SlideShare a Scribd company logo

PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx

Download as PPTX, PDF
G
GraciaSuratos

Risk management

Education
1 of 78
PRINCIPLES OF RISK AND MANAGEMENT Krysthel Irish D. Bocobo Discussant
Learning Objectives: Discuss the concepts and classifications of risk and management. Describe the main approaches to the analysis and evaluation of risk. Distinguish the main features of risk control techniques
D. Risk Assessment 1: Introduction and Identification 1.Risk Assessment Consideration 2.Risk Classification systems (Risk Identification) 3.Risk Causes (Sources) and Consequences
1. Risk assessment considerations Risk assessment is identifying hazards in a workplace and formulating control measures against them. A risk assessment involves identifying hazards and risk factors, analyzing and evaluating the likelihood of their occurrence, determining ways to eliminate or control them and documenting your findings.
Key Elements of Risk Assessment:  Scope. Assessing a product, an organizational process, a workplace area.  Resources Needed. Type of training tools and equipment needed to effectively carry out a risk assessment.  Key persons. Identify the personnel involve in the risk assessment planning and implementation. They can be the managers, supervisors, workers, vendors, suppliers.  Laws, regulations and internal policies. Non- compliance could lead to hefty fines and other offenses.
How to Perform Risk Assessment in 4 Steps?  Understand and identify the hazards and risks.  Hazard. Something that has the potential of causing harm to people, property or the environment.  Risk. Likelihood of a hazard to cause harm or damage under defined circumstances.  Evaluate the risks. Consider how, where, how much, and how long individuals are typically exposed to a potential hazard.
How to Perform Risk Assessment in 4 Steps?  Decide on the control measure to implement. The National Institute for Occupational Safety and Health’s Hierarchy of controls establish five control measures for each hazard identified.  Document your findings. All risk assessment should be formally kept for future review and updates.
2. Risk classification systems (Risk Identification) There are six aspects of risk classification system such as:  Political. This factor determines the extent to which a government may influence the economy or a certain industry. These political factors include tax policies, fiscal policy, trade tariffs which may levy around the fiscal year and it may affect the business environment.  Economic. This factor determines of an economy’s performance that directly impacts a company and have resonating long term effects. Economic factors include inflation rate, interest rates, foreign exchange rates, economic growth patterns.  Social. This factor determines into consideration all events that affect the market and community socially. Social factors include cultural expectations, norms, population dynamics, healthy consciousness, career altitudes, global warming.
2. Risk classification systems (Risk Identification) There are six aspects of risk classification system such as:  Technological. This factor determines of innovations in technology that may affect the operations of the industry and the market favorably or unfavorably. Technological factors include automation, research and development and the amount of technological awareness in market possesses.  Legal. This factor determines into account both of these angles and then charts out the strategies in light of these legislations. Legal factors include consumer laws, safety standards, labor laws.  Ethical or Environmental. This factor is determined by the surrounding environment. Environmental factors include but are not limited to climate, weather, geographical location, global changes in climate, environmental offsets, ground conditions, ground contamination, nearby water sources.
There are several timescales of risk classification systems such as:  A short-term risk (Immediately) has the ability to impact the objectives, key dependencies and core processes, with the impact being immediate. These risks can cause disruption to operations immediately when the event occurs.  A medium-term risk (up to 1 year or decision makes) has the ability to impact the organization following a (short) delay after the event occurs. The impact of a medium-term risk would not be apparent immediately but would be apparent within months, or at most a year after the event.
There are several timescales of risk classification systems such as:  A long-term risk (up to 5 years) has the ability to impact the organization sometime after the event occurs. This impact could occur between one and five years or more after the event.
There are following of risk classification system which adopted for capturing the result of risk assessment with three scoring level such as:  High risk. Risk which potential protection are required by law or that, if compromised can lead to significant impact on organization’s business, safety or finances. These examples are personal data, financial data, central data center, central administrative systems.  Moderate-risk. Risk which has potential compromised, this risk can lead to noticeable impact on organization’s business, safety or finances. These examples are operational systems, official web sites, office computer, etc.
There are following of risk classification system which adopted for capturing the result of risk assessment with three scoring level such as: Low-Risk. Risk which are not classified as high- risk or moderate-risk. These examples are demo systems, published research data.
This is the example scoring level of risk classification:
3. Risk causes (sources) and consequences. Risk statements across the various teams have different audiences, but they should all follow the same structure with the following elements:  Risk Cause – This is why something could go wrong. It is here that we consider what needs to be done to prevent it.  Risk Event – This is what could go wrong. This is where the uncertainty lies—the existence of the cause does not mean the event will happen. But if it does, there will most likely be an impact.
3. Risk causes (sources) and consequences. Consequence – This is the potential outcome of the event. It is the impact on the Critical Success Factors and highlights why we must pay attention to the risk..
E. Risk Assessment: Risk Analysis and Evaluation 1. Introduction to risk analysis, risk likelihood and impact, loss control 2. Defining the upside risk 3. The importance of risk appetite (Risk Evaluation)
1. Introduction to risk analysis, risk likelihood and impact, loss control Risk Analysis The process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. This process is done in order to help organizations avoid or mitigate those risks. Performing a risk analysis includes considering the possibility of adverse events caused by either natural processes, like severe storms, earthquakes or floods, or adverse events caused by malicious or inadvertent human activities. An important part of risk analysis is identifying the potential for harm from these events, as well as the likelihood that they will occur.
Why is risk analysis important? Anticipate and reduce the effect of harmful results from adverse events. Evaluate whether the potential risks of a project are balanced by its benefits to aid in the decision process when evaluating whether to move forward with the project; Plan responses for technology or equipment failure or loss from adverse events, both natural and human-caused; and Identify the impact of and prepare for changes in the enterprise environment, including the likelihood of new competitors entering the market or changes to government regulatory policy.
Risk likelihood and impact Risk likelihood is the state of being probable or chance of a threat occurring.
Risk likelihood and impact You don’t need a complex system in order to improve or support your organization’s security environment. However, your organization’s leaders need tools that show them where to spend time and resources in order to reduce potential risks to the company. That’s how risk assessments can shed light on the key factors in this decision-making process.
Risk likelihood and impact The standard described implies that a realistic assessment of risk requires an understanding of these areas: Threats to an organization Potential vulnerabilities within the organization Likelihood and impacts of successfully exploiting the vulnerabilities with those threats
Risk likelihood and impact For handling the most basic level of risk assessment, risk managers can follow this simple formula: Risk = (Threat x Vulnerabilities) x Impact
Risk likelihood and impact The first part of the formula (Threats x Vulnerabilities) identifies the likelihood of a risk. For example, if there’s a known security flaw in older versions of software you use, there’s the threat of hackers exploiting that particular vulnerability to compromise your system. But if you’ve applied the latest software patches that fix the problem, then the vulnerability cannot be exploited, and the threat has been eliminated. Impact measures how much disruption you’ll face if the threat actually occurs. Combining likelihood and impact produces a residual risk rating of Low, Medium or High. Each organization’s residual risk rating may differ based on the likelihood and impact that each control deficiency introduces.
Risk likelihood and impact You could also represent this concept with a simple chart like this one:
Loss Control A risk management technique that seeks to reduce the possibility that a loss will occur and reduce the severity of those that do occur. A loss control program should help reduce claims, and insurance companies reduce losses through safety and risk management information and services.
2. Defining Upside of Risk Upside of risk is the chance than an asset or investment will increase in value beyond the expectations. It is an example of positive risk, or the chance that you’ll achieve too much of a good thing.
