This document outlines a visit by PELITA, a Malaysian state investment corporation, to Tanjung Langsat Port (TLP) to share experiences in risk management, safety, business development, and other areas. The agenda includes presentations and discussions on TLP's enterprise risk management framework, business strategies, governance structure, and key performance indicators. It also details TLP's risk management process based on ISO 31000 standards, including risk identification, analysis, evaluation, treatment, and monitoring. Site visits were conducted to TLP's liquid jetty, dry cargo wharf and port area.
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Hajar Mouatassim Lahmini
This document proposes a methodology for implementing a key risk indicator (KRI) system in a Moroccan asset management company to help identify and manage operational risks. It begins with definitions of operational risk and how it is categorized. It then discusses tools that can be used to address operational risk, including internal/external incident databases, control systems, risk mapping, and scenario analysis. The document proposes a KRI system tailored to the investment management process to help prevent risks and losses through early identification and monitoring of risk areas.
IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses current trends and thinking in risk management and best practices.
Operational risk management has evolved over time as organizations seek to systematically manage risks. Key concepts include inherent risk, likelihood, exposure, and treatments like transfer, accept, and optimize. Operational risk can arise from organization, processes, technology, human factors, or external events. It is measured using tools like control and risk self-assessments to identify threats, controls, and residual risks. The goal is integrated risk management to both control risks and create shareholder value through efficiency and competitive advantage.
This document discusses operational risk management (ORM) for flight safety courses. It provides an overview of ORM, defines key ORM concepts like risk and hazard, and outlines the six-step ORM process of identifying hazards, assessing risks, analyzing risk control measures, making control decisions, implementing controls, and supervising and reviewing the process. The goal of ORM is to protect personnel and resources while maximizing capabilities and mission effectiveness.
Operational risk is the risk of loss from inadequate or failed internal processes, people, and systems or from external events. This document provides a summary of operational risk, including:
1) It defines operational risk and provides examples such as business interruption, errors by employees, product failure, and IT systems failure.
2) Risks can be identified through various techniques like workshops and audits to assess processes. They are then assessed for impact and likelihood.
3) Operational risks are managed through techniques like risk acceptance, risk sharing, risk reduction, and risk avoidance such as purchasing insurance. Ongoing monitoring and review is important.
This document discusses the concept of risk from multiple perspectives. It begins by providing examples of risks faced around the world from food shortages to natural disasters. It then defines risk and discusses it in the context of business environments and change. The document outlines different types of risks including financial, operational, strategic and hazard risks. It provides examples of risks within each category. It also discusses risk analysis and management. In summary, the document presents an overview of what risk is, different sources and types of risk, and the importance of risk analysis for decision making.
Crisis and Emergency Management| How best to manage Risk| paul young cpa, cga
The document discusses crisis management and how to best handle crises. It defines crisis management as planning for and responding to crises or emergencies. It notes that the public sector has historically been poor at crisis management due to a short-term focus on elections rather than long-term planning. The document recommends that all governments and businesses implement comprehensive risk management frameworks including crisis management policies, and that external auditors review these frameworks. It also suggests using new technologies like AI, RPA, and scenario planning to improve crisis preparedness.
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Hajar Mouatassim Lahmini
This document proposes a methodology for implementing a key risk indicator (KRI) system in a Moroccan asset management company to help identify and manage operational risks. It begins with definitions of operational risk and how it is categorized. It then discusses tools that can be used to address operational risk, including internal/external incident databases, control systems, risk mapping, and scenario analysis. The document proposes a KRI system tailored to the investment management process to help prevent risks and losses through early identification and monitoring of risk areas.
IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses current trends and thinking in risk management and best practices.
Operational risk management has evolved over time as organizations seek to systematically manage risks. Key concepts include inherent risk, likelihood, exposure, and treatments like transfer, accept, and optimize. Operational risk can arise from organization, processes, technology, human factors, or external events. It is measured using tools like control and risk self-assessments to identify threats, controls, and residual risks. The goal is integrated risk management to both control risks and create shareholder value through efficiency and competitive advantage.
This document discusses operational risk management (ORM) for flight safety courses. It provides an overview of ORM, defines key ORM concepts like risk and hazard, and outlines the six-step ORM process of identifying hazards, assessing risks, analyzing risk control measures, making control decisions, implementing controls, and supervising and reviewing the process. The goal of ORM is to protect personnel and resources while maximizing capabilities and mission effectiveness.
Operational risk is the risk of loss from inadequate or failed internal processes, people, and systems or from external events. This document provides a summary of operational risk, including:
1) It defines operational risk and provides examples such as business interruption, errors by employees, product failure, and IT systems failure.
2) Risks can be identified through various techniques like workshops and audits to assess processes. They are then assessed for impact and likelihood.
3) Operational risks are managed through techniques like risk acceptance, risk sharing, risk reduction, and risk avoidance such as purchasing insurance. Ongoing monitoring and review is important.
This document discusses the concept of risk from multiple perspectives. It begins by providing examples of risks faced around the world from food shortages to natural disasters. It then defines risk and discusses it in the context of business environments and change. The document outlines different types of risks including financial, operational, strategic and hazard risks. It provides examples of risks within each category. It also discusses risk analysis and management. In summary, the document presents an overview of what risk is, different sources and types of risk, and the importance of risk analysis for decision making.
Crisis and Emergency Management| How best to manage Risk| paul young cpa, cga
The document discusses crisis management and how to best handle crises. It defines crisis management as planning for and responding to crises or emergencies. It notes that the public sector has historically been poor at crisis management due to a short-term focus on elections rather than long-term planning. The document recommends that all governments and businesses implement comprehensive risk management frameworks including crisis management policies, and that external auditors review these frameworks. It also suggests using new technologies like AI, RPA, and scenario planning to improve crisis preparedness.
Case study in Enterprise Risk Management (ERM) showing paired comparison method to evaluate risk, allocate ERM resources and to highlight the different perspective or context for different levels of company management.
This document provides a strategic risk management plan for Marriott Sprowston Manor Hotel. It identifies key risks facing the hotel, including financial risks from economic conditions, strategic risks from increased competition and reputation risks, and operational risks from technology issues and increasing costs. The plan develops an enterprise risk management framework using objectives, key concepts, and a process for implementation. It assigns roles and responsibilities and provides risk mitigation actions and a business continuity plan to manage risks and ensure the continuity of hotel operations.
This document discusses how to bulletproof meetings and events from disasters and risks. It outlines steps for risk management, including forming a risk team to assess potential internal and external risks through a vulnerability analysis. The risk assessment and analysis informs the development of an emergency response plan with procedures, contact lists, and supporting documents. The plan aims to reduce the probability and consequences of emergencies through preparedness, training, contracts, and other mitigation strategies. Managing risks is important for meeting operations and safety.
1. The document discusses challenges in identifying emerging risks and proposes frameworks to assess emerging risks. It notes the increasing complexity, volume and interconnectedness of risks.
2. Traditional risk assessments often consider likelihood and impact, but the document advocates also considering risk velocity and duration. Emerging risks are often unexpected, high impact events rather than predictable low probability risks.
3. Leading companies focus on potential risk consequences rather than likelihood alone. Assessing business value at risk, threat magnitude, existing defenses and mitigation responses/costs is proposed for emerging risk evaluation.
Hassan adamu danguguwa world bank_risk management_final projectHassan Danguguwa
Risk management in my own community
In my community, Community-based risk management refers to the strategies adopted by households to mitigate the impact of shocks and cope with risk. Risk can be classified as idiosyncratic, meaning one household’s experience is typically unrelated to neighboring households’, or covariate, meaning that many households in the same locality suffer similar shocks.
Key Concepts
• A local area might be exposed to a number of disaster risks. It will be necessary to understand the nature, and impact of these disasters in order to better prepare for future;
• A range of social groups may exist in a district, municipality or commune. The vulnerability of different groups may differ from each other. It is important for local authorities to understand the reasons for vulnerability of different groups;
• The communities, local authorities and civil society groups may have multiple resources and capacities to deal with disasters; e.g. indigenous knowledge, policies, disaster reduction programs, technical institutions, machinery and equipment, and social networks;
• Local authorities must identify the challenges faced and lessons learnt from the past experiences of responding to disasters;
The document discusses the risk of economic shocks affecting Latin America. While Latin America has experienced strong economic growth in recent years, it remains vulnerable to external economic turmoil from issues like a US recession or slowdown in China. A hard economic landing in the US or China could hit countries in Latin America that rely on exports to those countries, like Mexico and Brazil. The region has benefited from high commodity prices but growth has varied between countries.
This document introduces opportunities and risks in social innovation and how to deal with them through risk management. It defines risk and risk management, outlines the risk management process, and discusses specific opportunities and risks related to social innovation. Methods in risk management discussed include checklists, which provide a quick overview of identified risks and potential measures. The conclusion notes that many social innovations fail due to resistance, so risk management can help procurement processes realize potential opportunities while managing adverse risks.
