SlideShare a Scribd company logo

Risk Management based on Best Practices and Standards

D
Dr. Fahim K Sufi

This presentation covers Risk Management Principles, Framework and Processes (e.g. Risk Context, Identifying Risk, Analysing Risks, Evaluating Risks, Treating Risks along with Communication / Consultation, Monitoring / Review)

Leadership & Management
1 of 18
Dr. Fahim K Sufi, PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, TOGAF 9 (Certified), PRINCE2 (Registered Practitioner) Sr Consultant ICT Affairs Defence, Military, Cyber War +971551924479 (UAE)| 0423237915 (AU) | +447839111901 (UK) contact@fahimsufi.com January, 2017
Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9 Definition & Background  According to ISO Guide 73 Risk Management Vocabulary 2009 (page 3), Risk Management is a holistic management process of systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk.  The alternative to risk management is risky management (AS/NZS 4360:2004 Companion P 7)  Risks are defined by the likelihood of an event occurring and direct the organisation’s operation in relation to risk.  Increasingly Government & Private Enterprises are asked to document and demonstrate their risk management policy and processes.  Risk Management involves management on  What could go wrong (i.e. Risks)  What impact would these have  What can be done to mitigate the risk  Who owns the mitigation plan  … Risks Issues A possible event that may or may not occur An event that has actually occurred Based on conjecture & anticipation Based on responsiveness & realization Includes presentation & mitigation steps Includes action & resolution steps
Benefits of Risk Management  Fewer surprises  Exploitation of opportunities  Improved planning, performance and effectiveness  Economy and efficiency  Improved stakeholders relationships  Improved information for decision making  Enhanced reputation  Director protection  Accountability, assurance and governance  Personal wellbeing Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Risk Management – a one page summary Source: AS/NZS ISO 31000:2009 Risk Management – Principles and guidelines Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Risk management principles  It creates and protects value  Is an integral part of all organisational processes  It is part of decision making  It explicitly addresses uncertainty  It is systematic, structured and timely  It is based on the best available information  It is tailored  It takes human and cultural factors into account  It is transparent and inclusive  It is dynamic, iterative and responsive to change  It facilitates continual improvement of the organisation Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Risk Management Process Establishing the context • Internal context • External context • Risk management context • Development of criteria Communication&Consultation Monitoring&Review Risk Treatment • Identifying options • Assessment of options • Preparation & implementation of treatment plans • Analysis & evaluation of residual risks Risk Assessment Risk Identification • What can happen? When & Where? How & Why? Risk Evaluation • Compare against criteria, Set priorities, Make decisions for treatment Risk Analysis • Causes & Sources of risk, Positive & negative consequences, Likelihood of consequences occurring, Existing controls & their effectiveness Revised from AS/NZS ISO 31000:2009 Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Communication & Consultation Task Focused (controls) People Focused (emotes) Introverted (measured pace & tends to ask) Extroverted (rapid page & tends to tell) Analysts: thorough, focused on high quality, deliberate Lets do it right first time Driver: focus on results & business, direct, clear, concise Get the job done Expressive: enthusiastic, feeds off energy of others Show me the next big idea Amiable: values people & team, support over the long-term Lets talk about the impact on our people Communication & Consultation Preferences LevelofInfluence Level of Interest Involve & Consult Collaborate & Empower ConsultInform Stakeholder identification Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Establishing the context External Factors Internal Factors Politics Poor processes and procedures Economics Inadequate or inappropriate human resources Socio-cultural factors Low quality service or produce offerings Technology Malevolent cultures Legal obligations Unsuitable management of leadership practice Ecology and environmental factors Inappropriate value sets Actions of established competitors Outmoded corporate paradigms Relationships between the organization and its clients and suppliers Lack of infrastructure and technology New and unknown competitors Poor communication Competitive substitute services or products … … This is all about defining the external and internal parameters to be taken into account when managing risk, and setting the scope and risk criteria for risk management policy. Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Risk Identification Every Enterprise should identify sources of risk, areas of impacts, events (including changes in circumstances) and their causes and their potential consequences. The aim of this step is to generate a exhaustive list of risks based on those events that might create, enhance, prevent, degrade, accelerate or delay the achievement of business objectives. 1. What is the source of each risk? 2. What might happen that could: 1. Increase or decrease the effective achievement of objectives 2. Make the achievement of the objectives more or less efficient (financial, people, time) 3. Cause stakeholders to take action that may influence the achievement of objectives 4. Produce additional benefit 3. What would the effect on objective be? 4. When, where, why, how are these risks (both positive and negative) likely to occur? 5. Who might be involved or impacted? 6. What controls presently exist to treat this risk (maximize positive risks or minimize negative risks)? 