2. Defining Upside of Risk There is a belief amongst risk management practitioners that risk management makes a significant contribution to the operation of the organization and this contribution is often described as the upside of risk. In simple terms, the upside of risk is achieved when the benefits obtained from taking the risk are greater than any benefit that would have resulted from not taking it.
3.The Importance of Risk Appetite (Risk Evaluation) Risk appetite is the amount of risk an organization is willing to take in pursuit of objectives it deems have value. Risk appetite can also be described as an organization's risk capacity, or the maximum amount of residual risk it will accept after controls and other measures have been put in place.
3.The Importance of Risk Appetite (Risk Evaluation) Factors that influence risk appetite Culture of an organization Industry an organization is in Competitors Types of initiatives pursued Current industry position and/ or financial strength
(F. Risk responses and risk treatment) 1. Introduction to risk treatment and risk response 2. The 4Ts 3. Risk control techniques (PCDDD) 4. Control of selected hazard risks 5. Introduction to monitoring and review 6. Insurance and risk transfer 7. Business continuity planning
1. Introduction to risk treatment and risk response Risk treatment is the process of selecting and implementing of measures to modify risk. Risk treatment measures can include avoiding, optimizing, transferring or retaining risk. Risk response Leadership’s response or action towards the existence of a risk.
There are four possible risk response strategies for negative risks: Avoid. Eliminate the threat to protect the project from the impact of the risk. An example of this is cancelling the project. Transfer. Shifts the impact of the threat to as third party, together with ownership of the response. An example of this is insurance.
There are four possible risk response strategies for negative risks: Mitigate. Act to reduce the probability of occurrence or the impact of the risk. An example of this is choosing a different supplier. Accept. Acknowledge the risk, but do not take any action unless the risk occurs. An example of this is documenting the risk and putting aside funds in case the risk occurs.
There are also four possible risk responses strategies for positive risks, or opportunities: Exploit. Eliminate the uncertainty associated with the risk to ensure it occurs. An example of this is assigning the best workers to a project to reduce time to complete. Enhance. Increases the probability or the positive impacts of an opportunity. An example of this adding more resources to finish early.
There are also four possible risk responses strategies for positive risks, or opportunities: Share. Allocating some or all of the ownership of the opportunity to a third party. An example of this is teams. Acceptance. Being willing to take advantage of the opportunity if it arises but not actively pursuing it. An example of this is documenting the opportunity and calculating benefit if the opportunity occurs.
2. The 4Ts Risk management creates and protects organizational value. As such, it should be a natural and inherent part of what every company does. Risk management is an integral part of decision-making because it explicitly addresses uncertainty.
2. The 4Ts A good way to summarize the different responses is with the 4Ts of risk management: tolerate, terminate, treat and transfer.
2. The 4Ts Tolerate. Sometimes it’s okay to do nothing. The likelihood and impact of the risk is low. You may decide to simply retain the risk because it is acceptable without further actions. Log and monitor the risk because retaining a risk should always be an informed decision. You should not find that your organization has retained a risk by default.
2. The 4Ts Terminate. Sometimes a risk is so far outside your risk appetite. Or is assessed as having such a severe impact on your business that you have stop (i.e. terminate) the activity causing it. For example, you may decide not to start or continue a business activity in a particular country. Or withdraw a product or service from market that gives rise to unacceptable risk.
2. The 4Ts Treat. You will almost certainly decide to take action on the most severe risks. You may act to reduce the likelihood of the risk occurring, or the severity of the consequences if it does. For example, install a firewall to reduce the likelihood of an external intrusion to your IT systems. And implement network segregation if an intruder does gain access.
2. The 4Ts Transfer. Insurance isn’t available for everything. Sometimes while it’s possible to transfer the activity to a third party, you still retain the liability if things go wrong. In the case of the payment card industry data security standards (PCI DSS), a third party arrangement outsources merely the function, not the responsibility or liability for PCI compliance.
3. Risk Control Techniques (PCDD) Management’s responsibility to design and put in place a suitable system of internal controls. Internal controls are designed to deal with financial, operational, and compliance risks. Organizations prepare the risks and control matrix, where risks and related controls are documented. Such a matrix enables the management to review the risks and related controls according to the risk classification, inherent and residual risk assessments, and any apparent weaknesses in the controls.
Risk Control Techniques (PCDD) Further, the controls are marked into different control categories according to the nature of the controls, as follows:
Risk Control Techniques (PCDD) Preventive Controls Prevention of errors and irregularities should be the aim of the organizations. However, in practical scenarios, some errors and risks occur despite implementing of preventive controls. It aims to prevent the occurrence of an error in a process and includes the maker checker concept and authorizations. For example, to prevent the purchase of unauthorized fixed assets, the management has built preventive controls in the form of authorization and approval of fixed asset purchases by the senior management or the asset purchase committee. Such controls ensure that unauthorized asset purchases are discouraged and only those assets shall be purchased and reflected in the financial statements, which the senior management or appropriate committee approves
Risk Control Techniques (PCDD) Preventive controls are designed to stop errors or anomalies from occurring. Examples of preventive controls are: Adequate segregation of duties Proper authorization of transactions Adequate documentation and control assets
Risk Control Techniques (PCDD) Corrective Controls Corrective controls are designed to correct the errors and irregularities and ensure that similar errors are not repeated once they are discovered. Corrective controls are built in the form of procedures and manuals for the reference of the employees. Some controls are built into the system, which automatically corrects the errors or prevents the occurrence of errors.  Examples of corrective controls are:  Policies procedures for reporting errors and irregularities so they can be corrected.  Training employees on new policies and procedures developed as part of the corrective actions.  Positive discipline to prevent employees from making futures errors.  Continuous improvement processes to adopt the latest operational techniques.
Risk Control Techniques (PCDD) Directive Controls Directive controls aim to ensure that identified risks are managed through formal directions provided in various forms to the management and employees of the organization. Directive control requires cross-departmental process understanding, including the embedded regulatory requirements, which are converted into policies and procedures.
Risk Control Techniques (PCDD) Directive Controls These policies and procedures also lead to the development of standard operating procedures and formal directions in specific areas. For example, management prepares the Compliance policy to ensure that broader regulatory requirements are complied. However, management also develops specific operating procedures for the employees, such as procedures or directives to deal with customers before onboarding them. These directions shall refer to the compliance policy and the regulatory requirements which deal with the customer onboarding process.
Risk Control Techniques (PCDD) Directive Controls Similarly, management identifies broader risks and their integration to ensure that relevant directives are prepared and approved for compliance purposes.
Risk Control Techniques (PCDD) Detective Controls Errors in a process need to be detected to ensure corrective measures are taken to minimize the impact on the whole process or activity. Detective controls should aim to detect errors on a timely basis. If the errors are not detected on a timely basis, the effectiveness of detective controls would be marked as ineffective. A strong internal control system always considers the implementation of effective detective controls.
Risk Control Techniques (PCDD) Detective Controls These controls are designed to find errors or irregularities after they have occurred. • Examples of detective controls are: Exception reports: Identifying unexpected results or unusual conditions that require follow-up. Reconciliations: An employee relates different data sets to one another, identifies and investigates differences, and takes corrective action when necessary. Periodic audits: Internal and independent external audits detect errors, irregularities, and non- compliance with laws and regulations.
