AXELOS - M_o_R® - Management of Risk - Foundation

PRINCE2®, PRINCE2 Agile ®, P3O®, MSP®, MoP®, M_o_R®, MoV®, ITIL®, P3M3® are registered trademarks of AXELOS

Ltd. The swirl logo™ is a trademark of AXELOS Ltd

Course administration

Course introduction

Start and finish Course style

LunchCoffee and breaks

M00 - Course introduction 2/14 | 2/309

Course objectives

The philosophy and principles of M_o_R Understanding terminology and scope The products/artefacts produced by M_o_R M_o_R roles, process, recommended techniques M_o_R maturity model M_o_R health check Risk specialismsMain goal Attempt Foundation exam with confidence Communicate freely within M_o_R, understanding

its principles and philosophySecondary goal Benefits and value of risk management and M_o_R

Course introduction


Please share with the class: Your name and surname Your organization Your profession Title, function, job responsibilities

Your familiarity with the risk management

Your experience with ISO 31000, ISO/EIC 27005, COSO ERM, FERMA etc.

Your personal session expectations

Course introduction

Let’s Get to Know Each Other


Day

1

Module Subject Start End Total Time(in hours)

01 Introduction to risk management and M_o_R 09:00 11:00 02:00

02 M_o_R principles 11:00 13:00 02:00

Lunch 13:00 13:30 00:30

03 M_o_R approach 13:30 16:30 03:00

Recap Day 1 (including sample exam questions) 16:30 17:00 00:30

Total Training Time 08:00

Course agenda - Day 1

Course introduction


Day

2


Review Day 1 09:00 09:15 00:15

03 M_o_R approach ctn. 09:15 10:00 00:45

04 M_o_R process 10:00 13:00 02:00

Lunch 13:00 13:30 00:30

05 M_o_R roles 13:30 14:00 00:30

06 M_o_R perspectives 14:00 16:30 02:30

Recap Day 2 (including sample exam questions) 16:30 17:00 00:30



Course introduction


Day

3


Review Day 2 09:00 09:15 00:15

06 M_o_R perspectives ctn. 09:15 11:15 02:00

07 Embedding and reviewing management of risk 11:45 13:00 01:15

Lunch 13:00 13:30 00:30

08 M_o_R health check and maturity model 13:30 14:00 00:30

09 Risk specialisms 14:00 15:00 01:00

Foundation exam 15:00 16:00



Course introduction


M_o_R Foundation certification

Foundation Exam Paper based and closed book exam Only pencil and eraser are allowed Simple multiple (ABCD) choice exam Only one answer is correct 75 questions, pass mark is 35 (50%) max 70 points, 5 questions of control

1 hour exam No negative points, no “Tricky Questions”

No pre-requisite for Foundation exam Sample, two (official) mock exams are

provided to you

Course introduction

Candidates completing an examination in a language that is not their mother tongue, will receive additional time


M_o_R Practitioner certification

Practitioner Exam: Paper based and open book exam Reference to M_o_R handbook Handbook is provided for students

Reference to ABC Documentation Part A 3 hour exam 4 questions worth 20 marks each (80

marks), pass mark is 40 (50%) Dictionary/translation lists allowed for non-

native speakers Non-scientific calculator for basic

calculations

Foundation certification is required

Course introduction

Candidates completing an examination in a language that is not their mother tongue, will receive additional time


M_o_R official handbook and examination syllabus

Course introduction

M_o_R syllabus section code and title

IG Introduction and Glossary

PI Principles

AP Approach

PR Process

ER Embedding and Review

PE Perspectives

CT Common Techniques

Module slide number / total module slides

Slide number / total slides

Module number and name

M_o_Rhandbook page

M_o_R syllabus section code

Syllabus Handbook PageM00 - Course introduction 10/14 | 10/309

M_o_R interactive study guide mind map

Course introduction

See Appendix #2 for more mind maps from AXELOS Global Best Practice


M_o_R interactive glossary

Course introduction

quizlet.com/42710371/


About course author - Mirosław Dąbrowski

twitter.com/mirodabrowski

linkedin.com/in/miroslawdabrowskigoogle.com/+miroslawdabrowski

miroslaw_dabrowski

www.miroslawdabrowski.com

Mirosław DąbrowskiAgile Coach, Trainer, Consultant(former JEE/PHP developer, UX/UI designer, BA/SA)

Creator Writer / Translator Trainer / Coach

• Creator of 50+ mind maps from PPM and related topics (2mln views): miroslawdabrowski.com

• Lead author of more than 50+ accredited materials from PRINCE2, PRINCE2 Agile, MSP, MoP, P3O, ITIL, M_o_R, MoV, PMP, Scrum, AgilePM, DSDM, CISSP, CISA, CISM, CRISC, CGEIT, TOGAF, COBIT5 etc.

• Creator of 50+ interactive mind maps from PPM topics: mindmeister.com/users/channel/2757050

• Product Owner of biggest Polish project management portal: 4PM: 4pm.pl (15.000+ views each month)

• Editorial Board Member of Official PMI Poland Chapter magazine: “Strefa PMI”: strefapmi.pl

• Official PRINCE2 Agile, AgilePM, ASL2, BiSL methods translator for Polish language

• English speaking, international, independenttrainer and coach from multiple domains.

