1. Effective risk management
Ian Powney (Director Finance and Systems and
Company Secretary, International House Trust/London)
Dublin Conference April 2013 Effective risk management
1
3. Strategic risks
• Lack of strategic vision
• Your board and management – gaps in skill set
• Fail to respond to a challenge
3
Dublin Conference April 2013 Effective risk management
4. External risks
• Cannot access school, for example a fire
• Economic downturn in your market
• Social/terrorist unrest in your market
• Visa or country reputation problem
• Your home currency is too strong
• Short term emergency for example SARS
• Short term emergency but you already paid suppliers
• Competitor activity
• Your intellectual property rights violated (someone steals your
name)
4
Dublin Conference April 2013 Effective risk management
5. Financial risks
• Run out of cash
• Unexpected costs, for example taxation
• You breach the covenant on a bank loan
• Customers don’t pay you
5
Dublin Conference April 2013 Effective risk management
6. Project risks
• You lose control
• Costs more than expected
• IT projects
6
Dublin Conference April 2013 Effective risk management
7. Operational risks
• Lose key staff
• Lose local school accreditation
• Don’t comply with law or regulation
• Course quality declines
• Reputational risks including child supervision
• IT systems failure or data loss
• Costs too high, for example too many staff
7
Dublin Conference April 2013 Effective risk management
8. Risk register
• Likelihood
• Impact (AFTER mitigation)
• Risk rating matrix, formula (weighting for impact):
• (Likelihood x Impact) PLUS Impact
8
Dublin Conference April 2013 Effective risk management
9. Risk Likelihood Ratings
9
Likelihood Description Chance of
occurring
in the next
12 months
Almost
never (1)
The risk event may occur only in
exceptional circumstances
Up to 4%
Unlikely
(2)
The risk event could occur at
some time
10%
Possible
(3)
The risk event is likely to occur
at some time
25%
Likely (4) The risk event will probably
occur in most circumstance
55%
Almost
certain (5)
The risk event is expected to
occur in most circumstances
90%
Dublin Conference April 2013 Effective risk management
10. Risk matrix
10
Likelihood
Almost
Certain
(5)
Low (6) Medium (12) High (18) Critical (24) Critical (30)
Possible
(3)
Low (4) Low (8) Medium (12) High (16) High (20)
Unlikely
(2)
Low (3) Low (6) Medium (9) Medium (12) High (15)
Almost
never
(1)
Low (2) Low (4) Low (6) Low (8) Medium (10)
Minor (1) Moderate (2) Severe (3) Major (4)
Catastrophic
(5) Impact
Likely
(4)
Low (5) Medium (10) High (15) High (20) Critical (25)
Dublin Conference April 2013 Effective risk management
11. Resulting actions
11
Critical & High Risk treatment strategies to be monitored by your Board
Medium Risk treatment strategies to be implemented by risk owner
Low
Acceptable – to be managed under normal control
procedures (not to be shown in the Risk Report)
Dublin Conference April 2013 Effective risk management
12. Example of risk register entries
12
1
Reduction in income due to
competitor activity
4 3 15
Monitoring of
competitor activity
Marketing
manager
2
Intellectual property rights
violated (copyright issues)
3 2 8
Monitoring of
copyright
registrations and
usage
Director
Risk OwnerRef Risk Likelihood Impact Rating Control / Action
Dublin Conference April 2013 Effective risk management
13. 5 ways to manage risks
• Accept the risk and make a conscious decision not to take any
action;
• Accept the risk but take some actions to lessen or minimize its
likelihood or impact;
• Transfer the risk to another individual or organization;
• Insure against the risk; or
• Eliminate the risk by ceasing to perform the activity causing it.
13
Dublin Conference April 2013 Effective risk management
14. Mitigating risks (1)
• Insurance
• Better contracts
• Business continuity plan
• Spare cash
14
Dublin Conference April 2013 Effective risk management
15. Risk culture in your organisation
• Involve staff
• Review business plans for risks
• Regular review of risk register
15
Dublin Conference April 2013 Effective risk management
16. Insurance
• Buildings and contents
• Employer liability
• Director indemnity
• Business interruption (how long?)
• Use a broker ?
16
Dublin Conference April 2013 Effective risk management
17. Take expert advice
• Legal (property)
• Legal (employment)
• Accounting and tax
• IT systems
17
Dublin Conference April 2013 Effective risk management
18. Business continuity plan (disaster recovery)
(1) EXAMPLE
• Handout
18
Dublin Conference April 2013 Effective risk management
19. Business continuity plan (disaster recovery)
(2)
• Updating the plan
• Testing
• Recovery facility at REMOTE LOCATION
• Battle box at REMOTE LOCATION
• Plan activation – who ?
• Incident management team
19
Dublin Conference April 2013 Effective risk management
20. Business continuity plan (disaster recovery)
(3)
• IT and telecoms recovery plan
• Premises recovery plan: teaching / admin
• Staff recovery plan
• Finance and general recovery plan
• Sales and marketing recovery plan
• Student bookings recovery plan
• Each teaching department recovery plans
20
Dublin Conference April 2013 Effective risk management
21. Managing stakeholders
• Bank will want to know your policy
• Talk to your insurance broker/provider
• Make risk management a positive benefit – shout about it
21
Dublin Conference April 2013 Effective risk management
22. Mitigating risks (2)
• Back to earlier list
22
Dublin Conference April 2013 Effective risk management