chapter no 1.ppt
TRANSCRIPT
-
8/10/2019 Chapter No 1.ppt
1/50
Context of RiskManagement
-
8/10/2019 Chapter No 1.ppt
2/50
What is Risk?
- Uncertainty about the outcome of an event
- The effect of uncertainty on objectives
- The combination of the Probability of an
event and its consequences
-
8/10/2019 Chapter No 1.ppt
3/50
What is Risk Management?
- A process that organizations follow tomanage their risks.
- Concerned with avoiding or limitingundesirable consequences of possibleevents.
- Risk Professionals attempt to anticipatemisfortune and minimize its impact.
-
8/10/2019 Chapter No 1.ppt
4/50
Risk Prone Vs. Risk Averse
Risk Prone : Enjoy and use risk
Risk Averse: Want to avoid risk
Some people are between two extremes
-
8/10/2019 Chapter No 1.ppt
5/50
Risk and Consequence
Organizations Risks:-
- Organizations face a wide range of risk- Within Organization
- Around the Organization
- Responsibilities and others
-
8/10/2019 Chapter No 1.ppt
6/50
Risk Consequences
Understanding the Nature of Risk
- Could it happen?- How bad would the loss or damage be?
- How often could it happen?
-
8/10/2019 Chapter No 1.ppt
7/50
Strategy and Speculative Risk
- Directors and Senior Managers make a
range of decisions;- A single Wrong Decision may be
devastating;
- Strategy Risk is concerned with thisdecision making.
-
8/10/2019 Chapter No 1.ppt
8/50
Strategy and Speculative Risk
- Speculative Risk is where someone
choose to place money or other resources atrisk.
Examples:-
- Investment risk- Start New operations
-
8/10/2019 Chapter No 1.ppt
9/50
Operational Risk
Risk encountered daily operations areoperational Risks.
Examples:
- Injury to person on Building
- Key designer suddenly leave fashionhouse
-
8/10/2019 Chapter No 1.ppt
10/50
Risk Management Standards
- Risk Management as a profession began intwentieth century
- Currently UK Stock Exchange require new companiesto submit Risk Management reports.
- Professional Organizations have attempted to set BestPractice Standards e.g ISO 2009, ISO 31000 etc
-
8/10/2019 Chapter No 1.ppt
11/50
Relationship Between Risk &Objectives of an Insurance
CompanyObjectives and Plans:
- All Organizations have range of Objectives;
- Some are more crucial than others;
- Larger Organizations need some formal focus to
communicate common objectives;- Risk Mangers will be more concerned with the
plans & objectives.
-
8/10/2019 Chapter No 1.ppt
12/50
Relationship Between Risk &Objectives of an Insurance
CompanyDependencies:
- Organizations have range of dependencies;
- Other organizations, resources or markets.
- Common set of dependencies are normally
stakeholders;- Dependencies are changing with modernization ofBusiness.
-
8/10/2019 Chapter No 1.ppt
13/50
Relationship Between Risk &Objectives of an Insurance
CompanyErrors and Deficiencies:
- Modern Business Model is different than that oftwenty years ago;
- It offers less margin for errors;
- Understanding this risk and it management iscritical.
-
8/10/2019 Chapter No 1.ppt
14/50
-
8/10/2019 Chapter No 1.ppt
15/50
Relationship Between Risk &Objectives of an Insurance
CompanyStakeholders:- Employees
- Suppliers- Customers and other Recipients of Service
- Distributors
- Regulations
- The Media
-
8/10/2019 Chapter No 1.ppt
16/50
Relationship Between Risk &Objectives of an Insurance
CompanyStakeholders: Cont'd
- Private Investors
- Banking Industry
- Quoted Shareholders
- Business Partners- Environmental Group
- Other Groups
-
8/10/2019 Chapter No 1.ppt
17/50
Relationship Between Risk &Objectives of an Insurance
CompanyDamage or Loss:
- People- Assets
- Revenue and Cash Flow
- Legal Obligations
-
8/10/2019 Chapter No 1.ppt
18/50
Organisational Risk
Damage:
An organisation has to consider the value andresponsibilities that it needs to safe from damage orloss.
Safety of people;
Assets owned by the organisation and those assetsbelonging to others for whom it carries;
The confidence in the business and thus the value of
brand name;
-
8/10/2019 Chapter No 1.ppt
19/50
Organizational Risk
The avoidance of litigation costs;
The legality of the organization and compliancewith relevant regulators requirement; and
The operational ability to continue to manage theorganization effectively and deliver in time andquality on promises and contract.
-
8/10/2019 Chapter No 1.ppt
20/50
Organizational Risk
People:
In relation to it people organization needs
Safe Environment for protection from accidentand crime;
A safe environment that protect employees andvisitors from illness.
