equity housing group
DESCRIPTION
Equity Housing Group. Risk Management. Agenda. Introduction: what is Risk Management? The Building Blocks Practicalities: Who does what? Feedback and conclusions. Introduction. What is Risk Management?. Risk - Definition. RISK is : - PowerPoint PPT PresentationTRANSCRIPT
Equity Housing Group
Risk Management
05 August 2002 © Mazars Equity Housing Group: Risk Management2
Agenda
• Introduction: what is Risk Management?
• The Building Blocks
• Practicalities: Who does what?
• Feedback and conclusions
Introduction
What is Risk Management?
05 August 2002 © Mazars Equity Housing Group: Risk Management4
Risk - Definition
RISK is :
“…..the chance of something happening that will have an impact on objectives.”
Risks may be
• events with the potential for adverse effects (e.g. risk of fire)• events which provide opportunity to achieve better
outcomes (e.g. risk of not changing the way things are done to be more efficient)
05 August 2002 © Mazars Equity Housing Group: Risk Management5
Wrong assumptions about Risk
• Something for finance and insurance to worry about
• Risk is an annual compliance issue
• Just another corporate initiative
• Risk Management is about downside (i.e. bad things), not
creation of value
05 August 2002 © Mazars Equity Housing Group: Risk Management6
Why bother with Risk Management?
• Compliance with law and regulations
• Helps with the business planning process
• Reduced “fire-fighting”
05 August 2002 © Mazars Equity Housing Group: Risk Management7
There are two types of Risk
• STRATEGIC RISK– Risks which need to be taken into account in
judgments about the medium to long term goals and objectives of the organisation
– BOARD FOCUS SHOULD BE ON THESE RISKS
• OPERATIONAL RISK– Hazards and risks which managers and staff will
encounter in their daily course of work
05 August 2002 © Mazars Equity Housing Group: Risk Management8
What is Risk Management?
Risk Management is about asking three questions:
• What might stop Equity from achieving its objectives (i.e
what is the risk?)
• How big is the risk?
• What are we doing about the risk, and what else should
we be doing about the risk?
05 August 2002 © Mazars Equity Housing Group: Risk Management9
Basic Steps towards Risk Management
Risk
Identification
Risk
Identification
Risk
Quantification
Risk
Quantification
Risk
Management
Risk
Management
05 August 2002 © Mazars Equity Housing Group: Risk Management10
Step 1 - Risk Identification
There are many different ways of categorising risks...
Types of Risk
Governance and mgmt
People
Financial
OperationsHsg/ Maint
I.T.
External
05 August 2002 © Mazars Equity Housing Group: Risk Management11
Step 2 - Risk Quantification
• Impact - a measure of the potential impact or damage a risk will cause.
• Likelihood - a measure of the likelihood of a risk occurring.
05 August 2002 © Mazars Equity Housing Group: Risk Management12
Step 2 - Risk Quantification
Housekeeping risks -
Highly likely to happen, little impact. Require routine management
Primary risks -
Highly likely to happen and high severity. These require primary attention
Non threatening Contingency risks -
Unlikely to happen but serious if they do happen. ‘Catastrophic events’.
HIGH
LOW
LOW HIGH
Likelihood
Impact
05 August 2002 © Mazars Equity Housing Group: Risk Management13
Step 3 - Risk Management
The Building Blocks
05 August 2002 © Mazars Equity Housing Group: Risk Management15
The Building Blocks
• Risk management strategy
• Risk register
• On-going review of risks
05 August 2002 © Mazars Equity Housing Group: Risk Management16
Risk Management Strategy
• Board’s policy on risk
• Considers what the organisation is doing to manage risk
• Considers responsibilities for risk
• Requirements to review risk assessment by relevant groups
05 August 2002 © Mazars Equity Housing Group: Risk Management17
Risk Register
• This is used to document:
– Identified risks, and their effect on Equity– how the risks are controlled– responsibility for each risk– actions required– progress
Practicalities: Who does what?
05 August 2002 © Mazars Equity Housing Group: Risk Management19
Three Lines of Defence Model
Businessoperations
Internal and External Audit
1st line of Defence
2nd lineof Defence
3rd line of Defence
Risk
Risk
Risk
Divisional, CorporateOversight Functions
Operational processes, project risk and control activity, business level monitoring
Business planning, policy and procedure setting, functional oversight - Finance, Environment, Health & Safety, IT
Monitor compliance and provide independent challenge and assurance
Executive Managers
Audit Committe
e
Board
05 August 2002 © Mazars Equity Housing Group: Risk Management20
Practicalities: Who does what?
• First line – day to day
• Second line – oversight functions
• Third line – independent assurance
05 August 2002 © Mazars Equity Housing Group: Risk Management21
Practicalities: Who does what?
• First line
– Rests with the business operations which perform the day-to-day risk management activity
– Control through established processes and project management controls
05 August 2002 © Mazars Equity Housing Group: Risk Management22
Practicalities: Who does what?
• Second line
– Provided by oversight functions for Equity, currently at corporate level, e.g. Standards and Innovation, Finance, HR…
– They provide assurance by ensuring that policies or procedures issued are followed.
05 August 2002 © Mazars Equity Housing Group: Risk Management23
Practicalities: Who does what?
• Third line
– Internal Audit and External Audit
– Offering independent challenge to assurance provided by business operations and oversight functions
05 August 2002 © Mazars Equity Housing Group: Risk Management24
Practicalities: Who does what?
• Role of the Board:
– Overall responsibility
• Role of Audit and Risk Committee
– Review strategic risk regularly– Receive report on risk action plans– Question the executive team– Provide assurance to Board
05 August 2002 © Mazars Equity Housing Group: Risk Management25
Practicalities: Who does what?
• Head of Risk (David Fisher):
– Oversight of maintenance of risk map– Produce updates for Board on strategic risks– Other as per his role??
• Risk owners (operational management):
– Discuss risk register and progress on action regularly at team meetings
Feedback and conclusions