SlideShare a Scribd company logo

Risk assessment facilitation guide

C
CenapSerdarolu

Internal Audit

Devices & Hardware
1 of 41
Download to read offline
RISK ASSESSMENT FACILITATION GUIDE
TABLE OF CONTENTS 04 Risk Assessment Facilitation Guide: Sample 1 05 Overview 06 Ground Rules 07 Be Open and Collaborative 08 Objectives 09 What is Risk? 10 Risk Mode 11 Voting 12 First Vote: Significance 13 Significance (Most Likely Impact) Scale and Assuming the Risk Actually Occurred 14 Second and Third Votes: Risk Likelihood 15 Inherent Risk Factors: High vs. Low 16 Third Vote: Residual Risk Factors – High vs. Low 17 Vote: Risk Likelihood Scale 18 Risk Assessment Facilitation Guide: Sample 2 19 Preparation and Risk Introduction 20 Risk Identification 21 Risk Prioritization 22 Risk Sourcing and Action Planning 23 Risk Content 24 Keeping the Process Going 25 Relevance and Risk Importance 26 Risk Assessment Facilitation Guide: Sample 3 27 Meeting Objectives 28 Ground Rules 29 Introduction 2
TABLE OF CONTENTS 30 Prioritizing Business Risks 31 Identifying Business Risks 32 Questions to Identify Business Risks 33 Assignment 34 Review Risk Documentation 35 Significance 36 Likelihood 37 Risk Rating Interpretation 38 Sample Risk Map 39 Voting Guidance 40 Assess Current Risk Management Capability: Risk Management Capabilities 41 Assess Current Risk Management Capability: Workshop Recap 3
RISK ASSESSMENT FACILITATION GUIDE SAMPLE 1
OVERVIEW Why are we here? 1 What are we trying to accomplish? 2 How will the results be used? 3 Questions? 4 The purpose of today’s workshop is to understand, identify, sort and prioritize key risks within the organization. 5
GROUND RULES Encourage participation. 1 6 Don’t use the “S” word. 2 Keep anonymity of votes. 3 Keep parking lot questions of other topics. 4 Stay engaged – don’t leave during voting. 5 Come back on time from breaks. 6 Turn off cell phones and don’t read or answer emails. 7
BE OPEN AND COLLABORATIVE Although risk is often viewed as a negative topic, we hope to collectively gain insight through open group discussion and constructive debate. We understand that all participants in today’s meeting are faced with risk management decisions daily. Today’s discussion is designed to encourage cross-functional communication that will build consensus around the risks that really matter. 1 It is not a performance appraisal. It is a diagnostic tool to help focus your risk management priorities. 1 7
OBJECTIVES Prioritize risks through anonymous voting based on: • Significance • Inherent likelihood that a risk will occur • Residual likelihood that a risk will occur after application of management controls 2. Discuss and validate identified risks. 1. Plot the three votes using facilitation software into two two-by-two graphs: • Inherent Risk Map (Significance and Inherent Likelihood) • Residual Risk Map (Significance and Residual Likelihood) 3. 8
WHAT IS RISK? • “Risk” is defined as the possibility that an event will occur and adversely affect achievement of the organization’s strategic objectives over the next three to five years. • Risks must first be prioritized based on significance. • Consider the most likely impact on achievement of your strategic objectives if this risk was not adequately prevented or controlled well. Write down your top five most significant risks, thinking about the potential they have to impact achievement of the organization’s strategic objectives over the next three to five years if not properly mitigated or controlled. What is Risk Universe? 9
RISK MODEL Environment Risk Process Risk Information for Decision-Making Risk • Competitor • Political • Legal and Regulatory • Economy/Industry • Lending Compliance • Guest Satisfaction • Talent Management • Management of Agreements • HOA Management • Separation • Procurement • Project Development • Transfer Property • Business Continuity • Customer Data Privacy • International Operations • Cash Flow Management • Cybersecurity • IT Infrastructure • Reputational • Fraud • Growth Management • Sales and Marketing • Financial Reporting • Tax Compliance • Financial Planning and Analysis 10
VOTING 11 Overview of Voting Technology • The voting is interesting, but the discussion is more important. The discussion will allow each participant to gain insight into the relative potential impact of risks. • If you are completely unfamiliar with the factors related to an individual risk, click on “absent” to register a “no-vote.” The no-vote option should be utilized sparingly, as the object of the session is to obtain your input from your perspective. • Your vote will not be counted twice by the software, so feel free to click on the button again to confirm if you are not sure that your vote registered.
FIRST VOTE: SIGNIFICANCE • Consider the most likely impact on achievement of your strategic objectives if this risk were to occur. • The voting is being done to rank the significance (or potential impact) of the risks. High Significance is 9 and Low is 1. • Significance (or potential impact) should be considered broadly: − Reputation − People − Financial − Stock price − Customers − Regulatory fines • Use the worksheet provided to help assign your ratings prior to the vote. 12
SIGNIFICANCE (MOST LIKELY IMPACT) SCALE, ASSUMING THE RISK ACTUALLY OCCURRED Level Descriptor Business Impact Description 8 and 9 Major Very significant financial, reputational or other loss that ultimately could jeopardize the ability of the organization to continue without major changes may occur. High damage control must occur that may require public/regulatory communication. 6 and 7 High High financial, reputational or other loss and scrutiny by board and analysts (could result in a significant decline in share price) may occur. Business impact likely requires additional resources (internal or external) and likely requires public disclosure. 5 Significant Financial, reputational or other loss is significant to the company and may require public disclosure. Senior management must be very involved with issue. 3 and 4 Moderate Fairly significant impact that gets the attention of senior management and could be a factor in not meeting budget expectations may occur. Business impact may require (mainly internal) additional resources in response to risk occurrence. 2 Minor Low impact may occur. Business impact is easily mitigated, and director or above involvement may be necessary. 1 Insignificant Little impact may occur. Top management attention may not be required. Process changes are likely not required in response to risk occurrence. 13
SECOND AND THIRD VOTES: RISK LIKELIHOOD • Risk likelihood may be assessed on both an inherent and residual basis. − Vote 2: Inherent Risk is the likelihood that something will have a significant impact to the entity in the absence of any actions management might take to control the risk. − Vote 3: Residual Risk is the likelihood that something will have a significant impact to the entity after management has taken action to control the risk. • We will be ranking risks for inherent and residual likelihood of the risk significantly impacting the achievement of the company’s strategic objectives. 14
INHERENT RISK FACTORS: HIGH VS. LOW High Inherent Risk Low Inherent Risk • Many control points • Decentralized • High turnover of personnel • Less mature systems • Many unusual/non-routine transactions • Significant judgments and/or estimates • Communication breakdowns • Few control points • Centralized • Low turnover of personnel • More mature systems • Few unusual/nonroutine transactions • No significant judgments and/or estimates • Few communication breakdowns What would you be concerned about if you were buying a timeshare company that was similar to the organization? Your concerns would typically parallel the areas with the highest inherent risk. Another way to think about this: 15
THIRD VOTE: RESIDUAL RISK FACTORS – HIGH VS. LOW Management Commitment Responsibility • Systems do not work • Procedures aren’t executed • High error rates • Inadequate resources to perform • Lack of expertise • Unaddressed issues • Inadequate supervision • Highly effective systems • High effectiveness of people • Low error rates • Full staffing and significant history • High expertise • Few unaddressed issues • Sufficient supervision and review To determine whether residual risk is high or low, you have to consider control effectiveness: • High control effectiveness significantly reduces the likelihood that a risk will occur. • Low control effectiveness does not significantly reduce the likelihood that a risk will occur. 16