-
8/10/2019 Chapter No 1.ppt
21/50
Organizational Risk
Assets:
Intellectual Assets;
The reputation of, and confidence in, theorganization;
The network of critical supplies;
The distribution system;Customer Base.
-
8/10/2019 Chapter No 1.ppt
22/50
Organizational Risk
Revenue and Cash Flows:
Financial control
Timely cash flowLegal Obligations:
Regulatory and Licence approval
Contractual responsibilities
Environmental Responsibilities
Fines and Penalties emerging from criminal Law
-
8/10/2019 Chapter No 1.ppt
23/50
Organizational Risk
Expenses arising from litigation by employees andthird parties
Other Statutory responsibilities.
The need for and Value of Risk
-
8/10/2019 Chapter No 1.ppt
24/50
The need for and Value of RiskManagement
Exploring Risks
Cost of Negligence
Death and injury
-
8/10/2019 Chapter No 1.ppt
25/50
Loss of Money or other
Valuables
Loss of Physical Valuables
Loss of Intellectual AssetsLoss of Reputation, confidence and destruction of
brand values
Different organization needs
-
8/10/2019 Chapter No 1.ppt
26/50
Global and Political Risks
Difference in National Risk: An organization cantassume that culture and legal system overseas arethe same as in the home country.
There will be physical and environmental
difference in infrastructure and supportingservices and deference in custom and practice.
Risk Professionals need to thoroughly understandinternational risk to absorb them into riskmanagement programs .
-
8/10/2019 Chapter No 1.ppt
27/50
Arrangement of Insurance
Additional risks due to overseas working cannotalways be managed simply by additional insuranceor extensions to existing policies.
Such local regulatory demands could be onesrequiring certain compulsory insurance and mayinsist that some business is placed in the localinsurance
Tailored solutions are available.
-
8/10/2019 Chapter No 1.ppt
28/50
Uncovered Events
In countries with political, national or religiousinstability an organization will have to be clearwhat compensation, if any is available for damage
caused by riots, disturbances, civil war, terrorattacks and other generally mensurable events.
Relevant information on international securityrisks should be sought from wide and variedsources appropriate to the risk being evaluated.
-
8/10/2019 Chapter No 1.ppt
29/50
Internal Management
Organization possibly suffer greater loss frominternal miss-managed risks.
Common Policies designed at head office are notimplemented abroad.
Threats arise from distance managers signing poorcontracts, not managing cash flow and controlling
product liability.Threats of fraud and embezzlement or justpersonal incompetence going undetected.
-
8/10/2019 Chapter No 1.ppt
30/50
Control Transactions andInterpretation
Part of risk management is Security of process ,procedures and internal controls;
What one group people accept may be totally aliento another, leading to different interpretation andmisinformation arriving at head office.
Properly designed IT system may help but also
threat in not lead properly.
-
8/10/2019 Chapter No 1.ppt
31/50
Global Risks
Events and trends that potential global impactare unknown as global risks.
Global trends such as population growth andclimate change affect everyone as resourceshave to be shared and natural environment asthreatened.
Five categories of Risk are:-Economics,environmental, Social, Technological,Geopolitical.
-
8/10/2019 Chapter No 1.ppt
32/50
Economic Risk
Financial issues that affect particular market sector orglobal trading environments examples include:
Food Price VolatilityOil Price RisesReduction of Chinese economics growthRevaluation of the US DollarWorld banking crises
Assets price collapse.
Fiscal policy, market Reassessment and price structure can help to manage theserisks .
-
8/10/2019 Chapter No 1.ppt
33/50
Global Environmental Risks
It can be Natural phenomena, Weather related orman-made activity;
Large Earthquakes, droughts, flood air pollution andbiodiversity.
Private organization should follow local activitieswhich will determine their responsibilities and
liabilities in emergency situations and long termprecautions they may need.
-
8/10/2019 Chapter No 1.ppt
34/50
-
8/10/2019 Chapter No 1.ppt
35/50
Technological Risk
Internet or satellite failure;Result in breakdown of commercial distribution and customerservice facilities.Relate to Data loss, data fraud on global scale.'Millennium Bug' threatened to stop all the computers at century turnis an example of technological risk.
-
8/10/2019 Chapter No 1.ppt
36/50
Geopolitical Risk
Arise when a group of nation disagree, causing tension and the riskof armed conflict;or where a particular nation's philosophy andbehavior is seen as a general threat to the other.Example: Middle East Discontention of Palestine issue.Solution would diplomacy, discussion and mediation.
