Presentation manage risk
Upcoming SlideShare
Loading in...5
×
 

Presentation manage risk

on

  • 435 views

 

Statistics

Views

Total Views
435
Views on SlideShare
435
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Presentation manage risk Presentation manage risk Presentation Transcript

  • A- Eliciting risk information
    -Communication and consultation may occur within the organization or between the organization and its stakeholders.
    -It is very rare that only one person will hold all the information needed to identify the risks to a business or even to an activity or project.
    -It therefore important to identify the range of stakeholders who will assist in making this information complete.
    2
  • B-Managing stakeholder perceptions for management of risk
    3
  • Tips for effective communication and consultation
    • Determine at the outset whether a communication strategy and/or plan is required
    • Determine the best method or media for communication and consultation
    • The significance or complexity of the issue or activity in question can be used as a guide as to how much communication and consultation is required: the more complex and significant to the organization, the more detailed and comprehensive the requirement.
    4
  • Step 2. Establish the context
    provides a five-step process to assist with establishing the context within which risk will be identified.
    1-Establish the internal context
    2-Establish the external context
    3-Establish the risk management context
    4- Develop risk criteria
    5- Define the structure for risk analysis
    5
  • SWOT
    A widely used framework for organizing and using data and information gained from situation analysis
    Encompasses both internal and external environments
    One of the most effective tools in the analysis of environmental data and information
  • SWOT description
    A SWOT analysis generates information that is helpful in matching an organization’s or a group’s goals, programs, and capacities to the social environment in which they operate
    It is an instrument within strategic planning
    When combined with a dialogue, it is a participatory process
  • SWOT
    Factors affecting an organization can usually be classified as:
    Internal factors
    Strengths (S)
    Weaknesses (W)
    External factors
    Opportunities (O)
    Threats (T)
    Weaknesses
    Strengths
    Opportunities
    Threats
  • SWOT: internal factors
    Strengths
    Positive tangible and intangible attributes, internal to an organization. They are within the organization’s control
    Weaknesses
    Factors that are within an organization’s control that detract from its ability to attain the core goal. In which areas might the organization improve?
  • SWOT: external factors
    Opportunities
    External attractive factors that represent the reason for an organization to exist and develop. What opportunities exist in the environment which will propel the organization?
    Identify them by their “time frames”
    Threats
    External factors, beyond an organization’s control, which could place the organization’s mission or operation at risk. The organization may benefit by having contingency plans to address them should they occur
    Classify them by their “seriousness” and “probability of occurrence”
  • 1- Establish the internal context
    -As previously discussed, risk is the chance of something happening that will impact on objectives.
    As such, the objectives and goals of a business, project or activity must first be identified to ensure that all significant risks are understood.
    This ensures that risk decisions always support the broader goals and objectives of the business. This approach encourages long-term and strategic thinking.
    11
  • In establishing the internal context, the business owner may also ask themselves the following questions:
    - Is there an internal culture that needs to be considered? For example, are staff Resistant to change? Is there a professional culture that might create unnecessary risks for the business?
    - What staff groups are present?
    - What capabilities does the business have in terms of people, systems, processes, equipment and other resources?
    12
  • 2. Establish the external context
    This step defines the overall environment in which a business operates and includes an understanding of the clients’ or customers’ perceptions of the business. An analysis of these factors will identify the strengths, weaknesses, opportunities and threats to the business in the external environment.
    13
  • A business owner may ask the following questions when determining the external context:
    • What regulations and legislation must the business comply with?
    • Are there any other requirements the business needs to comply with?
    • What is the market within which the business operates? Who are the competitors?
    • Are there any social, cultural or political issues that need to be considered?
    14
  • Tips for establishing internal and external contexts
    -Determine the significance of the activity in achieving the organization's goals and objectives
    - Define the operating environment
    - Identify internal and external stakeholders and determine their involvement in the risk management process.
    15
  • 3- Establish the risk management context
    - Before beginning a risk identification exercise, it is important to define the limits, objectives and scope of the activity or issue under examination.
