Risk MethodologiesWhy are there so many?       1st June 2011
PresenterJeremy Kaye, VP GRC Strategy+44 20 7903 5139jeremy.kaye@easy2comply.com     Confidential
Housekeeping• The slides for this event will be distributed  afterwards• The webinar recording will be archived on  easy2c...
Webinar Focus•   Purpose of Assessing Risks•   Different Methodologies•   Strengths and Weaknesses•   How to Choose?      ...
Risk: A Definition• Possibility of loss or  injury• Someone or something  that creates a hazard• Chance of loss to the sub...
Risk versus Uncertainty• Uncertainty is where there are different outcomes• Risk is your potential exposure to those outco...
Types of Risks                             Examples of•   Market Risk              Financial Risks•   Credit Risk         ...
Purpose of Risk Assessment• To gain a sense of the “size” of the risks• To prioritise based on our analysis• To determine ...
Webinar Focus•   Purpose of Assessing Risks•   Different Assessment Methodologies•   Strengths and Weaknesses•   How to Ch...
Examples of Methodologies and Techniques• Methodology Examples: CRAMM, ISO31000,  27005• Techniques:  – Scorecards  – Ques...
Scorecards• Purpose is to attain an overall score for the  risk  – Questions broken into sections  – Each question has a s...
Questionnaires• Purpose is to attain a set of descriptive  information about the risk• Questions and Answers• Don’t necess...
Risk Squares• Impact and Likelihood  1. What is the impact of this risk to     the ________?  2. How likely is this risk t...
Risk Squares   Confidential
Risk Cubes         “Velocity”Impact         Likelihood                        Confidential
Financial Valuation• How do we get to a $ value instead of “just” a  number?• Need to understand purpose of valuation  – P...
Don’t Kid Yourself• History is history; the future is something else• Financial valuations are generally no less  reliable...
Scenario Analysis• Top-down approach to identify major risk  scenarios• Will use heavy combination of subjective and  obje...
Top-Down vs. Bottom-Up• Different purposes• Scenarios at top level are generally strategic• Risks at lower level are gener...
Linking the Data Together• Generate the risk                     S1    S2    S3    S4    S5  scenarios• Use them as part o...
Linking the Data Together• Ensures that business               S1    S2    S3    S4    S5  has freedom to think  out of th...
Risk Surveys• Collaborative approach• Sit round a table, or via teleconference, and  everyone has an opinion• Lots of inpu...
Webinar Focus•   Purpose of Assessing Risks•   Different Assessment Methodologies•   Strengths and Weaknesses•   How to Ch...
Common Factors• All approaches have a fundamental common  theme Identify          Assess           Respond• Methodology ch...
How do we Identify Risks?• Do we let them tell us what their risks are?• Do we tell people what their risks are?• How do w...
The Blank Sheet Approach• Business identifies their own  risks• Based on their own  knowledge and  understanding• Accounta...
The Template Approach• Risk department build  template• Pre-defined risks• Business asked to assess  the risks• Submit the...
Strengths and Weaknesses• Template Approach  • We never create the opportunity for creativity  • We never reinforce owners...
Which is the “Worst” Risk? RiskImpact         R1   R2   R3   R4        R5   R6   R7   R8   R9                        Confi...
Webinar Focus•   Purpose of Assessing Risks•   Different Assessment Methodologies•   Strengths and Weaknesses•   How to Ch...
Remember the Purpose• To gain a sense of the “size” of the risks• To prioritise based on our analysis• Most important thin...
How do we Respond to Risks?• Risk Assessment gives us our opportunity to  respond accordingly  – Accept / Tolerate  – Miti...
Example from easy2complyRiskControls                    Confidential
Risk Score vs. Residual Risk• The risk score together with the control  effectiveness generates the Residual Risk         ...
Questions and Answers   Jeremy Kaye, VP GRC Strategy   +44 20 7903 5139   jeremy.kaye@easy2comply.com        Confidential
Upcoming SlideShare
Loading in …5
×

Webinar - Risk Methodologies - Why are there so many?

1,000 views

Published on

Webinar: Why are there SO MANY risk assessment methodologies?

We’ll explore that very question during our webinar as we focus on:

1) The purpose of assessing risks
2) Various methodologies
3) Strengths and weaknesses of particular methods
4) How to choose a methodology that’s the most relevant to your business

Published in: Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,000
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Webinar - Risk Methodologies - Why are there so many?

