SlideShare a Scribd company logo

Case study in Enterprise Risk Management

C
Chris Teniswood

Case study in Enterprise Risk Management (ERM) showing paired comparison method to evaluate risk, allocate ERM resources and to highlight the different perspective or context for different levels of company management.

Business
1 of 6
Download to read offline
© Copyright e-risk.asia 2017 1 ADDITIONAL CASE STUDY 1 – SETTING RELATIVE PRIORITIES IN A CORPORATE RISK MANAGEMENT PROGRAM 1. Introduction and purpose Risk management is often based on qualitative judgments and qualitative ratings. For example, an evaluation of the likelihood of occurrence of a risk and its consequence may be made by reference to a rating scale. Both COSO and ISO 31000 and similar codes and guides for ERM suggest ratings for qualitative evaluation of likelihood, consequence and resultant risk. There are many factors and some difficulties involved in arriving at sound qualitative ratings of risk: for example, the consistency of an individual’s ratings; their degree of expertise in making a risk judgement; the complexity of a judgement, especially one involving multiple risk criteria; the interpretation, scaling and use of ratings; shift of datum, etc. In general, people tend to overestimate the likelihood and severity of rare external events that they cannot control, like natural disasters. They tend to underestimate the risk of “internal” events (like drinking and smoking) that they can control. They would tend to view the same risk differently if it was described say as a 20% chance of loss compared with it being described as an 80% chance of gain. The purpose of this case study is to show how a specific technique for obtaining reliable qualitative ratings was applied to the assessment of risk in a commercial environment. The method was used to identify the various perceptions of risk in the organization, to set risk management priorities in accordance with those perceptions and to direct resources to those risks perceived as the most significant to the organisation. 2. Setting and context Case 1 is a large national clothing and sports good manufacturing company. It has manufacturing, warehousing, sales, distribution and administrative operations over many sites. Its brands are high profile. The company has comprehensive insurances but has yet to develop and implement a risk management strategy. The company retains high levels of self-insurance. Its Board is concerned to develop an enterprise-wide risk management strategy that focuses on control of the company’s major exposures to its business operations. Under its Finance Director, the company has prepared a budget for implementation of a risk management plan. The Finance Director and the Board wish to get a picture of what the key exposures to business operations are and the relative priorities. Using this picture, they intend to allocate the risk management budget and resources accordingly. In their view, they wish to ensure that the company’s resources in this regard are directed effectively to the risk areas of greatest importance and not wasted on areas of lesser significance to the company. 3. Risk identification 3.1. Approach The company contracted an independent risk management firm to undertake initial risk identification and risk evaluation. For its initial identification of risks to business operations, the risk management firm firstly conducted a series of discussion (or “brainstorming”) workshops with different groups of
© Copyright e-risk.asia 2017 2 company personnel. Groups variously comprised the company’s Directors, its Executives and General Managers, line managers, operational supervisors, engineering and line representatives. In addition, the company’s auditors and insurance broker were included. Workshops concentrated on identifying the exposures to business operations and the key criteria of significance to the business. Secondly, the company’s sites were inspected by a team made up of persons from the risk management firm, the company’s insurance broker and auditor. The site manager was also involved in each inspection. A qualitative risk profile of each site, including risks pertaining to its linkages to the overall business, was prepared from each inspection. 3.2. Findings In summary, the risk identification workshops produced the findings tabulated below. The major threats to business operations were perceived as: Table I. THREATS Ref. Description 1 IT systems (main computer) failure 2 Fire 3 Theft, collusion, fraud 4 Inadequate insurance cover 5 Transport loss 6 Industrial stoppage 7 Product faults 8 Breach of building security 9 Loss of key utilities (power, telecommunications, water) 10 Breach of major contracts 11 Breach of IT system information security (including PCs and laptops) Any one of the threats listed above could produce many consequences and knock-on impacts to the business if it was to arise. In other words, there are many criteria against which risks to the business can be identified and assessed in importance. In this sense, the significant risk exposures to the business were perceived as those tabulated below. Table II. RISK EXPOSURES TO BUSINESS (RISK CRITERIA) Ref. Description Relative weighting (%) i. Loss of assets 35 ii. Business interruption 22 iii. Financial impact 17 iv. Legal liabilities 7 v. Detriment to market image, reputation 7 vi. Market opportunity loss 12