    - For example, in conducting a risk analysis for a new project, such as the introduction of a new piece of equipment or a new product line, it is important to clearly identify the parameters for this activity to ensure that all significant risks are identified.
    16
  • Tips for establishing the risk management context
    • Define the objectives of the activity, task or function
    • Identify any legislation, regulations, policies, standards and operating procedures that need to be complied with
    • Decide on the depth of analysis required and allocate resources accordingly
    • Decide what the output of the process will be, e.g. a risk assessment, job safety analysis or a board presentation. The output will determine the most appropriate structure and type of documentation.
    17
  • What Is a Stakeholder?
    Stakeholders are those who have a stake or claim in some aspect of a company’s products, operations, markets, industry and outcomes
    Customers – Investors
    Employees – Suppliers
    Government agencies – Communities
    Stakeholders can influence and are influenced by businesses
  • Topic 2
    Identify risks
  • Legal Risk
    Price Risk
    Environmental Risk
    Financial Risk
    5 D’s Risk- Death- Disability- Disagreement- Divorce- Disaster
    Family Goals
    Relationship/Public Relations Risk
    & Objectives
    Human Resources Risk
    Production Risk
    11
    Overall Categories of Risk
  • ESTABLISH THE CONTEXT
    IDENTIFY RISKS
    ANALYSE RISKS
    MONITOR AND REVIEW
    RISK ASSESSMENT
    COMMUNICATE AND CONSULT
    EVALUATE RISKS
    TREAT RISKS
    Today's Topic
    Identify risks
    Topic 1- Invite relevant parties to assist in the identification of risks
    Topic 2- Research risks that may apply to scope
    Topic 3 - Use tools and techniques to generate a list of risks that apply to the scope, in consultation with relevant parties
    Reference: AS/NZS 4360
  • Topic 1
    Invite relevant parties to assist in the identification of risks
  • Government
    Employees
    Business
    Owners
    Community
    Consumers
    Who can assist in identifying Risk ?Business Stakeholders !
  • Who Are Business Stakeholders?
    Primary and Secondary Stakeholders
    • Primary stakeholders are those stakeholders that have a direct stake in the organization and its success
    • Secondary stakeholders are those that have a public or special interest stake in the organization
  • Class Activity
    Choose an organisation of your choice ?
    Identify major stakeholders who can assist the management in identifying the Risk ?
  • Class Activity
    Who Are Stakeholders ?
    Organization
  • Step 3. Identify the risks
    Risk cannot be managed unless it is first identified. Once the context of the business has been defined, the next step is to utilize the information to identify as many risks as possible.
  • The aim of risk identification is to identify possible risks that may affect, either negatively or positively, the objectives of the business and the activity under analysis. Answering the following questions identifies the risk:
  • Topic 2
    Research risks that may apply to scope
  • There are two main ways to identify risk:
    1- Identifying retrospective risks
    Retrospective risks are those that have previously occurred, such as incidents or accidents. Retrospective risk identification is often the most common way to identify risk, and the easiest. It’s easier to believe something if it has happened before. It is also easier to quantify its impact and to see the damage it has caused.
  • There are many sources of information about retrospective risk. These include:
    • Hazard or incident logs or registers
    • Audit reports
    • Customer complaints
    • Accreditation documents and reports
    • Past staff or client surveys
    • Newspapers or professional media, such as journals or websites.
  • 2-Identifying prospective risks
    Prospective risks are often harder to identify. These are things that have not yet happened, but might happen some time in the future.
    Identification should include all risks, whether or not they are currently being managed. The rationale here is to record all significant risks and monitor or review the effectiveness of their control.
  • Topic 3
    Use tools and techniques to generate a list of risks that apply to the scope, in consultation with relevant parties
  • Methods for identifying prospective risks include:
    •Observation
    Generate ideas requirecreativity
    Brainstorming with staffor external stakeholders
    • Researching the economic, political, legislative and operating environment- PEST Analysis
    • Conducting interviewswith relevant people and/or organizations
    • Undertaking surveys of staff or clientsto identify anticipated issues or problems
    • Flow charting a process- Fish bone diagram
    • Reviewingsystem design or preparing system analysis techniques.