  1. 1. Risk MethodologiesWhy are there so many? 1st June 2011
  2. 2. PresenterJeremy Kaye, VP GRC Strategy+44 20 7903 5139jeremy.kaye@easy2comply.com Confidential
  3. 3. Housekeeping• The slides for this event will be distributed afterwards• The webinar recording will be archived on easy2comply website• Q&A at the end Confidential
  4. 4. Webinar Focus• Purpose of Assessing Risks• Different Methodologies• Strengths and Weaknesses• How to Choose? Confidential
  5. 5. Risk: A Definition• Possibility of loss or injury• Someone or something that creates a hazard• Chance of loss to the subject matter of an insurance contract• Chance that an investment will lose value• Potential that a chosen action will lead to an undesirable outcome Confidential
  6. 6. Risk versus Uncertainty• Uncertainty is where there are different outcomes• Risk is your potential exposure to those outcomes• We can be uncertain about the winner of a contest, but unless we have some personal stake in it, we have no risk• Risk Assessment is therefore subjective November 2008: Viewed and Bauer came right down to the line in the Melbourne Cup Confidential
  7. 7. Types of Risks Examples of• Market Risk Financial Risks• Credit Risk Note: We’re not referring to financial assessment• Liquidity Risk methodologies but to types of risk whose nature is financial• Strategic Risk Examples of Non- Financial Risks• Operational Risk• Business Risk• IT Risk Confidential
  8. 8. Purpose of Risk Assessment• To gain a sense of the “size” of the risks• To prioritise based on our analysis• To determine a course of action (controls) as needed Confidential
  9. 9. Webinar Focus• Purpose of Assessing Risks• Different Assessment Methodologies• Strengths and Weaknesses• How to Choose? Confidential
  10. 10. Examples of Methodologies and Techniques• Methodology Examples: CRAMM, ISO31000, 27005• Techniques: – Scorecards – Questionnaires – Risk Squares – Financial Valuation – Scenario Confidential
  11. 11. Scorecards• Purpose is to attain an overall score for the risk – Questions broken into sections – Each question has a score – Each section has an overall score Score: 1 Score: 3 Score: 2 Overall Score: 6 Confidential
  12. 12. Questionnaires• Purpose is to attain a set of descriptive information about the risk• Questions and Answers• Don’t necessarily generate a score; yield information Confidential
  13. 13. Risk Squares• Impact and Likelihood 1. What is the impact of this risk to the ________? 2. How likely is this risk to occur?• Risk score generated by multiplying two values• Variables: – The scale – The values – Odd vs. Even Confidential
  14. 14. Risk Squares Confidential
  15. 15. Risk Cubes “Velocity”Impact Likelihood Confidential
  16. 16. Financial Valuation• How do we get to a $ value instead of “just” a number?• Need to understand purpose of valuation – Prioritisation – “Real” valuation• What’s the difference?• Parameters we could use: – Direct history – Insurance data – Management insight Confidential
  17. 17. Don’t Kid Yourself• History is history; the future is something else• Financial valuations are generally no less reliable than other measures• How do we aggregate them?• Do the numbers make sense? Confidential
  18. 18. Scenario Analysis• Top-down approach to identify major risk scenarios• Will use heavy combination of subjective and objective data• Incorporates many people into the process• Single scenario: – Real history – Insurance coverage – Overall control environment – Ownership – Potential loss expression – “Other” impacts Confidential
  19. 19. Top-Down vs. Bottom-Up• Different purposes• Scenarios at top level are generally strategic• Risks at lower level are generally for business management• Need to find a way to link them Confidential
  20. 20. Linking the Data Together• Generate the risk S1 S2 S3 S4 S5 scenarios• Use them as part of the risk classification• Allow business to R1 R2 R3 R4 R5 identify their own risks R6 R7 R8 R9 R10• Map low-level risks to R11 R12 R13 R14 R15 the higher-level scenarios Confidential
  21. 21. Linking the Data Together• Ensures that business S1 S2 S3 S4 S5 has freedom to think out of the box• Gives executive management a view on R1 R2 R3 R4 R5 how risk scenarios are R6 R7 R8 R9 R10 expressed throughout R11 R12 R13 R14 R15 the business Confidential
  22. 22. Risk Surveys• Collaborative approach• Sit round a table, or via teleconference, and everyone has an opinion• Lots of input Confidential
  23. 23. Webinar Focus• Purpose of Assessing Risks• Different Assessment Methodologies• Strengths and Weaknesses• How to Choose? Confidential
  24. 24. Common Factors• All approaches have a fundamental common theme Identify Assess Respond• Methodology choice is very personal Confidential
  25. 25. How do we Identify Risks?• Do we let them tell us what their risks are?• Do we tell people what their risks are?• How do we stop “the lost pencil” effect? Blank Sheet Templates Confidential
  26. 26. The Blank Sheet Approach• Business identifies their own risks• Based on their own knowledge and understanding• Accountability and responsibility for the process• Submit the data back to central team Confidential
  27. 27. The Template Approach• Risk department build template• Pre-defined risks• Business asked to assess the risks• Submit the data back to the risk team• Allows for standardization Confidential
  28. 28. Strengths and Weaknesses• Template Approach • We never create the opportunity for creativity • We never reinforce ownership (“not my risks”)• Blank Sheet Approach • Too much creativity / lacks balance • Difficult to compare and aggregate • Too much work (“I don’t have time for this”) Confidential
  29. 29. Which is the “Worst” Risk? RiskImpact R1 R2 R3 R4 R5 R6 R7 R8 R9 Confidential
  30. 30. Webinar Focus• Purpose of Assessing Risks• Different Assessment Methodologies• Strengths and Weaknesses• How to Choose? Confidential
  31. 31. Remember the Purpose• To gain a sense of the “size” of the risks• To prioritise based on our analysis• Most important thing is to have a standardised approach and the ability to compare• Don’t spend months choosing a methodology – get something that is sensible and is practical• Don’t be nervous to amend it over time Confidential
  32. 32. How do we Respond to Risks?• Risk Assessment gives us our opportunity to respond accordingly – Accept / Tolerate – Mitigate / Add Controls – Insure – Review Confidential
  33. 33. Example from easy2complyRiskControls Confidential
  34. 34. Risk Score vs. Residual Risk• The risk score together with the control effectiveness generates the Residual Risk Confidential
  35. 35. Questions and Answers Jeremy Kaye, VP GRC Strategy +44 20 7903 5139 jeremy.kaye@easy2comply.com Confidential

×