SlideShare a Scribd company logo

Risk Management Essentials: Understanding Key Risks and Best Practices

PECB
PECB

The webinar covers: • ISO 31000 as the adopted standard, for ISO standards that have risk components, such as ISO 27005 and OHSAS 18001 • Description of Management of Risk (MoR) – how organizations can benefit • Complementary values that ISO 31000 and MoR bring to each other • How Risk Managers can evolve a practical approach to carrying out Risk Processes Presenter: This webinar was presented by PECB Trainer Orlando Olumide Odejide, an experienced Enterprise Architect and Chief Trainer for Training Heights Limited.

Education
1 of 54
www.trainingheights.net www.trainingheights.net
Objective Efficient and Effective Risk Management Practices for Risk Management Professionals
Definition of Risk Uncertain events or a set of events that, should it occur, will have an effect (usually negative) on the achievement of objectives. A risk is measured by the combination of probability of a perceived threat or opportunity occurring and the magnitude of its importance on objectives.
Definition of Enterprise Risk Management Risk Management allows for the activities involved to be visible, repeatable or consistent , to support effective decision-making. Risk Management allows an organization to make cost effective use of a risk management process that includes a series of well controlled steps. The aim of Risk Management is to improve internal control and support better decision making through a good understanding of individual risks and the overall risk exposure that exist at a particular time. Risk Management refers to the systematic application of principles, an approach and a process to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making. For Risk Management to be effective, risks need to be Identified, Assessed and Controlled.
Risks and its Controls Risks Risk Assessment Controls Risk Treatment/Mitigation An Orga nizati on
The Relationship and Interconnectedness of Risks Enterprise Risk Ecosystem Corporate Governance Risk Management Risk Strategy Risk Market Risk Credit Operational (Process) Liquidity (Cashflow) Reputation/Brand Risk Social Risk Political Risk Investment Risk Financial (Accounting) Risk Health and Safety Risk Environmental Risk Counter Party Risk Technology Risk Project Risk Economic Risk Commercial Risk Regulatory Internal Audit Risk Legal Risk Global Risks Inherent and Residual Risk
Corporate Governance Risk This refers to the risk that the Board of the organization is wrongly constituted (without the appropriately persons with the right skills and experience). It also refers to the possibility of the Board of an organization not being aware or appropriately educated of their role and responsibilities with regards to Corporate Governance. Finally it refers to the Boards not ensuring that the organization is led, guided, controlled and monitored appropriately to discharge its corporate governance mandate.
Corporate Management Risk This refers to the risk of the management (CEO, COO, CFO, CIO and Executive Directors) not managing the organization appropriately to ensure that all stakeholder interests are served appropriately. It reviews whether the Management of the organization are clear on their roles and responsibilities, if they have a vision and strategy to deliver on stated organizational objectives. Other components include if the Management team have the rights skills, experience and expertise to successfully lead the organization.
Strategy Risk This refers to the strategy development and execution capabilities of an organization. If an organization is driven and managed using the right, appropriate and measurable business/corporate strategy. It reviews the strategy development tools and methods (e.g. balanced score card, blue ocean strategy) used (if they are the right and appropriate ones for that particular organization/industry). It looks at if the business is being run inline with its documented strategy (strategy development versus execution).
Market Risk This includes risks like: 1. Equity: Stocks, Shares and the Nigerian Stock Exchange 2. Interest Rate: 21+% from Banks 3. Currency: Dollars and Pounds Movement 4. Commodity: Barrel of Oil in the International Market
Credit Risk The risk that an organization can be over exposed to its creditors (people it gives goods and services to on credit) and their inability to pay completely as at when due. Credit is crucial to a lot of businesses and if not carefully managed can lead to major cash flow problems and even close of a business.
Operational (Process) Risk This is the risk that is associated with the operations of an organization and it is the most widely reviewed and understood area of risk management. Operational risks lead to either fraud, business losses or poor results/outputs. It is in 3 folds: 1. The risk of Operational processes (manual and automated) being unsuitable. 2. The risk associated with the people who carry out operational processes 3. The risk that Operational systems are not appropriately designed and ineffectively operated.
Liquidity (Cash Flow) This can be in two ways: 1. The risk of an organization not having enough cash available as at when it is needed to run and fund business operations. 2. The risk that a given security or asset cannot be traded quickly enough in the market to prevent a loss (or make the required profit).
Reputation/Brand A brand is what the potential and existing customers/market of an organization say about it and its goods/services. This is the risk that is attached to the Brand Equity of an organization. Also refers to the risk that an organization can suffer if its reputation is destroyed. It is very much related to the risk that a competitor can develop a better brand that over-shadows an organization’s existing band.
Social Risk [Corporate Social Responsibility – ISO 26000] This also can be in two ways: 1. The risk than organization is unaware and not aligning its strategy, goods and services to the social demographics of the market including issues like male versus female, under 30 versus above 30, educated versus non-educated etc. 2. The other side of social risk relates to an organization not seen as being socially responsible. Hence why organizations try to carry out civic and socially responsible activities like motherless baby homes, books for public schools, building school halls and libraries etc.
Political Risk Political risk relates to the risk that can affect an organization based on the political climate of the country it operates within. This can be caused by a change in Government, unfavorable governmental policies and general inability within government. Examples include Elections in Nigeria and others.