7. What could cause the control not to have the desired affect on the risk? The following points should also be considered during risk identification process:  Reliability of the information  Comprehensiveness of the list of risks  Requirement for additional research into specific risks  Adequate coverage of scope and objectives  Involvement of the right people Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Likelihood scale Description Likelihood of Occurrence Indicative Frequency Rare Event may only occur in exceptional & unlikely circumstances Once every thirty years Unlikely The event may occur at some time, but unlikely Once every ten years Moderate The event should occur at some time Once in three years Likely The event will probably occur in most circumstances Once in six months Almost certain The event is expected to occur in most circumstances Once a month or more frequently In risk management context, Likelihood is used to refer to the change of something happening, whether defined, measured, or determined objectively or subjectively, qualitatively or quantitatively, and described using general terms or mathematically (e.g. Probability or frequency over a given period of time) Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Risk Consequence Criteria Criteria Description Availability The availability of existing facilities must be maximized by reducing the disruption to current business operations as far as possible Community Relations The highest standards of community consultation and liaison must be maintained Economics The project must be clearly justifiable in economic terms, measured by profitability and rate of return Environment The solution to the technical issues must be environmentally sound; an alternative solution should be available Funding Avoid expenditure outside allocation budgets; maximize the use of special purpose grant funds Industrial relations Optimize industrial relations by negotiation with staff representatives and use of appropriate enterprise agreements Probity Good corporate governance and transparent decision making are regulatory requirements Quality The client requires equipment that is properly engineered and reliable Safety Project delivery processes must ensure the highest standards of safety; contracts conditions must contain appropriate clauses Staff development The project delivery method and outcomes should enhance the core skills of the organization and the abilities of the staff involved Timing The project must be completed by the specified time Consequence is outcome of an event affecting objectives. Consequence can be expressed qualitatively or quantitatively. Consequences can be certain or uncertain and can have positive or negative effects on objectives. Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Consequence Types Severity Level Business Interruption Environmental Damage Financial Human Reputation & Image Extreme Cessation of major business critical services for more than one week Serious long-term or widespread environmental harm Loss of above $1.5m Death Reputation of the organization affected nationally and internationally Severe Cessation of major business critical services for up to one week Significant environmental harm with long term recovery Loss above $750,000 to $1.5m Severe Injuries Embarrassment for the organization, including adverse media coverage Major Major service delivery targets no met for several weeks, business critical services not back in agreed time Moderate harm with mid- term recovery Loss above $100,000 to $750,000 Injury involving hospitalization and rehabilitation Customer & / community concern, heavy local media coverage Moderate Local service delivery problems for less than a month, business critical services lost for agreed minimum period Transient environmental harm Loss above $5,000 to $100,000 Injury requiring medical treatment and some lost time Issue raised by customers & / local press Minor Local issue resolved with negligible impact on service, business critical services lost for less than agreed minimum period Brief pollution with effective radiation Loss up to $5,000 Injury requiring first aid, but no loss of time Issue resolved prompt by day- today management process Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Measuring the Level of Risk: Heat Map Almost Certain Likely Moderate Unlikely Rare Extreme HIGH HIGH SIGNIFICANT SIGNIFICANT SIGNIFICANT Major HIGH SIGNIFICANT SIGNIFICANT SIGNIFICANT SIGNIFICANT Serious SIGNIFICANT SIGNIFICANT SIGNIFICANT MODERATE MODERATE Moderate SIGNIFICANT MODERATE MODERATE LOW LOW Minor MODERATE MODERATE LOW LOW LOW Likelihood label ConsequencesLabel Level of risk is the magnitude of a risk expressed in terms of combining Consequences and their likelihood Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Risk Treatment Risk treatment involves developing a range of options for mitigating the risk, assessing those options, and then preparing and implementing action plans. The highest rated risks should be addressed as a matter of urgency. Risk treatment options are not necessarily mutually exclusive or appropriate in all circumstances. The options can include the following: a) Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk b) Taking or increasing the risk in order to pursue an opportunity c) Removing the risk source d) Changing the likelihood e) Changing the consequences f) Sharing the risk with another party or parties (including contracts and risk financing) g) Retaining the risk by informed decision Image source: http://www.civildefence.govt.nz/resources/natural-hazard-risk-communication-toolbox/ Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Risk Treatment Options with examples Avoidance Choosing not to take on the risk by avoiding the actions that cause the risk My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Avoidance: Do not drive Reduction Taking mitigation actions that reduce the risk My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Driving in high speed comes with the risk of having accident. Reduction: Wear seat belts. Have traction control switched on… Transfer Transferring all or part of the risk to a third party. The two main types of transfer are insurance and outsourcing. My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Driving in high speed comes with the risk of having accident. Transfer: Take a taxi. Hire a car. Take a bus… Acceptance Risk acceptance, also termed as risk retention, is choosing to face a risk. In general, it is impossible to profit in business or enjoy an active life without choosing to take on risk. My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Driving in high speed comes with the risk of having accident. Acceptance: Drive in high speed, anyway… Sharing Risk sharing is the distribution of risk to multiple organizations or individuals. My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Driving in high speed comes with the risk of having accident. Sharing: Have car insurance… Image Source: Traffic Safety Strategies: http://www.vtpi.org/tdm/tdm86.htm Taking one or more Traffic Safety Strategies or risk treatment options reduces consequence of the risk. This left over risk is often referred as residual risk. Risk Treatment Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Risk Register Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Risk Management Summary Establishing Context Risk Identification Risk AnalysisRisk Evaluation Risk Treatment Monitoring & Review Communication & Consult Principles Frameworks Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
Thank You Please send your feedbacks and comments to Dr. Fahim K Sufi at contact@fahimsufi.com

