To treat or not to treat risks? It can sometimes be a dilemma. How much should be spent in treating risks? At what point is it desirable to stop spending on risk reduction? With an understanding of risks as the effect of uncertainty on the achievement of objectives, it is vital to consider threats as well as opportunities. Having done thorough risk assessments, organizations need to move with pace to treating risk, implementing steps to reduce threats or maximize the value of opportunities.
In this webinar, the presenter explores risk treatment as a key process in risk management, the various options available and how decisions are made on options, taking costs and benefits into consideration.
Main points covered:
• The importance of risk treatment in an effective risk management system
• Determining whether to treat or not to treat risks(cost/benefit analysis and the ALARP principle)
• Options for treating risks
• Conclusions
Presenter:
This session was presented by PECB Trainer, Jacob McLean, Principal Consultant and Managing Director of Kaizen Training & Management Consultants Limited.
Link of the recorded session published on YouTube: https://youtu.be/XzOh5G_TFW4
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Risk Treatment: Cost versus Benefit
1.
2. Jacob McClean
Managing Director
Jacob McLean is a Principal Consultant and Managing Director of Kaizen Training & Management Consultants Limited
(876) 475-1963/(876)631-0365 KTMCLimited@gmail.com www.ktmcltd.com
3. Outline
The importance of risk treatment in an effective risk
management system
Determining whether to treat or not to treat risks
(cost/benefit analysis and the ALARP principle)
Options for treating risks
Conclusions
4. Introduction
It has been said that there are four possible approaches to
risk:
The Gopher
The Settler
The Cowboy
The Pioneer
The key difference lies in risk awareness and assessment but
most importantly in the treatment or control of risk
5. SETTLER
Knows that there are
risks out there
Doesn’t want to chance
anything
COWBOY
Does what he feels like
Doesn’t think (or care)
about the risk
GOPHER
Doesn’t know what’s
out there & doesn’t care
Stays underground
where its safe
RISK AWARENESS
Risk Aware
Risk Oblivious
Risk
Averse
Risk
Taking
PIONEER
Understands the Risks
Takes chances but stays
in control
5
7. Risk Treatment
ISO 31000, Clause 5.5: Risk Treatment
5.5.1 General – Risk treatment involves
selecting one or more options for modifying
risks, and implementing those options
Once implemented, treatments provide or
modify controls
8. Risk Treatment
Having completed a risk assessment, risk treatment
involves selecting and agreeing to one or more
relevant options for changing the probability of
occurrence, the effect of risks, or both, and
implementing these
9. Risk Treatment
This is followed by a cyclical or iterative process of
reassessing the new level of risk, with a view to
determining its tolerability against the criteria
previously set, in order to decide whether further
treatment is required
10. Options for Risk Treatment
RISK
Avoid
Increase
Remove
Change/
Modify
Share
Retain
ISO 31000 – Clause 5.5.2
11. Risk Avoidance
Decisions taken when risks are so high that
treatment cannot be contemplated
Risks may be unknown or simply uncontrollable
Typically activities are cancelled in such risk
scenarios
12. Risk Increase
This is where deliberate actions are taken to
decrease the level of control of the risk or increase
exposure
These actions are predicated on the possible
benefits to be gained, hence the idea here is to
maximize or seize opportunities, or ride the waves
Risks might also be increased by reducing the level
of controls where costs exceeds benefit
13. Risk Removal
This is an unlikely option to exercise because
organizations usually do not have the leverage to
effect removal of risks entirely
In the case of unfavourable legislation, the
organization may join with industry members in
lobbying government to either amend, delay
implementation or remove legislation
15. Risk Sharing
Involves engaging a partner that can manage the
risk more effectively
Decision is usually dependent on the inability on the
part of the organization to reduce the risk to within its
level of tolerability, lack of resources or economic
factors
16. Risk Sharing
The most popular approaches are insurance, in
which risks are covered via payment of a premium,
contracting or outsourcing
17. Retaining Risk
Risk remaining after risk treatment is retained. It is
most often referred to as residual risk
The level of risk retained is dependent on the risk
appetite of the organization. If the level of risk meets
accepted criteria, further treatment is unnecessary
Retained risks must be documented and there must
be cognizance that residual risk can include
unidentified risks
22. Sensible Risk Management
Risk management is essentially a trade-off between
risks and benefits (risks and costs)
Maximizing the us of controls means application of
controls to ensure balance between costs expended
and benefits gained by controlling the risks
23. Sensible Risk Management
Overspending on controls is gold plating
(incorporating costly features or refinements into
something unnecessarily)
The equilibrium point should be the aim – spending
too little is sometimes as bad as spending too much
24. Implementation of Risk Treatment
ISO 31000 (Clause 5.5.3)
A plan is necessary:
Justification for selection of treatment option, including benefits
expected
Responsibility for approval and implementation of the plan
Actions to be taken
Resources required (including contingencies)
Measures of performance and constraints
Reporting and monitoring
Timing and schedule (with indications of priority)