4. Control of selected hazard risks Control measures include actions that can be taken to reduce the potential of exposure to the hazard, or the control measure could be to remove the hazard or to reduce the likelihood of the risk of the exposure to that hazard being realized. A simple control measure would be the secure guarding of moving parts of machinery eliminating the potential for contact. When we look at control measures, we often refer to the hierarchy of control measures.
4. Control of selected hazard risks
Hierarchy of Controls Eliminate the hazard. Elimination of the hazard is not always achievable though it does totally remove the hazard and thereby eliminates the risk of exposure.
Hierarchy of Controls Substitute the hazard with a lesser risk. Substituting the hazard may not remove all of the hazards associated with the process or activity and may introduce different hazards but the overall harm or health effects will be lessened. In laboratory research, toluene is now often used as a substitute for benzene. The solvent-properties of the two are similar but toluene is less toxic and is not categorized as a carcinogen although toluene can cause severe neurological harm.
Hierarchy of Controls Isolate the hazard. Isolating the hazard is achieved by restricting access to plant and equipment or in the case of substances locking them away under strict controls. When using certain chemicals then a fume cupboard can isolate the hazard from the person, similarly placing noisy equipment in a non-accessible enclosure or room isolates the hazard from the person(s).
Hierarchy of Controls Use engineering controls. Engineering Controls involve redesigning a process to place a barrier between the person and the hazard or remove the hazard from the person, such as machinery guarding, proximity guarding, extraction systems or removing the operator to a remote location away from the hazard.
Hierarchy of Controls Use administrative controls. Administrative controls include adopting standard operating procedures or safe work practices or providing appropriate training, instruction or information to reduce the potential for harm and/or adverse health effects to person(s). Isolation and permit to work procedures are examples of administrative controls.
Hierarchy of Controls Use personal protective equipment. Personal protective equipment (PPE) includes gloves, glasses, earmuffs, aprons, safety footwear, dust masks which are designed to reduce exposure to the hazard. PPE is usually seen as the last line of defense and is usually used in conjunction with one or more of the other control measures. An example of the weakness of this control measure is that it is widely recognized that single-use dust masks cannot consistently achieve and maintain an effective facepiece-to-face seal, and cannot be adequately fit-tested and do not offer much, if any real protection against small particulates and may lead to a false sense of security and increase risk. In such instances an extraction system with fitted respirators may be preferable where the hazard may have significant health effects from low levels of exposure such as using isocyanate containing chemicals.
5. Introduction to monitoring and review Monitoring and review should be a planned part of the risk management process and involve regular checking or surveillance. The results should be recorded and reported externally and internally, as appropriate. The results should also be an input to the review and continuous improvement of the risk management framework.
5. Introduction to monitoring and review Responsibilities for monitoring and review should be clearly defined. The firm's monitoring and review processes should encompass all aspects of the risk management process for the purposes of: Ensuring that controls are effective and efficient in both design and operation. Obtaining further information to improve risk assessment Analyzing and learning lessons from risk events, including near- misses, changes, trends, successes and failures. Detecting changes in the external and internal context, including changes to risk criteria ad to the risks, which may require revision of risk treatments and priorities. Identifying emerging risks.
5. Introduction to monitoring and review
6. Insurance and Risk Transfer Life is inherently risky and it would be impossible to protect yourself against every potential risk you face. But if you are going to work hard, put money aside and invest it in things that are important to you or improve your life, it makes sense to protect those things as best you can.
6. Insurance and Risk Transfer Managing your risk involves a little bit of thought and planning to identify where you might be vulnerable to loss or damage. You do your best to protect your property, but you can also protect yourself from the impact of a natural disaster or if an unexpected event happens.
6. Insurance and Risk Transfer Insurance helps you to manage a risk if something happens to you or your property and helps you recover from the difficulties and financial hardship caused by unexpected events that cause injury and/or a financial loss. The person who buys the policy is known as the policyholder or the insured.
6. Insurance and Risk Transfer In return, the insurance company who issues the policy to you promises it will compensate you under certain loss or damage circumstances as set out in the policy.  Before you make the decision to buy insurance, it makes sense to review your own risks and work out how you can reduce the chance of them occurring and if they do occur, how you might reduce the impact on your life.  For example, you can reduce the risk of bushfire by making sure you have cleared flammable materials away from your house. You can then take out insurance cover so that you are not risking severe financial consequences in the unlikely event your house is damaged or destroyed by bushfire. You are only protected once you pay your premium and, in some circumstances, the policy may not take effect for a predetermined time
6. Insurance and Risk Transfer Risk transfer refers to a risk management technique in which risk is transferred to a third party. In other words, risk transfer involves one party assuming the liabilities of another party. Purchasing insurance is a common example of transferring risk from an individual or entity to an insurance company.
6. Insurance and Risk Transfer
6. Insurance and Risk Transfer How it works:  Risk transfer is a common risk management technique where the potential loss from an adverse outcome faced by an individual or entity is shifted to a third party. To compensate the third party for bearing the risk, the individual or entity will generally provide the third party with periodic payments.  The most common example of risk transfer is insurance. When an individual or entity purchases insurance, they are insuring against financial risks. For example, an individual who purchases car insurance is acquiring financial protection against physical damage or bodily harm that can result from traffic incidents.  As such, the individual is shifting the risk of having to incur significant financial losses from a traffic incident to an insurance company. In exchange for bearing such risks, the insurance company will typically require periodic payments from the individual.
6. Insurance and Risk Transfer Methods of Risk Transfer  Insurance Policy. As outlined above, purchasing insurance is a common method of transferring risk. When an individual or entity is purchasing insurance, they are shifting financial risks to the insurance company. Insurance companies typically charge a fee – an insurance premium – for accepting such risks.  Indemnification clause in contracts. Contracts can also be used to help an individual or entity transfer risk. Contracts can include an indemnification clause – a clause that ensures potential losses will be compensated by the opposing party. In simplest terms, an indemnification clause is a clause in which the parties involved in the contract commit to compensating each other for any harm, liability, or loss arising out of the contract.  For example, consider a client that signs a contract with an indemnification clause. The indemnification clause states that the contract writer will indemnify the client against copyright claims. As such, if the client receives a copyright claim, the contract writer would (1) be obliged to cover the costs related to defending against the copyright claim, and (2) be responsible for copyright claim damages if the client is found liable for copyright infringement.
Business Continuity Planning Business Continuity Planning. The process involved in creating a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and asserts are protected and are able to function quickly in the event of a disaster.
Business Continuity Planning Key take aways:  Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.  BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.  BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.
Understanding Business Continuity Plans (BCPs) BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events— and cyber attacks. Once the risks are identified, the plan should also include:
Understanding Business Continuity Plans (BCPs) • Determining how those risks will affect operations • Implementing safeguards and procedures to mitigate the risks • Testing procedures to ensure they work • Reviewing the process to make sure that it is up to date
Business Continuity Planning There are several steps many companies must follow to develop a solid BCP. They include:  Business Impact Analysis: Here, the business will identify functions and related resources that are time-sensitive.  Recovery: In this portion, the business must identify and implement steps to recover critical business functions.  Organization: A continuity team must be created. This team will devise a plan to manage the disruption.  Training: The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.
“Risk management is a more realistic term than safety. It implies that hazards are ever-present, that they must be identified, analyzed, evaluated and controlled or rationally accepted.“ - Jerome F. Lederer
THANK YOU!

