SlideShare ist ein Scribd-Unternehmen logo

A Practical Approach to Strategic Risk Management

•
•
Hany Farouk
Hany Farouk

This document provides an overview of Part One of a three-part training program on strategic risk management. It discusses key concepts in risk management including identifying risks, assessing their likelihood and impact, prioritizing risks, and developing mitigation strategies. A risk inventory template is also presented to catalog identified risks. Participants are encouraged to consider how they would implement strategic risk management in their own work areas to improve decision-making and better achieve organizational objectives.

Leadership & Management
1 von 33
Downloaden Sie, um offline zu lesen
A Practical Approach to Strategic Risk Management Part One of a three-part Strategic Risk Management training program Katharine Hullinger, ARM Risk Manager California State University Channel Islands Revised 3/13/2018 Part One
The only alternative to risk management is crisis management --- and crisis management is much more expensive, time consuming and embarrassing. JAMES LAM, Enterprise Risk Management, Wiley Finance Š 2003 Risk management means more than preparing for the worst; it also means taking advantage of opportunities to improve services or lower costs. Sheila Fraser, Auditor General of Canada
Keep it simple 3
Outline  Objectives of Part One  Conversation Starters  A Quick Risk Exercise  Principles and Basics  Why SRM?  The Risk Inventory Tool/template  Considerations Back at the Office  Q &A
A Practical Approach to Strategic Risk Management (SRM) Training Components Introduction to SRM Participant Outcomes  Introduction to the risk management process and terminologies  Introduction to the SRM framework  Introduction to Risk Assessments  Discuss best way to implementation SRM in work area  Clarify roles & responsibilities for SRM  Understanding of risk management process  Understanding of how risk management is already incorporated in day-to-day work  Understanding the reasons for SRM  SRM roles and responsibilities clearly defined  Awareness of SRM tools  Commitment to SRM implementation in area of work  Commitment to continuous risk communication & learning
 Who is accountable for risks?  How do we talk about risk? Do we have a common language in the department, across divisions, across the campus, across the CSU?  Are we taking too much risk? Or not enough?  Are the right people taking the right risks at the right time?  What’s our risk culture? Are we risk-adverse, risk- takers, or somewhere in between? Conversation Starters
A Quick Risk Exercise Identify risks (threats and opportunities) that a cyclist faces in cycling to campus for work. How would you mitigate the threats? How would you maximize the opportunity? Report back
Identifying the risks in cycling Threats:  Injury  Death  Reputation  Financial expense  Damage or theft  Weather Issues Opportunities:  Exercise and good health  Fresh air  Reputation  Financial savings  Role model  Environmental impact
Mitigation strategies for threats associated with cycling  Injury and death – helmet, bright clothes, lights, bell, obey traffic laws, stay alert  Reputation – great biking outfit, change of clothes, openly promote alternative transportation  Financial – inexpensive transportation, avoid traffic citations  Damage or theft – regular maintenance, know the route, avoid obstacles and things that puncture tires, high quality lock  Weather issues – carry filled water bottle, warm/waterproof outerwear and gloves
The Risk Management Principles Risk is the uncertainty that surrounds future events and outcomes. Risk is the expression of the likelihood and impact of any event with the potential to influence the achievement of an organization’s objectives.
Risk Management Basics  Risk (uncertainty) may affect the achievement of objectives.  Effective mitigation strategies and controls can reduce negative risks (threats) or increase opportunities.  Residual risk is the level of risk remaining after applying risk controls.  Acceptance and action should be based on residual risk levels.
Definition of Strategic Risk Management “… a process, effected by an entity's board of directors, management and other personnel, applied in a strategic setting and across the enterprise, designed to identify potential events that may affect the entity, and manage those events within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Source: COSO Enterprise Risk Management – Integrated Framework. 2004. The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
 SRM removes silo-based decision making  SRM becomes embedded in key processes such as strategic, budgeting and project planning  Identify and understand risks that positively or negatively impact the achievement of strategic goals  Evaluate risk priorities and allocate resources strategically  Improve overall risk tolerance Why are we implementing SRM?