This document introduces opportunities and risks in social innovation and how to deal with them through risk management. It defines risk and risk management, outlines the risk management process, and discusses specific opportunities and risks related to social innovation. Methods in risk management discussed include checklists, which provide a quick overview of identified risks and potential measures. The conclusion notes that many social innovations fail due to resistance, so risk management can help procurement processes realize innovations by identifying issues and potential savings.
This file contains info related to my presentation on ERM implementation in the context of financial & regulatory convergence - requirements from SOX, Basel 2, COSO, and IAS/IFRS
This document is a term paper submitted by Anu Damodaran to her faculty guide, Mr. C.T. Sunil, in partial completion of her MBA program at Amity University in Dubai. The paper is titled "To study ERM - A competitive edge for the company and how it adds value to its shareholders". The introduction provides background on enterprise risk management (ERM) and its importance for businesses facing various strategic, market, operational and financial risks. The paper will review literature on ERM and explore how companies can implement ERM through risk mapping and maturity models. It will also discuss the advantages, suitability and limitations of ERM for businesses.
The document compares three major risk management frameworks: NIST, ISO, and COSO. NIST focuses on information security and risk management for US federal systems. ISO provides generic international guidelines for diverse organizations. COSO emphasizes internal controls and accurate reporting. While the frameworks differ in scope and focus, they all aim to guide organizations in managing risks through integrated strategies. Organizations should analyze features of each to determine the best combination for their unique needs and objectives.
The document discusses enterprise risk management (ERM) and its rising importance for information security practices. ERM aims to align security solutions with business priorities by analyzing overall IT risks, prioritizing risk mitigation actions, and taking a managed approach to enterprise investments. Key drivers of ERM adoption include changing regulations, expanding business threats, and interest in simplifying security management.
This document discusses operations risk in three parts. The first part outlines the four steps of operations risk management: assess the situation, balance resources, communicate risks and intentions, and debrief. The second part describes key features an operations risk management software should have like risk tracking and reporting. The third part discusses characteristics of operations risk for banks, including how risks arise from human error and technology changes. It emphasizes the importance of internal controls and risk education for mitigating operations risk.
The document discusses the purpose and goals of risk management in healthcare organizations. It aims to enhance patient safety and minimize financial losses through risk identification, evaluation and prevention. It also helps ensure compliance with regulatory standards. An effective risk management program has a formal structure, integrates risk and quality departments, and guarantees confidential reporting to improve safety and reduce future incidents.
Three key risks were identified for managing a FIFA World Cup project: operational, security and safety, and health risks. A multi-phase risk management process was developed involving identifying risks, analyzing them, evaluating their probability and impact, treating risks, and monitoring risks. Four specific risks were outlined - operational, security and safety, health, and financial risks. Recommendations were made for reducing these risks through effective planning, coordination, security measures, and healthcare provisions.
This document discusses operational risk and key risk indicators (KRIs). It defines operational risk and provides examples of operational risk losses from past incidents. It explains that KRIs are metrics that provide information on an organization's current exposure level to a given operational risk. The document outlines the process for identifying KRIs, which involves risk and control self-assessments to identify inherent risks, controls, and residual risks and prioritize them. It also discusses setting thresholds for KRIs, collecting and reporting KRI data, and the roles involved in managing the KRI process. Examples of potential KRIs are provided for credit risk, financial markets activities, and other operational risks.
People Risk and how HR should manage it.chungarisk
Operational risk has a primarily human nature. People are responsible for ensuring significant operational losses do not reoccur. People risk is complex and difficult to manage, starting from the recruitment phase with background checks and proper job placement. Poor hiring practices, ethics policies, and corporate fraud are types of people risk. To manage people risk, firms must perform individual assessments and evaluate employee relationships. The human resources department is responsible for people risk management through hiring, training, performance evaluations, and establishing proper guidelines.
This document provides an overview of a public workshop on enterprise risk management given by Deddy Jacobus. It introduces Deddy Jacobus and his qualifications and experience in risk management. The workshop objectives are to establish the importance of enterprise risk management for achieving corporate objectives and provide an overview of the ISO 31000:2009 risk management principles and guidelines. Key aspects of enterprise risk management frameworks from COSO 2004 and ISO 31000:2009 are summarized, including the risk management process, risk assessment methods, risk registers, and establishing risk appetite and tolerance levels.
Masterclass Port Authorities in International PerspectiveMaurice Jansen
In recent years port authorities in the Hamburg-Le-Havre range have actively pursued internationalisation strategies, due in no small part to the evolving role of port authorities.
More and more port authorities consider themselves as network companies aiming to create value for their customers by developing chains, networks and clusters both in Europe and in emerging markets worldwide.
In this masterclass Peter de Langen and Marc Evertse explore the boundaries of the port authority in their quest to add value to their customers’ supply chain and deliver strategic value to their stakeholders at home.
This document presents performance indicators for a port trust. It discusses indicators of output like berth output, ship output, and gang output. Indicators of service and utilization include ship turnaround time, berth working time, and berth occupancy. Charts show trends in cargo handled, container traffic, average turnaround time, ship berth day output, and financial performance over several years. The port aims to maximize throughput and profits using these metrics to evaluate performance.
Case study in Enterprise Risk Management (ERM) showing paired comparison method to evaluate risk, allocate ERM resources and to highlight the different perspective or context for different levels of company management.
This document provides a strategic risk management plan for Marriott Sprowston Manor Hotel. It identifies key risks facing the hotel, including financial risks from economic conditions, strategic risks from increased competition and reputation risks, and operational risks from technology issues and increasing costs. The plan develops an enterprise risk management framework using objectives, key concepts, and a process for implementation. It assigns roles and responsibilities and provides risk mitigation actions and a business continuity plan to manage risks and ensure the continuity of hotel operations.
This document discusses how to bulletproof meetings and events from disasters and risks. It outlines steps for risk management, including forming a risk team to assess potential internal and external risks through a vulnerability analysis. The risk assessment and analysis informs the development of an emergency response plan with procedures, contact lists, and supporting documents. The plan aims to reduce the probability and consequences of emergencies through preparedness, training, contracts, and other mitigation strategies. Managing risks is important for meeting operations and safety.
1. The document discusses challenges in identifying emerging risks and proposes frameworks to assess emerging risks. It notes the increasing complexity, volume and interconnectedness of risks.
2. Traditional risk assessments often consider likelihood and impact, but the document advocates also considering risk velocity and duration. Emerging risks are often unexpected, high impact events rather than predictable low probability risks.
3. Leading companies focus on potential risk consequences rather than likelihood alone. Assessing business value at risk, threat magnitude, existing defenses and mitigation responses/costs is proposed for emerging risk evaluation.
Hassan adamu danguguwa world bank_risk management_final projectHassan Danguguwa
Risk management in my own community
In my community, Community-based risk management refers to the strategies adopted by households to mitigate the impact of shocks and cope with risk. Risk can be classified as idiosyncratic, meaning one household’s experience is typically unrelated to neighboring households’, or covariate, meaning that many households in the same locality suffer similar shocks.
Key Concepts
• A local area might be exposed to a number of disaster risks. It will be necessary to understand the nature, and impact of these disasters in order to better prepare for future;
• A range of social groups may exist in a district, municipality or commune. The vulnerability of different groups may differ from each other. It is important for local authorities to understand the reasons for vulnerability of different groups;
• The communities, local authorities and civil society groups may have multiple resources and capacities to deal with disasters; e.g. indigenous knowledge, policies, disaster reduction programs, technical institutions, machinery and equipment, and social networks;
• Local authorities must identify the challenges faced and lessons learnt from the past experiences of responding to disasters;
The document discusses the risk of economic shocks affecting Latin America. While Latin America has experienced strong economic growth in recent years, it remains vulnerable to external economic turmoil from issues like a US recession or slowdown in China. A hard economic landing in the US or China could hit countries in Latin America that rely on exports to those countries, like Mexico and Brazil. The region has benefited from high commodity prices but growth has varied between countries.
This document introduces opportunities and risks in social innovation and how to deal with them through risk management. It defines risk and risk management, outlines the risk management process, and discusses specific opportunities and risks related to social innovation. Methods in risk management discussed include checklists, which provide a quick overview of identified risks and potential measures. The conclusion notes that many social innovations fail due to resistance, so risk management can help procurement processes realize potential opportunities while managing adverse risks.
This document introduces opportunities and risks in social innovation and how to deal with them through risk management. It defines risk and risk management, outlines the risk management process, and discusses specific opportunities and risks related to social innovation. Methods in risk management discussed include checklists, which provide a quick overview of identified risks and potential measures. The conclusion notes that many social innovations fail due to resistance, so risk management can help procurement processes realize innovations by identifying issues and potential savings.
