appendix h: risk training slides (sample). what is risk? “ risk is the effect of uncertainty on...
TRANSCRIPT
Appendix H:
Risk training slides (sample)
What is Risk?
“Risk is the effect of uncertainty on objectives ”
AS/NZS ISO31000:2009
Risk Management
Risk Management is the process of
identifying, analysing and
evaluating risks with a view to
ensuring the effective management
of potential opportunities while
reducing or avoiding adverse
effects.
Risk Management Framework
Provides:
Systematic approach to risk identification & management.
Consistent risk assessment criteria.
Accurate and concise risk information, for decisions.
Cost effective and efficient risk treatment strategies.
Ensure risk exposure remains within acceptable level.
Risk Management Framework
Risk Management: Benefits
Increase likelihood of achieving objectives
Improve quality of care
Protect staff, assets, property and reputation
Performance consistent with values
Support better business decision making
Meet compliance and government requirements
Prevention is better than the cure…
Risk management is a proactive attempt to identify
potential risks and incidents before they happen in
order to develop prevention and response strategies.
Establish the Context
This involves the identification of objectives, legislative and policy requirements and stakeholder expectations.
Strategic Operations Knowledge People & Culture Information Technology Financial
Audits or physical inspections Brainstorming/Workshops Incident and adverse outcome analysis Claims analysis Personal organisational experience Focus group discussion
Identify Risks
Risk identification is a process of determining what can happen and how it can happen.
Risk Categories
The organisation categorises risks according to the following risk categories:
Strategic
Financial
Operational
etc.
Typical Governance Structure
CEO
Audit and Risk Committee
Executive Team
Divisions / Service Areas
Staff
‘Risk Management Unit’
Board
VICTORIAN MANAGED INSURANCE AUTHORITY
Your Role: Annual
Approve risk appetite & tolerances Approve risk escalation & reporting protocols Approve policy, strategy & procedureReview corporate risk profile Determine resource allocation
Review & update corporate risk profile Set risk adjusted business strategies
Integrate risk ID into business planning Set risk adjusted corporate strategyDefine risk appetite & tolerances Review & update corporate risk profile Ensure stakeholders are informed
Review Strategy, process, proceduresRecommend approval or corporate risk profile Assess own performance Ensure stakeholders are informed Understand evolving practices in risk management oversight
RM Executive Committee
General Managers Chief Executive Officer Audit & Risk Committee
VICTORIAN MANAGED INSURANCE AUTHORITY
Your Role: Ongoing
Monitor high risks & controls Monitor implementation of RM StrategyMonitor professional & industry body pronouncements & changes Monitor new business activities & changes
Ensure risks are identified, managed and monitoredOversee staff risk management techniquesAssume accountability for capital expenditures Support risk management framework & procedures Communicate risk management Promote integration of risk management
Monitor high risks & controls Monitor effectiveness of controls Promote risk management culture
Influence strategic directionMonitor high risks & controls Review risks not subject to internal audit
RM Executive Committee
General Managers Chief Executive Officer
Audit & Risk Committee
Risk Register
RefThe Risk
What & How
Consequences of an event
happeningControl
Adequacy of existing controls
Residual Risk
Possible treatment options
10 Staff member
assaulted by patient while on
home visit
Analyse and Evaluate Risks
Taking into account current controls and their effectiveness
Risks are measured and assessed against two key criteria:
The likelihood of the event occurring. The consequence or impact of an adverse event.
The likelihood and consequence tables need to be tailored to the size and nature of the entity.
Likelihood TableRating Name Definition *
1 Rare 1 in 5 years
2 Unlikely
3 Possible
4 Probable
5 Nearly Certain
1 per month
*Insert own scales
Rating Name Definition (example financial metrics)*
1 Insignificant None or small financial expense
2 Minor Unbudgeted expense
3 Moderate Significant budget impact
4 Major Major budget impact/loss
5 Catastrophic Unlikely to recover from financial impact
Consequence Table
Likelihood and Consequence rating scales
Risk Rating Scales: Likelihood
LIKELIHOOD
Level Detailed description
5 Frequent The event is very likely to occur within a month
4 Likely The event will probably occur within 6 months
3 Occasionally The event could occur this year (12 months)
2 Unlikely The event could occur between 1-5 years
1 Rare The event may possibly occur, but unlikely at a frequency less than 5 yearly
Risk Treatment Options
ACCEPT - Accept the level of risk
REDUCE - Reduce the likelihood or consequence via
improved control, contingency
planning TRANSFER - Shift responsibility to
external party (e.g. insurance)
AVOID - Do not proceed with the activity
OP
TIO
NS
Risk Treatment
Treatment Options: Accept Reduce Transfer Avoid
Controls
Identify controls that are in place Assess control effectiveness
EffectiveIndicates minimal net risk currently due to excellent risk
management/control in place, tested and monitored
Good Indicates good risk management, generally in accordance with Australian and/or Industry Standards or practice, but an opportunity
for refinement exists to reduce risk further
FairIndicates a need for risk improvement, or that risk controls are
presently being developed but are not fully in place and tested as yet
Poor Indicates risk controls have not yet been developed and a significant lack of risk control exists, thus where application of risk management
is required as a matter of priority
Risk Analysis – Likelihood/Consequence
Insignificant1
Minor2
Moderate3
Major4
Catastrophic5
Nearly Certain 5
S S H H H
Probable 4 M S S H H
Even Chance 3 L M S H H
Unlikely 2 L L M S H
Rare 1 L L M S S
L = Low S = Significant
M = Medium H = High
Risk Escalation
Risk Score(Severity)
Recommended Action
Extreme Immediate action required
High High priority action required
Moderate Develop procedures to manage risk
LowRisk monitoring: Check risk causes, develop
contingency plans
Risk Register
RefThe Risk
What & How
Consequences of an event happening
ControlAdequacy of
existing controls
Residual Risk
Possible treatment options
10 Staff member
assaulted by patient while on
home visit
L
Unlikely
2
C
Moderate
3
1. Staff trained to recognise violent situations
2. Staff all have mobile phones
GOOD LOW
Medium Rating
Key Organisational Risks
Questions????