 Practice proactivity rather than reactivity  Identify new risk and develop appropriate strategies for mitigating or profiting from it  Establish accountability, transparency and responsibility  Realize programmatic success, defined as implementation and practice throughout the entire organization  Promote a healthy risk culture, where risk is a routine and expected topic of conversation.  Develop a common and consistent approach to addressing risk across the institution
CSUCI has established its Strategic Objectives Establish Objectives
CSUCI 2015-2020 STRATEGIC OBJECTIVES Facilitate Student Success • Provide University access to students who bring diverse perspectives • Provide a mission-driven education that prepares students for individual success • Provide support for degree completion Provide High Quality Education • Hire and support quality faculty and staff who are committed to the mission of the University • Infuse integrative approaches, community engagement, multicultural learning, and international perspectives into all aspects of learning • Engage undergraduate and graduate students in research and creative activities Realize Our Future • Build infrastructure capacity • Leverage the use of technology • Seek, cultivate, and steward resources, both public and private • Implement collaborative planning and accountability processes
The Risk Inventory Tool
Risk Number Risk Short Name Risk Description Existing Risk Controls/Measures in Place Outcome Impact Likelihood Impact Score Likeli- hood Score Net Score Risk Mitigation Actions Responsibility Cost Estimate Resources Needed Target Date for Completion Mitigation Complete EXAMPLE Access To High Hazard Areas The risk of unauthorized access to hazardous areas outside of normal business hours *Perimeter doors have mechanicallocks that are randomly spot checked by police after normal business hours. *Some buildings with high hazard areas are open to the public, increasing the chances of unauthorizedor accidental access to high hazard areas *Random spot checks not adequate considering the life/safetyrisks in some areas. Serious Likely 4 3 12 *Installation of electronic door locks (proxy cards) will allow 24/7 security control as only authorized users will have access to the area. John Doe $3,000 3/14/2015 1 #N/A #N/A #N/A 2 #N/A #N/A #N/A 3 #N/A #N/A #N/A 4 #N/A #N/A #N/A 5 #N/A #N/A #N/A 6 #N/A #N/A #N/A 7 #N/A #N/A #N/A 8 #N/A #N/A #N/A 9 #N/A #N/A #N/A Identification Assess and Prioritize Take Action – Mitigate or Accept Risk Inventory
Identification of Risk Identify Risks  Financial Risk - unplanned losses or expenses  Service Delivery/Operational Risk - lapses in continuity of operations  HR Risk – Employment practices; retention  Strategic Risk – untapped opportunities  Reputational Risk – damage to relationship with community at large (loss of revenue)  Legal/Compliance Risk – noncompliance with statutory or regulatory obligations  Technology/Privacy Risk – threats to and breaches in IT security  Governance Risk – wide-spread non-compliance with policies and standards  Physical Security/or Hazard Risk – harm or damage to people, property or environment
A B C D E Risk Number Risk Short Name Risk Description Existing Risk Controls/Measures in Place Outcome 1 Access To High Hazard Areas The risk of unauthorized access to hazardous areas outside of normal business hours Perimeter doors have mechanical locks that are randomly spot checked by police after normal business hours. *Some buildings with high hazard areas are open to the public, increasing the chances of unauthorized or accidental access to high hazard areas *Random spot checks not adequate considering the life/safety risks in some areas. 2 Risk #2 3 Risk #3 4 Risk #4 5 Risk #5 6 Risk #6 7 Risk #7 8 Risk #8 9 Risk #9 Identification of Risks – Creating a Risk Inventory
Risk Assessment – Consider Impact and Likelihood to Prioritize Risks Likelihood of a risk event occurring  5 Expected: Is almost certain to occur  4 Highly Likely: Is likely to occur  3 Likely: Is as likely as not to occur  2 Not Likely: May occur occasionally  1 None/Slight: Unlikely to occur Impact - level of damage sustained when a risk event occurs  5 Critical: Threatens the success of the project  4 Serious: Substantial impact on time, cost or quality  3 Moderate: Notable impact on time, cost or quality  2 Minor: Minor impact on time, cost or quality  1 Insignificant: Negligible impact Slide 22 Prioritize
F G H I J Impact Likelihood Impact Score Likeli- hood Score Net Score Serious Likely 4 3 12 #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A Assessing Risks – Considering the Likelihood and Impact Scoring risks Impact: Critical - 5 Serious - 4 Moderate - 3 Minor - 2 Insignificant - 1 Likelihood: Expected - 5 Highly Likely - 4 Likely - 3 Not Likely - 2 None/Slight - 1