VOTE: RISK LIKELIHOOD SCALE Level Descriptor Likelihood Description Probability of Occurrence 9 Almost Certain The risk is expected to significantly impact the company in most circumstances. Greater than 95% 7 and 8 Probable The risk is likely to significantly impact the company. Greater than 70 – 95% 4,5 and 6 Reasonably Possible The risk is likely to have a more than remote but less than likely chance of being significant. Greater than 30 – 70% 2 and 3 Unlikely The chance of the risk having a significant impact is slight. Greater than 5 – 30% 1 Remote The risk may occur and be significant only in exceptional circumstances. 5% or less 17
RISK ASSESSMENT FACILITATION GUIDE SAMPLE 2
PREPARATION AND RISK INTRODUCTION 19 • Invite people to sit at the front of the room (rather than letting them sit at the back). • Keep the time schedule in mind and avoid taking too much time for one item. • Make sure you periodically take a short break to revitalize the group. • Avoid judging participants’ comments. • Manage expectations by directly addressing the expectation(s) that cannot be met. • Take your time when presenting the risk management concepts. It is probably the first time that most participants are hearing about the concepts. • Spend a few minutes to give people an overview of the whole process before starting with Step 1 when presenting the risk assessment process. This guide provides tips and tricks for facilitating a risk assessment workshop. These tips are organized to guide you through the high-level phases of a risk assessment discussion and provide insight into the facilitator’s role for this process.
RISK IDENTIFICATION 20 • Ask everyone to state one risk in order to avoid getting a long list of risks from participants. After one round, ask if there are additional key risks concerning the objectives. • Be as specific as possible when defining the risk. For example, describe risk as “Loss of top two key suppliers, Company ABC and XYZ” rather than “Loss of key suppliers.” • Avoid documenting current issues since these are the things they should be managing. Ask “Is this an issue?” If so, explain that “an issue is a certainty, and a risk is an uncertainty. So, what is the risk (uncertainty)?” • Ensure that there is a verb included in the risk definition. For example, state that “Employee turnover increases beyond 15%” rather than “The risk of employee turnover.” • Implement a temporary definition on-screen first and then work with participants to fine-tune it to speed up the risk definition process. • Ask participants how they would formulate a risk definition instead of trying to formulate it yourself. • Use their words rather than your words when summarizing. This will increase the feeling that it is an assessment of their risks. • Summarize the discussions (or ask someone to do that for you) to regain focus after a long discussion and move on to the next topic. • Ensure that the participants are focused on the facilitator by agreeing upfront that the assistant waits for the facilitator to verbally summarize the definition before documenting the risk definition. • Ask for feedback to gain clarity from participants on risk definitions. For example, “Is this definition clear for everyone?” • Avoid conversations that entail judging the scale of the risk before voting (discussion should concern the definition). • Ensure that internal risks are also addressed when identifying risks. People can sometimes focus too much on external risks during the risk assessment process. • Make sure that people do not give opinions on how they would rank the risk when explaining risk definitions. The voting process comes later in the session.
RISK PRIORITIZATION Ask participants when there is no consensus on risk priorities, “Would someone like to say why you might vote high/low on this risk?” Summarize the high and low arguments and ask if people would like to revote. 1 Only revote when participants say they want to revote on the risk significance. Ask participants, “Based on the arguments you just heard, who feels they need to change their vote?” 2 Avoid being drawn into the discussion content as a facilitator by reflecting any content questions back to the group. Focus on the process of the risk assessment and not interjecting your opinion into the process. 3 Keep up the tempo during the voting process by summarizing and managing long discussions. 4 Keep repeating, “If this risk has happened, what is the impact?” when voting on risk impact. 5 21
RISK SOURCING AND ACTION PLANNING 22 • Ensure that a risk owner is assigned prior to starting the sourcing exercise. This helps to ensure that there is buy-in for the risk actions. • Avoid spending time on unimportant causes/consequences by performing a quick brainstorm to find the main causes. Cluster the first level of causes, where applicable. Then ask the group, “Which are the most important identified causes and consequences?” Only then should you drill down the chosen causes/consequences. • A rule of thumb is to have three layers of causes for the most important (main) causes to get the right level of detail. Do this by asking “why?” three times. • Ask for suggestions in formulation instead of making suggestions in your own words. • Type the participants’ suggestions into the risk assessment program as quickly as possible and fine tune it after you have something workable on screen. • Wait for the assistant to finish typing before moving onto the next cause/consequence. • Formulate the cause/consequence as concisely as possible, bearing in mind that all discussions documented should be understandable after a few months for other people to read. • Ensure that there is an adjective/verb included in each formulated cause or consequence. For example, you would document “customer awareness increases” rather than “customer awareness.” • For external risks, focus on the consequences; for internal risks, focus on the causes. • Add one action per root cause. • Ensure that you only list the actions that are new or actions that need to be reviewed, thus avoiding generating a list of actions already being taken. • Add the due date and an applicable action owner to create extra buy-in and a need for urgency. • Emphasize that risk action planning is part of future, normal management practice.
RISK CONTENT 23 4 Point out the consequences of important items in order to create maximum awareness of their relevance to participants’ daily work. Mention specific actions to be taken by people if you can. Make sure that the risk’s general point is understood before getting into the details of a specific problem or question. Ask for feedback such as, “Is this point clear to everyone?” If you have doubts that the point is understood, ask someone to summarize it or give a practical example. Ensure that you only go into the items/actions that are new or need to be reviewed. 3 2 1
KEEPING THE PROCESS GOING 24 Keep up the training session tempo by summarizing and managing long discussions. Keep the time schedule in mind and avoid taking too much time for one item. Summarize the discussion to regain focus (or ask someone to do that for you).
RELEVANCE AND RISK IMPORTANCE 25 If participants are not convinced of a specific topic’s importance, take a moment to discuss the possible negative business impact of not adhering to the rules (or the benefits of adhering to them). Emphasize that the new procedures are part of future normal working practice. Point out that people may want to make a note of an especially important item when discussing it.
RISK ASSESSMENT FACILITATION GUIDE SAMPLE 3
MEETING OBJECTIVES 27 Expand understanding of known risks and, perhaps, surface risks that have not been emphasized previously within the organization or the risk assessment interviews. • Dialogue among participants is critical to achieving this objective. • Each participant has different exposure levels to various risks given their job responsibilities. Participants with more knowledge of a particular risk are strongly encouraged to share their perspective with the group to improve overall understanding of the factors to be considered in evaluating the risk. Prioritize the top risks facing the organization by considering the significance and likelihood of each risk. Discuss the key activities in place to mitigate each of the highest priority risks and determine if management believes that more should be done to manage each of the highest priority risks. Recap and discuss the objectives for the next phases of ERM.
GROUND RULES 28 Please… • Participate in discussions and activities. • Maintain one conversation at a time. • Ask clarifying questions. • Be present as much as possible – there is a lot of information to be absorbed. • Respect break times. • Place your cell phones on silent. Parking Lot The facilitator reserves the right to request for an item or conversation to be moved to the “parking lot.” Parking lot items are issues, comments and clarifications that are not directly related to the session objective or that do not provide commentary or follow-up discussions cursory to the agenda item at hand. These will be captured so they can be addressed at an appropriate point in the session.