  • Risks identification
    through:
    Observation
  • Class Exercise
  • What do you see?
  • Are they moving?
  • Risk Identification tool : Observation
    Observation – viewing or witnessing workplace hazards – is one of two methods for collecting data
  • Observation: Some Suggested Tools
    Checklists 
    Scaled Ratings 
    Interval Observations 
    Narrative comments 
  • Observation As A Data Collection Tool to identify Risk
    Observation as a tool means either:
    Conducting a real time assessment (“on the spot”)
    OR
    Drawing on your experiences (using recent memories of a situation or workplace)
  • The Two Tests
    Reliability and Validity
    Reliability:  how dependably or consistently an observation measures a characteristic.
    Validity: depends on the purpose of the analysis. Does your observation give an accurate and complete picture?
  • Maximizing Observation
    AAD – Appropriate, Adequate  and Documented
    Use Appropriate samples of performance.
    Is your sample Adequate? Is there enough content to make a reasoned assessment?
    Document the assessment.
  • Be Creative for Risk Identification
  • Improving Creativity to identify Risk
    Left- and Right-Brain Functions-
    Class activity
  • Creative Decision-Making& Risk Identification
    Model of Decision-Making
    Source: Reprinted with permission of the Free Press, a Division of Macmillan, Inc., from David Braybrooke and Charles C. Lindbloom. A Strategy of Decision, copyright © 1963 by The Free Press of Glencoe.
  • Brainstorm ideas for
    identifying Risk
  • Brainstorming
    Brainstorming is a lateral thinking process.
    Brainstorming encourages open and random thinking and communications
  • Brainstorming
    Brainstorming emphasizes right-brain activity.
    Rules for brainstorming:
    Put judgment and evaluation aside temporarily.
    Turn imagination loose, and start offering the results.
    Think of as many ideas as you can.
    Seek combination and improvement.
    Record all ideas in full view.
    Evaluate at a later session.
  • Conduct PEST Analysis to Identify Risks
  • PEST Analysis SUMMARY
  • Conduct Interview with expert
    To identify risks
  • Conduct Interviews with Experts
    Talk with peoplein the industry who understand the value chain, the markets and the customers.
  • Data Collection Tool 2: Interviewing
    Main types of interview for data collection:
    the informal conversational interview
    the interview guide approach
    the standardized open-ended interview
    the fixed-response interview
  • Conduct surveys
    to identify risks
  • Surveys
    Survey is the first step of market research. A survey collects information from a specific group of people or data on a specific subject:
    Forms of survey Includes :
    Face to face -Personal interview
    Telephone
    Mail
    Focus group and group interview
  • Cause & Effect/Fishbone/Ishikawa Diagramto identify Risks
  • Cause & Effect Diagram
    • Also known as a fishbone diagram (looks like a fish spine) & as the Ishikawa diagram (Japanese designer of this tool)
    • Used to identify the potential causes for an effect (problem) in the process
    • Identifies and organizes potential areas for improvement activities
  • Fishbone Diagram (cause and effect)
    Largest Influence
    3rd Largest Cause
    Cause
    Cause
    Cause
    Cause
    Cause
    Factors and/or categories of factors
    Effect
    Cause
    Cause
    Cause
    Cause
    2nd Largest Influence
    Least Influence
  • System analysis
    to identify risks
  • Risk Identification ProcessSystem Approach
    PMI – Project Risk Management Risk Identification Process Sanjeev, Vivek, Manjuwww.perotsystems.com
  • Summary –Risk Identification
    Reference :http://www.madrid.org/cs/StaticFiles/Emprendedores/Analisis_Riesgos/pages/pdf/metodologia/3IdentificaciondelosRiesgos_en.pdf
  • Tips for effective risk identification
    Select a risk identification methodology appropriate to the type of risk and the nature of the activity
    Involve the right people in risk identification activities
    Take a life cycle approach to risk identification and determine how risks change and evolve throughout this cycle.