© Copyright e-risk.asia 2017 3 The risks to business operations were thus seen as multi-dimensional, being a matrix or combination of threats that could feasibly arise and the resultant exposures of the business if they did. Table III below illustrates such a risk matrix. In contrast to a risk rating based on an assessment of the likelihood and consequence of individual risks, this approach to risk assessment and rating of risks focuses on the threats and exposures (or vulnerabilities) to the business. Table III. MATRIX OF THREATS AND EXPOSURES THREAT EXPOSURES (RISK CRITERIA) i.assets ii.interrup. iii.financl. iv.legal v.reputatn. vi.market 1.IT fail 2.Fire 3.Theft 4.Insur’ce gap 5.Transport 6.Industrial 7.Prod fault 8.Security 9.Utilities 10.Contracts 11.Info loss The question is how to rate the risks – that is, how to rate the relative importance of the threats given that there are a number of criteria against which they can be judged as a risk. This rating task is made more complex if weightings are introduced for each of the criteria in respect to each individual threat. This is usually done, and it was in this case. For example, the criterion of Business Interruption got a high weighting for the threat of Transport Loss; the criterion of Assets Loss a very low weighting for this threat. Note that the weightings shown in Table 2 are the overall weightings for all threats – their derivation is discussed below. 4. Risk rating and relative risk priorities 4.1. Method used for risk rating There are many ways to develop valid and reliable ratings from qualitative estimates of risk: for example, rankings and ordinal ratings, continuous linear scales, paired comparisons. Paired comparison techniques have been used to arrive at numerical risk ratings (see Teniswood et al, 1993 for example1 ). People make better relative judgments, such as with paired comparisons, than direct estimates. Paired comparisons enable a check on the consistency of judgments – this means for example, if an individual judges that risk A > risk B and risk B > risk C, then it should follow for consistency that risk A > risk C. In addition, paired comparisons can produce a numerical scale of results. The disadvantage of the technique is that it can be time consuming. In this case study, a method for rating risk using paired comparisons was adopted. First, paired comparisons of the six criteria shown in Table II above were made by all groups and their results consolidated to produce the relative weightings shown in the table. The paired 1 Teniswood CF, Sharp T and Clark DGN Case studies in probabilistic risk assessment in Melchers RE and Stewart MG (Eds.) Probabilistic Risk and Hazard Assessment, Balkema Publ., Rotterdam, 1993, pp. 111-119.
© Copyright e-risk.asia 2017 4 comparisons were obtained using worksheets presenting 15 random pairs of each of the six criteria. The results of all comparisons were analyzed using software for the purpose. Secondly, worksheets giving randomized paired comparisons of the eleven threats shown in Table I for each of the six risk criteria were presented to all individuals who had made up the risk assessment groups. A typical worksheet is shown in Figure 1 below. Figure 1. Example of a typical paired comparisons worksheet in this case All pairs were scored in the range 0 – 3 against the stated criterion. Each risk criterion was weighted as can be seen. The relative expertise of each individual was also weighted in respect to the applicable risk criterion – for example, the Marketing Manager was given a greater weighting regarding their assessment of risk of Market Opportunity Loss than the assessment of the Maintenance Engineer say; and vice versa in respect of risk of Business Interruption. Everyone indicated their judgment of the relative risk against each given pair on the worksheet, as figure 1 illustrates. From the results of all worksheets, and taking all six risk criteria into account in the risk ratings, a risk rating between zero and one on a linear scale was produced for each of the eleven threats. High rating given here for fidelity risk compared with transport wrt asset loss Equal rating given here to contracts and transport wrt asset loss
© Copyright e-risk.asia 2017 5 4.2. Findings The relative risk ratings made by three of the groups of all eleven threats are shown on the linear scales below. The scales go linearly from 0 at bottom to 1 at top. It can be readily seen that there are different perceptions of the relative importance of the threats to the business. That is, different groups arrived at quite different ratings of the risks. This is an interesting finding, though not surprising. Different people had different perceptions of the risks to the company. Who is “right”? And what are the “real” risk ratings? The overall risk ratings produced from consolidation of the results for all individuals is shown below. The bracketed numbers are scale values. This was used to direct the company’s resources to the risks seen (by all) as being of greatest significance. The resource allocation was based on the relative rating (scale value) of the risks. Directors General Managers Fire Contract breach IT security Industrial stoppage IT security IT security Loss utilities Building security Transport loss Product faults Inadequate insurance Fraud IT system failure IT system failure IT system failure Fire Fire Fraud Fraud Contract breach Contract breach Inadequate insurance Inadequate insurance Loss utilities Loss utilities Industrial stoppage Industrial stoppage Building security Building securityTransport loss Transport loss Line & Functional Managers Product faults Product faults Increasing risk
© Copyright e-risk.asia 2017 6 5. ERM Guidelines This case study suggests the following guidelines for qualitative assessments of risk and risk management:  Different people have different perceptions and understandings of what risk is.  Different circumstances and different questioning produce different assessments of risk.  Though ranks and direct ratings are easy to use, people are not particularly good at making direct (or absolute) estimates of risk.  Numerical scores to indicate rank and direct ratings provide ordinal data only and should not be treated and used in calculations as real numbers without care.  A “paired comparisons” method can be used for risk rating and its scale values show not only the relative rating of each risk, but by how much. Results can also be checked for consistency and reliability. The disadvantage of the technique is that it is time-consuming and generally requires software to help.  Thus, the risk manager requires an understanding of the strengths and limitations of qualitative data, qualitative techniques and the interpretation of qualitative results. Fire IT fail IT security Contracts Fraud Other Fire (1.0) IT system failure (0.85) IT security (0.45) Contract breach (0.2) Fraud (0.15) All other threats (0.1) Allocation of resources based on the risk ratings shown at left