Recommended

Pm0016 set-1
Pm0016 set-1Pm0016 set-1
Pm0016 set-1Paul Hunt
 
An introduction to finance
An introduction to financeAn introduction to finance
An introduction to financeRobert Reed
 
Module 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfModule 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfmarjondimafilis
 
AbstractKey FeaturesAssessmentIntroductionMeasur.docx
AbstractKey FeaturesAssessmentIntroductionMeasur.docxAbstractKey FeaturesAssessmentIntroductionMeasur.docx
AbstractKey FeaturesAssessmentIntroductionMeasur.docxransayo
 
Risk management osh
Risk management oshRisk management osh
Risk management oshjaycatubig
 
Hazards and risk management
Hazards and risk managementHazards and risk management
Hazards and risk managementsaurastra university
 
Risk management Phase 1-5 Individual Project.docx
Risk management Phase 1-5 Individual Project.docxRisk management Phase 1-5 Individual Project.docx
Risk management Phase 1-5 Individual Project.docxjoellemurphey
 
CHAPTER 7 Risk Assessment, Security Surveys, and PlanningLEARNIN.docx
CHAPTER 7 Risk Assessment, Security Surveys, and PlanningLEARNIN.docxCHAPTER 7 Risk Assessment, Security Surveys, and PlanningLEARNIN.docx
CHAPTER 7 Risk Assessment, Security Surveys, and PlanningLEARNIN.docxchristinemaritza
 

Recommended

Pm0016 set-1
Pm0016 set-1Pm0016 set-1
Pm0016 set-1Paul Hunt
 
An introduction to finance
An introduction to financeAn introduction to finance
An introduction to financeRobert Reed
 
Module 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfModule 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfmarjondimafilis
 
AbstractKey FeaturesAssessmentIntroductionMeasur.docx
AbstractKey FeaturesAssessmentIntroductionMeasur.docxAbstractKey FeaturesAssessmentIntroductionMeasur.docx
AbstractKey FeaturesAssessmentIntroductionMeasur.docxransayo
 
Risk management osh
Risk management oshRisk management osh
Risk management oshjaycatubig
 
Hazards and risk management
Hazards and risk managementHazards and risk management
Hazards and risk managementsaurastra university
 
Risk management Phase 1-5 Individual Project.docx
Risk management Phase 1-5 Individual Project.docxRisk management Phase 1-5 Individual Project.docx
Risk management Phase 1-5 Individual Project.docxjoellemurphey
 
CHAPTER 7 Risk Assessment, Security Surveys, and PlanningLEARNIN.docx
CHAPTER 7 Risk Assessment, Security Surveys, and PlanningLEARNIN.docxCHAPTER 7 Risk Assessment, Security Surveys, and PlanningLEARNIN.docx
CHAPTER 7 Risk Assessment, Security Surveys, and PlanningLEARNIN.docxchristinemaritza
 
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)Keith Darcy
 
Icab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICABIcab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICABSazzad Hossain, ITP, MBA, CSCA™
 
Table of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docxTable of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docxmattinsonjanel
 
اهم برزنتيشن لجنك2222
اهم برزنتيشن لجنك2222اهم برزنتيشن لجنك2222
اهم برزنتيشن لجنك2222nashaat algrara
 
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...Alexei Sidorenko, CRMP
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxprasannroy1
 
Global Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoGlobal Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoMatthewTennant613
 
Risk Management.docx
Risk Management.docxRisk Management.docx
Risk Management.docxCPA Australia
 
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
MBA 6941, Managing Project Teams 1 Course Learning Ou.docxaryan532920
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessmentDrMohammedFarid
 
Risk management
Risk managementRisk management
Risk managementSazzad Hossain, ITP, MBA, CSCA™
 
Risk management
Risk managementRisk management
Risk managementAzhar Aslam
 
Risk management
Risk managementRisk management
Risk managementaseel m
 
9 .docx
9 .docx9 .docx
9 .docxsleeperharwell
 
Project/Program Risk management
Project/Program Risk managementProject/Program Risk management
Project/Program Risk managementShan Sokhanvar (CISM, AWS-SAP, PMP, MCTS)
 