INTRODUCTION 29 “Business risk” is defined as the level of exposure to uncertainties that the enterprise must understand and effectively manage as it achieves its objectives and creates value. • It is not just about threats; there is an upside as well as a downside. • Risk is not about a single point estimate. • Time frame is an important factor when evaluating risk. • Exposure and uncertainty are important factors. A Definition of Business Risk: • Risk is a fact of life; life is constantly changing and is uncertain. • Today’s economy requires companies to identify and respond more quickly to changing risk profiles. • All management is essentially risk management. • Many risk management activities are well-defined, and accountability has been assigned. For risks that have not been defined/assigned, risks can “slip between the cracks” and/or be managed inconsistently due to individual perceptions of the significance of the risk. Things to Consider
PRIORITIZING BUSINESS RISKS 30 Significance • How big of an impact would this risk have if it were to occur? • Impact could be in many areas, including financial, reputation, human resources, stock valuation, etc. Likelihood • Consider how likely it is that this risk would actually occur given the inherent uncertainties in your business. • Don’t consider the mitigating effects of internal controls. Risk
IDENTIFYING BUSINESS RISKS 31 • Think about risks from your point of view within the company, considering your group’s goals and objectives: − You must identify inherent risks in your business. − Don’t consider whether you are controlling the risk. − You must identify risks that are inherent in the business regardless of your internal control. • You don’t know for sure if the risk is being controlled until it is tested. • View risks as if you were just being introduced to the company for the first time and you don’t know if anything is working well.
QUESTIONS TO IDENTIFY BUSINESS RISKS 32 Where do you devote considerable internal effort in order to control? 01 What areas receive considerable management reporting? 02 Where have you devoted significant resources? 03 What are the analysts and rating agencies most interested in? 04 What wouldn’t you want on the front page of the newspaper? 05 What are key obstacles to taking advantage of opportunities? 06 What is impeding growth? 07 What do your competitors do better? 08 What keeps you up at night? 09 What do people complain about within the organization? 10 If you could fix one thing at the company, what would it be? 11
ASSIGNMENT 33 Write down five critical business risks from your point of view.
REVIEW RISK DOCUMENTATION 34 WFDDAdsQAD Is clarification needed? WFDDAdsQAD Is there a risk category that is missing? The success of this exercise will depend upon the level of understanding of the risks and your input.
SIGNIFICANCE 35 You can rank the significance of your key business risks using the scale described below. Level Descriptor Business Impact Description 7, 8 and 9 Major Very significant financial, reputational or other loss that ultimately could jeopardize the ability of the organization to continue without major changes may occur. Regulatory communication may be required. 4, 5 and 6 Moderate Financial loss is moderate, could be significant and may require public disclosure. Management must be involved in the issue and focused on completing it within a timely manner. 1, 2 and 3 Insignificant Little financial loss may occur. Management’s attention may not be required. Process changes are likely not required in response to risk occurrence.
LIKELIHOOD 36 You can rank the likelihood of your key business risks using the scale described below. Level Descriptor Business Impact Description 7, 8 and 9 Probable The future event or events are expected to occur in most circumstances. 4, 5 and 6 Possible The chance of the future event or events is more than remote but less than probable. 1, 2 and 3 Remote The future event or events may occur only in exceptional circumstances.
RISK RATING INTERPRETATION 37 The graphic below depicts how the risk map on the following slide can be interpreted – risk responses should be developed starting with those risks found in the upper-right quadrant. Likelihood HIGH Low High Low High Significance Secondary Risks • Likelihood is lower but could have significant adverse impact on business objectives. Key Risks • Critical risks that potentially threaten the achievement of business objectives may occur. Low Priority Risks • Significant monitoring may not be necessary unless there is a change in classification. • Reassess these risks periodically. Secondary Risks • Significance is lower, but more likely to occur. • Consider cost/benefit trade-off. • Reassess these risks often to ensure changing conditions (move to high significance).
SAMPLE RISK MAP 38 Risk: Moderate to High Risk: High Risk: Moderate to High Risk: Moderate Risk: Very High Risk: High Risk: Low to Moderate Risk: Moderate Risk: Low Insignificant Moderate Significant High Major Remote Unlikely Reasonably Possible Probable Almost Certain I M G B C H Q P E D K O J F N R A L Significance Likelihood Insert Risk M Insert Risk H Insert Risk I Insert Risk L Insert Risk A Insert Risk D Insert Risk F Insert Risk P Insert Risk Q Insert Risk K Insert Risk E Insert Risk N Insert Risk O Insert Risk G Insert Risk J Insert Risk B Insert Risk C Insert Risk R 9 8 7 6 4 3 2 5 1 9 8 7 6 4 3 2 5 1
VOTING GUIDANCE 39 Overview of Voting Technologies • The voting is interesting, and the discussion is important. The discussion will allow each participant to gain additional insight into risks that may not be within their span of control but that may impact them in the execution of their responsibilities. • Vote risk on an “inherent” basis (in the absence of controls). • All voting is on a scale of 1 (lowest) through 9 (highest). • If you are completely unfamiliar with the factors related to an individual risk, press 0 to register a “no-vote.” The no-vote option should be utilized sparingly, as the objective of the session is to obtain input from your perspective. • Your vote will not be counted twice by the software, so feel free to press the button again to confirm your vote if you are not sure that it registered. Let’s vote now.
ASSESS CURRENT RISK MANAGEMENT CAPABILITY: RISK MANAGEMENT CAPABILITIES 40 Level Assessment Current Risk Management Capabilities 1 Very Capable ABC is very capable of managing the risk. Significant focus is spent to understand, report and manage the risk. There is little additional work that management could do to manage the risk without incurring costs that clearly outweigh the benefits. 2 and 3 Capable Management is actively managing the risk and believes that any additional mitigation would involve costs that would likely exceed the benefits. The appropriate processes and reporting are in place and the people are highly capable of executing. 4, 5 and 6 Somewhat Capable ABC has some processes/activities in place to manage the risk and would generally be able to identify risk events and control them in an acceptable manner. There may be opportunities to further reduce the risk if activities were further analyzed. 7 and 8 Low Capability Few processes/activities are in place to mitigate risk. Heavy reliance is placed on the abilities of people due to a lack of defined processes/appropriate systems to accumulate/analyze/report risk information. 9 No Capability Formal process/activities are not in place to effectively mitigate risk in this area. People/systems are not capable of executing activities consistently. Management of risk is largely reactive.
ASSESS CURRENT RISK MANAGEMENT CAPABILITY: WORKSHOP RECAP 41 • Provide feedback on the risk assessment process. • Did surprises occur? − Risks identified − Risks not identified • Were comments/feedback provided? • Next steps − Finalize the risk universe. ○ Incorporate comments and suggested enhancements. − Incorporate risk management capabilities and identify mitigating controls. ○ Top significant risks will be targeted by the company. ○ Further assess the adequacy of the control environment. ○ Identify gaps where controls and reporting are better needed to manage critical risks. ○ Determine future organization and infrastructure needs to enable management of critical risks (and other risks identified by management). ○ Formalize action plans to address identified control gaps. ○ Produce reporting and provide it to Company ABC for review and consolidation.