Risk Mitigation Actions Responsibility Cost Estimate Resources Needed Target Date for Completion Mitigation Complete *Installation of electronic door locks (proxy cards) will allow 24/7 security control as only authorized users will have access to the area. John Doe $3,000 3/14/2015 Mitigating or Treating Risks – Accept? Alter? Transfer? Decline? K L M N O Take Action
Risk Number Risk Short Name Risk Description Existing Risk Controls/Measures in Place Outcome Impact Likelihood Impact Score Likeli- hood Score Net Score Risk Mitigation Actions Responsibility Cost Estimate Resources Needed Target Date for Completion Mitigation Complete EXAMPLE Access To High Hazard Areas The risk of unauthorized access to hazardous areas outside of normal business hours *Perimeter doors have mechanicallocks that are randomly spot checked by police after normal business hours. *Some buildings with high hazard areas are open to the public, increasing the chances of unauthorizedor accidental access to high hazard areas *Random spot checks not adequate considering the life/safetyrisks in some areas. Serious Likely 4 3 12 *Installation of electronic door locks (proxy cards) will allow 24/7 security control as only authorized users will have access to the area. John Doe $3,000 3/14/2015 1 #N/A #N/A #N/A 2 #N/A #N/A #N/A 3 #N/A #N/A #N/A 4 #N/A #N/A #N/A 5 #N/A #N/A #N/A 6 #N/A #N/A #N/A 7 #N/A #N/A #N/A 8 #N/A #N/A #N/A 9 #N/A #N/A #N/A Identification Assessment Mitigation or Treatment Risk Inventory
Risk Heat Map LIKELIHOOD IMPACT 1 1 2 2 3 3 4 4 5 5 RISK I x L RISK I x L RISK I x L RISK PRIORITIZATION MATRIX
Risk Level Action and Level of Involvement Required Critical Risk  Inform Cabinet  Immediate action required High Risk  Inform division Vice President  Attention is essential to manage risks – provide report to VP as directed Moderate Risk  Inform relevant administrators  Mitigation and ongoing monitoring by managers is required Low Risk  Accept, but monitor risks  Manage by routine procedures within the program or department Risk reporting and communications
Personnel Resources • Average time to fill vacant positions • Staff absenteeism /sick time rates • Percentage of staff appraisals below “satisfactory” • Age demographics of key managers Information Technology • Systems usage versus capacity • Number of system upgrades/version releases • Number of help desk calls Finance • Reporting deadlines missed (#) • Incomplete P&L sign-offs (#, aged) Legal/Compliance • Number and cost of litigated cases • Compliance investigations (#) • Customer complaints (#) Audit • Outstanding high risk issues (no., aged) • Audit findings (no., severity) • Revised target dates for clearing findings (no.) Risk management • Risk Management overrides • Limit Breaches (#, amounts) Monitoring and Reassessing – Examples of Key Risk Indicators Monitor and Reassess
Excellent • Advanced capabilities to identify, measure, manage all risk exposures within tolerances • Advanced implementation, development and execution of SRM parameters • Consistently optimizing risk adjusted returns throughout the organization Strong • Clear vision of risk tolerance and overall risk profile • Risk controls in place for most major risks • Robust processes to identify and prepare for emerging risks • Incorporates risk management and decision making to optimize risk Adequate • Risk controls in place for some of identified major risks • May lack a robust process for identifying and preparing for emerging risks • Performing solid classical “silo” based risk management • No fully developed process to optimize risk opportunities Weak • Incomplete control process for at least major risk • Inconsistent or limited capabilities to identify, measure or manage major risk exposures Monitor, Measure and Report SRM Implementation Progress
Ask questions and develop your approach  Do we understand our major risks? Do we know what is causing our risks to increase, decrease or stay the same?  Have we assessed the likelihood and impact of our risks?  Have we identified the sources and causes of our risks?  How well are we managing our risks?  Are we trying to prevent the downside of risk, or are we seemingly trying to recover from them?
Considerations back at the office  Why is the organization interested in SRM? What are we hoping will be achieved with its implementation?  Who is doing what? Roles and responsibilities must be clearly defined. Leadership must support SRM and use SRM results to when making decisions. Everyone is a risk manager. Make sure that all risks have owners and the responsibilities for mitigation are assigned.  How will it be implemented? What is your framework? How will risks be measured and reported? Who is your champion?  Where will you start? Where you can most easily succeed, or where it is needed the most?  When will it be implemented? SRM is a journey, not a destination; risks should be continually assessed and mitigation methods re-considered. Change is inevitable; recognize new risks and opportunities.
Questions? Thank you for participating!