RISK MANAGEMENT.pptx
RISK MANAGEMENT.pptxRISK MANAGEMENT.pptx
RISK MANAGEMENT.pptxssuser107f14
 
Risk Management
Risk ManagementRisk Management
Risk ManagementRaina Zia
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 

More Related Content

Similar to PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx

WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)Keith Darcy
 
Table of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docxTable of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docxmattinsonjanel
 
اهم برزنتيشن لجنك2222
اهم برزنتيشن لجنك2222اهم برزنتيشن لجنك2222
اهم برزنتيشن لجنك2222nashaat algrara
 
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...Alexei Sidorenko, CRMP
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxprasannroy1
 
Global Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoGlobal Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoMatthewTennant613
 
Risk Management.docx
Risk Management.docxRisk Management.docx
Risk Management.docxCPA Australia
 
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
MBA 6941, Managing Project Teams 1 Course Learning Ou.docxaryan532920
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterDion K Hamilton
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessmentDrMohammedFarid
 
Risk management
Risk managementRisk management
Risk managementaseel m
 
RISK MANAGEMENT.pptx
RISK MANAGEMENT.pptxRISK MANAGEMENT.pptx
RISK MANAGEMENT.pptxssuser107f14
 
Risk Management
Risk ManagementRisk Management
Risk ManagementRaina Zia
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 

Similar to PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx (20)

WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
 
Icab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICABIcab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICAB
 
Table of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docxTable of ContentsIntroduction3P.docx
Table of ContentsIntroduction3P.docx
 
اهم برزنتيشن لجنك2222
اهم برزنتيشن لجنك2222اهم برزنتيشن لجنك2222
اهم برزنتيشن لجنك2222
 
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...
RISK-ACADEMY’s guide on compliance risk in non-financial companies. Free down...
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
Global Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoGlobal Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health Co
 
Risk Management.docx
Risk Management.docxRisk Management.docx
Risk Management.docx
 
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
MBA 6941, Managing Project Teams 1 Course Learning Ou.docx
 
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_NewsletterSTRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
STRATEGIC RISK ADVISORY SOLUTIONS_Risk Management_Newsletter
 
5 steps for better risk assessment
5 steps for better risk assessment5 steps for better risk assessment
5 steps for better risk assessment
 
Risk management
Risk managementRisk management
Risk management
 
Risk management
Risk managementRisk management
Risk management
 
Risk management
Risk managementRisk management
Risk management
 
9 .docx
9 .docx9 .docx
9 .docx
 
Project/Program Risk management
Project/Program Risk managementProject/Program Risk management
Project/Program Risk management
 
RISK MANAGEMENT.pptx
RISK MANAGEMENT.pptxRISK MANAGEMENT.pptx
RISK MANAGEMENT.pptx
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 

Recently uploaded

Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 

Recently uploaded (20)

Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 

PRINCIPLES-OF-RISK-AND-MANAGEMENT.pptx

  • 1. PRINCIPLES OF RISK AND MANAGEMENT Krysthel Irish D. Bocobo Discussant
  • 2. Learning Objectives: Discuss the concepts and classifications of risk and management. Describe the main approaches to the analysis and evaluation of risk. Distinguish the main features of risk control techniques
  • 3. D. Risk Assessment 1: Introduction and Identification 1.Risk Assessment Consideration 2.Risk Classification systems (Risk Identification) 3.Risk Causes (Sources) and Consequences
  • 4. 1. Risk assessment considerations Risk assessment is identifying hazards in a workplace and formulating control measures against them. A risk assessment involves identifying hazards and risk factors, analyzing and evaluating the likelihood of their occurrence, determining ways to eliminate or control them and documenting your findings.
  • 5. Key Elements of Risk Assessment:  Scope. Assessing a product, an organizational process, a workplace area.  Resources Needed. Type of training tools and equipment needed to effectively carry out a risk assessment.  Key persons. Identify the personnel involve in the risk assessment planning and implementation. They can be the managers, supervisors, workers, vendors, suppliers.  Laws, regulations and internal policies. Non- compliance could lead to hefty fines and other offenses.
  • 6. How to Perform Risk Assessment in 4 Steps?  Understand and identify the hazards and risks.  Hazard. Something that has the potential of causing harm to people, property or the environment.  Risk. Likelihood of a hazard to cause harm or damage under defined circumstances.  Evaluate the risks. Consider how, where, how much, and how long individuals are typically exposed to a potential hazard.
  • 7. How to Perform Risk Assessment in 4 Steps?  Decide on the control measure to implement. The National Institute for Occupational Safety and Health’s Hierarchy of controls establish five control measures for each hazard identified.  Document your findings. All risk assessment should be formally kept for future review and updates.
  • 8. 2. Risk classification systems (Risk Identification) There are six aspects of risk classification system such as:  Political. This factor determines the extent to which a government may influence the economy or a certain industry. These political factors include tax policies, fiscal policy, trade tariffs which may levy around the fiscal year and it may affect the business environment.  Economic. This factor determines of an economy’s performance that directly impacts a company and have resonating long term effects. Economic factors include inflation rate, interest rates, foreign exchange rates, economic growth patterns.  Social. This factor determines into consideration all events that affect the market and community socially. Social factors include cultural expectations, norms, population dynamics, healthy consciousness, career altitudes, global warming.
  • 9. 2. Risk classification systems (Risk Identification) There are six aspects of risk classification system such as:  Technological. This factor determines of innovations in technology that may affect the operations of the industry and the market favorably or unfavorably. Technological factors include automation, research and development and the amount of technological awareness in market possesses.  Legal. This factor determines into account both of these angles and then charts out the strategies in light of these legislations. Legal factors include consumer laws, safety standards, labor laws.  Ethical or Environmental. This factor is determined by the surrounding environment. Environmental factors include but are not limited to climate, weather, geographical location, global changes in climate, environmental offsets, ground conditions, ground contamination, nearby water sources.
  • 10. There are several timescales of risk classification systems such as:  A short-term risk (Immediately) has the ability to impact the objectives, key dependencies and core processes, with the impact being immediate. These risks can cause disruption to operations immediately when the event occurs.  A medium-term risk (up to 1 year or decision makes) has the ability to impact the organization following a (short) delay after the event occurs. The impact of a medium-term risk would not be apparent immediately but would be apparent within months, or at most a year after the event.
  • 11. There are several timescales of risk classification systems such as:  A long-term risk (up to 5 years) has the ability to impact the organization sometime after the event occurs. This impact could occur between one and five years or more after the event.
  • 12. There are following of risk classification system which adopted for capturing the result of risk assessment with three scoring level such as:  High risk. Risk which potential protection are required by law or that, if compromised can lead to significant impact on organization’s business, safety or finances. These examples are personal data, financial data, central data center, central administrative systems.  Moderate-risk. Risk which has potential compromised, this risk can lead to noticeable impact on organization’s business, safety or finances. These examples are operational systems, official web sites, office computer, etc.
  • 13. There are following of risk classification system which adopted for capturing the result of risk assessment with three scoring level such as: Low-Risk. Risk which are not classified as high- risk or moderate-risk. These examples are demo systems, published research data.
  • 14. This is the example scoring level of risk classification:
  • 15. 3. Risk causes (sources) and consequences. Risk statements across the various teams have different audiences, but they should all follow the same structure with the following elements:  Risk Cause – This is why something could go wrong. It is here that we consider what needs to be done to prevent it.  Risk Event – This is what could go wrong. This is where the uncertainty lies—the existence of the cause does not mean the event will happen. But if it does, there will most likely be an impact.
  • 16. 3. Risk causes (sources) and consequences. Consequence – This is the potential outcome of the event. It is the impact on the Critical Success Factors and highlights why we must pay attention to the risk..
  • 17. E. Risk Assessment: Risk Analysis and Evaluation 1. Introduction to risk analysis, risk likelihood and impact, loss control 2. Defining the upside risk 3. The importance of risk appetite (Risk Evaluation)
  • 18. 1. Introduction to risk analysis, risk likelihood and impact, loss control Risk Analysis The process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. This process is done in order to help organizations avoid or mitigate those risks. Performing a risk analysis includes considering the possibility of adverse events caused by either natural processes, like severe storms, earthquakes or floods, or adverse events caused by malicious or inadvertent human activities. An important part of risk analysis is identifying the potential for harm from these events, as well as the likelihood that they will occur.
  • 19. Why is risk analysis important? Anticipate and reduce the effect of harmful results from adverse events. Evaluate whether the potential risks of a project are balanced by its benefits to aid in the decision process when evaluating whether to move forward with the project; Plan responses for technology or equipment failure or loss from adverse events, both natural and human-caused; and Identify the impact of and prepare for changes in the enterprise environment, including the likelihood of new competitors entering the market or changes to government regulatory policy.
  • 20. Risk likelihood and impact Risk likelihood is the state of being probable or chance of a threat occurring.
  • 21. Risk likelihood and impact You don’t need a complex system in order to improve or support your organization’s security environment. However, your organization’s leaders need tools that show them where to spend time and resources in order to reduce potential risks to the company. That’s how risk assessments can shed light on the key factors in this decision-making process.
  • 22. Risk likelihood and impact The standard described implies that a realistic assessment of risk requires an understanding of these areas: Threats to an organization Potential vulnerabilities within the organization Likelihood and impacts of successfully exploiting the vulnerabilities with those threats
  • 23. Risk likelihood and impact For handling the most basic level of risk assessment, risk managers can follow this simple formula: Risk = (Threat x Vulnerabilities) x Impact
  • 24. Risk likelihood and impact The first part of the formula (Threats x Vulnerabilities) identifies the likelihood of a risk. For example, if there’s a known security flaw in older versions of software you use, there’s the threat of hackers exploiting that particular vulnerability to compromise your system. But if you’ve applied the latest software patches that fix the problem, then the vulnerability cannot be exploited, and the threat has been eliminated. Impact measures how much disruption you’ll face if the threat actually occurs. Combining likelihood and impact produces a residual risk rating of Low, Medium or High. Each organization’s residual risk rating may differ based on the likelihood and impact that each control deficiency introduces.
  • 25. Risk likelihood and impact You could also represent this concept with a simple chart like this one:
  • 26. Loss Control A risk management technique that seeks to reduce the possibility that a loss will occur and reduce the severity of those that do occur. A loss control program should help reduce claims, and insurance companies reduce losses through safety and risk management information and services.
  • 27. 2. Defining Upside of Risk Upside of risk is the chance than an asset or investment will increase in value beyond the expectations. It is an example of positive risk, or the chance that you’ll achieve too much of a good thing.