Recommended

Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management Consultants
EMAC Consulting Group
 
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Marie-Michelle Strah, PhD
 
EA: Why, What & How
EA: Why, What & HowEA: Why, What & How
EA: Why, What & How
emergingpractices
 
Togaf project
Togaf projectTogaf project
Togaf project
Mohammed Omar
 
Enterprise Architecture Frameworks
Enterprise Architecture FrameworksEnterprise Architecture Frameworks
Enterprise Architecture Frameworks
Dr. Fahim K Sufi
 
EA 101
EA 101EA 101
EA 101
Stephen Lahanas
 
Whole-of-enterprise architecture
Whole-of-enterprise architectureWhole-of-enterprise architecture
Whole-of-enterprise architecture
Tetradian Consulting
 
Best strategy presentation De Beers e business programme
Best strategy presentation De Beers e business programmeBest strategy presentation De Beers e business programme
Best strategy presentation De Beers e business programme
James AH Campbell
 

Recommended

Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management Consultants
EMAC Consulting Group
 
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Marie-Michelle Strah, PhD
 
EA: Why, What & How
EA: Why, What & HowEA: Why, What & How
EA: Why, What & How
emergingpractices
 
Togaf project
Togaf projectTogaf project
Togaf project
Mohammed Omar
 
Enterprise Architecture Frameworks
Enterprise Architecture FrameworksEnterprise Architecture Frameworks
Enterprise Architecture Frameworks
Dr. Fahim K Sufi
 
