risk management strategy ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

1. RISK MANAGEMENT HIGH LEVEL BRIEFING
FOR
EFFORT HEAD QUARTERS &ITS SUBSIDIARY COMPANIES’
TOP MANAGEMENT
05 APRIL 2025
MEKELLE, TIGRAY

2. PRESENTATION OUTLINE
INTRODUCTION
2. RISK MGT :- AN OVERVIEW
2.1. BRIEF HISTORY OF RISK MGNT
2.2. DEFINITION OF RISK &RISK MGNMT
2.3. PURPOSE OF RISK MGT
2.4. IMPORTANCE OF RISK MGNT
2.5. GUIDING PRINCIPLES OF SUCCESSFUL RISK MGNT

3. Risk governance 7

2.1. Risk governance structure 7

2.1.1. Audit committee 8

2.1.2. Risk review committee 8

2.1.3. Risk Management Committee 8

2.1.4. Risk cell 9
 2.2. Risk reporting structure
4. RISK MGT FRAMEWORK
5. RISK MANGT PROCESS
6. RISK MGNT CHALLENGES &THE WAY AHEAD

3. SESSION OBJECTIVES
 To explain the importance of Risk Mgt
 To create a shared understanding on Risk
Mgt implementation at corporate & company
levels,
 Describe the of types and nature of risk

4. FOR A START

6. 1. INTRODUCTION
 Risk is part of life and all organizations face multiple risks, which may hinder or prevent
them from achieving their objectives and can lead to operational disruption, escalating
costs, loss of market share, reputational damage, financial losses or in the worst case
scenario, business failure.
 But risks can also offer opportunities to embark on new business ventures, develop new
products and services, increase market share and reap financial gains.
 Risks may arise from internal factors relating to organisational processes, systems and
people or come from external sources ranging from natural disasters and political
upheavals to changes in the economy, the marketplace or the regulatory environment.

7. CONT’ED

8. 2.RISK MANAGEMENT @ GLANCE
2.1.BRIEF HISTORY OF RISK MANAGEMENT
 Risk management has been part of the routine of businesspersons since the very early days. However, it has
gained relevance since the end of the 20th Century with the increased complexity of Institutions & with the
advent of globalization .
 It gradually evolved from financial (insurance)perspective to the historical development to Business &later
to ERM as illustrated in the following continuum.
 .

9. THE CHANGING PATH OF RISK MANAGEMENT

10. 2.2. WHAT IS RISK
 According to ISO31000:2018 Risk is the “effect of uncertainty on objectives”
 The possibility that events will occur and affect the achievement of strategy
and business objectives
 Event: An occurrence or set of occurrences
 Uncertainty: The state of not knowing how or if potential events may
manifest

11. CONT’ED
 An effect is a deviation from the expected
 Both negative (threats)&positive(opportunities).

12. CONT’ED

13. THE NEW VIEW OF RISK

14. THE CHANGING FOCUS OF RISK MANAGEMENT

15. 2.3. SOURCES OF RISK
 Risk can come from many sources & affect the whole
organization.

16. 2. 4. WHAT IS RISK MANAGEMENT ?
 Risk is something that could happen that might
have an impact on the achievement of the
EFFORT& its companies objectives.
 Risk management is therefore a strategic tool and
is an essential part of effective and efficient
Planning&management .
Risk management is the systematic application of management
policies, procedures and practices to establish the context,
identify, analyse, evaluate, treat, monitor and communicate
risk.

17. CONT’ED
Risk management is the systematic
application of management policies,
procedures and practices to establish the
context, identify, analyse, evaluate, treat,
monitor and communicate risk.

19. 2.5.WHY IS RISK MANAGEMENT IMPORTANT ?

20. Cont’ed

21. BENEFITS OF RISK MANAGEMENT

22.  Increases the possibilities of achieving objectives (less variability
in results)
 Proactive Identification and management of risks entity-wide
 Improves Governance process
 Increase positive outcomes and advantage
 Improves stakeholder confidence and trust
 Establishes a reliable basis for decision making and planning (i.e.
no surprise elements)
 Improves operational effectiveness and efficiency
 Improves resource deployment
 Enhances organizational poise and resilience

23. 2.6. RISK MANAGEMENT GUIDING PRINCIPLES
 According to ISO 31000:2018 , Risk Management Standard Risk
Management is based on 11 Key Guiding Principles as derscribed as
follows:
 This risk management Strategy is based on the following key principles:
 a. Integrated
 Risk management is an integral part of all organisational activities.
 b. Structured and comprehensive
 A structured and comprehensive approach to risk management
contributes to consistent and
 comparable results.
 c. Customised
 The risk management Strategy and process are customised and
proportionate to the
 organisation’s external and internal context related to its objectives.

24. CONT’ED
 The 11 principles of acts as a guideline for effective
risk management at all levels.
 These principles aim to change the mindset of an
organization’s management & staff, create a new
behavior in risk management, increase risk
awareness, and make risk management an integral
part of their daily job.