Investment Risk This is the risk that there will be insufficient return on an investment. The major investment classes include: Cash: Cash is the least risky of the four but it tends to deliver low returns, which means the value of your money can be eroded in times of high inflation. Bonds: One step up the risk ladder is government bonds, or gilts, followed by investment grade corporate bonds, where you effectively lend money to large companies in exchange for a fixed- rate of interest. Property: Investing in commercial property, such as offices, supermarkets and warehouses, can grow your money through rental income and growth in the value of the property you own. Equities: Stocks and shares, commonly known as equities, are seen as the most risky asset class, as stock markets can be highly unpredictable.
Financial Risk (P or L, A and L) Financial risk means various things to different people. Primarily it means the risk that the organization might collapse due to the ill health of its financial position. Balance Sheet risk describes the in-balance that might occur if the liabilities of an organization is more than its assets. P or L risk describes if an organizations cumulative expenses over a period significantly outweighs its revenue leading to major losses in the organization.
Health and Safety Risk (OHSAS 18001) Health and Safety is very essential in an organization and it helps to avoid litigation and penalties to the organization with regards to the health and safety of the staff of the organization. It refers to the risks associated with the possibility of the loss of life (ultimate risk) in the office place. OHSAS 18001 is the ISO standard that organizations have to show adherence to and it is compulsory for certain industries like Mining, Manufacturing and Oil and Gas.
Environmental Risk (ISO 14001) This is the risk that the activities of an organization are injurious and detrimental to the physical and geographical environment that it operates. This includes waste management, environmental pollution and climate destruction. There are huge penalties (including sanctions and fines) for organizations who are seen to be environmentally irresponsible. ISO 140001 is the standard for managing and ensuring that organizations in certain industries like Oil and Gas must strictly adhere to.
Counter Party Risk This refers to the risk that the counter party/partner of an organization (possibility its Insurance Company or one of its Partners) might not be able to pay the right claims in the event of a major unfavorable event or might default in terms of their obligations to a particular venture. The risk to each party of a contract that the counterparty will not live up to its contractual obligations. Counterparty risk as a risk to both parties and should be considered when evaluating a contract. In most financial contracts, counterparty risk is also known as "default risk".
Technology (IT) Risk This is the risk of an organization not have the right information technology tools and platforms of adequately run its business. It can stem from not having the right persons (with the right skills and capabilities) running It in an organization. It can also be an organization not being capitalized enough to invest in the right IT tools and platforms. Finally, it can be an organization not getting the needed results and returns from its investment in IT. Examples: Failed Banking and Insurance Applications.
Project Risk Most Projects are Capital (Finance and Budget) intensive and their failure can be material to an organization. Project risk refers to the possibility that an organization might not get the appropriate return on its investment in specific projects. A Project has failed if it goes beyond defined tolerances for Costs/Budget, Time, Scope, Resource Utilization, Quality of Deliverables and if it falls short of the expectations of stakeholders.
Economic Risk These are risks related to 2 major branches of the economy: 1. Macroeconomic Factors: Growth, Inflation, Unemployment, National Income and International Trade. 2. Microeconomic Factors: Supply and Demand, Pricing and other Microsoft economic issues.
Commercial Risk This is the risk that is associated with 3 key things: 1. Customers: Not having the right customers, in the right segments, in the right quantities/volumes. 2. Suppliers: Not having the right suppliers (strategic, tactical operational and commodity) that provide convenient business conditions with the appropriate agreements. 3. Products: Not developing the right products, with the right quality, with the right packaging, for the right price for the right market segment.
Regulatory and Compliance Risk This is the risk of not being to meet the requests and demands of the regulators of particular industries and for particular issues. It is very much the same as the risk of non-compliance to stated industry demands and requirements. Examples: CBN, NAICOM, NDIC, NCC and others.
Internal Audit and Control Risk This is the risk that there is no appropriate internal audit programme, procedures and plans within the organizations. It also refers to the risk of no appropriate controls in place to prevent business losses either via fraud, theft or lack of effectiveness within the operations of the organization. Internal Audit and Internal Control are 2 different functions within an organization, however there are risks at it pertains to both of them. Most controls are in place to help detect, prevent and correct anomalies and it is continuous. Internal Audit is periodic and continual in nature (starts and stops) and it primarily checks for alignment.
Legal Risk This is risk related to flouting legal (laws of the land) conditions and the multiple consequences of such. There are sanctions and penalties for being unable to meet or going against stated laws in a particular country. Examples: Tax, Employment Laws etc.
Global Risk This is the risks that global events and happenings can adversely affect an organization in a particular country. Global happenings like Wars, G8 Sanctions and others.
Inherent and Residual Risk Inherent Risk: the risk that comes as part of the nature of a specific type of operation/business. Residual Risk : The risk that is left after a control/mitigation/treatment/remediation has been applied.
What makes MoR Unique – Methodical and Process based.
Structure of MoR CONTENT (PART 1 – 6) 1. Introduction 2. MoR Principles 3. MoR Approach 4. MoR Risk Process 5. Embedding and Reviewing MoR 6. Perspectives APPENDICES 1. MoR Document Outlines 2. Common Techniques 3. Health Check 4. Maturity Model 5. Risk Specialisms
MoR Part 1 What is Risk? What is Risk Management? Why is Risk Management Important? How has Risk Management Developed? Corporate Governance and Internal Control Where and when should Risk Management be applied? OGC Best Practice Guidance
MoR Part 2 --- MoR Principles 2.1 Introduction 2.2 Alignment with Objectives 2.3 Fits the Context 2.4 Engages Stakeholders 2.5 Provides Clear Guidance 2.6 Informs Decision Making 2.7 Facilitates Continual Improvement. 2.8 Creates a Supportive Culture. 2.9 Achieves Measurable Value.