This file contains info related to my presentation on ERM implementation in the context of financial & regulatory convergence - requirements from SOX, Basel 2, COSO, and IAS/IFRS
This document is a term paper submitted by Anu Damodaran to her faculty guide, Mr. C.T. Sunil, in partial completion of her MBA program at Amity University in Dubai. The paper is titled "To study ERM - A competitive edge for the company and how it adds value to its shareholders". The introduction provides background on enterprise risk management (ERM) and its importance for businesses facing various strategic, market, operational and financial risks. The paper will review literature on ERM and explore how companies can implement ERM through risk mapping and maturity models. It will also discuss the advantages, suitability and limitations of ERM for businesses.
The document compares three major risk management frameworks: NIST, ISO, and COSO. NIST focuses on information security and risk management for US federal systems. ISO provides generic international guidelines for diverse organizations. COSO emphasizes internal controls and accurate reporting. While the frameworks differ in scope and focus, they all aim to guide organizations in managing risks through integrated strategies. Organizations should analyze features of each to determine the best combination for their unique needs and objectives.
The document discusses enterprise risk management (ERM) and its rising importance for information security practices. ERM aims to align security solutions with business priorities by analyzing overall IT risks, prioritizing risk mitigation actions, and taking a managed approach to enterprise investments. Key drivers of ERM adoption include changing regulations, expanding business threats, and interest in simplifying security management.
This document discusses operations risk in three parts. The first part outlines the four steps of operations risk management: assess the situation, balance resources, communicate risks and intentions, and debrief. The second part describes key features an operations risk management software should have like risk tracking and reporting. The third part discusses characteristics of operations risk for banks, including how risks arise from human error and technology changes. It emphasizes the importance of internal controls and risk education for mitigating operations risk.
The document discusses the purpose and goals of risk management in healthcare organizations. It aims to enhance patient safety and minimize financial losses through risk identification, evaluation and prevention. It also helps ensure compliance with regulatory standards. An effective risk management program has a formal structure, integrates risk and quality departments, and guarantees confidential reporting to improve safety and reduce future incidents.
Three key risks were identified for managing a FIFA World Cup project: operational, security and safety, and health risks. A multi-phase risk management process was developed involving identifying risks, analyzing them, evaluating their probability and impact, treating risks, and monitoring risks. Four specific risks were outlined - operational, security and safety, health, and financial risks. Recommendations were made for reducing these risks through effective planning, coordination, security measures, and healthcare provisions.
This document discusses operational risk and key risk indicators (KRIs). It defines operational risk and provides examples of operational risk losses from past incidents. It explains that KRIs are metrics that provide information on an organization's current exposure level to a given operational risk. The document outlines the process for identifying KRIs, which involves risk and control self-assessments to identify inherent risks, controls, and residual risks and prioritize them. It also discusses setting thresholds for KRIs, collecting and reporting KRI data, and the roles involved in managing the KRI process. Examples of potential KRIs are provided for credit risk, financial markets activities, and other operational risks.
People Risk and how HR should manage it.chungarisk
Operational risk has a primarily human nature. People are responsible for ensuring significant operational losses do not reoccur. People risk is complex and difficult to manage, starting from the recruitment phase with background checks and proper job placement. Poor hiring practices, ethics policies, and corporate fraud are types of people risk. To manage people risk, firms must perform individual assessments and evaluate employee relationships. The human resources department is responsible for people risk management through hiring, training, performance evaluations, and establishing proper guidelines.
This document provides an overview of a public workshop on enterprise risk management given by Deddy Jacobus. It introduces Deddy Jacobus and his qualifications and experience in risk management. The workshop objectives are to establish the importance of enterprise risk management for achieving corporate objectives and provide an overview of the ISO 31000:2009 risk management principles and guidelines. Key aspects of enterprise risk management frameworks from COSO 2004 and ISO 31000:2009 are summarized, including the risk management process, risk assessment methods, risk registers, and establishing risk appetite and tolerance levels.
Masterclass Port Authorities in International PerspectiveMaurice Jansen
In recent years port authorities in the Hamburg-Le-Havre range have actively pursued internationalisation strategies, due in no small part to the evolving role of port authorities.
More and more port authorities consider themselves as network companies aiming to create value for their customers by developing chains, networks and clusters both in Europe and in emerging markets worldwide.
In this masterclass Peter de Langen and Marc Evertse explore the boundaries of the port authority in their quest to add value to their customers’ supply chain and deliver strategic value to their stakeholders at home.
This document presents performance indicators for a port trust. It discusses indicators of output like berth output, ship output, and gang output. Indicators of service and utilization include ship turnaround time, berth working time, and berth occupancy. Charts show trends in cargo handled, container traffic, average turnaround time, ship berth day output, and financial performance over several years. The port aims to maximize throughput and profits using these metrics to evaluate performance.
Marina Development in the Visayas
- by Joris Claeys, PORT[expertise]
for Sea-Expo Manila, February 20-22, 2015
Aims and targets for the Visayas
• Congestion of marina ports in Singapore and Hong Kong
• Developing the Philippines Marina and Tourism activities
across the Visayas
• Highlighting the eco-Tourism and other forms of tourism, including adventure tourism and high-end nautical destination
The document discusses a 1KEY solution for port terminal KPI dashboards and intelligence software. The 1KEY BI solution for port terminals provides pre-configured reports like operations dashboards, crane analysis KPIs, and import dashboards. It also offers automated scheduled reporting, trade analysis cubes and dashboards for port-wise, region, and country trade analysis. The 1KEY solution helps port terminals achieve high performance and secure market opportunities through business transformation.
Damco is a leading global logistics and supply chain management company with over 11,000 employees operating in more than 300 offices worldwide. It provides end-to-end supply chain solutions including freight forwarding, customs clearance, warehousing, and visibility services. Damco manages over 2.8 million TEU of ocean freight annually and integrates all aspects of clients' supply chains from raw material sourcing to delivery. It aims to overcome challenges such as regulatory changes, documentation issues, and transportation bottlenecks through customized solutions and strategic carrier partnerships.
The document describes an Analytic Port Information System (APIS) that integrates and analyzes data from various port-related sources to provide comprehensive analytics and business intelligence. The key components of APIS include:
1) Integrating data from multiple sources like port community systems, statistics, and transportation systems using extract-transform-load engines.
2) Developing key performance indicators and visualizations to provide insights and manage port operations and strategy.
3) Powerful analysis tools to analyze trends, perform in-depth desktop analysis, and network analysis.
4) Self-service reports and visualization tools for stakeholders to perform their own analysis without IT assistance.
The system aims to provide an integrated
The document discusses the Container Terminal Quality Indicator (CTQI) standard. It describes the CTQI as having three components: conformance requirements for basic management systems, key performance indicators (KPIs) to measure operational effectiveness and service quality, and evaluation of KPIs and other factors using master tables. Industry partners provided input on developing the standard to reliably measure container terminal efficiency and performance.
World Vision has adopted enterprise risk management (ERM) as a discipline to unify all forms of risk management across the organization. In Somalia in 2019, World Vision provided 67% of assistance through cash and vouchers compared to 33% through in-kind food, distributing $24.5 million to over 280,000 people. Key elements of World Vision's ERM process include establishing the context, identifying and analyzing risks, evaluating risks, treating risks, communicating and consulting, and regularly monitoring and reviewing risks as the environment changes.
Managing business risk in Nigeria is important due to various external risks companies face. This presentation discusses identifying, evaluating, and managing common business risks in Nigeria such as natural disasters, pandemics, legal issues, and security threats. It also covers developing a risk management plan that includes risk avoidance, transfer, retention and reduction to minimize impacts of risks and ensure business continuity.
Enterprise risk management involves identifying and managing risks across an organization to minimize losses and maximize opportunities. The key types of risk include strategic risk, operational risk, financial risk, compliance risk, and reputational risk. Risk management in airlines specifically analyzes hazards, strategic challenges, financial risks, and operational risks. Financial risks can be mitigated through techniques like hedging fuel costs, which is a major volatile expense for airlines.
Introduction to Risk ManagementMana.6330OverviewTatianaMajor22
The document provides an overview of risk management, including definitions of risk, types of risk (operational, reputational, business, cyber), categories of corporate risk, approaches to managing risk (avoidance, reduction, transfer, retention), sources of risk that can lead to crisis, and the stages of crisis management (pre-crisis, crisis response, post-crisis). It also discusses risk fundamentals such as perception of risk, risk approaches, cause and effect analysis, resilience, risk management processes, and factors to consider within an organization.
The document discusses risk management and provides definitions and classifications of risk. It describes how insurers are seriously concerned with risk management due to the large liabilities they assume through insurance products. It defines risk and discusses different types of risks such as physical risks, social risks, pure risks, and dynamic risks. It also discusses different approaches to risk management, including traditional, integrated, and enterprise approaches.