• Master Lead Trainer• 11+ years in training and coaching / 15.000+ hours• 100+ certifications• 5000+ people trained and coached• 25+ trainers trained and coached

linkedin.com/in/miroslawdabrowski

Agile Coach / Scrum Master PM / IT architect Notable clients

• 8+ years of experience with Agile projects as a Scrum Master, Product Owner and Agile Coach

• Coached 25+ teams from Agile and Scrum• Agile Coach coaching C-level executives • Scrum Master facilitating multiple teams

experienced with UX/UI + Dev teams• Experience multiple Agile methods• Author of AgilePM/DSDM Project Health Check

Questionnaire (PHCQ) audit tool

• Dozens of mobile and ecommerce projects• IT architect experienced in IT projects with budget

above 10mln PLN and timeline of 3+ years• Experienced with (“traditional”) projects under high

security, audit and compliance requirements based on ISO/EIC 27001

• 25+ web portal design and development and mobile application projects with iterative,incremental and adaptive approach

ABB, AGH, Aiton Caldwell, Asseco, Capgemini, Deutsche Bank, Descom, Ericsson, Ericpol, Euler Hermes, General Electric, Glencore, HP Global Business Center, Ideo, Infovide-Matrix, Interia, Kemira, Lufthansa Systems, Media-Satrun Group, Ministry of Defense (Poland), Ministry of Justice (Poland), Nokia Siemens Networks, Oracle, Orange, Polish Air Force, Proama, Roche, Sabre Holdings, Samsung Electronics, Sescom, Scania, Sopra Steria, Sun Microsystems, Tauron Polish Energy, Tieto, University of Wroclaw, UBS Service Centre, Volvo IT…miroslawdabrowski.com/about-me/clients-and-references/

Accreditations/certifications (selected): CISA, CISM, CRISC, CASP, Security+, Project+, Network+, Server+, Approved Trainer: (MoP, MSP, PRINCE2, PRINCE2 Agile, M_o_R, MoV, P3O, ITIL Expert, RESILIA), ASL2, BiSL, Change Management, Facilitation, Managing Benefits, COBIT5, TOGAF 8/9L2, OBASHI, CAPM, PSM I, SDC, SMC, ESMC, SPOC, AEC, DSDM Atern,DSDM Agile Professional, DSDM Agile Trainer-Coach, AgilePM, OCUP Advanced, SCWCD, SCBCD, SCDJWS, SCMAD, ZCE 5.0, ZCE 5.3, MCT, MCP, MCITP, MCSE-S, MCSA-S, MCS, MCSA, ISTQB, IQBBA, REQB, CIW Web Design / Web Development / Web Security Professional, Playing Lean Facilitator, DISC D3 Consultant, SDI Facilitator, Certified Trainer Apollo 13 ITSM Simulation …


M_o_R - Processes vs Techniques Matrix

Course introduction


1. Introduction to risk management and M_o_R2. M_o_R principles3. M_o_R approach4. M_o_R process5. M_o_R roles6. M_o_R perspectives

1. Strategic2. Programme3. Project4. Operational

7. Embedding and reviewing M_o_R8. M_o_R health check and maturity model9. Risk specialisms

Agenda

Introduction to risk management and M_o_R

M01 - Introduction to risk management and M_o_R 2/21 | 16/309

Risk definition (according to M_o_R)

Risk An uncertain event or set of events which,

should it occur, will have an effect on the achievement of objectives

Risk is a combination of: Probability of a perceived threat or

opportunity occurring, and magnitude of its impact on objectives


“Expect the best, plan for the worst, and prepare to be

surprised”Dwight Eisenhower


Risk management Systematic application of principles, approach and processes to the

tasks of identifying and assessing risks, and then planning and implementing risk responses


Risk management (according to M_o_R)


Programme

Project

Operational

StrategicLong term(continuous, ad-hoc)

Medium term(all programmes)

Short term(all projects)

Business as usual(continuous, ongoing, everyday)

Escalated risks

Escalated risks

Escalated risks

Escalated risks Escalated risks

Delegated risks

Delegated risks

Delegated risks Delegated risks

Delegated risks

When and where risk management should be applied?


© A

XELO

S Lt

d. 2

013.

Mat

eria

l is

repr

oduc

ed u

nder

lice

nce

from

AXE

LOS.

7

Top-

dow

n ap

proa

ch b

y ap

plyi

ng p

olic

ies


Identify

Assess

Plan

Implement

Communicate(throughout)

M_o_R Framework


M_o

_R a

ppro

ach

Risk

man

agem

ent

proc

ess

guid

e

© A

XELO

S Lt

d. 2

013.

Mat

eria

l is

repr

oduc

ed u

nder

lice

nce

from

AXE

LOS.