Recommended

Chapter 08 risk management in banks
Chapter 08 risk management in banksChapter 08 risk management in banks
Chapter 08 risk management in banksiipmff2
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk managementSubhendu Datta
 
Business risk assessment
Business risk assessmentBusiness risk assessment
Business risk assessmentUzair Khan
 
Chapter 03 - Introduction to Risk Management
Chapter 03 - Introduction to Risk ManagementChapter 03 - Introduction to Risk Management
Chapter 03 - Introduction to Risk ManagementWilly BUN
 
Introduction to economic capital
Introduction to economic capitalIntroduction to economic capital
Introduction to economic capitalMichel Rochette
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Types of Risks and its Management in Banking
Types of Risks and its Management in BankingTypes of Risks and its Management in Banking
Types of Risks and its Management in BankingMohit Chhabra
 
Stress Testing the Loan Portfolio
Stress Testing the Loan PortfolioStress Testing the Loan Portfolio
Stress Testing the Loan PortfolioLibby Bierman
 

Recommended

Chapter 08 risk management in banks
Chapter 08 risk management in banksChapter 08 risk management in banks
Chapter 08 risk management in banksiipmff2
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk managementSubhendu Datta
 
Business risk assessment
Business risk assessmentBusiness risk assessment
Business risk assessmentUzair Khan
 
Chapter 03 - Introduction to Risk Management
Chapter 03 - Introduction to Risk ManagementChapter 03 - Introduction to Risk Management
Chapter 03 - Introduction to Risk ManagementWilly BUN
 
Introduction to economic capital
Introduction to economic capitalIntroduction to economic capital
Introduction to economic capitalMichel Rochette
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Types of Risks and its Management in Banking
Types of Risks and its Management in BankingTypes of Risks and its Management in Banking
Types of Risks and its Management in BankingMohit Chhabra
 