This is a brief article that describes the evolution of Enterprise Risk Management as a key functional area in large organizations over the past 30 years.
The document discusses project risk management from the perspective of a development institution. It provides definitions of risk, project, and project management. Project risk management involves planning, organizing, securing, and managing resources to control the effects of uncertainties on a project's objectives. The document outlines the roots of uncertainty in a project, types of risks, and the risk management process. It emphasizes that risk management should be integrated into an organization's culture and involve identifying, assessing, and prioritizing risks.
NGOs Field Security Management Approach & Systems 2.pptxLouison Malu-Malu
The document provides information on security risk management and security risk assessments for NGOs operating in unstable environments. It defines key terms like strategy, planning, tactics, security risk management, and security risk assessment. It also discusses developing a security risk assessment, identifying threats and vulnerabilities, and using risk assessments to effectively manage security risks. The document provides examples of how to classify risk levels in different areas and outlines contingency plans, relocation thresholds, and evacuation procedures.
Risk management is the process of identifying, quantifying, and managing risks that an organization faces. These risks include strategic failures, operational failures, financial failures, market disruptions, environmental disasters, and regulatory violations. Risk management involves identifying risk exposures, measuring potential risks, proposing means to mitigate risks, and estimating risks' impact on future earnings. While removing all risk is impossible, companies must properly understand and manage risks they are willing to accept in line with their strategy.
MODULE 1:
Definition of Risk and uncertainty- Classification of Risk, Sources of Risk-external and internal. Risk Management-nature, risk analysis, planning, control and transfer of risk, Administration of properties of an enterprise, provision of adequate security arrangements. Interface between Risk and Insurance- Risk identification, evaluation and management techniques, Risk avoidance, Retention and transfer, Selecti9on and implementation of Techniques. Various terminology, perils, clauses and risk covers.
Risk management involves identifying, assessing, and prioritizing risks, then applying resources to minimize their impact or maximize opportunities. There are typical business risks like strategic, operational, compliance and financial risks. Risk management processes include establishing the context, identifying risks, assessing them, developing risk strategies, implementing a risk management plan, reviewing and communicating. Key strategies for addressing risks include transferring risks, avoiding risks, reducing risks, and accepting risks.
CHAPTER 7 Risk Assessment, Security Surveys, and PlanningLEARNIN.docxchristinemaritza
CHAPTER 7 Risk Assessment, Security Surveys, and Planning
LEARNING OBJECTIVES
After completing this chapter, the reader should be able to
· ■ define risk and risk assessment.
· ■ list and describe five distinct types of risk that threaten individuals and organizations.
· ■ discuss management techniques associated with risk elimination, reduction, and mitigation.
· ■ evaluate risks to determine vulnerability, probability, and criticality of loss.
· ■ conduct a risk assessment utilizing subjective as well as objective measurements.
· ■ conduct a security survey.
· ■ analyze needs identified through a risk assessment.
· ■ develop appropriate courses of action to eliminate, reduce, or mitigate risks identified in a risk assessment.
· ■ discuss the importance of the budget process.
· ■ demonstrate knowledge of crime prevention through environmental design.
· ■ demonstrate knowledge of emergency planning.
INTRODUCTION
A major focus for security management is the concept of risk. Subjective information as well as objective measurement instruments (such as a security survey) are used in an essential first step of a planning process designed to identify and assess the threat posed by each risk source. As the planning process proceeds, security personnel make recommendations and determine the financial impact of any potential risk mitigation strategy. Planning activities also involve preparation for emergency situations and consideration of anticrime measures available through environmental manipulation.
THE CONCEPT OF RISK
Risk Defined
Risk may be defined as the possibility of suffering harm or loss, exposure to the probability of loss or damage, an element of uncertainty, or the possibility that results of an action may not be consistent with the planned or expected outcomes. A decision maker evaluates risk conditions to predict or estimate the likelihood of certain outcomes. From a security perspective, risk management is defined as the process involved in the anticipation, recognition, and appraisal of a risk and the initiation of action to eliminate the risk entirely or reduce the threat of harm to an acceptable level. A risk involves a known or foreseeable threat to an organization’s assets: people, property, information, or reputation. Risk cannot be totally eliminated. However, effective loss prevention programs can reduce risk and its impact to the lowest possible level. An effective risk management program can maximize asset protection while minimizing protection costs (Fay, 2000; Fischer & Janoski, 2000; Kovacich & Halibozek, 2003; Robbins & Coulter, 2009; Simonsen, 1998; Sweet, 2006).
Types of Risk
Generally, risk is associated with natural phenomena or threats created by human agents. Natural risks arise from earthquakes, volcanic eruptions, floods, and storms. Risks created by human beings include acts or failures to act that lead to crime, accidents, or environmental disaster. As many as five distinct types of risk threaten individuals a ...
ISOL 533 - Information Security and Risk Management R.docxchristiandean12115
ISOL 533 - Information Security and Risk Management Risk Management Plan
University of the Cumberlands
Executive Summary
<Review the Scenario on Page #2 of the publisher’s Project: Risk Management Plan. Summarize the information about the company provided in the scenario and place it into this section of the report. Remove these instructions and all other instructions below before submitting the document for grading.>
This Risk Management Plan covers the Risks, Threats and Weaknesses of the Health Network, Inc. (Health Network).Risks - Threats – Weaknesses within each domain
<Using the Threats listed on Page #3 of the publisher’s Project: Risk Management Plan and the 7 Domains diagram on Page #3 of this template, complete the table on Page #2 of this template (review your Lab #1 solution). Once you enter the Threats into the table, list one or more Weaknesses that might exist in a typical organization using research and your imagination) and then list the Risk to the company if the Threat exploits that Weakness. Then group these Risks-Threats-Weaknesses (R-T-W) by Domain and discuss them below in this section.>
User Domain: <list each User Domain R-T--W identified in the table>
Workstation Domain: <list each Workstation Domain R-T--W identified in the table>
LAN Domain: <list each User Domain R-T--W identified in the table>
WAN-to-LAN Domain: <list each Workstation Domain R-T--W identified in the table>
WAN Domain: <list each User Domain R-T--W identified in the table>
Remote Access Domain: <list each Workstation Domain R-T--W identified in the table>
System/Application Domain: <list each User Domain R-T--W identified in the table>Compliance Laws and Regulations
<List the laws and regulations that affect this industry.>
…
Your Organization
.
ISOL 533 - InfoSecurity & Risk
Management University of the Cumberlands
ISOL 533 - InfoSecurity & Risk
Management University of the Cumberlands
Enter details about the organization and it IT Infrastructure.
•
•
•
organization
division
organization's
organizational
ISOL 533 - InfoSecurity & Risk
Management University of the Cumberlands
organization .
organization
organization d
organization'
ISOL 533 - InfoSecurity & Risk
Management University of the Cumberlands
organization changes to the
systems, applications and organizational data can undermine the organization's
violations of federal or state mandates and laws can
lead to major . potential to impact the
organization
organization
ISOL 533 - InfoSecurity & Risk
Management University of the Cumberlands
ISOL 533 - InfoSecurity & Risk
Management University of the Cumberlands
ISOL 533 - InfoSecurity & Risk
Management University of the Cumberlands
organization
ISOL 533 - InfoSecurity & Risk
Management University of the Cumberlands
central respoitory accessible via the
orporate
ISOL 533 - InfoSecurity & Risk
Management Uni.
This document discusses risk management methodology presented by Pawel Nowicki at the TEMPUS MEETING KRAGUJEVAC 2015. It outlines the key steps in risk management methodology, including risk identification, analysis, assessment, and registration. Risk identification involves identifying strategic and operational risks through top-down and bottom-up approaches. Risk analysis determines the causes and effects of risks, separates low and high risks, and evaluates the relationship between impact, probability, and existing control mechanisms. Spot risk assessment considers risks both with and without existing control measures to demonstrate the effectiveness of controls.
The document outlines a risk management policy and procedure for an organization. It defines risk management as identifying and managing risks in a systematic way to avoid negative impacts. It details a six step process for risk management: 1) analyze the organizational context, 2) identify risks, 3) evaluate risks, 4) manage risks, 5) develop a risk management plan, and 6) monitor and review risks. All employees and management are responsible for risk identification and mitigation, while specific roles in the process are assigned to program supervisors, managers, and the management committee.
The document summarizes an internal auditor's workshop on using audits as a risk management tool. It includes the following:
- An overview of the risk management process including identifying risks, assessing and measuring risks, responding to risks, designing and testing controls, and continuously improving risk management.
- The three lines of defense in risk management - operational management owns risk management as the first line, risk management and compliance functions provide oversight as the second line, and internal audit provides independent assurance as the third line.
- Key aspects of the risk management process including governance, people, processes, and technology as well as identifying risks, assessing risks, developing risk response strategies, and monitoring risks.