MoR Part 3 – MoR Approach 3.1 Introduction 3.2 Risk Management Policy 3.3 Risk Management Process Guide 3.4 Risk Management Strategy 3.5 Risk Register 3.6 Issue Register 3.7 Risk Improvement Plan 3.8 Risk Communications Plan 3.9 Risk Response Plan 3.10 Risk Progress Report 3.11 Relationship between Documents
MoR Part 4 4.1 Introduction 4.2 Common Process Barriers 4.3 Communications throughout the Process 4.4 Identify – Context 4.5 Identify – Identify the Risks 4.6 Assess – Estimate 4.7 Assess – Evaluate 4.8 Plan 4.9 Implement
MoR Part 5 – Embedding and Reviewing MoR 5.1 Introduction 5.2 Embedding the Principles 5.3 Changing the culture of Risk Management 5.4 Measuring the Value 5.5 Overcoming the Common Barriers to Success 5.6 Identify and Establish Opportunities for Change
MoR Part 6 – Perspectives 6.1 Introduction 6.2 Strategic Perspective 6.3 Programme Perspective 6.4 Project Perspective 6.5 Operational Perspective 6.6 Achieving Measurable Value 6.7 Integrating Risk Management Across Perspectives 6.8 Roles and Responsibilities
Appendix A – MoR Document Outlines (9 Great Templates ) 1. Risk Management Policy 2. Risk Management Process Guide 3. Risk Management Strategy 4. Risk Register 5. Issue Register 6. Risk Improvement Plan 7. Risk Communications Plan 8. Risk Response Plan 9. Risk Progress Report
Appendix B: Common Techniques 1. Introduction 2. Techniques for the Identify Context Step 2.1 Stakeholder Analysis 2.2 Pestle Analysis 2.3 SWOT Analysis 2.4 Horizon Scanning 2.5 Probability Impact Grid 3. Techniques for the Identity Identify the Risks Step 3.1 Checklists 3.2. Prompt list 3.3 Cause and effect diagrams 3.4. Group Techniques 3.5 Questionnaires 3.6. Individual interviews 3.7 Assumptions Analysis 3.8. Constraints Analysis 3.9 Risk Descriptions 4. Techniques for the Assess Estimate Step 4.1. Probability Assessment 4.2. Impact Assessment 4.3. Proximity 4.4 Expected Value Assessment 5. Techniques for the Assess Evaluate Step ◦ 5.1 Summary Risk Profiles ◦ 5.2 Summary Expected Value Assessment ◦ 5.3 Probabilistic Risk Models ◦ 5.4 Probability Trees ◦ 5.5 Sensitivity Analysis 6. Techniques for the Plan Step ◦ 6.1 Risk Response Planning ◦ 6.2 Cost-Benefit Analysis ◦ 6.3 Decision Trees 7. Techniques for the Implement Step ◦ 7.1 Update summary risk profiles ◦ 7.2 Risk Exposure Trends ◦ 7.3 Update probabilistic risk models
Appendix C: Management of Risk Health Check GENERAL Purpose of Risk Health Check Process ◦ Preparation ◦ Data Collection ◦ Data Analysis ◦ Review and Report FRAMEWORK (8 STEPS) 1. Aligns with Objectives 2. Tailored to Context 3. Engages Stakeholders 4. Provides Clear Guidance 5. Informs Decision Making 6. Facilitates Continual Improvement 7. Creates a Supportive Culture 8. Achieves Measurable Value
Appendix D: Management of Risk Maturity Model 1. Introduction 2. Process Improvement 3. Definition 4. Purpose 5. Scope 6. Structure/Composition 7. Levels 8. Criteria [Level 1(Initial), 2 (Repeatable), 3 (Defined), 4 (Managed), 5 (Optimizing)]. 9. Competencies 10. MoR Maturity Model 11. Use/Deployment ◦ Progressing between maturity levels ◦ Maintaining the highest level of maturity ◦ Benefits 12. Conclusion 13. Other Examples 14. More information on the OGC P3M3
Appendix E: Risk Specialism 1. Business Continuity Management 2. Incident and Crisis Management 3. Health and Safety Management 4. Security Risk Management 5. Financial Risk Management 6. Environmental Risk Management 7. Reputation Risk Management 8. Contract Risk Management 9. Energy Risk Management ******
ISO 31000 Risk Management Principles and Guidelines
Benefits/Capabilities for Management of Risk 1. Increase the likelihood of achieving objectives 2. Encourage proactive management 3. Be aware of the need to identify and treat risk throughout the organization 4. Improve the identification of opportunities and threats 5. Comply with relevant legal and regulatory requirements and international norms 6. Improve mandatory and voluntary reporting 7. Improve governance 8. Improve stakeholder confidence and trust 9. Improve controls 10. Establish a reliable basis for decision making and planning 11. Effectively allocate and use resources for risk treatment 12. Improve operational effectiveness and efficiency 13. Enhance health and safety performance as well as environmental protection 14. Improvement loss prevention and incident management 15. Minimize losses 16. Improve organizational learning 17. Improve organizational resilience
Stakeholders who have Risk Management needs 1. Those responsible fro developing risk management policy within their organization 2. Those accountable for ensuring that risk is effectively managed within the organization as a whole or within a specific area, protect or activity 3. Those who need to evaluate an organization’s effectiveness in managing risk 4. Developers of standards, guides, procedures and codes of practice that, in whole or in part, set out how risk is to be managed within specific context of these documents .
Terms and Definitions (*Notes) 1. Risk: Effect of Uncertainty on Objectives An effect is a deviation from the expected + or –. Objectives can have different aspects e.g. financial and at different levels (strategic or project). 2. Risk Management 3. Risk Management Framework 4. Risk Management Policy 5. Risk Attitude 6. Risk Management Plan 7. Risk Owner 8. Risk Management Process 9. Establishing the Context 10. External Context 11. Internal Context 12. Communication and Consultation 13. Risk Assessment 14. Risk Identification 15. Risk Resource 16. Event 17. Consequence 18. Risk Profile 19. Risk Analysis 20. Risk Criteria 21. Level of Risk 22. Risk Evaluation 23. Risk Treatment 24. Control 25. Residual Risk 26. Monitoring 27. Review
ISO 31000: Clauses 3, 4, 5 and Annex A Clause 3: Principles Clause 4: Framework Clause 5: Process Annex A 1. RM creates and protects value 2. Risk management is an integral part of all organizational processes 3. Risk management is part of decision making 4. RM addresses uncertainty 5. RM is systematic, structures and timely 6. RM is based on the best available information 7. RM is tailored General Mandate and Commitment Design of Framework for Management Risk Implementing Risk Management Monitoring and Review of the Framework Continual Improvement of Framework General Communication and Consultation Establishing the Context Risk Assessment Risk Treatments Monitoring and Review Recording the risk management and process General Key Outcomes Attributes Continual Improvement Full accountability for risk Application of risk management in all decision making Continual communications Full integration in organizations governance structure
ISO 31000 – Risk Management Principles and Guidelines
Questions Orlando@trainingheights.net References in this presentations are from the Axelos MoR Material and also the ISO 31000 document.