Recommended

Risk Management
Risk ManagementRisk Management
Risk ManagementStefan Csosz
 
Iso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesIso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesMohsen Gharakhani
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
Irm Risk Appetite
Irm Risk AppetiteIrm Risk Appetite
Irm Risk AppetiteHassan Zaitoun
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
Risk Management Procedure PowerPoint Presentation Slides
Risk Management Procedure PowerPoint Presentation Slides Risk Management Procedure PowerPoint Presentation Slides
Risk Management Procedure PowerPoint Presentation Slides SlideTeam
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 

Recommended

Risk Management
Risk ManagementRisk Management
Risk ManagementStefan Csosz
 
Iso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesIso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesMohsen Gharakhani
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
Irm Risk Appetite
Irm Risk AppetiteIrm Risk Appetite
Irm Risk AppetiteHassan Zaitoun
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk ManagementAndrew Smart
 
Risk Management Procedure PowerPoint Presentation Slides
Risk Management Procedure PowerPoint Presentation Slides Risk Management Procedure PowerPoint Presentation Slides
Risk Management Procedure PowerPoint Presentation Slides SlideTeam
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 
Risk management
Risk managementRisk management
Risk managementBabasab Patil
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Risk management
Risk managementRisk management
Risk managementJubayer Alam Shoikat
 
Managing risk with deliverables planning
Managing risk with deliverables planningManaging risk with deliverables planning
Managing risk with deliverables planningGlen Alleman
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk managementSubhendu Datta
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentationRaven Morgan
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - IDr. Shiv S Tripathi
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Kuala Lumpur - PMI Global Congress 2009 - Risk Management
Kuala Lumpur - PMI Global Congress 2009 - Risk ManagementKuala Lumpur - PMI Global Congress 2009 - Risk Management
Kuala Lumpur - PMI Global Congress 2009 - Risk ManagementTorsten Koerting
 
Risk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideRisk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideSlideTeam
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Richard Swartzbaugh
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk ManagementFAA Safety Team Central Florida
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014Linda Locke Reputation Strategist
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Risk management
Risk managementRisk management
Risk managementbaderali2141
 
BCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportBCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportNQA
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides SlideTeam
 
Risk management
Risk managementRisk management
Risk managementMECandPMV
 
IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop Ersoy AKSOY
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 

More Related Content

What's hot

Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Managing risk with deliverables planning
Managing risk with deliverables planningManaging risk with deliverables planning
Managing risk with deliverables planningGlen Alleman
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk managementSubhendu Datta
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentationRaven Morgan
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - IDr. Shiv S Tripathi
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Kuala Lumpur - PMI Global Congress 2009 - Risk Management
Kuala Lumpur - PMI Global Congress 2009 - Risk ManagementKuala Lumpur - PMI Global Congress 2009 - Risk Management
Kuala Lumpur - PMI Global Congress 2009 - Risk ManagementTorsten Koerting
 
Risk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideRisk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideSlideTeam
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Richard Swartzbaugh
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014Linda Locke Reputation Strategist
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
BCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportBCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportNQA
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides SlideTeam
 
Risk management
Risk managementRisk management
Risk managementMECandPMV
 

What's hot (20)

Risk management
Risk managementRisk management
Risk management
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
 
Risk management
Risk managementRisk management
Risk management
 
Managing risk with deliverables planning
Managing risk with deliverables planningManaging risk with deliverables planning
Managing risk with deliverables planning
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk management
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentation
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - I
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
Kuala Lumpur - PMI Global Congress 2009 - Risk Management
Kuala Lumpur - PMI Global Congress 2009 - Risk ManagementKuala Lumpur - PMI Global Congress 2009 - Risk Management
Kuala Lumpur - PMI Global Congress 2009 - Risk Management
 
Risk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideRisk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation Slide
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk Management
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
Risk management
Risk managementRisk management
Risk management
 
BCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportBCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking Report
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides
 
Risk management
Risk managementRisk management
Risk management
 

Similar to Risk assessment facilitation guide

IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop Ersoy AKSOY
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinRamaica Ona
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinAahil Malik
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinSukumar Reddy
 
Норман Маркс на форуме World Class Risk Management 2017
Норман Маркс на форуме World Class Risk Management 2017Норман Маркс на форуме World Class Risk Management 2017
Норман Маркс на форуме World Class Risk Management 2017Alexei Sidorenko, CRMP
 
Risk managemet made easy
Risk managemet made easyRisk managemet made easy
Risk managemet made easysheyam selvaraj
 
Risk management automation
Risk management automationRisk management automation
Risk management automationsheyam selvaraj
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessmentDrMohammedFarid
 
Risk analysis, priority setting team building and strategic insight
Risk analysis, priority setting team building and strategic insightRisk analysis, priority setting team building and strategic insight
Risk analysis, priority setting team building and strategic insightStephen Grey
 
Reputation risk and resiliency_3rd Annual Reputation Management Conference, I...
Reputation risk and resiliency_3rd Annual Reputation Management Conference, I...Reputation risk and resiliency_3rd Annual Reputation Management Conference, I...
Reputation risk and resiliency_3rd Annual Reputation Management Conference, I...Linda Locke Reputation Strategist
 
Taking Enterprise Risk from Theoretical to Practical
Taking Enterprise Risk from Theoretical to PracticalTaking Enterprise Risk from Theoretical to Practical
Taking Enterprise Risk from Theoretical to PracticalProformative, Inc.
 
The risk of risks reputation risk and resiliency Linda LOCKE
The risk of risks reputation risk and resiliency Linda LOCKEThe risk of risks reputation risk and resiliency Linda LOCKE
The risk of risks reputation risk and resiliency Linda LOCKEİtibar Yönetimi Enstitüsü
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.pptavisha23
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.pptAyidAlmgati
 
PMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.pptPMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.pptDorraLamouchi1
 
Traffic Lights & Threat Levels
Traffic Lights & Threat LevelsTraffic Lights & Threat Levels
Traffic Lights & Threat LevelsMatt Eckman
 
project_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptproject_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptBetshaTizazu2
 

Similar to Risk assessment facilitation guide (20)

IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
Норман Маркс на форуме World Class Risk Management 2017
Норман Маркс на форуме World Class Risk Management 2017Норман Маркс на форуме World Class Risk Management 2017
Норман Маркс на форуме World Class Risk Management 2017
 
Risk managemet made easy
Risk managemet made easyRisk managemet made easy
Risk managemet made easy
 
Risk management automation
Risk management automationRisk management automation
Risk management automation
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessment
 
Risk analysis, priority setting team building and strategic insight
Risk analysis, priority setting team building and strategic insightRisk analysis, priority setting team building and strategic insight
Risk analysis, priority setting team building and strategic insight
 
Reputation risk and resiliency_3rd Annual Reputation Management Conference, I...
Reputation risk and resiliency_3rd Annual Reputation Management Conference, I...Reputation risk and resiliency_3rd Annual Reputation Management Conference, I...
Reputation risk and resiliency_3rd Annual Reputation Management Conference, I...
 