This document provides information about a project submitted by Lenin Jeyakumar, a student at Vivek College of Commerce in Mumbai, India. The project is about disaster management and was submitted in 2015-2016 for a Master's in Commerce program. It includes a title page, certificate from the project guide, a declaration by the student, acknowledgements, an index of topics, and the beginning of the first chapter which provides an introduction to strategic management and disaster management.
Risk management is important for public sector organizations to address uncertainties and help achieve objectives. There are challenges like balancing priorities across different services with increased public involvement. A successful risk management program looks at operational, strategic, corporate and performance aspects holistically. It is important to distinguish between operational risks affecting short term goals and strategic risks impacting long term objectives.
The document provides a summary of Mpact's risk management review for 2015. It discusses the company's enterprise risk management framework and processes. Key risks identified include supply shortages, energy/water costs and reliability, equipment failures, and labor issues. Mitigation strategies are outlined for each risk. The Risk Management Committee and Audit and Risk Committee oversee risks, while business units are responsible for risk assessment and management. Material risks are regularly reported to committees and the Board.
Risk Management Following are the main risks that Itrustu In.pdfadaacollections
Risk Management
Following are the main risks that Itrustu Insurance plans for mitigating against:
- Cyber threats (hacking, spam or fraud, malware, ransomware, phishing, confidentiality, data or
Identity theft and others)
- Loss of IT, telephony and/or network communications for longer than one day
-Flood that causes denial of access to a building
- Loss of power
- Snow storm
The risk UT has not been anticipating in their Risk Management plan is pandemic
Risk Management plan In Pandemic
COVID-19 has changed the world and organizations need to upscale with the changing face of the
world. Organizations not only needed to provide quick response and increase the availability of
resources but should be able to incorporate the new NORMAL into their operations resiliently.
The Pandemic has shifted all eyes to RM professionals and all the executives are looking for
answers. This the real test of your Risk Management plan and response, do you have your
processes automated, integrated work plans, communications and reporting that scale globally?
On top of the current COVID-19 pandemic, the threat of a cyber-attack, natural disasters and
breaches caused by third-party vendors are still growing. Its not enough to demonstrate you have
a plan but to proof that it will work. The role of the Risk Management plan has evolved, and you
must evolve with it.
As you know , COVID-19 has been reported almost every single country across the globe. Itrustu
is trying its best to come up with a comprehensive Risk Management plan and are working hard to
develop a crisis leadership team responsible for pandemic plan implementation. The team should
have representatives from the executive leadership and from each functional area in the
organization including account management, business operations, communications, sales, human
resources, marketing and last but not least the IT department.
Top Ten Risks to Insurers
Below is the list of the most critical risks identified by insurance companies in a recent survey:
1. Cybersecurity and cybercrime
2. Disruptive technology
3. Pricing and product line profit
4. Legislative and regulatory
5. IT/systems and tech gap
6. Interest rate change
7. Competition
8. Natural catastrophe
9. Climate change
10. Emerging risks (such as pandemic)
The Main ITRUSTU Insurance Products
1. Car insurance
2. Travel insurance
3. Life insurance
4. Pension plans
5. Motorcycles RVs insurance
6 . Home Condo Renter insurance
To complete a Risk Management plan for an insurance company five elements must be
investigated.
1. People
2. Buildings/ infrastructures
3. Information
4. Technology
5. Suppliers
The risk of unavailability of each of these elements must be analyzed and probabilities must be
assigned to each of the threats.
Template 5: Risk Response
Undertaking the evaluation of the risk consequences for each of the significant risks and recording
the results in Template 4 will enable the organization to decide what, if any, further actions are
required. Tem.
Similar to TLP-RiskMgmt-Compliance-PelitaVisit-18062013 (20)
Turnaround Risk Assessment (TARA): comprehensive operational workflow in gauging People, Environment, Asset, Reputation and Legal (P.E.A.R.L) prior to a scheduled shutdown of a remote facility for scheduled maintenance and specific scope of work approved by Top Management and Client.
RBCDexia-2009-GlobalOrgChart-RiskMgmt-ComplianceYusof Mohd
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms for those who already suffer from conditions like depression and anxiety.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
The document provides information about an upcoming executive education short course on applied economics. It will be a 2-day workshop taught by Dr. Yeah Kim Leng, Dean of the School of Business at Malaysia University of Science and Technology. The workshop will provide senior executives and analysts with practical tools for economic analysis and help them better understand and monitor economic trends and issues. Participants will learn key economic concepts and indicators, practice data analysis, and build their own economics dashboard to enhance business planning. The interactive course uses presentations, case studies, and exercises to illustrate principles of economic analysis.
The Rise and Fall of Ponzi Schemes in America.pptxDiana Rose
Ponzi schemes, a notorious form of financial fraud, have plagued America’s investment landscape for decades. Named after Charles Ponzi, who orchestrated one of the most infamous schemes in the early 20th century, these fraudulent operations promise high returns with little or no risk, only to collapse and leave investors with significant losses. This article explores the nature of Ponzi schemes, notable cases in American history, their impact on victims, and measures to prevent falling prey to such scams.
Understanding Ponzi Schemes
A Ponzi scheme is an investment scam where returns are paid to earlier investors using the capital from newer investors, rather than from legitimate profit earned. The scheme relies on a constant influx of new investments to continue paying the promised returns. Eventually, when the flow of new money slows down or stops, the scheme collapses, leaving the majority of investors with substantial financial losses.
Historical Context: Charles Ponzi and His Legacy
Charles Ponzi is the namesake of this deceptive practice. In the 1920s, Ponzi promised investors in Boston a 50% return within 45 days or 100% return in 90 days through arbitrage of international reply coupons. Initially, he paid returns as promised, not from profits, but from the investments of new participants. When his scheme unraveled, it resulted in losses exceeding $20 million (equivalent to about $270 million today).
Notable American Ponzi Schemes
1. Bernie Madoff: Perhaps the most notorious Ponzi scheme in recent history, Bernie Madoff’s fraud involved $65 billion. Madoff, a well-respected figure in the financial industry, promised steady, high returns through a secretive investment strategy. His scheme lasted for decades before collapsing in 2008, devastating thousands of investors, including individuals, charities, and institutional clients.
2. Allen Stanford: Through his company, Stanford Financial Group, Allen Stanford orchestrated a $7 billion Ponzi scheme, luring investors with fraudulent certificates of deposit issued by his offshore bank. Stanford promised high returns and lavish lifestyle benefits to his investors, which ultimately led to a 110-year prison sentence for the financier in 2012.
3. Tom Petters: In a scheme that lasted more than a decade, Tom Petters ran a $3.65 billion Ponzi scheme, using his company, Petters Group Worldwide. He claimed to buy and sell consumer electronics, but in reality, he used new investments to pay off old debts and fund his extravagant lifestyle. Petters was convicted in 2009 and sentenced to 50 years in prison.
4. Eric Dalius and Saivian: Eric Dalius, a prominent figure behind Saivian, a cashback program promising high returns, is under scrutiny for allegedly orchestrating a Ponzi scheme. Saivian enticed investors with promises of up to 20% cash back on everyday purchases. However, investigations suggest that the returns were paid using new investments rather than legitimate profits. The collapse of Saivian l
Dr. Alyce Su Cover Story - China's Investment Leadermsthrill
In World Expo 2010 Shanghai – the most visited Expo in the World History
https://www.britannica.com/event/Expo-Shanghai-2010
China’s official organizer of the Expo, CCPIT (China Council for the Promotion of International Trade https://en.ccpit.org/) has chosen Dr. Alyce Su as the Cover Person with Cover Story, in the Expo’s official magazine distributed throughout the Expo, showcasing China’s New Generation of Leaders to the World.
New Visa Rules for Tourists and Students in Thailand | Amit Kakkar Easy VisaAmit Kakkar
Discover essential details about Thailand's recent visa policy changes, tailored for tourists and students. Amit Kakkar Easy Visa provides a comprehensive overview of new requirements, application processes, and tips to ensure a smooth transition for all travelers.
Vicinity Jobs’ data includes more than three million 2023 OJPs and thousands of skills. Most skills appear in less than 0.02% of job postings, so most postings rely on a small subset of commonly used terms, like teamwork.
Laura Adkins-Hackett, Economist, LMIC, and Sukriti Trehan, Data Scientist, LMIC, presented their research exploring trends in the skills listed in OJPs to develop a deeper understanding of in-demand skills. This research project uses pointwise mutual information and other methods to extract more information about common skills from the relationships between skills, occupations and regions.
A toxic combination of 15 years of low growth, and four decades of high inequality, has left Britain poorer and falling behind its peers. Productivity growth is weak and public investment is low, while wages today are no higher than they were before the financial crisis. Britain needs a new economic strategy to lift itself out of stagnation.