Stress Testing the Loan Portfolio
Stress Testing the Loan PortfolioStress Testing the Loan Portfolio
Stress Testing the Loan PortfolioLibby Bierman
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Risk Management in Banking Sectors.
Risk Management in Banking Sectors.Risk Management in Banking Sectors.
Risk Management in Banking Sectors.Rupesh neupane
 
Market Risk
Market RiskMarket Risk
Market RiskSAS Institute India Pvt. Ltd
 
Basel introduction
Basel introductionBasel introduction
Basel introductionasfhaq
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Managementansula
 
ICAAP - INDIAN BANKS
ICAAP - INDIAN BANKSICAAP - INDIAN BANKS
ICAAP - INDIAN BANKSVeeresh Kumar
 
Bank risk management
Bank risk managementBank risk management
Bank risk managementAshima Thakur
 
Capital adequacy (final)
Capital adequacy (final)Capital adequacy (final)
Capital adequacy (final)Harsh Chadha
 
INTEREST RATE RISK MANAGEMENT IN BANKS
INTEREST RATE RISK MANAGEMENT IN BANKSINTEREST RATE RISK MANAGEMENT IN BANKS
INTEREST RATE RISK MANAGEMENT IN BANKSIBS Business School
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
01.2 credit risk factors and measures
01.2 credit risk factors and measures01.2 credit risk factors and measures
01.2 credit risk factors and measurescrmbasel
 
Financial and operating risk
Financial and operating riskFinancial and operating risk
Financial and operating riskZeeshan Azhar
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementPYA, P.C.
 
Managing Reputational Risk
Managing Reputational RiskManaging Reputational Risk
Managing Reputational RiskEneni Oduwole
 
Chapter 14 - Funding liquidity risk management [Compatibility Mode]
Chapter 14 - Funding liquidity risk management [Compatibility Mode]Chapter 14 - Funding liquidity risk management [Compatibility Mode]
Chapter 14 - Funding liquidity risk management [Compatibility Mode]Quan Risk
 
Financial Risk Management Strategies
Financial Risk Management StrategiesFinancial Risk Management Strategies
Financial Risk Management StrategiesAdvantique Group Pte Ltd
 
Risk appetite
Risk appetite Risk appetite
Risk appetite Michel Rochette
 
The types of risks in banks
The types of risks in banksThe types of risks in banks
The types of risks in banksKarim Farag
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Managementarsqureshi
 
Arens12e 09
Arens12e 09Arens12e 09
Arens12e 09John Sy
 
Risk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesRisk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesCTRM Center
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 

More Related Content

What's hot

Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Risk Management in Banking Sectors.
Risk Management in Banking Sectors.Risk Management in Banking Sectors.
Risk Management in Banking Sectors.Rupesh neupane
 
Basel introduction
Basel introductionBasel introduction
Basel introductionasfhaq
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Managementansula
 
ICAAP - INDIAN BANKS
ICAAP - INDIAN BANKSICAAP - INDIAN BANKS
ICAAP - INDIAN BANKSVeeresh Kumar
 
Bank risk management
Bank risk managementBank risk management
Bank risk managementAshima Thakur
 
Capital adequacy (final)
Capital adequacy (final)Capital adequacy (final)
Capital adequacy (final)Harsh Chadha
 
INTEREST RATE RISK MANAGEMENT IN BANKS
INTEREST RATE RISK MANAGEMENT IN BANKSINTEREST RATE RISK MANAGEMENT IN BANKS
INTEREST RATE RISK MANAGEMENT IN BANKSIBS Business School
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
01.2 credit risk factors and measures
01.2 credit risk factors and measures01.2 credit risk factors and measures
01.2 credit risk factors and measurescrmbasel
 
Financial and operating risk
Financial and operating riskFinancial and operating risk
Financial and operating riskZeeshan Azhar
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementPYA, P.C.
 
