3. How to learn Risk Management?
http://www.youtube.com/watch?v=laKprX-HP94&feature=related
3
4. What is a Risk?
A risk is ANYTHING that may affect the achievement of
an organization’s objectives.
It is the UNCERTAINTY that surrounds future events
and outcomes.
It is the expression of the likelihood and impact of an
event with the potential to influence the
achievement of an organization’s objectives.
4
5. Alternatively …
Risk is a potential event with negative consequences that
had not happened yet
Could also be an event with positive consequences
A possibility of loss – not the loss itself
A source of problem
Find the root cause and not the leaves
Something that makes the project special
In the widest sense, everything is a risk
Helps identify better ways of handling problems
5
7. How does Risk Management help?
Increase risk awareness & understanding
Allows intelligent “informed” risk-taking.
Focuses efforts –helps prioritize.
Is proactive…. not reactive – Prepare for risks
before they happen.
Improve outcomes – achievement of objectives
Enables accountability, transparency and
responsibility
And maybe even mean survival
7
8. Key Terms
Risk – Exposure to chance of hazard
Risk Level – A measure to represent the significance of the risk
Controls – Action(s) that could eliminate or reduce the risk
level
Residual Risk – Risk level after implementing controls
Risk Response – An action on the risk, whether to accept, or
not to accept
8
9. Exercise - I
Think of a risk in your daily life
Determine the probability of occurrence
Make an assessment of an impact, if it occurs.
9
10. Who is involved?
Customer
End user
Project Team
Senior Management
Related Project teams
Vendors and suppliers
10
11. When?
A continuous process
Starts from proposal stage
Ends on project completion
Review stages
Business case analysis
Project approval
Project planning
Technology, Tools & Vendor selection
Project status reviews
Deployment and Maintenance
11
12. Risk Management Basics
Risk (uncertainty) may affect the achievement of
objectives.
Effective mitigation strategies/controls can reduce
negative risks or increase opportunities.
Residual risk is the level of risk after evaluating the
effectiveness of controls.
Acceptance and action should be based on residual
risk levels.
INHEREN
T
12
15. Risk Management is critical to ALL levels of
decisions
UNCERTAINTY
Strategic Decisions
S trat
egi c eg ic
S trat
Decisions transferring
strategy into action
e
Pro g mm
ra mme gra
Pro
Decisions required for
implementation
Pro
jec l
t& ona
Op e ra ti
r atio & Ope
nal je ct
Pr o
Decisions can be categorized into three types. The amount of risk
(uncertainty) varies with the type of decisions. Most decisions
are concerned with implementation. The HM Treasury’s The Orange Book 15
16. Risk Environment
External Risk Environment
MOHLTC Extended
Extended
Enterprise
P ep
P
u b ti
la &
er
ns
gu ws
c
lic o n
t io
Internal
re La
MOHLTC
Risk Environment
i c c/
O Go
ol gi
P at e
rg ve
y
Or
r
a rn
Pa iz at
nito
ni a
tr
ga
S
za nc
rtn ion
s
ni s r
t io e
n
o
M i th e
tr ie
Es
er
M
na
-
O
l
t ab
s
e c
Co m al /
plian
F ina
li s
Le g
h
Evaluate
ncia
Outcomes
Capacity
Political
Communication Communication Communication
l
& Learning & Learning & Learning
T r c ou r na
Ide
an
A c ove
olo n
sfe ntabi c e
c hn a t i o
gy
G
nt
r P l i ty
T e or m
ay
ify
me
f
In
n
nt
Assess
&
In l
f orm na
atio ra tio
n Human O pe
Resources
io r
at de
ns
ct ol
pe eh
T h nom
E
e x ta k
co
e y
S
LHINs
Corporate Governance
Requirements
16
18. Risk Prioritization – likelihood and impact
Likelihood of a risk event occurring Risk Impact: Level of damage that can
occur when a risk event occurs
Very High: Is almost certain to occur
Very High: Threatens the success of the
project
High: Is likely to occur
High: Substantial impact on time, cost or
quality
Medium: Is as likely as not to occur
Medium: Notable impact on time, cost or
quality
Low: May occur occasionally Low: Minor impact on time, cost or quality
Very Low: Negligible impact
Very Low: Unlikely to occur
Slide 18
18
19. Third dimension for rating risks - proximity
Immediate – now
Less than 6 months
Between 6-12 months
Between 12 – 24 months
Between 24 – 36 months
More than 36 months
19
21. Risk reporting and communications
Risk Level Action and Level of Involvement Required
• Inform Chief Executive Officer and Board of Directors
Critical Risk
• Immediate action required
• Inform Chief Executive Officer
High Risk • Strategy Team involvement/attention is essential to manage risks
– provide report to Board as appropriate
• Management mitigation and ongoing monitoring required
Moderate Risk
• Inform relevant Strategy Team members
• Accept, but monitor risks
Low Risk
• Manage by routine procedures within the program and site
21
23. Measure and report RM implementation progress
• Advanced capabilities to identify, measure, manage all risk exposures within
tolerances
Excellent • Advanced implementation, development and execution of ERM parameters
• Consistently optimizes risk adjusted returns throughout the organization
• Clear vision of risk tolerance and overall risk profile
• Risk control exceeds adequate for most major risks
Strong • Has robust processes to identify and prepare for emerging risks
• Incorporates risk management and decision making to optimize risk adjusted
returns
• Has fully functioning control systems in place for all of their major risks
• May lack a robust process for identifying and preparing for emerging risks
Adequate
• Performing good classical “silo” based risk management
• Not fully developed process to optimize risk adjusted returns
• Incomplete control process for one or more major risks
Weak • Inconsistent or limited capabilities to identify, measure or manage major risk
exposures
Source: Standard & Poor
23
25. Exercise II – 15 minutes
Identify risks that the cyclists faces in cycling to work.