Recommended

Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryoDanang suryo Wardhono
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management processMuizz Anibire
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 

Recommended

Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryoDanang suryo Wardhono
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management processMuizz Anibire
 
127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0127017438_RMA_OperationalRiskAppetite_v1.0
127017438_RMA_OperationalRiskAppetite_v1.0Rachael Phelan
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
Iso 31000
Iso 31000Iso 31000
Iso 31000Dr. Jojo Javier
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Richard Swartzbaugh
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Risk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideRisk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideSlideTeam
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
Risk Management
Risk ManagementRisk Management
Risk ManagementStefan Csosz
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk ManagementFAA Safety Team Central Florida
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Ahmad Azwang Aisram Omar
 
Failure deriving from underestimating risk management
Failure deriving from underestimating risk management Failure deriving from underestimating risk management
Failure deriving from underestimating risk managementPECB
 
Essay On Risk Management
Essay On Risk ManagementEssay On Risk Management
Essay On Risk ManagementCustom Paper Services Swainsboro
 

More Related Content

What's hot

Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Richard Swartzbaugh
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
ERM Presentation
ERM PresentationERM Presentation
ERM PresentationH Contrex
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Risk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideRisk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideSlideTeam
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Ahmad Azwang Aisram Omar
 

What's hot (20)

Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
 
Iso 31000
Iso 31000Iso 31000
Iso 31000
 
Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020 Enterprise Risk Management (ERM) Framework 2020
Enterprise Risk Management (ERM) Framework 2020
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Risk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation SlideRisk Identification PowerPoint Presentation Slide
Risk Identification PowerPoint Presentation Slide
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk Management
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)
 
Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009
 

Similar to Risk Management Essentials: Understanding Key Risks and Best Practices

Failure deriving from underestimating risk management
Failure deriving from underestimating risk management Failure deriving from underestimating risk management
Failure deriving from underestimating risk managementPECB
 
Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...Total Assignment Help
 
Risk Management
Risk ManagementRisk Management
Risk ManagementRaina Zia
 
Risk management
Risk managementRisk management
Risk managementaseel m
 
HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004Theim912
 
OverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplexOverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplexKashif Ali
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateIRM India Affiliate
 
Operation risk management in Private Equity firms
Operation risk management in Private Equity firmsOperation risk management in Private Equity firms
Operation risk management in Private Equity firmsJoseph Kariuki
 
A5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_enA5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_enocasiconference
 
Financial risk management
Financial risk managementFinancial risk management
Financial risk managementYusef Hamayel
 
Chartered Accountant’s Role in an Enterprise Risk Management
Chartered Accountant’s Role in an Enterprise Risk ManagementChartered Accountant’s Role in an Enterprise Risk Management
Chartered Accountant’s Role in an Enterprise Risk ManagementCA. (Dr.) Rajkumar Adukia
 