Empfohlen

Risk Management for Online PR
Risk Management for Online PRRisk Management for Online PR
Risk Management for Online PRDavid Phillips
 
2015 STS - Minimize Your Losses
2015 STS - Minimize Your Losses2015 STS - Minimize Your Losses
2015 STS - Minimize Your LossesSpecialized Carriers & Rigging Association
 
Risk and Geopolitics (Singapore - November 2009)
Risk and Geopolitics (Singapore - November 2009)Risk and Geopolitics (Singapore - November 2009)
Risk and Geopolitics (Singapore - November 2009)Peter Cockcroft
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinRamaica Ona
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinAahil Malik
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinSukumar Reddy
 
Aligning strategy decisions with risk appetite, presented by David Shearer, 1...
Aligning strategy decisions with risk appetite, presented by David Shearer, 1...Aligning strategy decisions with risk appetite, presented by David Shearer, 1...
Aligning strategy decisions with risk appetite, presented by David Shearer, 1...Association for Project Management
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentationRaven Morgan
 

Empfohlen

Risk Management for Online PR
Risk Management for Online PRRisk Management for Online PR
Risk Management for Online PRDavid Phillips
 
2015 STS - Minimize Your Losses
2015 STS - Minimize Your Losses2015 STS - Minimize Your Losses
2015 STS - Minimize Your LossesSpecialized Carriers & Rigging Association
 
Risk and Geopolitics (Singapore - November 2009)
Risk and Geopolitics (Singapore - November 2009)Risk and Geopolitics (Singapore - November 2009)
Risk and Geopolitics (Singapore - November 2009)Peter Cockcroft
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinRamaica Ona
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinAahil Malik
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinSukumar Reddy
 
Aligning strategy decisions with risk appetite, presented by David Shearer, 1...
Aligning strategy decisions with risk appetite, presented by David Shearer, 1...Aligning strategy decisions with risk appetite, presented by David Shearer, 1...
Aligning strategy decisions with risk appetite, presented by David Shearer, 1...Association for Project Management
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentationRaven Morgan
 
07 - Risk Assessment Creating a Risk Matrix.pdf
07 - Risk Assessment Creating a Risk Matrix.pdf07 - Risk Assessment Creating a Risk Matrix.pdf
07 - Risk Assessment Creating a Risk Matrix.pdfssusere173f1
 
Security Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsSecurity Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsEnterprise Security Risk Management
 
سيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptxسيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptxAhmadHassanein
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk ManagementIFAD International Fund for Agricultural Development
 
Projects risk management
Projects risk managementProjects risk management
Projects risk managementDokuz Eylul University
 
Enterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationEnterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationAlexander Larsen
 
CAVR 2009 Risk Management PPT
CAVR 2009 Risk Management PPTCAVR 2009 Risk Management PPT
CAVR 2009 Risk Management PPTVolunteer Alberta
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk ManagementMarkos Mulat G
 
Risk management of supply chain
Risk management of supply chainRisk management of supply chain
Risk management of supply chainAbdulaziz Alshammari ( aljanfawi )
 
Chapter 1 risk management (3)
Chapter 1 risk management (3)Chapter 1 risk management (3)
Chapter 1 risk management (3)rafeeqameen
 
3_orm.ppt
3_orm.ppt3_orm.ppt
3_orm.pptdantx32914
 
For Ch -6 == Risk Monitoring & Controlling.pptx
For Ch -6 == Risk Monitoring & Controlling.pptxFor Ch -6 == Risk Monitoring & Controlling.pptx
For Ch -6 == Risk Monitoring & Controlling.pptxAbhinavRJ1
 