Report back.
25
26. Risks
Threats: Opportunities:
Death Exercise
Head Injury Sunlight
Injury Reputation
Reputation Financial
Financial Role model
Damage to the bike Environment
Sunburn/frost bite
26
27. Mitigation Strategies for threats
Death, head injury, other injury – helmet, bright clothes,
lights, bell, CANbike course, obeying traffic laws, positive
attitude, anger management course
Reputation – great outfit, change of wrinkle-free clothes,
shower, time management
Financial – high quality locks, “beater”, stopping at stop
signs
Damage to the bike – regular maintenance, avoiding pot
holes
Sunburn/frost bite – sunscreen, mittens, hats, token/change
Dehydration- filled water bottle
27
28. Acknowledgements
Practical approach to Risk Management - by Finance Management Institute,
Toronto Chapter.
Introduction to Risk Management for Outsourcing projects - by Peter Kolb
28
1. Financial Risk - The risk of financial losses, overspending, or the inability to meet budgets and plans. 2. Service Delivery or Operational Risk - The risk that products or services will not get completed or delivered in a timely manner as expected. This also includes risks to business continuity. 3. People / HR Risk - The risk that capable & motivated staff will not be available to get the job done. This could be the result of resignations, turnovers, inability to hire, lack of skills, strikes, injury etc. 4. Information Risk - The risk that information produced, or used, is incomplete, out-of-date, inaccurate, irrelevant, or inappropriately disclosed 5. Strategic / Policy Risk -The risk that strategies and policies fail to achieve required results 6. Stakeholder Satisfaction / Public Perception Risk - The risk of failure to meet expectations of the public, other governments, ministries, or other stakeholders 7. Legal / Compliance Risk - The risk that a government initiative, or action, will be in breach of a statute, regulation, contract, MOU, or that the government will face litigation 8. Technology Risks - Risk that information technology infrastructure does not align with business requirements, and does not support availability, access, integrity, relevance, and security of data. This also includes risks to business continuity 9. Governance / Organizational Risk - Risk that the organization structure, accountabilities, or responsibilities are not designed, communicated, or implemented to meet the organization’s objectives, and the risk that business culture and management commitment does not support the formal structures 10. Privacy Risk - Risk that associated with the collection, use and disclosure of personal information and personal health information. 11. Security Risk - Risk that is associated with the protection of confidentiality, integrity, availability and value of assets (tangible and intangible) and people.
In phase I we facilitated a number of IRM activities. Here are three examples: Oak Ridge Facility at the Mental Health Centre Penetanguishene Colorectal Cancer Screening Program LHIN Readiness I and II These 3 examples showed us how we could implement IRM. Sharon Zwicker told us: put in quote Marsha Barnes told us: put in quote Gail Paech told us: put in quote Carrie Hayward told us: put in quote
In phase I we facilitated a number of IRM activities. Here are three examples: Oak Ridge Facility at the Mental Health Centre Penetanguishene Colorectal Cancer Screening Program LHIN Readiness I and II These 3 examples showed us how we could implement IRM. Sharon Zwicker told us: put in quote Marsha Barnes told us: put in quote Gail Paech told us: put in quote Carrie Hayward told us: put in quote
Statistics from Transport Canada Most Canadian deaths were unhelmeted riders. Transport Canada statistics show that 88 per cent of the 80 cyclists who died nationwide in 2001 were not wearing helmets.
Statistics from Transport Canada Most Canadian deaths were unhelmeted riders. Transport Canada statistics show that 88 per cent of the 80 cyclists who died nationwide in 2001 were not wearing helmets.