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham
 
Taking Enterprise Risk from Theoretical to Practical
Taking Enterprise Risk from Theoretical to PracticalTaking Enterprise Risk from Theoretical to Practical
Taking Enterprise Risk from Theoretical to Practical
 
The risk of risks reputation risk and resiliency Linda LOCKE
The risk of risks reputation risk and resiliency Linda LOCKEThe risk of risks reputation risk and resiliency Linda LOCKE
The risk of risks reputation risk and resiliency Linda LOCKE
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.ppt
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.ppt
 
PMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.pptPMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.ppt
 
Traffic Lights & Threat Levels
Traffic Lights & Threat LevelsTraffic Lights & Threat Levels
Traffic Lights & Threat Levels
 
Getting the risk basics right, 30th November 2016
Getting the risk basics right, 30th November 2016Getting the risk basics right, 30th November 2016
Getting the risk basics right, 30th November 2016
 
project_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptproject_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.ppt
 

More from CenapSerdarolu

Fraud-Risk-Assessment-Standards-2022-03-25.pdf
Fraud-Risk-Assessment-Standards-2022-03-25.pdfFraud-Risk-Assessment-Standards-2022-03-25.pdf
Fraud-Risk-Assessment-Standards-2022-03-25.pdfCenapSerdarolu
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaireCenapSerdarolu
 
Performance measures guide
Performance measures guidePerformance measures guide
Performance measures guideCenapSerdarolu
 
Internal audit test type guide
Internal audit test type guideInternal audit test type guide
Internal audit test type guideCenapSerdarolu
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
Internal audit manual template
Internal audit manual templateInternal audit manual template
Internal audit manual templateCenapSerdarolu
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guideCenapSerdarolu
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 
Auditing the organizational culture
Auditing the organizational cultureAuditing the organizational culture
Auditing the organizational cultureCenapSerdarolu
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideCenapSerdarolu
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guideCenapSerdarolu
 

More from CenapSerdarolu (15)

Fraud-Risk-Assessment-Standards-2022-03-25.pdf
Fraud-Risk-Assessment-Standards-2022-03-25.pdfFraud-Risk-Assessment-Standards-2022-03-25.pdf
Fraud-Risk-Assessment-Standards-2022-03-25.pdf
 
Root cause analysis questionnaire
Root cause analysis questionnaireRoot cause analysis questionnaire
Root cause analysis questionnaire
 
Performance measures guide
Performance measures guidePerformance measures guide
Performance measures guide
 
Internal audit test type guide
Internal audit test type guideInternal audit test type guide
Internal audit test type guide
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
 
Internal audit manual template
Internal audit manual templateInternal audit manual template
Internal audit manual template
 
Fraud detection guide
Fraud detection guideFraud detection guide
Fraud detection guide
 
Data governance guide
Data governance guideData governance guide
Data governance guide
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
 
Auditing the organizational culture
Auditing the organizational cultureAuditing the organizational culture
Auditing the organizational culture
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guide
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guide
 

Recently uploaded

Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Pooja Nehwal
 
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一zul5vf0pq
 
萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程1k98h0e1
 
Presentation.pptxjnfoigneoifnvoeifnvklfnvf
Presentation.pptxjnfoigneoifnvoeifnvklfnvfPresentation.pptxjnfoigneoifnvoeifnvklfnvf
Presentation.pptxjnfoigneoifnvoeifnvklfnvfchapmanellie27
 
《1:1仿制麦克马斯特大学毕业证|订制麦克马斯特大学文凭》
《1:1仿制麦克马斯特大学毕业证|订制麦克马斯特大学文凭》《1:1仿制麦克马斯特大学毕业证|订制麦克马斯特大学文凭》
《1:1仿制麦克马斯特大学毕业证|订制麦克马斯特大学文凭》o8wvnojp
 
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查awo24iot
 
(办理学位证)多伦多大学毕业证成绩单原版一比一
(办理学位证)多伦多大学毕业证成绩单原版一比一(办理学位证)多伦多大学毕业证成绩单原版一比一
(办理学位证)多伦多大学毕业证成绩单原版一比一C SSS
 
定制(RHUL学位证)伦敦大学皇家霍洛威学院毕业证成绩单原版一比一
定制(RHUL学位证)伦敦大学皇家霍洛威学院毕业证成绩单原版一比一定制(RHUL学位证)伦敦大学皇家霍洛威学院毕业证成绩单原版一比一
定制(RHUL学位证)伦敦大学皇家霍洛威学院毕业证成绩单原版一比一ss ss
 
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...Pooja Nehwal
 
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /WhatsappsBeautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsappssapnasaifi408
 
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...ur8mqw8e
 
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一ga6c6bdl
 
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...Authentic No 1 Amil Baba In Pakistan
 
(办理学位证)加州州立大学北岭分校毕业证成绩单原版一比一
(办理学位证)加州州立大学北岭分校毕业证成绩单原版一比一(办理学位证)加州州立大学北岭分校毕业证成绩单原版一比一
(办理学位证)加州州立大学北岭分校毕业证成绩单原版一比一Fi sss
 
Alambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service LucknowAlambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service Lucknowmakika9823
 
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service SaharanpurVIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service SaharanpurSuhani Kapoor
 
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...nagunakhan
 

Recently uploaded (20)

Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
 
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
 
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
定制加拿大滑铁卢大学毕业证(Waterloo毕业证书)成绩单(文凭)原版一比一
 
9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR
9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR
9953330565 Low Rate Call Girls In Jahangirpuri Delhi NCR
 
萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程萨斯喀彻温大学毕业证学位证成绩单-购买流程
萨斯喀彻温大学毕业证学位证成绩单-购买流程
 
Presentation.pptxjnfoigneoifnvoeifnvklfnvf
Presentation.pptxjnfoigneoifnvoeifnvklfnvfPresentation.pptxjnfoigneoifnvoeifnvklfnvf
Presentation.pptxjnfoigneoifnvoeifnvklfnvf
 
《1:1仿制麦克马斯特大学毕业证|订制麦克马斯特大学文凭》
《1:1仿制麦克马斯特大学毕业证|订制麦克马斯特大学文凭》《1:1仿制麦克马斯特大学毕业证|订制麦克马斯特大学文凭》
《1:1仿制麦克马斯特大学毕业证|订制麦克马斯特大学文凭》
 
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
如何办理(Adelaide毕业证)阿德莱德大学毕业证成绩单Adelaide学历认证真实可查
 
(办理学位证)多伦多大学毕业证成绩单原版一比一
(办理学位证)多伦多大学毕业证成绩单原版一比一(办理学位证)多伦多大学毕业证成绩单原版一比一
(办理学位证)多伦多大学毕业证成绩单原版一比一
 
定制(RHUL学位证)伦敦大学皇家霍洛威学院毕业证成绩单原版一比一
定制(RHUL学位证)伦敦大学皇家霍洛威学院毕业证成绩单原版一比一定制(RHUL学位证)伦敦大学皇家霍洛威学院毕业证成绩单原版一比一
定制(RHUL学位证)伦敦大学皇家霍洛威学院毕业证成绩单原版一比一
 
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
 
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /WhatsappsBeautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
 
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
 
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(PARI) Alandi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
 
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
Papular No 1 Online Istikhara Amil Baba Pakistan Amil Baba In Karachi Amil B...
 
