The document discusses principles of risk and risk management. It defines risk as the combination of the likelihood and impact of an uncertain event. Risk management aims to improve the future by anticipating and managing risks. The document outlines key concepts like types of risk, risk standards, and enterprise risk management (ERM). ERM takes a top-down approach to identify, assess, and mitigate risks across an organization. Implementing ERM involves defining risk strategies, assigning responsibilities, and continually monitoring and adapting to changes.
2. LEARNING OBJECTIVES:
1. Discuss the concepts and definitions of
risk and risk management
2. Describe the general and alternative
risk management standards
3. Explain enterprise risk management
(ERM)
4. Analyze risk management situations
and give insights on whether they were
properly managed or not
3. According to Andrew Jaquith, “The
purpose of risk management is to
improve the future, not to explain the
past.” And that “The key to risk
management is never putting yourself
in a position where you cannot live to
fight another day”, according to
Richard S. Fuld, Jr.
5. A. Concepts and definitions of risk
and risk management
1. Risk defined
2. Impact of risk on organizations
3. Introduction to types of risk
4. Definitions and development of
risk management
5. Principles and aims of risk
management.
6. 1. Risk defined
A risk is a danger, or
the possibility of danger, defeat,
or loss. It could also be someone or
something that
could cause a problem or loss..
7. Risk defined
According to Information Security Risk
Management, "Risk is the combination of
the risk of exposure and the impact =
combination of likelihood of the threat
being able to expose an element(s) of
the system and impact".
8. Risk defined
Another definition by Managing Successful
Programmes is that “Risk is an uncertain event
or set of events which, should it occur, will have
an effect on the achievement of objectives; a
risk is measured by a combination of the
probability of a perceived threat or opportunity
occurring and the magnitude of its impact on
objectives.”
9. The important thing to
remember is that risks are part of
daily lives, but these can be
managed and may be avoided
through preemptive actions.
10. 2. Impact of risk on organizations
Risk impact is an estimate of the
potential losses associated with identified
risk. It is a standard risk analysis to
develop and estimate probability or
impact. The following are common types
of impact.
11. HIGH or SIGNIFICANT level risks require
escalation and thorough risk analysis. Extra risk
control mechanisms need to be put in place,
and risk treatment measures clearly identified,
budgeted, and implemented; frequent
monitoring; and necessary precautions to
ensure staff and personnel safety and security
are not compromised and opportunities are not
missed.
12. Both SUBSTANTIAL and MODERATE level
risks require risk analysis scaled to the scope
and nature of the risks with risk treatment and
monitoring measures in place and budgeted.
SUBSTANTIAL risks require more detailed risk
analysis and risk management plans.
LOW level risks do not require further analysis
or treatment.
13.
14. 3. Introduction to types of risk
The following are also types of risks that can be
applicable in the school organizations and
businesses.
Political/Regulatory Risk – The impact of
political decisions and changes in regulation
Financial Risk – The capital structure of a
company (degree of financial leverage or
debt burden)
Interest Rate Risk – The impact of changing
interest rates
15. 3. Introduction to types of risk
Country Risk – Uncertainties that are specific to
a country
Social Risk – The impact of changes in social
norms, movements, and unrest
Environmental Risk – Uncertainty about
environmental liabilities or the impact of changes
in the environment
Operational Risk – Uncertainty about a
company’s operations, including its supply chain
and the delivery of its products or services
16. 3. Introduction to types of risk
Management Risk – The impact that the decisions of
a management team have on a company
Legal Risk – Uncertainty related to lawsuits or the
freedom to operate
Competition – The degree of competition in an
industry and the impact choices of competitors will
have on a company
17. A. Concepts and definitions of risk
and risk management
3. Introduction to types of risk
Management Risk – The impact that the decisions of
a management team have on a company
Legal Risk – Uncertainty related to lawsuits or the
freedom to operate
Competition – The degree of competition in an
industry and the impact choices of competitors will
have on a company
19. 4. Definitions and development of risk
management
Risk management is the process of identifying,
assessing, and controlling financial, legal,
strategic and security risks to an organization’s
capital and earnings. These threats, or risks,
could stem from a wide variety of sources,
including financial uncertainty, legal liabilities,
strategic management errors, accidents, and
natural disasters.
20. 4. Definitions and development of risk
management
Another definition of risk management is that it is the
process of minimizing or mitigating the risk. It starts with
the identification and evaluation of risk followed by
optimal use of resources to monitor and minimize the
same. Risk management is the process of
anticipating unwelcome events and mitigating their
effects as much as possible. It includes anticipating and
assessing risks, planning around them, monitoring them,
and responding to them when appropriate.
21. 4. Definitions and development of risk
management
To reduce risk, an organization needs to apply
resources to minimize, monitor and control the
impact of negative events while maximizing
positive events. A consistent, systemic, and
integrated approach to risk management can
help determine how best to identify, manage.
and mitigate significant risks.