Risk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation SlidesRisk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation SlidesSlideTeam
 
Business Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesBusiness Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesSlideTeam
 
Pm session10
Pm session10Pm session10
Pm session10Omid Aminzadeh Gohari
 
Business Disaster Management PowerPoint Presentation Slides
Business Disaster Management PowerPoint Presentation SlidesBusiness Disaster Management PowerPoint Presentation Slides
Business Disaster Management PowerPoint Presentation SlidesSlideTeam
 
Pm0016 project risk management
Pm0016 project risk managementPm0016 project risk management
Pm0016 project risk managementsmumbahelp
 
NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5Future Managers
 
Risk1.ppt
Risk1.pptRisk1.ppt
Risk1.pptDwaipayanSamanta
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 
The_Essential_of_Leadership_in_Government_1663353074.pdf
The_Essential_of_Leadership_in_Government_1663353074.pdfThe_Essential_of_Leadership_in_Government_1663353074.pdf
The_Essential_of_Leadership_in_Government_1663353074.pdfHany Farouk
 
nonwoven-140324095659-phpapp01.pdf
nonwoven-140324095659-phpapp01.pdfnonwoven-140324095659-phpapp01.pdf
nonwoven-140324095659-phpapp01.pdfHany Farouk
 

Weitere ähnliche Inhalte

Ähnlich wie A Practical Approach to Strategic Risk Management

07 - Risk Assessment Creating a Risk Matrix.pdf
07 - Risk Assessment Creating a Risk Matrix.pdf07 - Risk Assessment Creating a Risk Matrix.pdf
07 - Risk Assessment Creating a Risk Matrix.pdfssusere173f1
 
سيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptxسيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptxAhmadHassanein
 
Enterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationEnterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationAlexander Larsen
 
CAVR 2009 Risk Management PPT
CAVR 2009 Risk Management PPTCAVR 2009 Risk Management PPT
CAVR 2009 Risk Management PPTVolunteer Alberta
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk ManagementMarkos Mulat G
 
Chapter 1 risk management (3)
Chapter 1 risk management (3)Chapter 1 risk management (3)
Chapter 1 risk management (3)rafeeqameen
 
3_orm.ppt
3_orm.ppt3_orm.ppt
3_orm.pptdantx32914
 
For Ch -6 == Risk Monitoring & Controlling.pptx
For Ch -6 == Risk Monitoring & Controlling.pptxFor Ch -6 == Risk Monitoring & Controlling.pptx
For Ch -6 == Risk Monitoring & Controlling.pptxAbhinavRJ1
 
Risk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation SlidesRisk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation SlidesSlideTeam
 
Business Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesBusiness Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesSlideTeam
 
Business Disaster Management PowerPoint Presentation Slides
Business Disaster Management PowerPoint Presentation SlidesBusiness Disaster Management PowerPoint Presentation Slides
Business Disaster Management PowerPoint Presentation SlidesSlideTeam
 
Pm0016 project risk management
Pm0016 project risk managementPm0016 project risk management
Pm0016 project risk managementsmumbahelp
 
NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5Future Managers
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 

Ähnlich wie A Practical Approach to Strategic Risk Management (20)

07 - Risk Assessment Creating a Risk Matrix.pdf
07 - Risk Assessment Creating a Risk Matrix.pdf07 - Risk Assessment Creating a Risk Matrix.pdf
07 - Risk Assessment Creating a Risk Matrix.pdf
 
Security Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsSecurity Site Surveys and Risk Assessments
Security Site Surveys and Risk Assessments
 
سيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptxسيمينار إدارة المخاطر (1).pptx
سيمينار إدارة المخاطر (1).pptx
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
 
Projects risk management
Projects risk managementProjects risk management
Projects risk management
 
Enterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationEnterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample Presentation
 
CAVR 2009 Risk Management PPT
CAVR 2009 Risk Management PPTCAVR 2009 Risk Management PPT
CAVR 2009 Risk Management PPT
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
 
Risk management of supply chain
Risk management of supply chainRisk management of supply chain
Risk management of supply chain
 