(办理学位证)加州州立大学北岭分校毕业证成绩单原版一比一
(办理学位证)加州州立大学北岭分校毕业证成绩单原版一比一(办理学位证)加州州立大学北岭分校毕业证成绩单原版一比一
(办理学位证)加州州立大学北岭分校毕业证成绩单原版一比一
 
Alambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service LucknowAlambagh Call Girl 9548273370 , Call Girls Service Lucknow
Alambagh Call Girl 9548273370 , Call Girls Service Lucknow
 
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service SaharanpurVIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
VIP Call Girl Saharanpur Aashi 8250192130 Independent Escort Service Saharanpur
 
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
 

Risk assessment facilitation guide

  • 2. TABLE OF CONTENTS 04 Risk Assessment Facilitation Guide: Sample 1 05 Overview 06 Ground Rules 07 Be Open and Collaborative 08 Objectives 09 What is Risk? 10 Risk Mode 11 Voting 12 First Vote: Significance 13 Significance (Most Likely Impact) Scale and Assuming the Risk Actually Occurred 14 Second and Third Votes: Risk Likelihood 15 Inherent Risk Factors: High vs. Low 16 Third Vote: Residual Risk Factors – High vs. Low 17 Vote: Risk Likelihood Scale 18 Risk Assessment Facilitation Guide: Sample 2 19 Preparation and Risk Introduction 20 Risk Identification 21 Risk Prioritization 22 Risk Sourcing and Action Planning 23 Risk Content 24 Keeping the Process Going 25 Relevance and Risk Importance 26 Risk Assessment Facilitation Guide: Sample 3 27 Meeting Objectives 28 Ground Rules 29 Introduction 2
  • 3. TABLE OF CONTENTS 30 Prioritizing Business Risks 31 Identifying Business Risks 32 Questions to Identify Business Risks 33 Assignment 34 Review Risk Documentation 35 Significance 36 Likelihood 37 Risk Rating Interpretation 38 Sample Risk Map 39 Voting Guidance 40 Assess Current Risk Management Capability: Risk Management Capabilities 41 Assess Current Risk Management Capability: Workshop Recap 3
  • 5. OVERVIEW Why are we here? 1 What are we trying to accomplish? 2 How will the results be used? 3 Questions? 4 The purpose of today’s workshop is to understand, identify, sort and prioritize key risks within the organization. 5
  • 6. GROUND RULES Encourage participation. 1 6 Don’t use the “S” word. 2 Keep anonymity of votes. 3 Keep parking lot questions of other topics. 4 Stay engaged – don’t leave during voting. 5 Come back on time from breaks. 6 Turn off cell phones and don’t read or answer emails. 7
  • 7. BE OPEN AND COLLABORATIVE Although risk is often viewed as a negative topic, we hope to collectively gain insight through open group discussion and constructive debate. We understand that all participants in today’s meeting are faced with risk management decisions daily. Today’s discussion is designed to encourage cross-functional communication that will build consensus around the risks that really matter. 1 It is not a performance appraisal. It is a diagnostic tool to help focus your risk management priorities. 1 7
  • 8. OBJECTIVES Prioritize risks through anonymous voting based on: • Significance • Inherent likelihood that a risk will occur • Residual likelihood that a risk will occur after application of management controls 2. Discuss and validate identified risks. 1. Plot the three votes using facilitation software into two two-by-two graphs: • Inherent Risk Map (Significance and Inherent Likelihood) • Residual Risk Map (Significance and Residual Likelihood) 3. 8
  • 9. WHAT IS RISK? • “Risk” is defined as the possibility that an event will occur and adversely affect achievement of the organization’s strategic objectives over the next three to five years. • Risks must first be prioritized based on significance. • Consider the most likely impact on achievement of your strategic objectives if this risk was not adequately prevented or controlled well. Write down your top five most significant risks, thinking about the potential they have to impact achievement of the organization’s strategic objectives over the next three to five years if not properly mitigated or controlled. What is Risk Universe? 9
  • 10. RISK MODEL Environment Risk Process Risk Information for Decision-Making Risk • Competitor • Political • Legal and Regulatory • Economy/Industry • Lending Compliance • Guest Satisfaction • Talent Management • Management of Agreements • HOA Management • Separation • Procurement • Project Development • Transfer Property • Business Continuity • Customer Data Privacy • International Operations • Cash Flow Management • Cybersecurity • IT Infrastructure • Reputational • Fraud • Growth Management • Sales and Marketing • Financial Reporting • Tax Compliance • Financial Planning and Analysis 10
  • 11. VOTING 11 Overview of Voting Technology • The voting is interesting, but the discussion is more important. The discussion will allow each participant to gain insight into the relative potential impact of risks. • If you are completely unfamiliar with the factors related to an individual risk, click on “absent” to register a “no-vote.” The no-vote option should be utilized sparingly, as the object of the session is to obtain your input from your perspective. • Your vote will not be counted twice by the software, so feel free to click on the button again to confirm if you are not sure that your vote registered.
  • 12. FIRST VOTE: SIGNIFICANCE • Consider the most likely impact on achievement of your strategic objectives if this risk were to occur. • The voting is being done to rank the significance (or potential impact) of the risks. High Significance is 9 and Low is 1. • Significance (or potential impact) should be considered broadly: − Reputation − People − Financial − Stock price − Customers − Regulatory fines • Use the worksheet provided to help assign your ratings prior to the vote. 12
  • 13. SIGNIFICANCE (MOST LIKELY IMPACT) SCALE, ASSUMING THE RISK ACTUALLY OCCURRED Level Descriptor Business Impact Description 8 and 9 Major Very significant financial, reputational or other loss that ultimately could jeopardize the ability of the organization to continue without major changes may occur. High damage control must occur that may require public/regulatory communication. 6 and 7 High High financial, reputational or other loss and scrutiny by board and analysts (could result in a significant decline in share price) may occur. Business impact likely requires additional resources (internal or external) and likely requires public disclosure. 5 Significant Financial, reputational or other loss is significant to the company and may require public disclosure. Senior management must be very involved with issue. 3 and 4 Moderate Fairly significant impact that gets the attention of senior management and could be a factor in not meeting budget expectations may occur. Business impact may require (mainly internal) additional resources in response to risk occurrence. 2 Minor Low impact may occur. Business impact is easily mitigated, and director or above involvement may be necessary. 1 Insignificant Little impact may occur. Top management attention may not be required. Process changes are likely not required in response to risk occurrence. 13
  • 14. SECOND AND THIRD VOTES: RISK LIKELIHOOD • Risk likelihood may be assessed on both an inherent and residual basis. − Vote 2: Inherent Risk is the likelihood that something will have a significant impact to the entity in the absence of any actions management might take to control the risk. − Vote 3: Residual Risk is the likelihood that something will have a significant impact to the entity after management has taken action to control the risk. • We will be ranking risks for inherent and residual likelihood of the risk significantly impacting the achievement of the company’s strategic objectives. 14
  • 15. INHERENT RISK FACTORS: HIGH VS. LOW High Inherent Risk Low Inherent Risk • Many control points • Decentralized • High turnover of personnel • Less mature systems • Many unusual/non-routine transactions • Significant judgments and/or estimates • Communication breakdowns • Few control points • Centralized • Low turnover of personnel • More mature systems • Few unusual/nonroutine transactions • No significant judgments and/or estimates • Few communication breakdowns What would you be concerned about if you were buying a timeshare company that was similar to the organization? Your concerns would typically parallel the areas with the highest inherent risk. Another way to think about this: 15
  • 16. THIRD VOTE: RESIDUAL RISK FACTORS – HIGH VS. LOW Management Commitment Responsibility • Systems do not work • Procedures aren’t executed • High error rates • Inadequate resources to perform • Lack of expertise • Unaddressed issues • Inadequate supervision • Highly effective systems • High effectiveness of people • Low error rates • Full staffing and significant history • High expertise • Few unaddressed issues • Sufficient supervision and review To determine whether residual risk is high or low, you have to consider control effectiveness: • High control effectiveness significantly reduces the likelihood that a risk will occur. • Low control effectiveness does not significantly reduce the likelihood that a risk will occur. 16