22. 5. Principles of risk management.
The various principles are:
1. Organizational Context: Every organization
is affected to varying degrees by various
factors in its environment (Political, Social,
Legal, and Technological, Societal etc.)
23. 5. Principles of risk management.
2. Involvement of Stakeholders
24. 5. Principles of risk management.
3. Organizational Objectives: When
dealing with a risk it is important to keep
the organizational objectives in mind.
25. 5. Principles of risk management.
4. Reporting: In risk
management communication is
the key
26. 5. Principles of risk management.
5. Roles and Responsibilities: Risk
Management has to be transparent and
inclusive. It should take into account the
human factors and ensure that each one
knows it roles at each stage of the risk
management process.
27. 5. Principles of risk management.
6. Support Structure: Support structure
underlines the importance of the risk
management team. The team members have to
be dynamic, diligent and responsive to change.
Each and every member should understand his
intervention at each stage of the project
management lifecycle.
28. 5. Principles of risk management.
7. Early Warning Indicators: Keep track
of early signs of a risk translating into an
active problem.
29. 5. Principles of risk management.
8. Review Cycle: Keep evaluating inputs
at each step of the risk management
process
30. 5. Principles of risk management.
9. Supportive Culture: Brainstorm and
enable a culture of questioning,
discussing. This will motivate people to
participate more.
31. 5. Principles of risk management.
10. Continual Improvement: Be capable of
improving and enhancing your risk management
strategies and tactics. Use your learning’s to
access the way you look at and manage
ongoing risk.
32. 5. Aims of Risk management
1. Ensure the optimal, balanced, and
sustainable performance of the company
2. Develop a comprehensive, systematic,
integrated, and flexible approach. Thus
identifying, assessing, analyzing, and
managing risks
3. Develop better risk management
practices
33. 5. Aims of Risk management
4. Address all types of business
risks
5. Take responsible risks
6. Make informed decisions
7. Better manage change
34. THINK-PAIR-SHARE
With a colleague/classmate, identify
possible risks in school. How does the
school manage these risks? Brainstorm how
risk management benefits the school and
the administration. Give concrete examples
of how risk management helps in certain
situations.
35. RISKS IN SCHOOLS
In schools, possible risks include injury of a
student, a lawsuit filed by an angry parent, or
damage to the school's reputation. Unsafe
parts of the school, especially during the
pandemic, and others.
36. RISK MANAGEMENT IN SCHOOL
Risk management is important because it
keeps your students, faculty, and finances
safe from any harm, while also protecting
your financial assets and lowering your legal
liability. Not only will developing a risk
management plan for your school reduce
the chances of risks, but it will also mitigate
the effects of those risks if they should
occur.
37. RISK MANAGEMENT IN SCHOOL
Risk management comes with these benefits for
school administrators:
Protect people from harm.
Limit the possibility of a lawsuit.
Safeguard your public reputation.
Reduce potential losses in revenue.
Make your students, teachers, and parents
feel safe.
38. B. Risk management standards
1. General risk management
standards
2. Alternative risk management
approaches.
39. General risk management standards
ISO (International Organization for Standardization) is a
worldwide federation of national standards bodies.
ISO is a nongovernmental organization that comprises
standards bodies from more than 160 countries, with one
standards body representing each member country. For
example, the American National Standards
Institute represents the United States.
40. General risk management standards
ISO members are national standards
organizations that collaborate in the
development and promotion of international
standards for technology, scientific
testing processes, working conditions, societal
issues and more. ISO and its members then sell
documents detailing these standards
41. General risk management standards
The ISO 31000-2018 standard, Risk Management--
Guidelines, lists the following eight principles for any
solid risk management program.
Integration - An organization should integrate its risk
management efforts into all parts and activities of
the organization.
42. General risk management standards
Integration - An organization should
integrate its risk management efforts
into all parts and activities of the
organization.
43. General risk management standards
Structured and comprehensive - Creating
and following a comprehensive,
structured risk management approach
leads to the most consistent, desirable
risk management outcomes.
44. General risk management standards
Customized - To be most effective, risk
management should involve all stakeholders
in appropriate and timely ways. This allows
the different knowledge sets, views, and
perceptions of all stakeholders to be
considered and implemented into risk
management efforts.
45. General risk management standards
Inclusive
Dynamic - As the organization changes, including its
external and internal context, the organization's risk
management program and efforts should change, too.
Change is inevitable and successful organizations
know how to work with change. A risk management
program should help the organization anticipate,
identify, acknowledge, and respond to changes in an
appropriate and timely way.
46. General risk management standards
Uses best available information - Effective risk
management is done by considering information from
the past and present as well as anticipating the future.
Therefore, (1) the information from the past and
present must be as reliable as possible, and (2) risk
managers must consider the limitations and
uncertainties with that past and present information. All
relevant stakeholders should receive necessary
information in a timely and clear manner.