Chapter 1 risk management (3)
Chapter 1 risk management (3)Chapter 1 risk management (3)
Chapter 1 risk management (3)
 
3_orm.ppt
3_orm.ppt3_orm.ppt
3_orm.ppt
 
For Ch -6 == Risk Monitoring & Controlling.pptx
For Ch -6 == Risk Monitoring & Controlling.pptxFor Ch -6 == Risk Monitoring & Controlling.pptx
For Ch -6 == Risk Monitoring & Controlling.pptx
 
Risk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation SlidesRisk Identification Process Powerpoint Presentation Slides
Risk Identification Process Powerpoint Presentation Slides
 
Business Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation SlidesBusiness Continuity Planning PowerPoint Presentation Slides
Business Continuity Planning PowerPoint Presentation Slides
 
Pm session10
Pm session10Pm session10
Pm session10
 
Business Disaster Management PowerPoint Presentation Slides
Business Disaster Management PowerPoint Presentation SlidesBusiness Disaster Management PowerPoint Presentation Slides
Business Disaster Management PowerPoint Presentation Slides
 
Pm0016 project risk management
Pm0016 project risk managementPm0016 project risk management
Pm0016 project risk management
 
NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5NCV 4 Project Management Hands-On Support Slide Show - Module5
NCV 4 Project Management Hands-On Support Slide Show - Module5
 
Risk1.ppt
Risk1.pptRisk1.ppt
Risk1.ppt
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation Slides
 

Mehr von Hany Farouk

The_Essential_of_Leadership_in_Government_1663353074.pdf
The_Essential_of_Leadership_in_Government_1663353074.pdfThe_Essential_of_Leadership_in_Government_1663353074.pdf
The_Essential_of_Leadership_in_Government_1663353074.pdfHany Farouk
 
nonwoven-140324095659-phpapp01.pdf
nonwoven-140324095659-phpapp01.pdfnonwoven-140324095659-phpapp01.pdf
nonwoven-140324095659-phpapp01.pdfHany Farouk
 
strategy.pptx
strategy.pptxstrategy.pptx
strategy.pptxHany Farouk
 
strategy.pptx
strategy.pptxstrategy.pptx
strategy.pptxHany Farouk
 
riskrm-110825100304-phpapp02.pdf
riskrm-110825100304-phpapp02.pdfriskrm-110825100304-phpapp02.pdf
riskrm-110825100304-phpapp02.pdfHany Farouk
 
strategic risk management.pdf
strategic risk management.pdfstrategic risk management.pdf
strategic risk management.pdfHany Farouk
 

Mehr von Hany Farouk (6)

The_Essential_of_Leadership_in_Government_1663353074.pdf
The_Essential_of_Leadership_in_Government_1663353074.pdfThe_Essential_of_Leadership_in_Government_1663353074.pdf
The_Essential_of_Leadership_in_Government_1663353074.pdf
 
nonwoven-140324095659-phpapp01.pdf
nonwoven-140324095659-phpapp01.pdfnonwoven-140324095659-phpapp01.pdf
nonwoven-140324095659-phpapp01.pdf
 
strategy.pptx
strategy.pptxstrategy.pptx
strategy.pptx
 
strategy.pptx
strategy.pptxstrategy.pptx
strategy.pptx
 
riskrm-110825100304-phpapp02.pdf
riskrm-110825100304-phpapp02.pdfriskrm-110825100304-phpapp02.pdf
riskrm-110825100304-phpapp02.pdf
 
strategic risk management.pdf
strategic risk management.pdfstrategic risk management.pdf
strategic risk management.pdf
 

KĂźrzlich hochgeladen

The Final Activity in Project Management
The Final Activity in Project ManagementThe Final Activity in Project Management
The Final Activity in Project ManagementCIToolkit
 
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)jennyeacort
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insightWayne Abrahams
 
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingSimplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingCIToolkit
 
How-How Diagram: A Practical Approach to Problem Resolution
How-How Diagram: A Practical Approach to Problem ResolutionHow-How Diagram: A Practical Approach to Problem Resolution
How-How Diagram: A Practical Approach to Problem ResolutionCIToolkit
 
From Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
From Goals to Actions: Uncovering the Key Components of Improvement RoadmapsFrom Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
From Goals to Actions: Uncovering the Key Components of Improvement RoadmapsCIToolkit
 