  • 17. VOTE: RISK LIKELIHOOD SCALE Level Descriptor Likelihood Description Probability of Occurrence 9 Almost Certain The risk is expected to significantly impact the company in most circumstances. Greater than 95% 7 and 8 Probable The risk is likely to significantly impact the company. Greater than 70 – 95% 4,5 and 6 Reasonably Possible The risk is likely to have a more than remote but less than likely chance of being significant. Greater than 30 – 70% 2 and 3 Unlikely The chance of the risk having a significant impact is slight. Greater than 5 – 30% 1 Remote The risk may occur and be significant only in exceptional circumstances. 5% or less 17
  • 19. PREPARATION AND RISK INTRODUCTION 19 • Invite people to sit at the front of the room (rather than letting them sit at the back). • Keep the time schedule in mind and avoid taking too much time for one item. • Make sure you periodically take a short break to revitalize the group. • Avoid judging participants’ comments. • Manage expectations by directly addressing the expectation(s) that cannot be met. • Take your time when presenting the risk management concepts. It is probably the first time that most participants are hearing about the concepts. • Spend a few minutes to give people an overview of the whole process before starting with Step 1 when presenting the risk assessment process. This guide provides tips and tricks for facilitating a risk assessment workshop. These tips are organized to guide you through the high-level phases of a risk assessment discussion and provide insight into the facilitator’s role for this process.
  • 20. RISK IDENTIFICATION 20 • Ask everyone to state one risk in order to avoid getting a long list of risks from participants. After one round, ask if there are additional key risks concerning the objectives. • Be as specific as possible when defining the risk. For example, describe risk as “Loss of top two key suppliers, Company ABC and XYZ” rather than “Loss of key suppliers.” • Avoid documenting current issues since these are the things they should be managing. Ask “Is this an issue?” If so, explain that “an issue is a certainty, and a risk is an uncertainty. So, what is the risk (uncertainty)?” • Ensure that there is a verb included in the risk definition. For example, state that “Employee turnover increases beyond 15%” rather than “The risk of employee turnover.” • Implement a temporary definition on-screen first and then work with participants to fine-tune it to speed up the risk definition process. • Ask participants how they would formulate a risk definition instead of trying to formulate it yourself. • Use their words rather than your words when summarizing. This will increase the feeling that it is an assessment of their risks. • Summarize the discussions (or ask someone to do that for you) to regain focus after a long discussion and move on to the next topic. • Ensure that the participants are focused on the facilitator by agreeing upfront that the assistant waits for the facilitator to verbally summarize the definition before documenting the risk definition. • Ask for feedback to gain clarity from participants on risk definitions. For example, “Is this definition clear for everyone?” • Avoid conversations that entail judging the scale of the risk before voting (discussion should concern the definition). • Ensure that internal risks are also addressed when identifying risks. People can sometimes focus too much on external risks during the risk assessment process. • Make sure that people do not give opinions on how they would rank the risk when explaining risk definitions. The voting process comes later in the session.
  • 21. RISK PRIORITIZATION Ask participants when there is no consensus on risk priorities, “Would someone like to say why you might vote high/low on this risk?” Summarize the high and low arguments and ask if people would like to revote. 1 Only revote when participants say they want to revote on the risk significance. Ask participants, “Based on the arguments you just heard, who feels they need to change their vote?” 2 Avoid being drawn into the discussion content as a facilitator by reflecting any content questions back to the group. Focus on the process of the risk assessment and not interjecting your opinion into the process. 3 Keep up the tempo during the voting process by summarizing and managing long discussions. 4 Keep repeating, “If this risk has happened, what is the impact?” when voting on risk impact. 5 21
  • 22. RISK SOURCING AND ACTION PLANNING 22 • Ensure that a risk owner is assigned prior to starting the sourcing exercise. This helps to ensure that there is buy-in for the risk actions. • Avoid spending time on unimportant causes/consequences by performing a quick brainstorm to find the main causes. Cluster the first level of causes, where applicable. Then ask the group, “Which are the most important identified causes and consequences?” Only then should you drill down the chosen causes/consequences. • A rule of thumb is to have three layers of causes for the most important (main) causes to get the right level of detail. Do this by asking “why?” three times. • Ask for suggestions in formulation instead of making suggestions in your own words. • Type the participants’ suggestions into the risk assessment program as quickly as possible and fine tune it after you have something workable on screen. • Wait for the assistant to finish typing before moving onto the next cause/consequence. • Formulate the cause/consequence as concisely as possible, bearing in mind that all discussions documented should be understandable after a few months for other people to read. • Ensure that there is an adjective/verb included in each formulated cause or consequence. For example, you would document “customer awareness increases” rather than “customer awareness.” • For external risks, focus on the consequences; for internal risks, focus on the causes. • Add one action per root cause. • Ensure that you only list the actions that are new or actions that need to be reviewed, thus avoiding generating a list of actions already being taken. • Add the due date and an applicable action owner to create extra buy-in and a need for urgency. • Emphasize that risk action planning is part of future, normal management practice.
  • 23. RISK CONTENT 23 4 Point out the consequences of important items in order to create maximum awareness of their relevance to participants’ daily work. Mention specific actions to be taken by people if you can. Make sure that the risk’s general point is understood before getting into the details of a specific problem or question. Ask for feedback such as, “Is this point clear to everyone?” If you have doubts that the point is understood, ask someone to summarize it or give a practical example. Ensure that you only go into the items/actions that are new or need to be reviewed. 3 2 1
  • 24. KEEPING THE PROCESS GOING 24 Keep up the training session tempo by summarizing and managing long discussions. Keep the time schedule in mind and avoid taking too much time for one item. Summarize the discussion to regain focus (or ask someone to do that for you).
  • 25. RELEVANCE AND RISK IMPORTANCE 25 If participants are not convinced of a specific topic’s importance, take a moment to discuss the possible negative business impact of not adhering to the rules (or the benefits of adhering to them). Emphasize that the new procedures are part of future normal working practice. Point out that people may want to make a note of an especially important item when discussing it.
  • 27. MEETING OBJECTIVES 27 Expand understanding of known risks and, perhaps, surface risks that have not been emphasized previously within the organization or the risk assessment interviews. • Dialogue among participants is critical to achieving this objective. • Each participant has different exposure levels to various risks given their job responsibilities. Participants with more knowledge of a particular risk are strongly encouraged to share their perspective with the group to improve overall understanding of the factors to be considered in evaluating the risk. Prioritize the top risks facing the organization by considering the significance and likelihood of each risk. Discuss the key activities in place to mitigate each of the highest priority risks and determine if management believes that more should be done to manage each of the highest priority risks. Recap and discuss the objectives for the next phases of ERM.
