contingency plan for each major risk that has been identified. What will you do if the risk does occur? Your risk reaction plan should include the following considerations:

When: o How will we know when the risk will happen? o What will alarms look like? o When should we start acting?

Who: o Who has responsibility for this risk? o What other resources might they need? o Who else should be informed?

What: o What will happen when the risk occurs? o What will we do when the risk happens? (Depending on the risk, this plan could

be very detailed or very simple. A step-by-step, timed plan may be necessary.) o What consequences could the risk have? o What other risks might this event create?

Where: o Where is the risk going to happen?

Risk Management |


34

Case Study: GM Reaction Plan

Choose one risk that you identified in the General Motors case study in Session 4. Create a reaction plan for that risk.

Risk:

When:

Who:

What:

Where:

Risk Management |


35

Session Eight: Reporting and Monitoring

When your organisation establishes its risk management framework, there are several components that must be established. Developing a reporting and monitoring system can prevent risks from reoccurring or worsening. In this session we will review topics that must be considered in observing the nature of a particular risk.

A Reporting Hierarchy

A reporting hierarchy should be established. Your reporting structure will differ depending on the complexity of your risk management programme. Some common setups include:

A part-time risk manager

A risk management committee

A full-time risk management champion

A risk management team

A risk management department with an internal audit team Your organisation will need to develop a checklist of items that will need to be reported on and monitored on a regular basis. This checklist should include:

What data is to be gathered

What form it is to be presented in

Templates to be used

When data should be gathered and reported

Who is responsible for measuring, reporting, and monitoring

Risk Management |


36

Items to Report

Items that will need to be reported on include:

Changes to risks

Near misses and incidents

Changes that will affect the risk management programme, such as legislative changes, industry developments, and changes in supporting elements of risk planning

Depending on your organisation, you may also need to provide reporting according to external guidelines, such as Sarbanes-Oxley or Turnbull. Items that should be monitored include:

Effectiveness of risk controls

Cost of controls vs. benefit achieved

Laws and legislation

Industry climate

Alignment of risk management plan with corporate goals

Risk Management |


37

Making Connections

Risk Management Structure

What type of risk management structure would you consider to be most suitable for your organisation?

Reporting and Monitoring

Propose possible measuring, reporting, and monitoring techniques that your organisation would require.

Risk Management |


38

Session Nine: Reviewing and Evaluating the Framework

The previous sessions have reviewed the most important points to consider as you develop a risk management plan for your organisation. We believe however, that the risk management process must be continually updated to reflect any changes in the organisational environment. This session will prepare you for the practical application of your risk management skills in your workplace.

A Review Checklist

A plan for periodic review and evaluation of the risk management framework is a critical element of any risk management programme. Typically a thorough review is performed annually. Here are several examples of activities that should be performed in the review process:

Analysis of risk response measures and whether they achieved the desired result, and did so efficiently

Review of reporting and monitoring procedures

Knowledge gap analysis for risk assessments (Were people able to find the information they needed?)

Compliance check with appropriate regulations and organisations

Opinions of key external and internal stakeholders

Self-certification

Risk disclosure exercise, to identify future risks

Repeat of risk assessment

Lessons learned

Recommendations and implementation plan Remember, the review should be proportionate to your organisation. If your organisation is small, an afternoon meeting to review your risk management programme may be sufficient. For larger organisations, the review process may take weeks or even months and require outside assistance.

Risk Management |


39

Back at Work

As you finish this course, you must now consider how you will implement a unique risk management plan that meets the needs of your organisation. We have included the following exercises to help you begin to organise your ideas and questions you may have.

Making Connections

Return to Work Plan

Can you propose three objectives or goals for developing your risk management plan, to which you could refer when you return to work?

Risk Management |


40

Possible Problems

What problems can you anticipate that may influence your ability to develop a risk management plan when you return to work?

Risk Management Improvements

Has your organisation made any previous efforts to establish a risk management plan? Do you have any comments or suggestions of how current risk management activities could be performed differently?

Risk Management |


41

Session 10: A Personal Action Plan

You have participated in this course and have learned a lot about risk management. How will you use the things you have learned in the future?

Now is the time to take action.

In this session, you will be asked questions to help you plan your short-term and long-term goals. By reflecting on where you currently are and where you want to be, you can solidify, in your mind, what you want your future to hold.

Starting Point

I know where I’m starting from. I know I am already good at these things, and I can do them more often:

I can learn this, I am learning this, and I am doing what I can at this stage as well. I have already learned:

Risk Management |


42

Short-Term Goals and Rewards

I will start with small steps, especially in areas that are difficult for me. My short-term goals for improvement are:

I promise to congratulate and reward myself every time I do something, no matter how small, to maintain and improve my skills. My rewards will be:

Long-Term Goals

I’m setting myself up for success by choosing long-range goals to work for gradually. My long-term goals for success are as follows:

Risk Management |


43

Summary

Congratulations! You have completed the course "Risk Management."

In this course, we started with a focus on risk—its definition, benefits and context in your workplace. We looked at the key risk management activities, such identifying and evaluating risks. We then explored risk responses, resourcing controls, reaction planning, and reporting and monitoring. After this, we looked at how to review and evaluate a risk management framework. To give you practice with the material presented in this course, we used a case study based on the risks that a car manufacturer, General Motors, might encounter in the attempt to increase its market share.

Developing a risk management plan is essential for organisations and business of all sizes, within any industry. We encourage you to practically apply these risk management techniques in your workplace.

Risk Management |


44

Recommended Reading List

If you are looking for further information on this subject, a recommended reading list is included below.

"A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO

31000." The Institute of Risk Management. 2010. http://www.theirm.org/documents/SARM_FINAL.pdf.

Committee of Sponsoring Organisations of the Treadway Commission. "Enterprise Risk Management - Integrated Framework (Executive Summary)." Committee of Sponsoring Organisations of the Treadway Commission. September 2004. http://www.coso.org/documents/COSO_ERM_ExecutiveSummary.pdf.

Crouhy, Michel, Dan Galai, and Robert Mark. The Essentials of Risk Management. 2005: McGraw-Hill, n.d.

Hampton, John. Fundamentals of Enterprise Risk Management. AMACOM, 2009. International Organisation for Standardisation. ISO 31000:2009. 2009. International Organisation for Standardisation. ISO Guide 73:2009. 2009. Project Management Institute. A Guide to the Project Management Body of Knowledge, Fourth

Edition. Project Management Institute, 2009.

Documents

Supervisors and Managers Training Self-Study Guidelwstaticcontent.s3.amazonaws.com/...Management/...Study-Guide.pdf · Case Study: General Motors ... In this session you will be introduced