EA 101
EA 101EA 101
EA 101
Stephen Lahanas
 
Whole-of-enterprise architecture
Whole-of-enterprise architectureWhole-of-enterprise architecture
Whole-of-enterprise architecture
Tetradian Consulting
 
Best strategy presentation De Beers e business programme
Best strategy presentation De Beers e business programmeBest strategy presentation De Beers e business programme
Best strategy presentation De Beers e business programme
James AH Campbell
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdf
AlejandromexEspino
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field Artillery
KennethSwanberg
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Hedda Bird
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
Nimot Muili
 
Strategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal AnalsysisStrategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal Analsysis
tanmayarora45
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
PLCLeadershipDevelop
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Pooja Nehwal
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
alinstan901
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Riyadh +966572737505 get cytotec
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
dollysharma2066
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptx
Ass.Prof. Dr. Mogeeb Mosleh
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Pooja Nehwal
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Intro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptxIntro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptx
Ass.Prof. Dr. Mogeeb Mosleh
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
harfimakarim
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 

More Related Content

Recently uploaded

Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
Nimot Muili
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
alinstan901
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Riyadh +966572737505 get cytotec
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
dollysharma2066
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 

Recently uploaded (15)

International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdf
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field Artillery
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
 
Strategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal AnalsysisStrategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal Analsysis
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptx
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
 
Intro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptxIntro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptx
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
 

Featured

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Risk Management based on Best Practices and Standards