Scotland is in many ways a microcosm of this challenge. It has become a hub for creative industries, is home to several world-class universities and a thriving community of businesses – strengths that need to be harness and leveraged. But it also has high levels of deprivation, with homelessness reaching a record high and nearly half a million people living in very deep poverty last year. Scotland won’t be truly thriving unless it finds ways to ensure that all its inhabitants benefit from growth and investment. This is the central challenge facing policy makers both in Holyrood and Westminster.
What should a new national economic strategy for Scotland include? What would the pursuit of stronger economic growth mean for local, national and UK-wide policy makers? How will economic change affect the jobs we do, the places we live and the businesses we work for? And what are the prospects for cities like Glasgow, and nations like Scotland, in rising to these challenges?
University of North Carolina at Charlotte degree offer diploma Transcripttscdzuip
办理美国UNCC毕业证书制作北卡大学夏洛特分校假文凭定制Q微168899991做UNCC留信网教留服认证海牙认证改UNCC成绩单GPA做UNCC假学位证假文凭高仿毕业证GRE代考如何申请北卡罗莱纳大学夏洛特分校University of North Carolina at Charlotte degree offer diploma Transcript
South Dakota State University degree offer diploma Transcriptynfqplhm
办理美国SDSU毕业证书制作南达科他州立大学假文凭定制Q微168899991做SDSU留信网教留服认证海牙认证改SDSU成绩单GPA做SDSU假学位证假文凭高仿毕业证GRE代考如何申请南达科他州立大学South Dakota State University degree offer diploma Transcript
[4:55 p.m.] Bryan Oates
OJPs are becoming a critical resource for policy-makers and researchers who study the labour market. LMIC continues to work with Vicinity Jobs’ data on OJPs, which can be explored in our Canadian Job Trends Dashboard. Valuable insights have been gained through our analysis of OJP data, including LMIC research lead
Suzanne Spiteri’s recent report on improving the quality and accessibility of job postings to reduce employment barriers for neurodivergent people.
Decoding job postings: Improving accessibility for neurodivergent job seekers
Improving the quality and accessibility of job postings is one way to reduce employment barriers for neurodivergent people.
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Madhya Pradesh, the "Heart of India," boasts a rich tapestry of culture and heritage, from ancient dynasties to modern developments. Explore its land records, historical landmarks, and vibrant traditions. From agricultural expanses to urban growth, Madhya Pradesh offers a unique blend of the ancient and modern.
Independent Study - College of Wooster Research (2023-2024) FDI, Culture, Glo...AntoniaOwensDetwiler
"Does Foreign Direct Investment Negatively Affect Preservation of Culture in the Global South? Case Studies in Thailand and Cambodia."
Do elements of globalization, such as Foreign Direct Investment (FDI), negatively affect the ability of countries in the Global South to preserve their culture? This research aims to answer this question by employing a cross-sectional comparative case study analysis utilizing methods of difference. Thailand and Cambodia are compared as they are in the same region and have a similar culture. The metric of difference between Thailand and Cambodia is their ability to preserve their culture. This ability is operationalized by their respective attitudes towards FDI; Thailand imposes stringent regulations and limitations on FDI while Cambodia does not hesitate to accept most FDI and imposes fewer limitations. The evidence from this study suggests that FDI from globally influential countries with high gross domestic products (GDPs) (e.g. China, U.S.) challenges the ability of countries with lower GDPs (e.g. Cambodia) to protect their culture. Furthermore, the ability, or lack thereof, of the receiving countries to protect their culture is amplified by the existence and implementation of restrictive FDI policies imposed by their governments.
My study abroad in Bali, Indonesia, inspired this research topic as I noticed how globalization is changing the culture of its people. I learned their language and way of life which helped me understand the beauty and importance of cultural preservation. I believe we could all benefit from learning new perspectives as they could help us ideate solutions to contemporary issues and empathize with others.
Independent Study - College of Wooster Research (2023-2024) FDI, Culture, Glo...
TLP-RiskMgmt-Compliance-PelitaVisit-18062013
1. RISK
MANAGEMENT &
COMPLIANCE
S A F E |
E F F I C I E N T |
R E L I A B L E |
_________________________________________________________
PELITA’s Visit
Sharing Experience with
TLP’s Risk Management & Compliance, SHE,
Business Development & Marine Departments
18 June 2013
2. Page 2
S A F E |
E F F I C I E N T |
R E L I A B L E |
PELITA’s Visit Programme
_________________________________________________________
Safety Briefing by En. Muzafar Abbas,
Senior Executive SHE
Presentation by TLP’s Risk Management &
Compliance
Discussion and Q&A
Site Visits: Liquid Jetty, Dry Cargo Wharf &
Port Area
Lunch
10:00 AM – 10:15 AM
10:15 AM – 11:00 AM
11:00 AM – 11:15 AM
11:15 AM – 12:00 PM
1
2
3
4
5
12:00 PM – 14:00 PM
3. Page 3
S A F E |
E F F I C I E N T |
R E L I A B L E |
Agenda
_________________________________________________________
Overview on TLP:
Transforming Tg Langsat Into
An Oil & Gas Hub In The Region
TLP’s Enterprise Risk Management (“ERM”)
Business Strategies
KPI
Governance Organisational Model
Supervising Structure
Risk by Definition
Risk Event, Cause & Effect
Risk Analysis
Risk Evaluation & Treatment
Lesson Learnt & PAGEMA-TLP Drill 3-Minute Video
1
2
3
4. Page 4
S A F E |
E F F I C I E N T |
R E L I A B L E |
ISO 31000: Risk Management Process
_________________________________________________________
Establishing the context
Risk Identification
Risk Analysis
Risk evaluation
Risk treatment
Communication
&
Consultation
Monitoring &
Review
Risk Assessment
5. Page 5
S A F E |
E F F I C I E N T |
R E L I A B L E |
Establishing Context:
JCORP–TLPBusiness StrategiesAlignment
_________________________________________________________
• A state investment corporation contributing to
state and national economic growth through an
efficient and effective business entity while
upholding the community interest.
• Upholding position as a business entity that
spearheads and controls market, competitive,
profit‐motivated and recognized.
• A catalyst to sustainable business growth which
will further create success in fulfilling its
obligation as a state investment corporation.
• Contributing and adding values to the well‐being
of the community through business success as
well as Corporate Social Responsibility
undertakings.
• To be the premier specialised
port in the region
• To serve as the main gateway
for Tanjung Langsat Industrial
Complex
• TLP as a Catalyst of IRDA’s Oil
& Gas Industry gowth
6. Page 6
S A F E |
E F F I C I E N T |
R E L I A B L E |
Establishing Context:
TLP’s Key Performance Indicators
_________________________________________________________
NO
KPIs 2013’s KPIs
THRUST
2012 2013 TARGET REMARKS
1. EBITDA: RM10 million EBITDA: RM30 million
Port Activities
&
Land Sales
RM13.1
million in
2012.
FINANCIAL
(Sustainability /
Opportunity Loss)
2.
Handling of Liquid
Cargoes:
4 million m3 /year
Handling of Liquid
Cargoes :
10 million m³/year
Port Facilities
&
Vessel
Turnaround
7.87 million
m³ in 2012.
Increase of
27%.
OPERATION
(Efficiency: Berth
Utilisation Rate)
3.
Handling of Dry
Cargoes:
60,000 MT/year
Handling of Dry
Cargoes:
300,000 MT/year
Throughput
&
Outsourcing
240,000 MT
in 2012.
Increase of
25%.
OPERATION
(Efficiency: Berth
Utilisation Rate)
4.
Re-commissioning of
TLPOT
Re-commissioning/
disposal of Tanjung
Langsat Port Oil
Terminal (TLPOT)
July 2013 FINANCIAL/OPERATION/
RESOURCES DAMAGE
5.
To obtain Federal Govt
Grant for additional 2
jetties
Development of
Marine Supply Base
July 2013
Signing of JV
agreement.