Running Head ERM 1ERM 10Research Paper Draf.docx
Running Head ERM 1ERM 10Research Paper Draf.docxRunning Head ERM 1ERM 10Research Paper Draf.docx
Running Head ERM 1ERM 10Research Paper Draf.docxjeanettehully
 
Running Head ERM 1ERM 10Research Paper Draf.docx
Running Head ERM 1ERM 10Research Paper Draf.docxRunning Head ERM 1ERM 10Research Paper Draf.docx
Running Head ERM 1ERM 10Research Paper Draf.docxtodd271
 
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiAn approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiRama Warrier
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
 

Similar to Risk Management Essentials: Understanding Key Risks and Best Practices (20)

Failure deriving from underestimating risk management
Failure deriving from underestimating risk management Failure deriving from underestimating risk management
Failure deriving from underestimating risk management
 
Essay On Risk Management
Essay On Risk ManagementEssay On Risk Management
Essay On Risk Management
 
Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...
 
Risk Management in Business
Risk Management in BusinessRisk Management in Business
Risk Management in Business
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Risk management
Risk managementRisk management
Risk management
 
Risk management
Risk managementRisk management
Risk management
 
HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004
 
OverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplexOverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplex
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia Affiliate
 
Operation risk management in Private Equity firms
Operation risk management in Private Equity firmsOperation risk management in Private Equity firms
Operation risk management in Private Equity firms
 
Risk Management Essay
Risk Management EssayRisk Management Essay
Risk Management Essay
 
A5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_enA5 b1 risk assessement_suzanne gibson_en
A5 b1 risk assessement_suzanne gibson_en
 
Financial risk management
Financial risk managementFinancial risk management
Financial risk management
 
Chartered Accountant’s Role in an Enterprise Risk Management
Chartered Accountant’s Role in an Enterprise Risk ManagementChartered Accountant’s Role in an Enterprise Risk Management
Chartered Accountant’s Role in an Enterprise Risk Management
 
Running Head ERM 1ERM 10Research Paper Draf.docx
Running Head ERM 1ERM 10Research Paper Draf.docxRunning Head ERM 1ERM 10Research Paper Draf.docx
Running Head ERM 1ERM 10Research Paper Draf.docx
 
Running Head ERM 1ERM 10Research Paper Draf.docx
Running Head ERM 1ERM 10Research Paper Draf.docxRunning Head ERM 1ERM 10Research Paper Draf.docx
Running Head ERM 1ERM 10Research Paper Draf.docx
 
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preetiAn approach to erm in the insurance industry apria 2002 rama warrier&preeti
An approach to erm in the insurance industry apria 2002 rama warrier&preeti
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and value
 

More from PECB

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 

More from PECB (20)

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Recently uploaded

4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 

Recently uploaded (20)