  • 28. GROUND RULES 28 Please… • Participate in discussions and activities. • Maintain one conversation at a time. • Ask clarifying questions. • Be present as much as possible – there is a lot of information to be absorbed. • Respect break times. • Place your cell phones on silent. Parking Lot The facilitator reserves the right to request for an item or conversation to be moved to the “parking lot.” Parking lot items are issues, comments and clarifications that are not directly related to the session objective or that do not provide commentary or follow-up discussions cursory to the agenda item at hand. These will be captured so they can be addressed at an appropriate point in the session.
  • 29. INTRODUCTION 29 “Business risk” is defined as the level of exposure to uncertainties that the enterprise must understand and effectively manage as it achieves its objectives and creates value. • It is not just about threats; there is an upside as well as a downside. • Risk is not about a single point estimate. • Time frame is an important factor when evaluating risk. • Exposure and uncertainty are important factors. A Definition of Business Risk: • Risk is a fact of life; life is constantly changing and is uncertain. • Today’s economy requires companies to identify and respond more quickly to changing risk profiles. • All management is essentially risk management. • Many risk management activities are well-defined, and accountability has been assigned. For risks that have not been defined/assigned, risks can “slip between the cracks” and/or be managed inconsistently due to individual perceptions of the significance of the risk. Things to Consider
  • 30. PRIORITIZING BUSINESS RISKS 30 Significance • How big of an impact would this risk have if it were to occur? • Impact could be in many areas, including financial, reputation, human resources, stock valuation, etc. Likelihood • Consider how likely it is that this risk would actually occur given the inherent uncertainties in your business. • Don’t consider the mitigating effects of internal controls. Risk
  • 31. IDENTIFYING BUSINESS RISKS 31 • Think about risks from your point of view within the company, considering your group’s goals and objectives: − You must identify inherent risks in your business. − Don’t consider whether you are controlling the risk. − You must identify risks that are inherent in the business regardless of your internal control. • You don’t know for sure if the risk is being controlled until it is tested. • View risks as if you were just being introduced to the company for the first time and you don’t know if anything is working well.
  • 32. QUESTIONS TO IDENTIFY BUSINESS RISKS 32 Where do you devote considerable internal effort in order to control? 01 What areas receive considerable management reporting? 02 Where have you devoted significant resources? 03 What are the analysts and rating agencies most interested in? 04 What wouldn’t you want on the front page of the newspaper? 05 What are key obstacles to taking advantage of opportunities? 06 What is impeding growth? 07 What do your competitors do better? 08 What keeps you up at night? 09 What do people complain about within the organization? 10 If you could fix one thing at the company, what would it be? 11
  • 33. ASSIGNMENT 33 Write down five critical business risks from your point of view.
  • 34. REVIEW RISK DOCUMENTATION 34 WFDDAdsQAD Is clarification needed? WFDDAdsQAD Is there a risk category that is missing? The success of this exercise will depend upon the level of understanding of the risks and your input.
  • 35. SIGNIFICANCE 35 You can rank the significance of your key business risks using the scale described below. Level Descriptor Business Impact Description 7, 8 and 9 Major Very significant financial, reputational or other loss that ultimately could jeopardize the ability of the organization to continue without major changes may occur. Regulatory communication may be required. 4, 5 and 6 Moderate Financial loss is moderate, could be significant and may require public disclosure. Management must be involved in the issue and focused on completing it within a timely manner. 1, 2 and 3 Insignificant Little financial loss may occur. Management’s attention may not be required. Process changes are likely not required in response to risk occurrence.
  • 36. LIKELIHOOD 36 You can rank the likelihood of your key business risks using the scale described below. Level Descriptor Business Impact Description 7, 8 and 9 Probable The future event or events are expected to occur in most circumstances. 4, 5 and 6 Possible The chance of the future event or events is more than remote but less than probable. 1, 2 and 3 Remote The future event or events may occur only in exceptional circumstances.
  • 37. RISK RATING INTERPRETATION 37 The graphic below depicts how the risk map on the following slide can be interpreted – risk responses should be developed starting with those risks found in the upper-right quadrant. Likelihood HIGH Low High Low High Significance Secondary Risks • Likelihood is lower but could have significant adverse impact on business objectives. Key Risks • Critical risks that potentially threaten the achievement of business objectives may occur. Low Priority Risks • Significant monitoring may not be necessary unless there is a change in classification. • Reassess these risks periodically. Secondary Risks • Significance is lower, but more likely to occur. • Consider cost/benefit trade-off. • Reassess these risks often to ensure changing conditions (move to high significance).
  • 38. SAMPLE RISK MAP 38 Risk: Moderate to High Risk: High Risk: Moderate to High Risk: Moderate Risk: Very High Risk: High Risk: Low to Moderate Risk: Moderate Risk: Low Insignificant Moderate Significant High Major Remote Unlikely Reasonably Possible Probable Almost Certain I M G B C H Q P E D K O J F N R A L Significance Likelihood Insert Risk M Insert Risk H Insert Risk I Insert Risk L Insert Risk A Insert Risk D Insert Risk F Insert Risk P Insert Risk Q Insert Risk K Insert Risk E Insert Risk N Insert Risk O Insert Risk G Insert Risk J Insert Risk B Insert Risk C Insert Risk R 9 8 7 6 4 3 2 5 1 9 8 7 6 4 3 2 5 1
  • 39. VOTING GUIDANCE 39 Overview of Voting Technologies • The voting is interesting, and the discussion is important. The discussion will allow each participant to gain additional insight into risks that may not be within their span of control but that may impact them in the execution of their responsibilities. • Vote risk on an “inherent” basis (in the absence of controls). • All voting is on a scale of 1 (lowest) through 9 (highest). • If you are completely unfamiliar with the factors related to an individual risk, press 0 to register a “no-vote.” The no-vote option should be utilized sparingly, as the objective of the session is to obtain input from your perspective. • Your vote will not be counted twice by the software, so feel free to press the button again to confirm your vote if you are not sure that it registered. Let’s vote now.
  • 40. ASSESS CURRENT RISK MANAGEMENT CAPABILITY: RISK MANAGEMENT CAPABILITIES 40 Level Assessment Current Risk Management Capabilities 1 Very Capable ABC is very capable of managing the risk. Significant focus is spent to understand, report and manage the risk. There is little additional work that management could do to manage the risk without incurring costs that clearly outweigh the benefits. 2 and 3 Capable Management is actively managing the risk and believes that any additional mitigation would involve costs that would likely exceed the benefits. The appropriate processes and reporting are in place and the people are highly capable of executing. 4, 5 and 6 Somewhat Capable ABC has some processes/activities in place to manage the risk and would generally be able to identify risk events and control them in an acceptable manner. There may be opportunities to further reduce the risk if activities were further analyzed. 7 and 8 Low Capability Few processes/activities are in place to mitigate risk. Heavy reliance is placed on the abilities of people due to a lack of defined processes/appropriate systems to accumulate/analyze/report risk information. 9 No Capability Formal process/activities are not in place to effectively mitigate risk in this area. People/systems are not capable of executing activities consistently. Management of risk is largely reactive.
  • 41. ASSESS CURRENT RISK MANAGEMENT CAPABILITY: WORKSHOP RECAP 41 • Provide feedback on the risk assessment process. • Did surprises occur? − Risks identified − Risks not identified • Were comments/feedback provided? • Next steps − Finalize the risk universe. ○ Incorporate comments and suggested enhancements. − Incorporate risk management capabilities and identify mitigating controls. ○ Top significant risks will be targeted by the company. ○ Further assess the adequacy of the control environment. ○ Identify gaps where controls and reporting are better needed to manage critical risks. ○ Determine future organization and infrastructure needs to enable management of critical risks (and other risks identified by management). ○ Formalize action plans to address identified control gaps. ○ Produce reporting and provide it to Company ABC for review and consolidation.