STAKEHOLDERS’
RELATIONSHIPS
7. Page 7
S A F E |
E F F I C I E N T |
R E L I A B L E |
ISO 31000: Risk Management Process
_________________________________________________________
Establishing the context
Risk Identification
Risk Analysis
Risk evaluation
Risk treatment
Communication
&
Consultation
Monitoring &
Review
Risk Assessment
8. Page 8
S A F E |
E F F I C I E N T |
R E L I A B L E |
Communication & Consult:
Governance Organisational Model
_________________________________________________________
Executive Director
Risk Management & Compliance
(execution of Legal Risk Review Supports, Risk Management Process and Oversight,
Monitoring & Reporting)
AssetPeople Environment
Safety, Health &
Environment
(SHE) Risk
Ownership
Operations /
Marine Risk
Ownership
Commercial /
Financial Risk
Ownership Risk Support
Internal and Regulatory Reporting
(provide mandate and guidance for Risk Management & Governance)
Chief Financial Officer
Reputation
Strategic/
Reputational
Risk Ownership
Chief Operating Officer
JCORP
Stakeholder Engagement
Security Risk
Ownership
Technical & Project
Development Risk
Ownership
Board of Directors
Tanjung Langsat Port Sdn Bhd
9. Page 9
S A F E |
E F F I C I E N T |
R E L I A B L E |
Monitoring & Review:
Supervising Structure
_________________________________________________________
Risk Management
&
Compliance
Legal Risk Review
& Supports
Risk
Management
Process
Oversight
Monitoring &
Reporting
Licensing / Certification
Contract / Commitment /
Agreement / SLA
Policy / SOP / Operating
Procedure / Standard of Best
Practice
Legal Coordination
Risk Assessment
Risk Registers
Project Risk Assessment &
Register
JCIA (KRIS) Coordination
Verification Audit
Incident / Dashboard
Reporting
Programme Management
Stakeholders Compliance
Facilitation
Post
Contract
YieldEfficiency
Pre
Contract
Tanjung Langsat Port Sdn Bhd
10. Page 10
S A F E |
E F F I C I E N T |
R E L I A B L E |
ISO 31000: Risk Management Process
_________________________________________________________
Establishing the context
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Communication
&
Consultation
Monitoring &
Review
Risk Assessment
11. Page 11
S A F E |
E F F I C I E N T |
R E L I A B L E |
_________________________________________________________
Term Objectives/Definitions
Risk
Risk is best expressed in terms of three components: Event, Cause and Effect. This may be illustrated by a simple
example, a worm virus as follows:‐
Risk Event – a virus enters your computer;
Cause – the external cause is a hacker and the internal cause is a lack of current virus protection
software;
Effect – computer software fails, data is lost, with potential financial and non‐financial consequences.
Risk is often characterised by two components namely, Likelihood (Frequency) and Impact (Consequences);
RISK = LIKELIHOOD X CONSEQUENCE
= Frequency Impact
with which an event is X of the event’s outcome to
anticipated occur
In summary, risk is defined as;
The potential for loss, either directly through the loss of People, Environment, Asset and Reputation
and/or
Indirectly through the imposition of uncontrollable constraints on an organisation’s ability to meet its
business objectives;
Additionally, Risk is also the probability of harmful consequences, or expected losses (death, injuries,
property, livelihoods, economic activity disrupted or environment damaged) resulting from interactions
between natural or human‐induced hazards and vulnerable conditions;
RiskAssessment:
Risk Identification – Risk by Definition
12. Page 12
S A F E |
E F F I C I E N T |
R E L I A B L E |
RiskAssessment:
Risk Identification – Risk Event, Cause & Effect
_________________________________________________________
CAUSE
Tripped
(Fell)
RISK EVENT
Men
Overboard
EFFECT
Fatality
(Drowning)
13. Page 13
S A F E |
E F F I C I E N T |
R E L I A B L E |
ISO 31000: Risk Management Process
_________________________________________________________
Establishing the context
Risk Identification
Risk Analysis
Risk evaluation
Risk treatment
Communication
&
Consultation
Monitoring &
Review
Risk Assessment
14. Page 14
S A F E |
E F F I C I E N T |
R E L I A B L E |
_________________________________________________________
Term Objectives/Definitions
Risk
Risk is best expressed in terms of three components: Event, Cause and Effect. This may be illustrated by a simple
example, a worm virus as follows:‐
Risk Event – a virus enters your computer;
Cause – the external cause is a hacker and the internal cause is a lack of current virus protection
software;
Effect – computer software fails, data is lost, with potential financial and non‐financial consequences.
Risk is often characterised by two components namely, Likelihood (Frequency) and Impact (Consequences);
RISK = LIKELIHOOD X CONSEQUENCE
= Frequency Impact
with which an event is X of the event’s outcome to
anticipated occur
In summary, risk is defined as;
The potential for loss, either directly through the loss of People, Environment, Asset and Reputation
and/or
Indirectly through the imposition of uncontrollable constraints on an organisation’s ability to meet its
business objectives;
Additionally, Risk is also the probability of harmful consequences, or expected losses (death, injuries,
property, livelihoods, economic activity disrupted or environment damaged) resulting from interactions
between natural or human‐induced hazards and vulnerable conditions;
RiskAssessment:
RiskAnalysis – Risk by Definition
15. Page 15
S A F E |
E F F I C I E N T |
R E L I A B L E |
RiskAssessment:
RiskAnalysis – Risk Likelihood Rating Scale
_________________________________________________________
RATING DESCRIPTOR RATING DESCRIPTION
(1)
Almost Never / Rare
Probability – 10% or less probability of Risk Event happening; or
Risk Event happens Once (1) in 20 years; or
Risk Event might happen only in exceptional circumstances and has never happened in the industry
(2)
Unlikely
Probability – between 11% and 30% probability of Risk Event happening; or
Risk Event happens Once (1) in 10 years; or
Risk Event could happen in the ENTITY or has happened in the industry
(3)
Moderate / Possible
Probability – between 31% and 60% probability of Risk Event happening; or
Risk Event happens Once (1) in a year; or
Risk Event might occur at some time and has happened in ENTITY
(4)
Likely
Probability – between 61% and 80% probability of Risk Event happening; or
Risk Event happens 1 to 5 times a year; or
Probably happen in many circumstances and has happened several times in ENTITY
(5)
Almost Certain / Common
Probability – 81% - 100% probability of Risk Event happening; or
Risk Event happens more than 6 events a year; or
Risk Event expected to happen in most circumstances and has happened several times in ENTITY
Notes Description
A
Matrix above offer guidelines on factors to be considered. An element of judgment based on relevant
knowledge and experience is critical in arriving at the final rating.
B
Factors that need to be considered are:‐
Anticipated frequency / history of previous Risk Events against industry norm;
Effectiveness of existing preventive controls in place – policy, procedures, system & skills;
Working environment – staff commitment, morale & attitude
16. Page 16
S A F E |
E F F I C I E N T |
R E L I A B L E |
RiskAssessment:
RiskAnalysis–RiskConsequences/ImpactRatingScale
_________________________________________________________
CONSEQUENCES /
IMPACT
FACTOR
(1)
INSIGNIFICANT
(2)
MINOR
(3)
MODERATE
(4)
MAJOR
(5)
CATASTROPHIC / EXTREME
People
(HEALTH & SAFETY)
Possible very minor injuries with
minimal treatment (e.g. bruise); OR
Injuries but requiring first aid
treatment; OR
Near-misses;
Single slight injuries with first
aid/medical treatment; OR
No effects to work performance; OR
No disability
Multiple minor or single major injury
(requiring more than first aid); OR
Extensive medical treatment required;
OR
Affecting work performance; OR
Limited health effects that are curable;
OR
Loss-Time-Injury (LTI);
Severe injury and/or multiple major injuries
(requiring hospitalisation) and/or single
fatality; OR
Permanent partial disability; OR
Extensive injuries that effect productivity; OR
Long-term effects on work performance; OR
Incurable health damage without fatality
Multiple accidental fatalities; OR
Permanent occupational illnesses
Environment
No or negligible environment impact;
OR
Tier 1 may be declared but criteria not
necessarily met*
Small spill or contamination with no
significant impact; OR
Tier 1 to Tier 2 breaches (small
operational spill or contamination)*;
OR
Single complaint or violation of
statutory or prescribed limits
Some environmental damage and spill
can be limited within the immediate
incident area; OR
Limited loss of discharge of known
toxicity; OR
Tier 2 spill criteria breached, capable
of being limited to immediate area
within harbour or port zone; OR
Affecting/Encroaching neighbourhood
area
Major environmental impacts with releases of
hazardous or polluting substances with the
potential of spreading outside port boundary;
OR
Chemical spillage or gas release; OR
Low Tier 3 criteria breached, with pollution
outside harbour or port zone expected*; OR
Potential loss of environmental amenity; OR
Extensive measures required to restore
contaminated environment; OR
Extended violation of statutory or prescribed
limits
Extreme environmental impact with
major releases of hazardous or
polluting substances with significant
threat to environmental amenity; OR
Persistent severe environmental
damage; OR
Nuisance over a large area; OR
Would inhibit the business operation
from functioning for medium or long
term period; OR
Major economic loss for the company
in terms of commercial or recreational
use or nature conservancy
Asset
RESOURCES
DAMAGE
Repair on asset at no cost; OR
Equipment can be back online without
disruptions to operations; OR
Insignificant damage to
vessel/wharf/jetty and no missed
voyages;
Minor repair on the asset with minor
cost; OR
Individual equipment needs to be
brought down; OR
Brief disruptions to singular/multiple
process/system unit; OR
Minor damage to vessel/wharf/jetty
and operational disruption and no
missed voyages;
Damage on asset has to be repaired
with high cost; OR
Collateral damage incurred by
surrounding equipment; OR
Shutdown of single process/system
unit; OR
Damage to vessel/wharf/jetty with
longer operational disruption and
financial loss;
Major repair required on the asset with very
high cost; OR
Extensive collateral damage incurred by
surrounding equipment; OR
Shutdown of all process/ system units in
facility; OR
Major damage to vessel/wharf/jetty with major
operational disruption and missed voyages;
Huge repair with huge cost required;
OR
Collateral damage extending beyond
facility boundaries; OR
Loss of vessel, total damage to
wharf/jetty with potential port
closure/navigational disruption over an
extended period;
FINANCIAL/
OPPORTUNITY
LOSS
Low financial loss – Less than
RM50,000; OR
2% of company sales; OR
Whichever is the lower amount
Medium financial loss – between
RM50,000 and RM250,000; OR
>2% - 5% of company sales; OR
Whichever is the lower amount
High financial loss – between
RM250,001 and RM1mil; OR
>5% - 15% of company sales; OR
Whichever is the lower amount
Major financial loss – between RM1mil to
RM2.5mil; OR
>15% - 25% of company sales; OR
Whichever is the lower amount
Huge financial loss – More than
RM2.5mil; OR
More than 25% of company sales; OR
Whichever is the lower amount
OPERATION
It would have little or no impact on
business operation; OR
No disruptions to operations
It would have minor impact on
business operation and can be
managed; OR
Brief disruptions to operations
Will affect the business operation.