  • 1. Dr. Fahim K Sufi, PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, TOGAF 9 (Certified), PRINCE2 (Registered Practitioner) Sr Consultant ICT Affairs Defence, Military, Cyber War +971551924479 (UAE)| 0423237915 (AU) | +447839111901 (UK) contact@fahimsufi.com January, 2017
  • 2. Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9 Definition & Background  According to ISO Guide 73 Risk Management Vocabulary 2009 (page 3), Risk Management is a holistic management process of systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk.  The alternative to risk management is risky management (AS/NZS 4360:2004 Companion P 7)  Risks are defined by the likelihood of an event occurring and direct the organisation’s operation in relation to risk.  Increasingly Government & Private Enterprises are asked to document and demonstrate their risk management policy and processes.  Risk Management involves management on  What could go wrong (i.e. Risks)  What impact would these have  What can be done to mitigate the risk  Who owns the mitigation plan  … Risks Issues A possible event that may or may not occur An event that has actually occurred Based on conjecture & anticipation Based on responsiveness & realization Includes presentation & mitigation steps Includes action & resolution steps
  • 3. Benefits of Risk Management  Fewer surprises  Exploitation of opportunities  Improved planning, performance and effectiveness  Economy and efficiency  Improved stakeholders relationships  Improved information for decision making  Enhanced reputation  Director protection  Accountability, assurance and governance  Personal wellbeing Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 4. Risk Management – a one page summary Source: AS/NZS ISO 31000:2009 Risk Management – Principles and guidelines Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 5. Risk management principles  It creates and protects value  Is an integral part of all organisational processes  It is part of decision making  It explicitly addresses uncertainty  It is systematic, structured and timely  It is based on the best available information  It is tailored  It takes human and cultural factors into account  It is transparent and inclusive  It is dynamic, iterative and responsive to change  It facilitates continual improvement of the organisation Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 6. Risk Management Process Establishing the context • Internal context • External context • Risk management context • Development of criteria Communication&Consultation Monitoring&Review Risk Treatment • Identifying options • Assessment of options • Preparation & implementation of treatment plans • Analysis & evaluation of residual risks Risk Assessment Risk Identification • What can happen? When & Where? How & Why? Risk Evaluation • Compare against criteria, Set priorities, Make decisions for treatment Risk Analysis • Causes & Sources of risk, Positive & negative consequences, Likelihood of consequences occurring, Existing controls & their effectiveness Revised from AS/NZS ISO 31000:2009 Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 7. Communication & Consultation Task Focused (controls) People Focused (emotes) Introverted (measured pace & tends to ask) Extroverted (rapid page & tends to tell) Analysts: thorough, focused on high quality, deliberate Lets do it right first time Driver: focus on results & business, direct, clear, concise Get the job done Expressive: enthusiastic, feeds off energy of others Show me the next big idea Amiable: values people & team, support over the long-term Lets talk about the impact on our people Communication & Consultation Preferences LevelofInfluence Level of Interest Involve & Consult Collaborate & Empower ConsultInform Stakeholder identification Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 8. Establishing the context External Factors Internal Factors Politics Poor processes and procedures Economics Inadequate or inappropriate human resources Socio-cultural factors Low quality service or produce offerings Technology Malevolent cultures Legal obligations Unsuitable management of leadership practice Ecology and environmental factors Inappropriate value sets Actions of established competitors Outmoded corporate paradigms Relationships between the organization and its clients and suppliers Lack of infrastructure and technology New and unknown competitors Poor communication Competitive substitute services or products … … This is all about defining the external and internal parameters to be taken into account when managing risk, and setting the scope and risk criteria for risk management policy. Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 9. Risk Identification Every Enterprise should identify sources of risk, areas of impacts, events (including changes in circumstances) and their causes and their potential consequences. The aim of this step is to generate a exhaustive list of risks based on those events that might create, enhance, prevent, degrade, accelerate or delay the achievement of business objectives. 1. What is the source of each risk? 2. What might happen that could: 1. Increase or decrease the effective achievement of objectives 2. Make the achievement of the objectives more or less efficient (financial, people, time) 3. Cause stakeholders to take action that may influence the achievement of objectives 4. Produce additional benefit 3. What would the effect on objective be? 4. When, where, why, how are these risks (both positive and negative) likely to occur? 5. Who might be involved or impacted? 6. What controls presently exist to treat this risk (maximize positive risks or minimize negative risks)? 7. What could cause the control not to have the desired affect on the risk? The following points should also be considered during risk identification process:  Reliability of the information  Comprehensiveness of the list of risks  Requirement for additional research into specific risks  Adequate coverage of scope and objectives  Involvement of the right people Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 10. Likelihood scale Description Likelihood of Occurrence Indicative Frequency Rare Event may only occur in exceptional & unlikely circumstances Once every thirty years Unlikely The event may occur at some time, but unlikely Once every ten years Moderate The event should occur at some time Once in three years Likely The event will probably occur in most circumstances Once in six months Almost certain The event is expected to occur in most circumstances Once a month or more frequently In risk management context, Likelihood is used to refer to the change of something happening, whether defined, measured, or determined objectively or subjectively, qualitatively or quantitatively, and