Managing Reputational Risk
Managing Reputational RiskManaging Reputational Risk
Managing Reputational RiskEneni Oduwole
 
Chapter 14 - Funding liquidity risk management [Compatibility Mode]
Chapter 14 - Funding liquidity risk management [Compatibility Mode]Chapter 14 - Funding liquidity risk management [Compatibility Mode]
Chapter 14 - Funding liquidity risk management [Compatibility Mode]Quan Risk
 
The types of risks in banks
The types of risks in banksThe types of risks in banks
The types of risks in banksKarim Farag
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Managementarsqureshi
 
Arens12e 09
Arens12e 09Arens12e 09
Arens12e 09John Sy
 

What's hot (20)

Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
 
Risk Management in Banking Sectors.
Risk Management in Banking Sectors.Risk Management in Banking Sectors.
Risk Management in Banking Sectors.
 
Market Risk
Market RiskMarket Risk
Market Risk
 
Basel introduction
Basel introductionBasel introduction
Basel introduction
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Management
 
ICAAP - INDIAN BANKS
ICAAP - INDIAN BANKSICAAP - INDIAN BANKS
ICAAP - INDIAN BANKS
 
Bank risk management
Bank risk managementBank risk management
Bank risk management
 
Capital adequacy (final)
Capital adequacy (final)Capital adequacy (final)
Capital adequacy (final)
 
INTEREST RATE RISK MANAGEMENT IN BANKS
INTEREST RATE RISK MANAGEMENT IN BANKSINTEREST RATE RISK MANAGEMENT IN BANKS
INTEREST RATE RISK MANAGEMENT IN BANKS
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
01.2 credit risk factors and measures
01.2 credit risk factors and measures01.2 credit risk factors and measures
01.2 credit risk factors and measures
 
Financial and operating risk
Financial and operating riskFinancial and operating risk
Financial and operating risk
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Managing Reputational Risk
Managing Reputational RiskManaging Reputational Risk
Managing Reputational Risk
 
Chapter 14 - Funding liquidity risk management [Compatibility Mode]
Chapter 14 - Funding liquidity risk management [Compatibility Mode]Chapter 14 - Funding liquidity risk management [Compatibility Mode]
Chapter 14 - Funding liquidity risk management [Compatibility Mode]
 
Financial Risk Management Strategies
Financial Risk Management StrategiesFinancial Risk Management Strategies
Financial Risk Management Strategies
 
Risk appetite
Risk appetite Risk appetite
Risk appetite
 
The types of risks in banks
The types of risks in banksThe types of risks in banks
The types of risks in banks
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
Arens12e 09
Arens12e 09Arens12e 09
Arens12e 09
 

Similar to Case study in Enterprise Risk Management

Risk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesRisk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesCTRM Center
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAnu Damodaran
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
BBA 4226, Risk Management 1 Course Learning Outcomes
BBA 4226, Risk Management 1 Course Learning Outcomes BBA 4226, Risk Management 1 Course Learning Outcomes
BBA 4226, Risk Management 1 Course Learning Outcomes MargaritoWhitt221
 
HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004Theim912
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementTurlough Guerin GAICD FGIA
 
Risk managmet chapter2
Risk managmet chapter2Risk managmet chapter2
Risk managmet chapter2HabtaBela
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 
Risk Management Methodologies in Construction Industries
Risk Management Methodologies in Construction IndustriesRisk Management Methodologies in Construction Industries
Risk Management Methodologies in Construction IndustriesIRJET Journal
 
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxPRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxGraciaSuratos
 
Ace emerging-risks-barometer-2013
Ace emerging-risks-barometer-2013Ace emerging-risks-barometer-2013
Ace emerging-risks-barometer-2013Factor-X
 
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docxCHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docxketurahhazelhurst
 
ERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptxERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptxManiPSamRCBS
 