  • 28. 2. Defining Upside of Risk There is a belief amongst risk management practitioners that risk management makes a significant contribution to the operation of the organization and this contribution is often described as the upside of risk. In simple terms, the upside of risk is achieved when the benefits obtained from taking the risk are greater than any benefit that would have resulted from not taking it.
  • 29. 3.The Importance of Risk Appetite (Risk Evaluation) Risk appetite is the amount of risk an organization is willing to take in pursuit of objectives it deems have value. Risk appetite can also be described as an organization's risk capacity, or the maximum amount of residual risk it will accept after controls and other measures have been put in place.
  • 30. 3.The Importance of Risk Appetite (Risk Evaluation) Factors that influence risk appetite Culture of an organization Industry an organization is in Competitors Types of initiatives pursued Current industry position and/ or financial strength
  • 31. (F. Risk responses and risk treatment) 1. Introduction to risk treatment and risk response 2. The 4Ts 3. Risk control techniques (PCDDD) 4. Control of selected hazard risks 5. Introduction to monitoring and review 6. Insurance and risk transfer 7. Business continuity planning
  • 32. 1. Introduction to risk treatment and risk response Risk treatment is the process of selecting and implementing of measures to modify risk. Risk treatment measures can include avoiding, optimizing, transferring or retaining risk. Risk response Leadership’s response or action towards the existence of a risk.
  • 33. There are four possible risk response strategies for negative risks: Avoid. Eliminate the threat to protect the project from the impact of the risk. An example of this is cancelling the project. Transfer. Shifts the impact of the threat to as third party, together with ownership of the response. An example of this is insurance.
  • 34. There are four possible risk response strategies for negative risks: Mitigate. Act to reduce the probability of occurrence or the impact of the risk. An example of this is choosing a different supplier. Accept. Acknowledge the risk, but do not take any action unless the risk occurs. An example of this is documenting the risk and putting aside funds in case the risk occurs.
  • 35. There are also four possible risk responses strategies for positive risks, or opportunities: Exploit. Eliminate the uncertainty associated with the risk to ensure it occurs. An example of this is assigning the best workers to a project to reduce time to complete. Enhance. Increases the probability or the positive impacts of an opportunity. An example of this adding more resources to finish early.
  • 36. There are also four possible risk responses strategies for positive risks, or opportunities: Share. Allocating some or all of the ownership of the opportunity to a third party. An example of this is teams. Acceptance. Being willing to take advantage of the opportunity if it arises but not actively pursuing it. An example of this is documenting the opportunity and calculating benefit if the opportunity occurs.
  • 37. 2. The 4Ts Risk management creates and protects organizational value. As such, it should be a natural and inherent part of what every company does. Risk management is an integral part of decision-making because it explicitly addresses uncertainty.
  • 38. 2. The 4Ts A good way to summarize the different responses is with the 4Ts of risk management: tolerate, terminate, treat and transfer.
  • 39. 2. The 4Ts Tolerate. Sometimes it’s okay to do nothing. The likelihood and impact of the risk is low. You may decide to simply retain the risk because it is acceptable without further actions. Log and monitor the risk because retaining a risk should always be an informed decision. You should not find that your organization has retained a risk by default.
  • 40. 2. The 4Ts Terminate. Sometimes a risk is so far outside your risk appetite. Or is assessed as having such a severe impact on your business that you have stop (i.e. terminate) the activity causing it. For example, you may decide not to start or continue a business activity in a particular country. Or withdraw a product or service from market that gives rise to unacceptable risk.
  • 41. 2. The 4Ts Treat. You will almost certainly decide to take action on the most severe risks. You may act to reduce the likelihood of the risk occurring, or the severity of the consequences if it does. For example, install a firewall to reduce the likelihood of an external intrusion to your IT systems. And implement network segregation if an intruder does gain access.
  • 42. 2. The 4Ts Transfer. Insurance isn’t available for everything. Sometimes while it’s possible to transfer the activity to a third party, you still retain the liability if things go wrong. In the case of the payment card industry data security standards (PCI DSS), a third party arrangement outsources merely the function, not the responsibility or liability for PCI compliance.
  • 43. 3. Risk Control Techniques (PCDD) Management’s responsibility to design and put in place a suitable system of internal controls. Internal controls are designed to deal with financial, operational, and compliance risks. Organizations prepare the risks and control matrix, where risks and related controls are documented. Such a matrix enables the management to review the risks and related controls according to the risk classification, inherent and residual risk assessments, and any apparent weaknesses in the controls.
  • 44. Risk Control Techniques (PCDD) Further, the controls are marked into different control categories according to the nature of the controls, as follows:
  • 45. Risk Control Techniques (PCDD) Preventive Controls Prevention of errors and irregularities should be the aim of the organizations. However, in practical scenarios, some errors and risks occur despite implementing of preventive controls. It aims to prevent the occurrence of an error in a process and includes the maker checker concept and authorizations. For example, to prevent the purchase of unauthorized fixed assets, the management has built preventive controls in the form of authorization and approval of fixed asset purchases by the senior management or the asset purchase committee. Such controls ensure that unauthorized asset purchases are discouraged and only those assets shall be purchased and reflected in the financial statements, which the senior management or appropriate committee approves
  • 46. Risk Control Techniques (PCDD) Preventive controls are designed to stop errors or anomalies from occurring. Examples of preventive controls are: Adequate segregation of duties Proper authorization of transactions Adequate documentation and control assets
  • 47. Risk Control Techniques (PCDD) Corrective Controls Corrective controls are designed to correct the errors and irregularities and ensure that similar errors are not repeated once they are discovered. Corrective controls are built in the form of procedures and manuals for the reference of the employees. Some controls are built into the system, which automatically corrects the errors or prevents the occurrence of errors.  Examples of corrective controls are:  Policies procedures for reporting errors and irregularities so they can be corrected.  Training employees on new policies and procedures developed as part of the corrective actions.  Positive discipline to prevent employees from making futures errors.  Continuous improvement processes to adopt the latest operational techniques.
  • 48. Risk Control Techniques (PCDD) Directive Controls Directive controls aim to ensure that identified risks are managed through formal directions provided in various forms to the management and employees of the organization. Directive control requires cross-departmental process understanding, including the embedded regulatory requirements, which are converted into policies and procedures.
  • 49. Risk Control Techniques (PCDD) Directive Controls These policies and procedures also lead to the development of standard operating procedures and formal directions in specific areas. For example, management prepares the Compliance policy to ensure that broader regulatory requirements are complied. However, management also develops specific operating procedures for the employees, such as procedures or directives to deal with customers before onboarding them. These directions shall refer to the compliance policy and the regulatory requirements which deal with the customer onboarding process.
  • 50. Risk Control Techniques (PCDD) Directive Controls Similarly, management identifies broader risks and their integration to ensure that relevant directives are prepared and approved for compliance purposes.
  • 51. Risk Control Techniques (PCDD) Detective Controls Errors in a process need to be detected to ensure corrective measures are taken to minimize the impact on the whole process or activity. Detective controls should aim to detect errors on a timely basis. If the errors are not detected on a timely basis, the effectiveness of detective controls would be marked as ineffective. A strong internal control system always considers the implementation of effective detective controls.
  • 52. Risk Control Techniques (PCDD) Detective Controls These controls are designed to find errors or irregularities after they have occurred. • Examples of detective controls are: Exception reports: Identifying unexpected results or unusual conditions that require follow-up. Reconciliations: An employee relates different data sets to one another, identifies and investigates differences, and takes corrective action when necessary. Periodic audits: Internal and independent external audits detect errors, irregularities, and non- compliance with laws and regulations.