4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 

Risk Management Essentials: Understanding Key Risks and Best Practices

  • 2. Objective Efficient and Effective Risk Management Practices for Risk Management Professionals
  • 3.
  • 4.
  • 5. Definition of Risk Uncertain events or a set of events that, should it occur, will have an effect (usually negative) on the achievement of objectives. A risk is measured by the combination of probability of a perceived threat or opportunity occurring and the magnitude of its importance on objectives.
  • 6. Definition of Enterprise Risk Management Risk Management allows for the activities involved to be visible, repeatable or consistent , to support effective decision-making. Risk Management allows an organization to make cost effective use of a risk management process that includes a series of well controlled steps. The aim of Risk Management is to improve internal control and support better decision making through a good understanding of individual risks and the overall risk exposure that exist at a particular time. Risk Management refers to the systematic application of principles, an approach and a process to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making. For Risk Management to be effective, risks need to be Identified, Assessed and Controlled.
  • 7. Risks and its Controls Risks Risk Assessment Controls Risk Treatment/Mitigation An Orga nizati on
  • 8. The Relationship and Interconnectedness of Risks Enterprise Risk Ecosystem Corporate Governance Risk Management Risk Strategy Risk Market Risk Credit Operational (Process) Liquidity (Cashflow) Reputation/Brand Risk Social Risk Political Risk Investment Risk Financial (Accounting) Risk Health and Safety Risk Environmental Risk Counter Party Risk Technology Risk Project Risk Economic Risk Commercial Risk Regulatory Internal Audit Risk Legal Risk Global Risks Inherent and Residual Risk
  • 9. Corporate Governance Risk This refers to the risk that the Board of the organization is wrongly constituted (without the appropriately persons with the right skills and experience). It also refers to the possibility of the Board of an organization not being aware or appropriately educated of their role and responsibilities with regards to Corporate Governance. Finally it refers to the Boards not ensuring that the organization is led, guided, controlled and monitored appropriately to discharge its corporate governance mandate.
  • 10. Corporate Management Risk This refers to the risk of the management (CEO, COO, CFO, CIO and Executive Directors) not managing the organization appropriately to ensure that all stakeholder interests are served appropriately. It reviews whether the Management of the organization are clear on their roles and responsibilities, if they have a vision and strategy to deliver on stated organizational objectives. Other components include if the Management team have the rights skills, experience and expertise to successfully lead the organization.
  • 11. Strategy Risk This refers to the strategy development and execution capabilities of an organization. If an organization is driven and managed using the right, appropriate and measurable business/corporate strategy. It reviews the strategy development tools and methods (e.g. balanced score card, blue ocean strategy) used (if they are the right and appropriate ones for that particular organization/industry). It looks at if the business is being run inline with its documented strategy (strategy development versus execution).
  • 12. Market Risk This includes risks like: 1. Equity: Stocks, Shares and the Nigerian Stock Exchange 2. Interest Rate: 21+% from Banks 3. Currency: Dollars and Pounds Movement 4. Commodity: Barrel of Oil in the International Market
  • 13. Credit Risk The risk that an organization can be over exposed to its creditors (people it gives goods and services to on credit) and their inability to pay completely as at when due. Credit is crucial to a lot of businesses and if not carefully managed can lead to major cash flow problems and even close of a business.
  • 14. Operational (Process) Risk This is the risk that is associated with the operations of an organization and it is the most widely reviewed and understood area of risk management. Operational risks lead to either fraud, business losses or poor results/outputs. It is in 3 folds: 1. The risk of Operational processes (manual and automated) being unsuitable. 2. The risk associated with the people who carry out operational processes 3. The risk that Operational systems are not appropriately designed and ineffectively operated.
  • 15. Liquidity (Cash Flow) This can be in two ways: 1. The risk of an organization not having enough cash available as at when it is needed to run and fund business operations. 2. The risk that a given security or asset cannot be traded quickly enough in the market to prevent a loss (or make the required profit).
  • 16. Reputation/Brand A brand is what the potential and existing customers/market of an organization say about it and its goods/services. This is the risk that is attached to the Brand Equity of an organization. Also refers to the risk that an organization can suffer if its reputation is destroyed. It is very much related to the risk that a competitor can develop a better brand that over-shadows an organization’s existing band.
  • 17. Social Risk [Corporate Social Responsibility – ISO 26000] This also can be in two ways: 1. The risk than organization is unaware and not aligning its strategy, goods and services to the social demographics of the market including issues like male versus female, under 30 versus above 30, educated versus non-educated etc. 2. The other side of social risk relates to an organization not seen as being socially responsible. Hence why organizations try to carry out civic and socially responsible activities like motherless baby homes, books for public schools, building school halls and libraries etc.
  • 18. Political Risk Political risk relates to the risk that can affect an organization based on the political climate of the country it operates within. This can be caused by a change in Government, unfavorable governmental policies and general inability within government. Examples include Elections in Nigeria and others.
  • 19. Investment Risk This is the risk that there will be insufficient return on an investment. The major investment classes include: Cash: Cash is the least risky of the four but it tends to deliver low returns, which means the value of your money can be eroded in times of high inflation. Bonds: One step up the risk ladder is government bonds, or gilts, followed by investment grade corporate bonds, where you effectively lend money to large companies in exchange for a fixed- rate of interest. Property: Investing in commercial property, such as offices, supermarkets and warehouses, can grow your money through rental income and growth in the value of the property you own. Equities: Stocks and shares, commonly known as equities, are seen as the most risky asset class, as stock markets can be highly unpredictable.