Significant management time and cost
is required to manage or avoid it; OR
Partial shutdown (restart possible)
The business operation seriously affected for
short or medium term period; OR
Partial loss of operations (2weeks shutdown)
Would inhibit the business operation
from functioning for medium or long
term period; OR
Substantial or total loss of operation
Reputation SECURITY
Detrimental to customer/port
community confidence
Detrimental to assets, infrastructure,
utility and cargo security; AND/OR
Likely to cause limited disruption to an
individual asset, infrastructure or
organisation
Detrimental to the environment and/or
economic function of the port;
AND/OR
Likely to cause sustained port-wide &
facility disruption; AND/OR
Significant economic loss; AND/OR
Damage to state AND national
prestige
Detrimental to public safety and/or national
prestige; AND/OR
Serious injuries; AND/OR
Likely to cause significant environmental
damage and/or localised public health and
safety
Detrimental to security and safety;
AND/OR
Likely to cause loss of life; AND/OR
Create widespread danger to public
health and safety
17. Page 17
S A F E |
E F F I C I E N T |
R E L I A B L E |
RiskAssessment:
RiskAnalysis – Risk Level Rating Scale
_________________________________________________________
Level Descriptor Action
5 Severe
Risk Level resulted in management effort that is unable to prevent collapse
(e.g. BOARD)
16 – 25
Must be managed by top management with detail action plan
4 Major
Risk Level require extraordinary management effort
(e.g. CEO)
5 – 15
Senior management input or attention is required
3 Significant
Risk Level require additional management effort
(e.g. COO, CFO)
4 – 12
The risk must be managed and monitored by management
2 Minor
Risk Level can be absorbed with some management effort
(e.g. Manager, Senior Manager)
3 – 8
Managed by routine procedures or the risk may be worth accepting with
monitoring
1 Trivial
Risk Level can be absorbed at operating level
(e.g. Supervisor)
1 – 4
Unlikely to need specific application of resources or may accept risk
18. Page 18
S A F E |
E F F I C I E N T |
R E L I A B L E |
RiskAssessment:
RiskAnalysis – Risk Level Rating Matrix
_________________________________________________________
Consequences
→
Likelihood
↓
Insignificant
1
Minor
2
Moderate
3
Major
4
Catastrophic /
Extreme
5
Almost Certain
/ Common
5
Minor
Risk Level can be absorbed
with some management effort
(e.g. Manager, Senior
Manager)
5
Significant
Risk Level require additional
management effort (e.g. COO,
CFO)
10
Major
Risk Level require
extraordinary management
effort (e.g. CEO)
15
Severe
Risk Level resulted in
management effort that is
unable to prevent collapse
(e.g. BOARD)
20
Severe
Risk Level resulted in
management effort that is
unable to prevent collapse
(e.g. BOARD)
25
Likely
4
Minor
Risk Level can be absorbed
with some management effort
(e.g. Manager, Senior
Manager)
4
Minor
Risk Level can be absorbed
with some management effort
(e.g. Manager, Senior
Manager)
8
Significant
Risk Level require additional
management effort (e.g. COO,
CFO)
12
Severe
Risk Level resulted in
management effort that is
unable to prevent collapse
(e.g. BOARD)
16
Severe
Risk Level resulted in
management effort that is
unable to prevent collapse
(e.g. BOARD)
20
Moderate
/ Possible
3
Trivial
Risk Level can be absorbed at
operating level (e.g.
Supervisor)
3
Minor
Risk Level can be absorbed
with some management effort
(e.g. Manager, Senior
Manager)
6
Significant
Risk Level require additional
management effort (e.g. COO,
CFO)
9
Significant
Risk Level require additional
management effort (e.g. COO,
CFO)
12
Major
Risk Level require
extraordinary management
effort (e.g. CEO)
15
Unlikely
2
Trivial
Risk Level can be absorbed at
operating level (e.g.
Supervisor)
2
Trivial
Risk Level can be absorbed at
operating level (e.g.
Supervisor)
4
Minor
Risk Level can be absorbed
with some management effort
(e.g. Manager, Senior
Manager)
6
Significant
Risk Level require additional
management effort (e.g. COO,
CFO)
8
Major
Risk Level require
extraordinary management
effort (e.g. CEO)
10
Almost Never
/ Rare
1
Trivial
Risk Level can be absorbed at
operating level (e.g.
Supervisor)
1
Trivial
Risk Level can be absorbed at
operating level (e.g.
Supervisor)
2
Minor
Risk Level can be absorbed
with some management effort
(e.g. Manager, Senior
Manager)
3
Significant
Risk Level require additional
management effort (e.g. COO,
CFO)
4
Major
Risk Level require
extraordinary management
effort (e.g. CEO)
5
19. Page 19
S A F E |
E F F I C I E N T |
R E L I A B L E |
ISO 31000: Risk Management Process
_________________________________________________________
Establishing the context
Risk Identification
Risk Analysis
Risk Evaluation
Risk Treatment
Communication
&
Consultation
Monitoring &
Review
Risk Assessment
20. Page 20
S A F E |
E F F I C I E N T |
R E L I A B L E |
_________________________________________________________
Term Objectives/Definitions
Risk
Risk is best expressed in terms of three components: Event, Cause and Effect. This may be illustrated by a simple
example, a worm virus as follows:‐
Risk Event – a virus enters your computer;
Cause – the external cause is a hacker and the internal cause is a lack of current virus protection
software;
Effect – computer software fails, data is lost, with potential financial and non‐financial consequences.
Risk is often characterised by two components namely, Likelihood (Frequency) and Impact (Consequences);
RISK = LIKELIHOOD X CONSEQUENCE
= Frequency Impact
with which an event is X of the event’s outcome to
anticipated occur
In summary, risk is defined as;
The potential for loss, either directly through the loss of People, Environment, Asset and Reputation
and/or
Indirectly through the imposition of uncontrollable constraints on an organisation’s ability to meet its
business objectives;
Additionally, Risk is also the probability of harmful consequences, or expected losses (death, injuries,
property, livelihoods, economic activity disrupted or environment damaged) resulting from interactions
between natural or human‐induced hazards and vulnerable conditions;
RiskAssessment:
Risk Evaluation &Treatment – Risk by Definition
21. Page 21
S A F E |
E F F I C I E N T |
R E L I A B L E |
RiskAssessment:
Risk Evaluation – Absolute Risk Level Rating Matrix
_________________________________________________________
22. Page 22
S A F E |
E F F I C I E N T |
R E L I A B L E |
RiskAssessment:
Risk Evaluation & (Treatment) – Current Risk Level Rating
Matrix_________________________________________________________
23. Page 23
S A F E |
E F F I C I E N T |
R E L I A B L E |
RiskTreatment:
Residual Risk Level Rating Matrix
_________________________________________________________
24. Page 24
S A F E |
E F F I C I E N T |
R E L I A B L E |
Lesson Learnt & PAGEMA-TLPDrill 2012
_________________________________________________________
Lesson Learnt
Lesson Learnt
Men
Overboard
PAGEMA‐TLP
Drill 2012
Corporate
Video
25. RISK
MANAGEMENT &
COMPLIANCE
S A F E |
E F F I C I E N T |
R E L I A B L E |
_________________________________________________________
End of Programme
PELITA’s VISIT
Enterprise Risk Management (“ERM”)