Risk Assessment for Building Construction Sites in Myanmar
Risk Assessment for Building Construction Sites in MyanmarRisk Assessment for Building Construction Sites in Myanmar
Risk Assessment for Building Construction Sites in Myanmarijtsrd
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)ishan parikh production
 

Similar to Case study in Enterprise Risk Management (20)

Risk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesRisk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In Commodities
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Risk management
Risk managementRisk management
Risk management
 
BBA 4226, Risk Management 1 Course Learning Outcomes
BBA 4226, Risk Management 1 Course Learning Outcomes BBA 4226, Risk Management 1 Course Learning Outcomes
BBA 4226, Risk Management 1 Course Learning Outcomes
 
HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004
 
Risk Management Essay
Risk Management EssayRisk Management Essay
Risk Management Essay
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk Management
 
Risk managmet chapter2
Risk managmet chapter2Risk managmet chapter2
Risk managmet chapter2
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
 
Risk Management Methodologies in Construction Industries
Risk Management Methodologies in Construction IndustriesRisk Management Methodologies in Construction Industries
Risk Management Methodologies in Construction Industries
 
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptxPRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx
 
RISK MANAGEMENT Essays
RISK MANAGEMENT EssaysRISK MANAGEMENT Essays
RISK MANAGEMENT Essays
 
Risk Management in Business
Risk Management in BusinessRisk Management in Business
Risk Management in Business
 
Ace emerging-risks-barometer-2013
Ace emerging-risks-barometer-2013Ace emerging-risks-barometer-2013
Ace emerging-risks-barometer-2013
 
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docxCHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
 
ERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptxERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptx
 
Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and Eskins
 
Risk Assessment for Building Construction Sites in Myanmar
Risk Assessment for Building Construction Sites in MyanmarRisk Assessment for Building Construction Sites in Myanmar
Risk Assessment for Building Construction Sites in Myanmar
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)
 

Recently uploaded

Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...Suhani Kapoor
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...lizamodels9
 

Recently uploaded (20)

Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 

Case study in Enterprise Risk Management

  • 1. © Copyright e-risk.asia 2017 1 ADDITIONAL CASE STUDY 1 – SETTING RELATIVE PRIORITIES IN A CORPORATE RISK MANAGEMENT PROGRAM 1. Introduction and purpose Risk management is often based on qualitative judgments and qualitative ratings. For example, an evaluation of the likelihood of occurrence of a risk and its consequence may be made by reference to a rating scale. Both COSO and ISO 31000 and similar codes and guides for ERM suggest ratings for qualitative evaluation of likelihood, consequence and resultant risk. There are many factors and some difficulties involved in arriving at sound qualitative ratings of risk: for example, the consistency of an individual’s ratings; their degree of expertise in making a risk judgement; the complexity of a judgement, especially one involving multiple risk criteria; the interpretation, scaling and use of ratings; shift of datum, etc. In general, people tend to overestimate the likelihood and severity of rare external events that they cannot control, like natural disasters. They tend to underestimate the risk of “internal” events (like drinking and smoking) that they can control. They would tend to view the same risk differently if it was described say as a 20% chance of loss compared with it being described as an 80% chance of gain. The purpose of this case study is to show how a specific technique for obtaining reliable qualitative ratings was applied to the assessment of risk in a commercial environment. The method was used to identify the various perceptions of risk in the organization, to set risk management priorities in accordance with those perceptions and to direct resources to those risks perceived as the most significant to the organisation. 2. Setting and context Case 1 is a large national clothing and sports good manufacturing company. It has manufacturing, warehousing, sales, distribution and administrative operations over many sites. Its brands are high profile. The company has comprehensive insurances but has yet to develop and implement a risk management strategy. The company retains high levels of self-insurance. Its Board is concerned to develop an enterprise-wide risk management strategy that focuses on control of the company’s major exposures to its business operations. Under its Finance Director, the company has prepared a budget for implementation of a risk management plan. The Finance Director and the Board wish to get a picture of what the key exposures to business operations are and the relative priorities. Using this picture, they intend to allocate the risk management budget and resources accordingly. In their view, they wish to ensure that the company’s resources in this regard are directed effectively to the risk areas of greatest importance and not wasted on areas of lesser significance to the company. 3. Risk identification 3.1. Approach The company contracted an independent risk management firm to undertake initial risk identification and risk evaluation. For its initial identification of risks to business operations, the risk management firm firstly conducted a series of discussion (or “brainstorming”) workshops with different groups of
  • 2. © Copyright e-risk.asia 2017 2 company personnel. Groups variously comprised the company’s Directors, its Executives and General Managers, line managers, operational supervisors, engineering and line representatives. In addition, the company’s auditors and insurance broker were included. Workshops concentrated on identifying the exposures to business operations and the key criteria of significance to the business. Secondly, the company’s sites were inspected by a team made up of persons from the risk management firm, the company’s insurance broker and auditor. The site manager was also involved in each inspection. A qualitative risk profile of each site, including risks pertaining to its linkages to the overall business, was prepared from each inspection. 3.2. Findings In summary, the risk identification workshops produced the findings tabulated below. The major threats to business operations were perceived as: Table I. THREATS Ref. Description 1 IT systems (main computer) failure 2 Fire 3 Theft, collusion, fraud 4 Inadequate insurance cover 5 Transport loss 6 Industrial stoppage 7 Product faults 8 Breach of building security 9 Loss of key utilities (power, telecommunications, water) 10 Breach of major contracts 11 Breach of IT system information security (including PCs and laptops) Any one of the threats listed above could produce many consequences and knock-on impacts to the business if it was to arise. In other words, there are many criteria against which risks to the business can be identified and assessed in importance. In this sense, the significant risk exposures to the business were perceived as those tabulated below. Table II. RISK EXPOSURES TO BUSINESS (RISK CRITERIA) Ref. Description Relative weighting (%) i. Loss of assets 35 ii. Business interruption 22 iii. Financial impact 17 iv. Legal liabilities 7 v. Detriment to market image, reputation 7 vi. Market opportunity loss 12
  • 3. © Copyright e-risk.asia 2017 3 The risks to business operations were thus seen as multi-dimensional, being a matrix or combination of threats that could feasibly arise and the resultant exposures of the business if they did. Table III below illustrates such a risk matrix. In contrast to a risk rating based on an assessment of the likelihood and consequence of individual risks, this approach to risk assessment and rating of risks focuses on the threats and exposures (or vulnerabilities) to the business. Table III. MATRIX OF THREATS AND EXPOSURES THREAT EXPOSURES (RISK CRITERIA) i.assets ii.interrup. iii.financl. iv.legal v.reputatn. vi.market 1.IT fail 2.Fire 3.Theft 4.Insur’ce gap 5.Transport 6.Industrial 7.Prod fault 8.Security 9.Utilities 10.Contracts 11.Info loss The question is how to rate the risks – that is, how to rate the relative importance of the threats given that there are a number of criteria against which they can be judged as a risk. This rating task is made more complex if weightings are introduced for each of the criteria in respect to each individual threat. This is usually done, and it was in this case. For example, the criterion of Business Interruption got a high weighting for the threat of Transport Loss; the criterion of Assets Loss a very low weighting for this threat. Note that the weightings shown in Table 2 are the overall weightings for all threats – their derivation is discussed below. 