-
8/10/2019 Chapter No 1.ppt
37/50
The Risk Management Process
Establish the context
Identify Risks
Analysis Risks
Evaluate Risks
T r e a t R i s k
Communication Monitor &Review
-
8/10/2019 Chapter No 1.ppt
38/50
The Risk Management Process
Steps to manage Risk in more detail are asfollow:-
Clarify the brief & context; Understand what threats there are; Understand the potential within those threats; Understand the likely frequency; Decide risk level;
Take action on acceptable Risk Upgrade and maintain the risk level Communicate information to all departments.
-
8/10/2019 Chapter No 1.ppt
39/50
Steps of Risk Management
Developing Risk Management Philosophy: The statement may define different levels of
perceived threat, likelihood and impact, each requiredifferent responses.
A clear organization wide, risk managementphilosophy enables individual risk work to be donewithin framework of long-term objectives and decisionmaking.
It include how Risk is monitored, reported, role andkey responsibilities of key people involved and riskmanagement communication.
-
8/10/2019 Chapter No 1.ppt
40/50
Write a Risk Policy StatementA pu b l i shed doc um en t des igned to com m unica te
the r i sk management ph i losophy tha t hasbeen developed.
Inc ludes th ings as : Role & o bjec t ive of Risk m anagement func t ion Statem ent of o rg anizat ion al at t i tud e. Risk cu l tu re Risk appet i te Risk archi tec ture Risk assessm ent Risk doc um en tat ion
-
8/10/2019 Chapter No 1.ppt
41/50
Write a Risk Policy Statement
Risk Mit igat ion Moni tor ing of chang e Risk Managem ent Training Alloca t ion of respo ns ib i li t ies Risk act iv i t ies and pr io r i t ies Criter ia fo r m on i tor ing chang e Risk m i t iga t ion requ i rem ents Each organization have its own philosophy,
objectives, strategy, architecture andmethods.Each will also have its own budgetrequirements depending on employed resources.
-
8/10/2019 Chapter No 1.ppt
42/50
Identify Risk
Risk do need to be identified formally. Individual function managers are often best
able to understand what threats they carry. The debate need to start with clear
objectives with a definition of the tasks and
contribution from all those that can add to
debate.
-
8/10/2019 Chapter No 1.ppt
43/50
Analyze Risks
Once risk have been identified as existingwe need to analyze them.
Both likely frequency of the risk incidenthappen and potential severity of damageare relevant to these considerations.
There are tools to measure risk impact. Risk policy statement continue to be the
foundation stone
-
8/10/2019 Chapter No 1.ppt
44/50
Risk and Impact Control
Organizations have a number of choices
available when setting out to control anunacceptable risk. They can also prepare contingency plans
that will enable them to manage themselves
through an incident in a way that will avoidunacceptable levels of damage.
-
8/10/2019 Chapter No 1.ppt
45/50
Reducing the Risk
Prior to a loss occurring, an organization hasplenty of opportunity to reduce the chance of riskincident happening.
Physical Control can include fire protection, health& safety measurement, security controls,duplication offsite of computer data etc.
Non-physical Controls can include effective staffrecruitment and other procedure that remove anunacceptable concentration of people risk.
Throughout all these measures, employeeawareness and training are vital risk tools.
-
8/10/2019 Chapter No 1.ppt
46/50
Retaining the Risk
An organization may consider that if aparticular risk incident occurs 'worst case'damage would not be sufficient to divertthat organization from its objectives andresponsibilities.
Decision would be made to accept theconsequences if that risk incident were tooccur.
-
8/10/2019 Chapter No 1.ppt
47/50
-
8/10/2019 Chapter No 1.ppt
48/50
Continuity Planning
A process whereby an organization willanticipate an incident and then prepareitself so that it can manage through theconsequences to the point that the incidentcould not destroy the vital organs of thatorganization.
Examples: Backing u data, storing backuptapes offsite,
Continuity Planning can prepare for a rangeof incidents.
-
8/10/2019 Chapter No 1.ppt
49/50
Updating and Communication
Organizations stand still and neither do theenvironment they operate in.
Consequently, all our risk management process
must recognize and plan for change. Not all change will be significant of course, but
those that must be identified and their significanceevaluated.
Different organization will adopt different rulesand review periods according to their attitude torisk and resources they are willing to deploy.
-
8/10/2019 Chapter No 1.ppt
50/50
Quality Control
All organizations adopt some from of qualitycontrol.
Large organizations arrange audit reporting etc. In small organizations managers personally
assess the quality of work. Where an organization has dedicated risk
professionals they too will interested in quality, toassesses risk involved in failing to meet either
contractual or statutory requirement in productsand services supplied. Organizations must establish effective internal
controls e.g ISO Compliance.