3

Same M_o_R framework is also used in PRINCE2,

MSP and ITIL

frame●work (frām’wûrk’) n. –

A structure for supporting or

enclosing something, esp. a skeletal support

used as the basis insomething being

constructed


M_o_R consists of 4 components: Principles (8) Embed and review Process (1) Approach (a.k.a. documents) (9)

Applying these concepts in a systematic way enables organisations to put in place an effective framework which helps them take informed decisions regarding risks that may affect their objectives


M_o_R components

3M01 - Introduction to risk management and M_o_R 7/21 | 21/309

Risk related definitions (according to M_o_R) (1/2)

Threat (-) An uncertain event that could have

a negative impact on objectives or benefits

Opportunity (+) An uncertain event that could have

a favourable impact on objectives or benefits

Risk Exposure The combined effect of risks to a set

of objectives



Corporate Governance (according to M_o_R)

Corporate Governance The ongoing activity of maintaining a

sound system of internal control by which the directors and officers of an organisation ensure that effective management systems, including financial monitoring and control systems, have been put in place to protect assets, earnings capacity and the reputation of the organisation


Confederation of British Industry (CBI) definition:“Systems by which companies are directed and controlled”


Corporate Governance - Responsibilities

Shareholders Appoint directors and auditors

Board of Directors Set strategic aims Provides leadership Supervise management Reporting to shareholders

Audit committee Support board and accounting

officer Review comprehensiveness and

reliability of assurances



Internal Control - Factors to Consider

UK Guidance for Directors state that the board’s deliberations should include the consideration of the following factors: Nature and extent of risks Extent and categories of acceptable risks Likelihood of risks Company's ability to reduce the incidence and

impact on the business of risks that do materialize

Costs of operating particular controls relative to the benefit thereby obtained in managing the related risks

It notes that internal audits must cover all internal control systems, not just financial controls



The UK Corporate Governance Code

The UK Corporate Governance Code: The board is responsible for determining the

nature and extent of significant risks it is willing to take in achieving its strategic objectives, and that the board should maintain sound risk management and internal control systems and review the effectiveness of these at least annually

Board determines the nature and extent of risks fading organisation and how much risk it is willing to take to achieve its strategic objectives Board maintains risk management and internal

control systems Board reviews the effectiveness at least annually



Changes in risk management landscape in UK since 2002 (1st M_o_R edition)


2002• Sarbanes

Oxley (USA)

2003• HM Treasury -

The Green book

2004• Basel II• COSO ERM• HM Treasury -

The Orange book

2008• Credit

Crunch

2009• ISO

31000

2010• Basel III

2002M_o_R

V1

2007M_o_R

V2

2010M_o_R

V3Sold 35,000+ copies of V3 in

over 70 countries


Other standards and frameworks dedicated to (non-regulatory) Risk Management (selected)


COSOERM

PMI-RMP(qualification)

AS NZS 4360-1999

CAN-CSA-Q850-97

IEEE Std1540-2001

NIST SP 800-37

ISO/IEC 27005

ISO31000

FERMA OCTAVEAllegro

OCEG GRC Capability

Model

Risk IT


Relationship with other AXELOS Global Best Practices


8

Portfoliomanagement

Portfolio(s) Office

Programmemanagement

Programme(s)Office

Project(s) Office

Projectmanagement

Projectmanagement

Projectmanagement

Man

agem

ent o

f Risk

(M_o

_R)

ITIL

Man

agem

ent o

f Val

ue (M

oV)

RESI

LIA


Relationship with other AXELOS Global Best Practices and Models


11

The Portfolio, Programme, and Project

Management Maturity

Model (P3M3)

ITILMaturity

Model(IMM)

ITILPortfolio, Programme and Project

Offices(P3O)

Management of Value(MoV)

Management of Risk

(M_o_R)

Best practice guides

AXELOS common glossary

PRINCE2Maturity

Model(P2MM)

Models

(MoP)Management of Portfolios

(MSP)Managing Successful Programmes

(PRINCE2)PRojects IN Controlled Environments

Portfolio Office

Programme Office

Project Office

RESILIA


How M_o_R fits with other AXELOS Global Best Practice Guides


P3O

MoP

MoV

MSPPRINCE2

ITIL

RESILIA

Maintaining IT services risk level at appropriate levels

Helping in business continuity and disaster recovery activities

Providing risk management process, know how, techniques to support offices

Aggregating risks at the portfolio level

Giving clear picture of global risks in the entire organisation

Securing value optionswith defining KPI and EWIs

Securing capabilities delivery and benefits realisation

Providing proactive risk management process aligned with global organisation risk management policy

Securing project health with defining KPI and EWIs on project variables

Providing proactive risk management process aligned with global organisation risk management policy

Combining IT risk and cyber security management

Providing risk management process and techniques



M_o_R in numbers (version 2010)


1

4

8

1

9 8

6

27

1

1

Framework

Perspectives

Principles

Process

ProductsRisk Response

Options

Roles

Techniques

Health Check

Maturity Model


Q&A



I hope you enjoyed this presentation. If so, please like, share and

leave a commentbelow.

Endorsements on LinkedIn are also

highly appreciated! (your feedback = more free stuff)

MIROSLAWDABROWSKI.COM/downloads

Education

AXELOS - M_o_R® - Management of Risk - Foundation