  • Step 4. Analyze the risks
    During the risk identification step, a business owner may have identified many risks and it is often not possible to try to address all those identified.
    The risk analysis step will assist in determining which risks have a greater consequence or impact than others.
  • Types of RiskBusiness Related
    Financial – includes cash flow, budgetary requirements, tax obligations, creditor and debtor management, remuneration and other general account management concerns.
    Equipment – extends to equipment used to conduct the business and includes everyday use, maintenance, depreciation, theft, safety and upgrades.
    Organisational – relates to the internal requirements of a business, extending to the cultural, structural and human resources of the business.
    Security – includes the business premises, assets and people. Also extends to security of company information, intellectual property, and technology.
    Legal & regulatory compliance – includes legislation, regulations, standards, codes of practice and contractual requirements. Also extends to compliance with additional ‘rules’ such as policies, procedures or expectations, which may be set by contracts, customers or the social environment.
  • Types of RiskBusiness Related
    Reputation – entails the threat to the reputation of the business due to the conduct of the entity as a whole, the viability of products/services, or the conduct of employees or others associated with the business.
    Operational – covers the planning, daily operational activities, resources (including people) and support required within the a business that results in the successful development and delivery of products/services.
    Contractual – meeting obligations required in a contract including delivery, product/service quality, guarantees/warranties, insurance and other statuatory requirements, non-performance.
    Service delivery – relates to the delivery of services, including the quality of service provided, or the manner in which a product is delivered. Includes customer interaction and after-sales service.
  • Types of RiskBusiness Related
    Commercial – includes risks associated with market placement, business growth, product development, diversification and commercial success. Also to the commercial viability of products/services, extending through establishment, retention, growth of a customer base and return.
    Project – includes the management of equipment, finances, resources, technology, timeframes and people involved in the management of projects. Extends to internal operational projects, business development and external projects such as those undertaken for clients.
    Safety – including everyone associated with the business: individual, workplace and public safety. Also applies to the safety of products/services delivered by the business.
    Workplace safety - Every business has a duty of care underpinned by State and Federal legislation. This means that all reasonable steps must be taken to protect the health and safety of everyone at the workplace. Occupational health and safety is integrated with the overall risk management strategy to ensure that risks and hazards are always identified and reported. Measures must also be taken to reduce exposure to the risks as far as possible.
  • Types of RiskBusiness Related
    Stakeholder management – includes identifying, establishing and maintaining the right relationships with both internal and external stakeholders.
    Client-customer relationship – potential loss of clients due to internal and external factors.
    Strategic – includes the planning, scoping, resourcing and growth of the business.
    Technology – includes the implementation, management, maintenance and upgrades associated with technology. Extends to recognising critical IT infrastructure and loss of a particular service/function for an extended period of time. It further takes into account the need and cost benefit associated with technology as part of a business development strategy.