47. General risk management standards
Considers human and culture factors - Risk
management is a human activity, and it takes place
within one or more culture (organizational culture,
etc.). Risk managers must be aware of the human and
culture factors that the risk management effort takes
place in and know the influence that human and
culture factors will place on the risk management
effort.
48. General risk management standards
Practices continual improvement -
Through experience and learning, risk
managers must strive to continually
improve an organization's risk
management efforts.
50. Alternative risk management
approaches
Under Risk Alternatives’ approach, risk
management is a seven-step process:
IDENTIFY threats and opportunities faced by
the organization.
AVOID engaging in current projects and
activities that would trigger unacceptable
risks.
51. Alternative risk management
approaches
DEVELOP (or EXPLOIT) new initiatives that the
organization thinks may be of strategic value.
REDUCE the likelihood of adverse events posed by
the organization’s ongoing activities by
adopting/changing systems and controls, education
and training, or other mitigation steps.
52. Alternative risk management
approaches
SHIFT (through partnering, changing contract
terms, or purchasing insurance) risks that
cannot be directly mitigated.
ACCEPT the remaining risks, having taken
the reasonable steps outlined above.
53. Alternative risk management
approaches
IMPROVE the process by reviewing the
results and modifying the approach going
forward, so that over time the organization
grows nimbler and more resilient.
54. C. Enterprise Risk Management (ERM
1. Concept of enterprise risk management
What Is ERM and Why Is It Important?
ERM is a company's approach to managing risk. It is
the practices, policies, and framework for how a
company handles a variety of risks its business
faces. ERM is important because it helps prevent
losses or unexpected negative outcomes. ERM is
also important because it helps a company set the
plans in place to strategically approach risk and
garner employee buy-in.
55. Enterprise Risk Management (ERM
- is a methodology that looks at risk
management strategically from the
perspective of the entire firm or organization.
It is a top-down strategy that aims to identify,
assess, and prepare for potential losses,
dangers, hazards, and other potentials for
harm that may interfere with an organization's
operations and objectives and/or lead to
losses.
56. Enterprise Risk Management (ERM
What Are the 3 Types of Enterprise
Risk?
ERM often summaries the risks a company
faces into operational, financial, and strategic
risks. Operational risks impact day-to-day
operations, while strategic risks impact long-
term plans. Financial risks impact the general
financial standing and health of a company.
57. Implementing the Enterprise Risk
Management (ERM
Best practices most companies can use to
implement ERM strategies.
Define risk philosophy. Before
implementing any practices, a company
must identify how it feels about risk and
what its strategy around risk will be. This
should involve strategic discussions
between management and an analysis of a
company's entire risk profile.
58. Implementing the Enterprise Risk
Management (ERM
Create action plans.
Be creative. When considering risks, ERM
entails thinking broadly about the problems
a company may face. Though far-fetched, it
is in a company's best interest to think of as
many challenges it may face and how it will
respond (or decide to not respond) should
the event happen.
59. Implementing the Enterprise Risk
Management (ERM
Communicate priorities. A company may
determine several high-important risks are
critical to mitigate for the continuation of the
company. These priorities should be
communicated and broadly understood as
the risks that should not be incurred under
any circumstance. Alternatively, a company
may wish to communicate the plans if the
event were to occur.
60. Implementing the Enterprise Risk
Management (ERM
Assign responsibilities.
Maintain flexibility. As companies and risks
evolve, a company must design ERM practices to
be adaptable. The risks a company faces one day
may be different the next; the company must be
able to carry its current plan while still making
plans for new, future risks.
61. Implementing the Enterprise Risk
Management (ERM
Leverage technology. ERM digital
platforms may host, summarize, and track
many of the risks of a company. Technology
can also be used to implement internal
controls or gather data on how performance
is tracking to ERM practices.
Continually monitor.
62. Implementing the Enterprise Risk
Management (ERM
Communicate priorities. A company may
determine several high-important risks are
critical to mitigate for the continuation of the
company. These priorities should be
communicated and broadly understood as
the risks that should not be incurred under
any circumstance. Alternatively, a company
may wish to communicate the plans if the
event were to occur.
63. Implementing the Enterprise Risk
Management (ERM
Use metrics. As part of monitoring ERM
practices, a company should develop a series
of metrics to quantifiably gauge whether it is
meeting targets. Often referred to as SMART
goals, these metrics keep a company
accountable on whether it met objectives or
not.
64. Implementing the Enterprise Risk
Management (ERM
Use metrics. As part of monitoring ERM
practices, a company should develop a series
of metrics to quantifiably gauge whether it is
meeting targets. Often referred to as SMART
goals, these metrics keep a company
accountable on whether it met objectives or
not.
65. Risk Management in Schools
1)Identify Risks
2)Assess Each Risk's Likelihood
and Impact
3)Create Response Plans
4)Choose a Lead for Each Risk
5)Make Contingency Plans
6)Continuously Monitor Risks