  • 20. Financial Risk (P or L, A and L) Financial risk means various things to different people. Primarily it means the risk that the organization might collapse due to the ill health of its financial position. Balance Sheet risk describes the in-balance that might occur if the liabilities of an organization is more than its assets. P or L risk describes if an organizations cumulative expenses over a period significantly outweighs its revenue leading to major losses in the organization.
  • 21. Health and Safety Risk (OHSAS 18001) Health and Safety is very essential in an organization and it helps to avoid litigation and penalties to the organization with regards to the health and safety of the staff of the organization. It refers to the risks associated with the possibility of the loss of life (ultimate risk) in the office place. OHSAS 18001 is the ISO standard that organizations have to show adherence to and it is compulsory for certain industries like Mining, Manufacturing and Oil and Gas.
  • 22. Environmental Risk (ISO 14001) This is the risk that the activities of an organization are injurious and detrimental to the physical and geographical environment that it operates. This includes waste management, environmental pollution and climate destruction. There are huge penalties (including sanctions and fines) for organizations who are seen to be environmentally irresponsible. ISO 140001 is the standard for managing and ensuring that organizations in certain industries like Oil and Gas must strictly adhere to.
  • 23. Counter Party Risk This refers to the risk that the counter party/partner of an organization (possibility its Insurance Company or one of its Partners) might not be able to pay the right claims in the event of a major unfavorable event or might default in terms of their obligations to a particular venture. The risk to each party of a contract that the counterparty will not live up to its contractual obligations. Counterparty risk as a risk to both parties and should be considered when evaluating a contract. In most financial contracts, counterparty risk is also known as "default risk".
  • 24. Technology (IT) Risk This is the risk of an organization not have the right information technology tools and platforms of adequately run its business. It can stem from not having the right persons (with the right skills and capabilities) running It in an organization. It can also be an organization not being capitalized enough to invest in the right IT tools and platforms. Finally, it can be an organization not getting the needed results and returns from its investment in IT. Examples: Failed Banking and Insurance Applications.
  • 25. Project Risk Most Projects are Capital (Finance and Budget) intensive and their failure can be material to an organization. Project risk refers to the possibility that an organization might not get the appropriate return on its investment in specific projects. A Project has failed if it goes beyond defined tolerances for Costs/Budget, Time, Scope, Resource Utilization, Quality of Deliverables and if it falls short of the expectations of stakeholders.
  • 26. Economic Risk These are risks related to 2 major branches of the economy: 1. Macroeconomic Factors: Growth, Inflation, Unemployment, National Income and International Trade. 2. Microeconomic Factors: Supply and Demand, Pricing and other Microsoft economic issues.
  • 27. Commercial Risk This is the risk that is associated with 3 key things: 1. Customers: Not having the right customers, in the right segments, in the right quantities/volumes. 2. Suppliers: Not having the right suppliers (strategic, tactical operational and commodity) that provide convenient business conditions with the appropriate agreements. 3. Products: Not developing the right products, with the right quality, with the right packaging, for the right price for the right market segment.
  • 28. Regulatory and Compliance Risk This is the risk of not being to meet the requests and demands of the regulators of particular industries and for particular issues. It is very much the same as the risk of non-compliance to stated industry demands and requirements. Examples: CBN, NAICOM, NDIC, NCC and others.
  • 29. Internal Audit and Control Risk This is the risk that there is no appropriate internal audit programme, procedures and plans within the organizations. It also refers to the risk of no appropriate controls in place to prevent business losses either via fraud, theft or lack of effectiveness within the operations of the organization. Internal Audit and Internal Control are 2 different functions within an organization, however there are risks at it pertains to both of them. Most controls are in place to help detect, prevent and correct anomalies and it is continuous. Internal Audit is periodic and continual in nature (starts and stops) and it primarily checks for alignment.
  • 30. Legal Risk This is risk related to flouting legal (laws of the land) conditions and the multiple consequences of such. There are sanctions and penalties for being unable to meet or going against stated laws in a particular country. Examples: Tax, Employment Laws etc.
  • 31. Global Risk This is the risks that global events and happenings can adversely affect an organization in a particular country. Global happenings like Wars, G8 Sanctions and others.
  • 32. Inherent and Residual Risk Inherent Risk: the risk that comes as part of the nature of a specific type of operation/business. Residual Risk : The risk that is left after a control/mitigation/treatment/remediation has been applied.
  • 33. What makes MoR Unique – Methodical and Process based.
  • 34. Structure of MoR CONTENT (PART 1 – 6) 1. Introduction 2. MoR Principles 3. MoR Approach 4. MoR Risk Process 5. Embedding and Reviewing MoR 6. Perspectives APPENDICES 1. MoR Document Outlines 2. Common Techniques 3. Health Check 4. Maturity Model 5. Risk Specialisms
  • 35. MoR Part 1 What is Risk? What is Risk Management? Why is Risk Management Important? How has Risk Management Developed? Corporate Governance and Internal Control Where and when should Risk Management be applied? OGC Best Practice Guidance
  • 36. MoR Part 2 --- MoR Principles 2.1 Introduction 2.2 Alignment with Objectives 2.3 Fits the Context 2.4 Engages Stakeholders 2.5 Provides Clear Guidance 2.6 Informs Decision Making 2.7 Facilitates Continual Improvement. 2.8 Creates a Supportive Culture. 2.9 Achieves Measurable Value.