  • Classification of Risk
    Reference :http://www.madrid.org/cs/StaticFiles/Emprendedores/Analisis_Riesgos/pages/pdf/metodologia/3IdentificaciondelosRiesgos_en.pdf
  • Class Exercise
    Trainer will give you a scenario
    Using the templates
    Identify Risks
    Assess Risks
  • Measuring Consequence
    • Multiple fatalities
    • Widespread industrial action (months)
    • Majority of stakeholders severely disadvantaged (months)
    Catastrophic
    • Single fatality
    • Sustained industrial action (weeks)
    • Multiple stakeholders severely disadvantaged (weeks)
    Major
    • Multiple casualties requiring hospital attention
    • Consistent industrial dispute (weeks)
    • Multiple stakeholders significantly disadvantaged (weeks)
    Moderate
    • Minor injuries requiring medical attention
    • Limited industrial action (days)
    • Minority of stakeholders experience disadvantage (days)
    Minor
    • Minor injury requiring first aid only
    • Isolated industrial unrest (days)
    • Stakeholders experience minimal disadvantage (days)
    Insignificant
  • Measuring Likelihood
    Risk is occurring now, or is extremely likely to happen within current circumstances
    Almost
    Certain
    Balance of probability will occur
    Likely
    May occur but against short term probabilities
    Possible
    Could occur but not anticipated
    Unlikely
    Occurrence requires exceptional circumstance and/or over a long period of time
    Rare
  • Risk Rating
    Consequence
    Insignificant
    (1)
    Minor
    (2)
    Moderate
    (3)
    Major
    (4)
    Catastrophic
    (5)
    Likelihood
    Almost Certain
    (A)
    Significant
    High
    Extreme
    Extreme
    Significant
    Likely
    (B)
    Medium
    Significant
    Significant
    High
    Extreme
    Possible
    (C)
    Low
    Medium
    Significant
    High
    High
    Unlikely
    (D)
    Low
    Low
    Medium
    Significant
    High
    Rare
    (E)
    Low
    Low
    Medium
    Significant
    Significant
  • Increasing risk
    Intolerable
    Level of risk
    e.g. ‘HIGH’
    Tolerable
    Evaluation
  • The need for action
    Intolerable
    Treat immediately
    Treat in the near future
    Treat in the longer term
    Monitor
    Tolerable
  • Risk Treatment
    Risk Treatment for Business
    Risk Treatment for OHS
    • Above risk tolerance
    • Possible
    • Critical duration
    • Need improved controls
    • Further mitigation is practicable
    • Extreme risk
    • Immediate occurrence
    • Prolonged duration
    • Poor/no controls
    • No feasible mitigation
    • Below risk tolerance
    • Very low probability
    • Transient duration
    • Effective controls
    • Further mitigation not practicable
    • Lost opportunity
    • Possible
    • Critical duration
    • Need new direction
    • Benefit > cost
    Treat the intolerable risks-Business
    Treatment Options
    • Above risk tolerance
    • Possible
    • Critical duration
    • Controls adequate
    • Internal mitigation not practicable/ affordable
    Avoid
    Share
    Exploit
    Accept
    Reduce
  • Stress Risk Assessment
    Work
    Organisation
    Resources
    R oles and relationships
    I ndividual
    Environment
    Demands
  • Topic 3-Analyze risks
  • Four Rules of Risk Management.
    Integrate risk management into planning.It’s easier to integrate risk management early in the life cycle of any operation (training).
  • Four Rules of Risk Management.
    Accept no unnecessary risks. The key word is “unnecessary”. An unnecessary risk is a risk that does not contribute meaningfully to the mission. Leaders who take unnecessary risks are gambling.
  • Four Rules of Risk Management.
    Make risk decisions at the proper level. The “ proper level” is the level where the decision maker has the maturity and experience to make a good decision. Normally, this would be the leader responsible for the mission. Decisions should be made at the lowest possible level as long as the decision maker has the experience and maturity to make a good decision.
  • Four Rules of Risk Management.
    Accept risks if the benefit outweighs the cost.Army leaders are in the risk-taking business. There is always risk, and where there is risk, sooner or later there will be an accident, risk management minimizes these accidents.
  • Levels of Risk Management.
    Hasty Risk Management.
    Deliberate Risk Management.
    In-depth Risk Management.
  • Levels of Risk Management.
    Hasty Risk Management. A quick, often mental, consideration of the risk management process during an operational assessment.
  • Levels of Risk Management.
    Deliberate Risk Management. Application of the safety risk management process using worksheets and the core elements of the process, e.g. operations analysis, preliminary hazard assessment (PHA), risk control options, training realism assessment (TRA), implementation procedures, and sustained monitoring.
  • Levels of Risk Management.
    In-depth Risk Management. Working group application of more detailed qualitative and quantitative techniques, especially in the hazard identification, hazard assessment, and risk control options phases.
  • Hazard Probability of a Risk.
    A risk assessment matrix is an effective tool that can be used to determine how risky an identified hazard is. Standard terms associated with risk assessment matrices include:
    Probability. How likely an is an event to occur.