  • 53. 4. Control of selected hazard risks Control measures include actions that can be taken to reduce the potential of exposure to the hazard, or the control measure could be to remove the hazard or to reduce the likelihood of the risk of the exposure to that hazard being realized. A simple control measure would be the secure guarding of moving parts of machinery eliminating the potential for contact. When we look at control measures, we often refer to the hierarchy of control measures.
  • 54. 4. Control of selected hazard risks
  • 55. Hierarchy of Controls Eliminate the hazard. Elimination of the hazard is not always achievable though it does totally remove the hazard and thereby eliminates the risk of exposure.
  • 56. Hierarchy of Controls Substitute the hazard with a lesser risk. Substituting the hazard may not remove all of the hazards associated with the process or activity and may introduce different hazards but the overall harm or health effects will be lessened. In laboratory research, toluene is now often used as a substitute for benzene. The solvent-properties of the two are similar but toluene is less toxic and is not categorized as a carcinogen although toluene can cause severe neurological harm.
  • 57. Hierarchy of Controls Isolate the hazard. Isolating the hazard is achieved by restricting access to plant and equipment or in the case of substances locking them away under strict controls. When using certain chemicals then a fume cupboard can isolate the hazard from the person, similarly placing noisy equipment in a non-accessible enclosure or room isolates the hazard from the person(s).
  • 58. Hierarchy of Controls Use engineering controls. Engineering Controls involve redesigning a process to place a barrier between the person and the hazard or remove the hazard from the person, such as machinery guarding, proximity guarding, extraction systems or removing the operator to a remote location away from the hazard.
  • 59. Hierarchy of Controls Use administrative controls. Administrative controls include adopting standard operating procedures or safe work practices or providing appropriate training, instruction or information to reduce the potential for harm and/or adverse health effects to person(s). Isolation and permit to work procedures are examples of administrative controls.
  • 60. Hierarchy of Controls Use personal protective equipment. Personal protective equipment (PPE) includes gloves, glasses, earmuffs, aprons, safety footwear, dust masks which are designed to reduce exposure to the hazard. PPE is usually seen as the last line of defense and is usually used in conjunction with one or more of the other control measures. An example of the weakness of this control measure is that it is widely recognized that single-use dust masks cannot consistently achieve and maintain an effective facepiece-to-face seal, and cannot be adequately fit-tested and do not offer much, if any real protection against small particulates and may lead to a false sense of security and increase risk. In such instances an extraction system with fitted respirators may be preferable where the hazard may have significant health effects from low levels of exposure such as using isocyanate containing chemicals.
  • 61. 5. Introduction to monitoring and review Monitoring and review should be a planned part of the risk management process and involve regular checking or surveillance. The results should be recorded and reported externally and internally, as appropriate. The results should also be an input to the review and continuous improvement of the risk management framework.
  • 62. 5. Introduction to monitoring and review Responsibilities for monitoring and review should be clearly defined. The firm's monitoring and review processes should encompass all aspects of the risk management process for the purposes of: Ensuring that controls are effective and efficient in both design and operation. Obtaining further information to improve risk assessment Analyzing and learning lessons from risk events, including near- misses, changes, trends, successes and failures. Detecting changes in the external and internal context, including changes to risk criteria ad to the risks, which may require revision of risk treatments and priorities. Identifying emerging risks.
  • 63. 5. Introduction to monitoring and review
  • 64. 6. Insurance and Risk Transfer Life is inherently risky and it would be impossible to protect yourself against every potential risk you face. But if you are going to work hard, put money aside and invest it in things that are important to you or improve your life, it makes sense to protect those things as best you can.
  • 65. 6. Insurance and Risk Transfer Managing your risk involves a little bit of thought and planning to identify where you might be vulnerable to loss or damage. You do your best to protect your property, but you can also protect yourself from the impact of a natural disaster or if an unexpected event happens.
  • 66. 6. Insurance and Risk Transfer Insurance helps you to manage a risk if something happens to you or your property and helps you recover from the difficulties and financial hardship caused by unexpected events that cause injury and/or a financial loss. The person who buys the policy is known as the policyholder or the insured.
  • 67. 6. Insurance and Risk Transfer In return, the insurance company who issues the policy to you promises it will compensate you under certain loss or damage circumstances as set out in the policy.  Before you make the decision to buy insurance, it makes sense to review your own risks and work out how you can reduce the chance of them occurring and if they do occur, how you might reduce the impact on your life.  For example, you can reduce the risk of bushfire by making sure you have cleared flammable materials away from your house. You can then take out insurance cover so that you are not risking severe financial consequences in the unlikely event your house is damaged or destroyed by bushfire. You are only protected once you pay your premium and, in some circumstances, the policy may not take effect for a predetermined time
  • 68. 6. Insurance and Risk Transfer Risk transfer refers to a risk management technique in which risk is transferred to a third party. In other words, risk transfer involves one party assuming the liabilities of another party. Purchasing insurance is a common example of transferring risk from an individual or entity to an insurance company.
  • 69. 6. Insurance and Risk Transfer
  • 70. 6. Insurance and Risk Transfer How it works:  Risk transfer is a common risk management technique where the potential loss from an adverse outcome faced by an individual or entity is shifted to a third party. To compensate the third party for bearing the risk, the individual or entity will generally provide the third party with periodic payments.  The most common example of risk transfer is insurance. When an individual or entity purchases insurance, they are insuring against financial risks. For example, an individual who purchases car insurance is acquiring financial protection against physical damage or bodily harm that can result from traffic incidents.  As such, the individual is shifting the risk of having to incur significant financial losses from a traffic incident to an insurance company. In exchange for bearing such risks, the insurance company will typically require periodic payments from the individual.
  • 71. 6. Insurance and Risk Transfer Methods of Risk Transfer  Insurance Policy. As outlined above, purchasing insurance is a common method of transferring risk. When an individual or entity is purchasing insurance, they are shifting financial risks to the insurance company. Insurance companies typically charge a fee – an insurance premium – for accepting such risks.  Indemnification clause in contracts. Contracts can also be used to help an individual or entity transfer risk. Contracts can include an indemnification clause – a clause that ensures potential losses will be compensated by the opposing party. In simplest terms, an indemnification clause is a clause in which the parties involved in the contract commit to compensating each other for any harm, liability, or loss arising out of the contract.  For example, consider a client that signs a contract with an indemnification clause. The indemnification clause states that the contract writer will indemnify the client against copyright claims. As such, if the client receives a copyright claim, the contract writer would (1) be obliged to cover the costs related to defending against the copyright claim, and (2) be responsible for copyright claim damages if the client is found liable for copyright infringement.
  • 72. Business Continuity Planning Business Continuity Planning. The process involved in creating a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and asserts are protected and are able to function quickly in the event of a disaster.
  • 73. Business Continuity Planning Key take aways:  Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.  BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.  BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.
  • 74. Understanding Business Continuity Plans (BCPs) BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events— and cyber attacks. Once the risks are identified, the plan should also include:
  • 75. Understanding Business Continuity Plans (BCPs) • Determining how those risks will affect operations • Implementing safeguards and procedures to mitigate the risks • Testing procedures to ensure they work • Reviewing the process to make sure that it is up to date
  • 76. Business Continuity Planning There are several steps many companies must follow to develop a solid BCP. They include:  Business Impact Analysis: Here, the business will identify functions and related resources that are time-sensitive.  Recovery: In this portion, the business must identify and implement steps to recover critical business functions.  Organization: A continuity team must be created. This team will devise a plan to manage the disruption.  Training: The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.
  • 77. “Risk management is a more realistic term than safety. It implies that hazards are ever-present, that they must be identified, analyzed, evaluated and controlled or rationally accepted.“ - Jerome F. Lederer