  • 37. MoR Part 3 – MoR Approach 3.1 Introduction 3.2 Risk Management Policy 3.3 Risk Management Process Guide 3.4 Risk Management Strategy 3.5 Risk Register 3.6 Issue Register 3.7 Risk Improvement Plan 3.8 Risk Communications Plan 3.9 Risk Response Plan 3.10 Risk Progress Report 3.11 Relationship between Documents
  • 38. MoR Part 4 4.1 Introduction 4.2 Common Process Barriers 4.3 Communications throughout the Process 4.4 Identify – Context 4.5 Identify – Identify the Risks 4.6 Assess – Estimate 4.7 Assess – Evaluate 4.8 Plan 4.9 Implement
  • 39. MoR Part 5 – Embedding and Reviewing MoR 5.1 Introduction 5.2 Embedding the Principles 5.3 Changing the culture of Risk Management 5.4 Measuring the Value 5.5 Overcoming the Common Barriers to Success 5.6 Identify and Establish Opportunities for Change
  • 40. MoR Part 6 – Perspectives 6.1 Introduction 6.2 Strategic Perspective 6.3 Programme Perspective 6.4 Project Perspective 6.5 Operational Perspective 6.6 Achieving Measurable Value 6.7 Integrating Risk Management Across Perspectives 6.8 Roles and Responsibilities
  • 41. Appendix A – MoR Document Outlines (9 Great Templates ) 1. Risk Management Policy 2. Risk Management Process Guide 3. Risk Management Strategy 4. Risk Register 5. Issue Register 6. Risk Improvement Plan 7. Risk Communications Plan 8. Risk Response Plan 9. Risk Progress Report
  • 42. Appendix B: Common Techniques 1. Introduction 2. Techniques for the Identify Context Step 2.1 Stakeholder Analysis 2.2 Pestle Analysis 2.3 SWOT Analysis 2.4 Horizon Scanning 2.5 Probability Impact Grid 3. Techniques for the Identity Identify the Risks Step 3.1 Checklists 3.2. Prompt list 3.3 Cause and effect diagrams 3.4. Group Techniques 3.5 Questionnaires 3.6. Individual interviews 3.7 Assumptions Analysis 3.8. Constraints Analysis 3.9 Risk Descriptions 4. Techniques for the Assess Estimate Step 4.1. Probability Assessment 4.2. Impact Assessment 4.3. Proximity 4.4 Expected Value Assessment 5. Techniques for the Assess Evaluate Step ◦ 5.1 Summary Risk Profiles ◦ 5.2 Summary Expected Value Assessment ◦ 5.3 Probabilistic Risk Models ◦ 5.4 Probability Trees ◦ 5.5 Sensitivity Analysis 6. Techniques for the Plan Step ◦ 6.1 Risk Response Planning ◦ 6.2 Cost-Benefit Analysis ◦ 6.3 Decision Trees 7. Techniques for the Implement Step ◦ 7.1 Update summary risk profiles ◦ 7.2 Risk Exposure Trends ◦ 7.3 Update probabilistic risk models
  • 43. Appendix C: Management of Risk Health Check GENERAL Purpose of Risk Health Check Process ◦ Preparation ◦ Data Collection ◦ Data Analysis ◦ Review and Report FRAMEWORK (8 STEPS) 1. Aligns with Objectives 2. Tailored to Context 3. Engages Stakeholders 4. Provides Clear Guidance 5. Informs Decision Making 6. Facilitates Continual Improvement 7. Creates a Supportive Culture 8. Achieves Measurable Value
  • 44. Appendix D: Management of Risk Maturity Model 1. Introduction 2. Process Improvement 3. Definition 4. Purpose 5. Scope 6. Structure/Composition 7. Levels 8. Criteria [Level 1(Initial), 2 (Repeatable), 3 (Defined), 4 (Managed), 5 (Optimizing)]. 9. Competencies 10. MoR Maturity Model 11. Use/Deployment ◦ Progressing between maturity levels ◦ Maintaining the highest level of maturity ◦ Benefits 12. Conclusion 13. Other Examples 14. More information on the OGC P3M3
  • 45. Appendix E: Risk Specialism 1. Business Continuity Management 2. Incident and Crisis Management 3. Health and Safety Management 4. Security Risk Management 5. Financial Risk Management 6. Environmental Risk Management 7. Reputation Risk Management 8. Contract Risk Management 9. Energy Risk Management ******
  • 46. ISO 31000 Risk Management Principles and Guidelines
  • 47. Benefits/Capabilities for Management of Risk 1. Increase the likelihood of achieving objectives 2. Encourage proactive management 3. Be aware of the need to identify and treat risk throughout the organization 4. Improve the identification of opportunities and threats 5. Comply with relevant legal and regulatory requirements and international norms 6. Improve mandatory and voluntary reporting 7. Improve governance 8. Improve stakeholder confidence and trust 9. Improve controls 10. Establish a reliable basis for decision making and planning 11. Effectively allocate and use resources for risk treatment 12. Improve operational effectiveness and efficiency 13. Enhance health and safety performance as well as environmental protection 14. Improvement loss prevention and incident management 15. Minimize losses 16. Improve organizational learning 17. Improve organizational resilience
  • 48. Stakeholders who have Risk Management needs 1. Those responsible fro developing risk management policy within their organization 2. Those accountable for ensuring that risk is effectively managed within the organization as a whole or within a specific area, protect or activity 3. Those who need to evaluate an organization’s effectiveness in managing risk 4. Developers of standards, guides, procedures and codes of practice that, in whole or in part, set out how risk is to be managed within specific context of these documents .
  • 49. Terms and Definitions (*Notes) 1. Risk: Effect of Uncertainty on Objectives An effect is a deviation from the expected + or –. Objectives can have different aspects e.g. financial and at different levels (strategic or project). 2. Risk Management 3. Risk Management Framework 4. Risk Management Policy 5. Risk Attitude 6. Risk Management Plan 7. Risk Owner 8. Risk Management Process 9. Establishing the Context 10. External Context 11. Internal Context 12. Communication and Consultation 13. Risk Assessment 14. Risk Identification 15. Risk Resource 16. Event 17. Consequence 18. Risk Profile 19. Risk Analysis 20. Risk Criteria 21. Level of Risk 22. Risk Evaluation 23. Risk Treatment 24. Control 25. Residual Risk 26. Monitoring 27. Review
  • 50. ISO 31000: Clauses 3, 4, 5 and Annex A Clause 3: Principles Clause 4: Framework Clause 5: Process Annex A 1. RM creates and protects value 2. Risk management is an integral part of all organizational processes 3. Risk management is part of decision making 4. RM addresses uncertainty 5. RM is systematic, structures and timely 6. RM is based on the best available information 7. RM is tailored General Mandate and Commitment Design of Framework for Management Risk Implementing Risk Management Monitoring and Review of the Framework Continual Improvement of Framework General Communication and Consultation Establishing the Context Risk Assessment Risk Treatments Monitoring and Review Recording the risk management and process General Key Outcomes Attributes Continual Improvement Full accountability for risk Application of risk management in all decision making Continual communications Full integration in organizations governance structure
  • 51. ISO 31000 – Risk Management Principles and Guidelines
  • 52.
  • 53.
  • 54. Questions Orlando@trainingheights.net References in this presentations are from the Axelos MoR Material and also the ISO 31000 document.