described using general terms or mathematically (e.g. Probability or frequency over a given period of time) Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 11. Risk Consequence Criteria Criteria Description Availability The availability of existing facilities must be maximized by reducing the disruption to current business operations as far as possible Community Relations The highest standards of community consultation and liaison must be maintained Economics The project must be clearly justifiable in economic terms, measured by profitability and rate of return Environment The solution to the technical issues must be environmentally sound; an alternative solution should be available Funding Avoid expenditure outside allocation budgets; maximize the use of special purpose grant funds Industrial relations Optimize industrial relations by negotiation with staff representatives and use of appropriate enterprise agreements Probity Good corporate governance and transparent decision making are regulatory requirements Quality The client requires equipment that is properly engineered and reliable Safety Project delivery processes must ensure the highest standards of safety; contracts conditions must contain appropriate clauses Staff development The project delivery method and outcomes should enhance the core skills of the organization and the abilities of the staff involved Timing The project must be completed by the specified time Consequence is outcome of an event affecting objectives. Consequence can be expressed qualitatively or quantitatively. Consequences can be certain or uncertain and can have positive or negative effects on objectives. Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 12. Consequence Types Severity Level Business Interruption Environmental Damage Financial Human Reputation & Image Extreme Cessation of major business critical services for more than one week Serious long-term or widespread environmental harm Loss of above $1.5m Death Reputation of the organization affected nationally and internationally Severe Cessation of major business critical services for up to one week Significant environmental harm with long term recovery Loss above $750,000 to $1.5m Severe Injuries Embarrassment for the organization, including adverse media coverage Major Major service delivery targets no met for several weeks, business critical services not back in agreed time Moderate harm with mid- term recovery Loss above $100,000 to $750,000 Injury involving hospitalization and rehabilitation Customer & / community concern, heavy local media coverage Moderate Local service delivery problems for less than a month, business critical services lost for agreed minimum period Transient environmental harm Loss above $5,000 to $100,000 Injury requiring medical treatment and some lost time Issue raised by customers & / local press Minor Local issue resolved with negligible impact on service, business critical services lost for less than agreed minimum period Brief pollution with effective radiation Loss up to $5,000 Injury requiring first aid, but no loss of time Issue resolved prompt by day- today management process Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 13. Measuring the Level of Risk: Heat Map Almost Certain Likely Moderate Unlikely Rare Extreme HIGH HIGH SIGNIFICANT SIGNIFICANT SIGNIFICANT Major HIGH SIGNIFICANT SIGNIFICANT SIGNIFICANT SIGNIFICANT Serious SIGNIFICANT SIGNIFICANT SIGNIFICANT MODERATE MODERATE Moderate SIGNIFICANT MODERATE MODERATE LOW LOW Minor MODERATE MODERATE LOW LOW LOW Likelihood label ConsequencesLabel Level of risk is the magnitude of a risk expressed in terms of combining Consequences and their likelihood Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 14. Risk Treatment Risk treatment involves developing a range of options for mitigating the risk, assessing those options, and then preparing and implementing action plans. The highest rated risks should be addressed as a matter of urgency. Risk treatment options are not necessarily mutually exclusive or appropriate in all circumstances. The options can include the following: a) Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk b) Taking or increasing the risk in order to pursue an opportunity c) Removing the risk source d) Changing the likelihood e) Changing the consequences f) Sharing the risk with another party or parties (including contracts and risk financing) g) Retaining the risk by informed decision Image source: http://www.civildefence.govt.nz/resources/natural-hazard-risk-communication-toolbox/ Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 15. Risk Treatment Options with examples Avoidance Choosing not to take on the risk by avoiding the actions that cause the risk My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Avoidance: Do not drive Reduction Taking mitigation actions that reduce the risk My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Driving in high speed comes with the risk of having accident. Reduction: Wear seat belts. Have traction control switched on… Transfer Transferring all or part of the risk to a third party. The two main types of transfer are insurance and outsourcing. My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Driving in high speed comes with the risk of having accident. Transfer: Take a taxi. Hire a car. Take a bus… Acceptance Risk acceptance, also termed as risk retention, is choosing to face a risk. In general, it is impossible to profit in business or enjoy an active life without choosing to take on risk. My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Driving in high speed comes with the risk of having accident. Acceptance: Drive in high speed, anyway… Sharing Risk sharing is the distribution of risk to multiple organizations or individuals. My colleague is late for a meeting. I need to drop him to his office quickly. Driving in high speed comes with the risk of having accident. Driving in high speed comes with the risk of having accident. Sharing: Have car insurance… Image Source: Traffic Safety Strategies: http://www.vtpi.org/tdm/tdm86.htm Taking one or more Traffic Safety Strategies or risk treatment options reduces consequence of the risk. This left over risk is often referred as residual risk. Risk Treatment Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 16. Risk Register Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 17. Risk Management Summary Establishing Context Risk Identification Risk AnalysisRisk Evaluation Risk Treatment Monitoring & Review Communication & Consult Principles Frameworks Dr. Fahim K Sufi PhD (Comp Sc), M Eng (Comp Sys), Dip (Mgmt), Grad Cert (Res Com), B (Comp Sc), Cert IV (TAE), ITIL V3, PRINCE2, TOGAF 9
  • 18. Thank You Please send your feedbacks and comments to Dr. Fahim K Sufi at contact@fahimsufi.com