    Effect. Consequences if the event occurs.
  • Key Definitions.
    Safety Risk Management - the application of systematic thinking to the problem of making job safer (enhancing protection) and more effective.
    Hazard - a condition with the potential of causing injury to personnel, damage to equipment or structures, loss of material, or reduction of ability to perform a prescribed function.
  • Risk - an expression of possible loss over a specific period of time or number of operational cycles.
    Risk Assessment - the process of detecting hazards and systematically assessing their overall risk. It involves the first two steps of the Risk Management process.
  • Risk Management - a process whereby management decisions are made and actions implemented to reduce the effects of identified hazards.
    Gambling - Making non-systematic risk decisions.
  • Assessment of quality of risk management
    Management information
    Attitude of management
    Governance structure
    Corporate culture
    People
    Approach to decision making
    Risk management processes
    Quality of implementation
    ILLUSTRATIVE
  • Risk Response Planning
    After identifying and quantifying risks, you must decide how to respond to them.
    Four main response strategies for negative risks:
    Risk avoidance
    Risk acceptance
    Risk transference
    Risk mitigation
  • Revision
  • The basic process steps are:
    Establish the context
    Identify the risks
    Analyze the risks
    Evaluate the risks
    Treat the risks
    Next
  • Environment - business, social, regulatory, cultural, competitive, financial and political situation.
    SWOT - organisation's strengths, weaknesses, opportunities and threats.
    Stakeholders - objectives and expectations of individuals, groups and organisations with a significant interest in the business.
    Establish the context
  • To identify risk, you need to consider two key questions:
    Brainstorm ideas and group under appropriate risk headings.
    Consider the effects on people (staff, students and other people), information, physical assets and finances, reputation. Write the final list onto the table (risk assessment summary).
    Identify the risks
  • Risk Category
    (Check your Handouts)
    Identify the risks
  • Ask Simple Questions
    What might happen? How might it happen?
    Will it be serious if it happens? How likely is it to happen?
    And finally, what is the risk?
    Analyze the risks
  • Probability
    The likeliness that an event will occur.
    Almost Certain (Frequent)-occurs often.
    Likely - Occurs several times.
    Occasional) - occurs sporadically.
    Possible (Seldom) – Unlikely, but could occur.
    Unlikely – Probably won’t occur.
    Analyze the risks
  • Consequences (Severity)
    Severity is the expected result of an event (degree of injury, property damage or other mission impairing factors.
    Critical
    Major
    Moderate
    Minor
    Analyze the risks
  • Assess the Risk
    Consequences
    Likelihood
    Risk
  • 5 Impact Categories
    Minor
    Disruptive
    Serious
    Critical
    Catastrophic
  • General
    Likelihood definitions and examples
    Impact definitions against each impact category
    Matrix purpose designed for application to military activities
    Specified Risk Tolerance Thresholds
  • Tolerance Thresholds
  • Topic 4
    Select and implement treatments
  • Potential risk treatments
    Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories:[9]
    Avoidance (eliminate, withdraw from or not become involved)
    Reduction (optimize - mitigate)
    Sharing (transfer - outsource or insure)
    Retention (accept and budget)
  • Step 3: Control of Risk
    THE HIERARCHY OF CONTROL:
    ELIMINATE (E)
    Stop the process immediately
    SUBSTITUTE (S)
    Use another product
    Outsource the process
    ENGINEER (En)
    Isolate the hazard (Is)
    Install guarding around the hazard (G)
    ADMINISTRATE (A)
    Document safe work procedures (SWP)
    Provide training (T)
    Perform inspections (I)
    PERSONAL PROTECTIVE EQUIPMENT (PPE)
    The final frontier!!!
  • Hierarchy of Controls
    Eliminate if possible, otherwise a combination of these in this order of preference:
    Substitute
    Isolate risk
    Engineer out
    Information, instruction & training
    Provide Personal Protective equipment
  • Risk Control: Engineering
  • Risk Control Gone Wrong
  • Risk Control: Substitution
  • Sometimes you can’t win!