4. Risk rating and relative risk priorities 4.1. Method used for risk rating There are many ways to develop valid and reliable ratings from qualitative estimates of risk: for example, rankings and ordinal ratings, continuous linear scales, paired comparisons. Paired comparison techniques have been used to arrive at numerical risk ratings (see Teniswood et al, 1993 for example1 ). People make better relative judgments, such as with paired comparisons, than direct estimates. Paired comparisons enable a check on the consistency of judgments – this means for example, if an individual judges that risk A > risk B and risk B > risk C, then it should follow for consistency that risk A > risk C. In addition, paired comparisons can produce a numerical scale of results. The disadvantage of the technique is that it can be time consuming. In this case study, a method for rating risk using paired comparisons was adopted. First, paired comparisons of the six criteria shown in Table II above were made by all groups and their results consolidated to produce the relative weightings shown in the table. The paired 1 Teniswood CF, Sharp T and Clark DGN Case studies in probabilistic risk assessment in Melchers RE and Stewart MG (Eds.) Probabilistic Risk and Hazard Assessment, Balkema Publ., Rotterdam, 1993, pp. 111-119.
  • 4. © Copyright e-risk.asia 2017 4 comparisons were obtained using worksheets presenting 15 random pairs of each of the six criteria. The results of all comparisons were analyzed using software for the purpose. Secondly, worksheets giving randomized paired comparisons of the eleven threats shown in Table I for each of the six risk criteria were presented to all individuals who had made up the risk assessment groups. A typical worksheet is shown in Figure 1 below. Figure 1. Example of a typical paired comparisons worksheet in this case All pairs were scored in the range 0 – 3 against the stated criterion. Each risk criterion was weighted as can be seen. The relative expertise of each individual was also weighted in respect to the applicable risk criterion – for example, the Marketing Manager was given a greater weighting regarding their assessment of risk of Market Opportunity Loss than the assessment of the Maintenance Engineer say; and vice versa in respect of risk of Business Interruption. Everyone indicated their judgment of the relative risk against each given pair on the worksheet, as figure 1 illustrates. From the results of all worksheets, and taking all six risk criteria into account in the risk ratings, a risk rating between zero and one on a linear scale was produced for each of the eleven threats. High rating given here for fidelity risk compared with transport wrt asset loss Equal rating given here to contracts and transport wrt asset loss
  • 5. © Copyright e-risk.asia 2017 5 4.2. Findings The relative risk ratings made by three of the groups of all eleven threats are shown on the linear scales below. The scales go linearly from 0 at bottom to 1 at top. It can be readily seen that there are different perceptions of the relative importance of the threats to the business. That is, different groups arrived at quite different ratings of the risks. This is an interesting finding, though not surprising. Different people had different perceptions of the risks to the company. Who is “right”? And what are the “real” risk ratings? The overall risk ratings produced from consolidation of the results for all individuals is shown below. The bracketed numbers are scale values. This was used to direct the company’s resources to the risks seen (by all) as being of greatest significance. The resource allocation was based on the relative rating (scale value) of the risks. Directors General Managers Fire Contract breach IT security Industrial stoppage IT security IT security Loss utilities Building security Transport loss Product faults Inadequate insurance Fraud IT system failure IT system failure IT system failure Fire Fire Fraud Fraud Contract breach Contract breach Inadequate insurance Inadequate insurance Loss utilities Loss utilities Industrial stoppage Industrial stoppage Building security Building securityTransport loss Transport loss Line & Functional Managers Product faults Product faults Increasing risk
  • 6. © Copyright e-risk.asia 2017 6 5. ERM Guidelines This case study suggests the following guidelines for qualitative assessments of risk and risk management:  Different people have different perceptions and understandings of what risk is.  Different circumstances and different questioning produce different assessments of risk.  Though ranks and direct ratings are easy to use, people are not particularly good at making direct (or absolute) estimates of risk.  Numerical scores to indicate rank and direct ratings provide ordinal data only and should not be treated and used in calculations as real numbers without care.  A “paired comparisons” method can be used for risk rating and its scale values show not only the relative rating of each risk, but by how much. Results can also be checked for consistency and reliability. The disadvantage of the technique is that it is time-consuming and generally requires software to help.  Thus, the risk manager requires an understanding of the strengths and limitations of qualitative data, qualitative techniques and the interpretation of qualitative results. Fire IT fail IT security Contracts Fraud Other Fire (1.0) IT system failure (0.85) IT security (0.45) Contract breach (0.2) Fraud (0.15) All other threats (0.1) Allocation of resources based on the risk ratings shown at left