25. 3. RISK GOVERNANCE

26. 4. RISK MGT FRAMEWORK

27. 4.RISK MANAGEMENT PROCESSES
The main elements of Risk Management Process are
Step 1. Communicate & consult
.
Step 2. Establish the context
.
Step 3. Identify the risks
.
Step 4. Analyze the risks
.
Step 5. Evaluate the risks
.
Step 6. Treat the risks
.
Step 7. Monitor &review

28. CONT’ED

29. CONT’ED

30. RISK IDENTIFICATION
 The process of taking inventory of all risks in an
organization and defining the potential risk event, the
causes to that risk event, and the potential outcome if that
risk event were to occur th
e potential risk event,
he causes to that risk event, and
the potential outcome if that risk
event were to occur

31. SCOPE OF RISK IDENTIFICATION

33. CONT’ED

38. CONT’ED
 There are two main ways to identify risk ,
1. Retrospective Risks
 Retrospective Risks are those that have previously occurred, such as incidents or
accidents. Retrospective risk identification is often the most common way to identify
risk, and the easiest.
 There are many sources of information about retrospective risk. These include:
Hazard or incident logs or registers
Audit reports
Customer complaints
Accreditation documents and reports
Past staff or client surveys
Newspapers or professional media, such as journals or websites.

39. 2. Prospective Risks
 Prospective risks are often harder to identify.
 These are things that have not yet happened, but might happen some time in the
future.
 Techniques for identifying prospective risks include:
• Brainstorming with staff or external stakeholders
• Researching the economic, political, legislative and operating environment
• Conducting interviews with relevant people and/or organizations
• Undertaking surveys of staff or clients to identify anticipated issues or problems
• Flow charting a process
• Reviewing system design or preparing system analysis techniques.

41. THREE BASIC CAUSES OF RISK

44. ROOT CAUSE ANALYSIS

45. RISK TREATMENT STRATEGY

46. RISK MANAGEMENT MONITORING

47. RISK REPORTING &RECORDING
 Risk Matrix
 A risk matrix is a key tool used to analyse the
probability and impact of a risk

48. RISK MATURITY MODELS
A risk maturity assessment measures an organisation’s
processes according to best practice, against clear
external benchmarks. This establishes the organisation’s
‘risk maturity level’ and assists with identifying areas of
improvement to become more risk mature.

49. CONT’ED

50. CONT’ED

51. CONT’ED

52. Value of Risk Maturity Models
 Helps determine next stepsRest of current year
 2-5 year horizon
 Provides common language of risk with external
stakeholdersRating agencies
 Accrediting bodies
 Government

53. Govenance Structure :-ROLES & RESPONSIBILITIES

54. BOARD OF TRUSTEES
 Overseeing and approving the risk management
framework and risk appetite. •
 Supervising the processes of risk management and
internal control to ensure the processes are ffective.
 Reviewing risk reports from the Risk Management
Committee.
 Establishing a risk aware culture throughout the
Corporate Office &its Subsidiary companies.

55. CORPORATE MANAGEMENT
 Showing good intentions as an example to employees
 Encouraging the corporate culture of risk management and
working to ensure effective and continuous risk
management.
 Encouraging the continuous identification, evaluation,
management, and reporting of risks as a part of normal
operations.
 Defining the roles and responsibilities for managing the
risks with the management.
 Reviewing performance measures against the risk appetite
and providing advice on corrective actions, as well as
identifying additional significant risks to the organization.

56. RISK MANAGEMENT COMMITTEE
 • Reviewing and approving the risk management policy.
 Supervising the implementation of the risk management
framework and risk management policies. •
 Supervising risk management to ensure it complies with the risk
appetite.
 Receiving key risk reports from the Corporate Departments
and subsidiary companies & forward its comments .
 Promoting awareness of risk at corporate &companies’ level.
 Reporting corporate risk to the Board of Directors.

57.  Ensuring corrective and preventive actions have been
implemented on identified findings,
 Reviewing the compliance with policy and risk
management processes to ensure that they are
implemented properly, and reporting the result to the
Audit Committee.
 Share concerned issues and risks found with Risk
Management team in order to ensure that all
concerned risks are listed in the Risk Register with
appropriate mitigation plans.

58. INTERNAL AUDIT
 Approving an internal audit plan using risk
information as reported by the Risk Management
Committee.
 Supervising internal auditors to review the risk
management process and internal controls to ensure
that the process is efficient and effective. •
 Promoting a corporate culture of risk management.

59. STAFF
 Ensuring that risk management and internal control
are a part of daily operations and complying with
the policy, framework, and risk management process
approved by the Board of Trustees.
 Reporting any major risk or problem in risk
management to the supervisor.

60. THREE LINES OF DEFENCE

61. RISK MGT CHALLENGES

62. THE WAY FORWARD

63. ANNEXTURES
 RISK REGISTER
 RISK MATRIX

64. THANK YOU FOR YOUR ATTENTION !!!

65. THE END
E-Mail:- teklayweldegerima@gmail.com