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024Giuseppe De Simone
 
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic TraitsDigital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic TraitsHannah Smith
 
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixUnlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixCIToolkit
 
Farmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan ManchFarmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan ManchRashtriya Kisan Manch
 
Measuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield MetricsMeasuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield MetricsCIToolkit
 
Shaping Organizational Culture Beyond Wishful Thinking
Shaping Organizational Culture Beyond Wishful ThinkingShaping Organizational Culture Beyond Wishful Thinking
Shaping Organizational Culture Beyond Wishful ThinkingGiuseppe De Simone
 
From Red to Green: Enhancing Decision-Making with Traffic Light Assessment
From Red to Green: Enhancing Decision-Making with Traffic Light AssessmentFrom Red to Green: Enhancing Decision-Making with Traffic Light Assessment
From Red to Green: Enhancing Decision-Making with Traffic Light AssessmentCIToolkit
 
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证jdkhjh
 
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why DiagramBeyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why DiagramCIToolkit
 
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...CIToolkit
 

KĂźrzlich hochgeladen (16)

The Final Activity in Project Management
The Final Activity in Project ManagementThe Final Activity in Project Management
The Final Activity in Project Management
 
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insight
 
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingSimplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
 
How-How Diagram: A Practical Approach to Problem Resolution
How-How Diagram: A Practical Approach to Problem ResolutionHow-How Diagram: A Practical Approach to Problem Resolution
How-How Diagram: A Practical Approach to Problem Resolution
 
From Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
From Goals to Actions: Uncovering the Key Components of Improvement RoadmapsFrom Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
From Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
 
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
 
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic TraitsDigital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
 
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixUnlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
 
Farmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan ManchFarmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan Manch
 
Measuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield MetricsMeasuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield Metrics
 
Shaping Organizational Culture Beyond Wishful Thinking
Shaping Organizational Culture Beyond Wishful ThinkingShaping Organizational Culture Beyond Wishful Thinking
Shaping Organizational Culture Beyond Wishful Thinking
 
From Red to Green: Enhancing Decision-Making with Traffic Light Assessment
From Red to Green: Enhancing Decision-Making with Traffic Light AssessmentFrom Red to Green: Enhancing Decision-Making with Traffic Light Assessment
From Red to Green: Enhancing Decision-Making with Traffic Light Assessment
 
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
 
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why DiagramBeyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
 
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
 

A Practical Approach to Strategic Risk Management

  • 1. A Practical Approach to Strategic Risk Management Part One of a three-part Strategic Risk Management training program Katharine Hullinger, ARM Risk Manager California State University Channel Islands Revised 3/13/2018 Part One
  • 2. The only alternative to risk management is crisis management --- and crisis management is much more expensive, time consuming and embarrassing. JAMES LAM, Enterprise Risk Management, Wiley Finance Š 2003 Risk management means more than preparing for the worst; it also means taking advantage of opportunities to improve services or lower costs. Sheila Fraser, Auditor General of Canada
  • 4.
  • 5. Outline  Objectives of Part One  Conversation Starters  A Quick Risk Exercise  Principles and Basics  Why SRM?  The Risk Inventory Tool/template  Considerations Back at the Office  Q &A
  • 6. A Practical Approach to Strategic Risk Management (SRM) Training Components Introduction to SRM Participant Outcomes  Introduction to the risk management process and terminologies  Introduction to the SRM framework  Introduction to Risk Assessments  Discuss best way to implementation SRM in work area  Clarify roles & responsibilities for SRM  Understanding of risk management process  Understanding of how risk management is already incorporated in day-to-day work  Understanding the reasons for SRM  SRM roles and responsibilities clearly defined  Awareness of SRM tools  Commitment to SRM implementation in area of work  Commitment to continuous risk communication & learning
  • 7.  Who is accountable for risks?  How do we talk about risk? Do we have a common language in the department, across divisions, across the campus, across the CSU?  Are we taking too much risk? Or not enough?  Are the right people taking the right risks at the right time?  What’s our risk culture? Are we risk-adverse, risk- takers, or somewhere in between? Conversation Starters
  • 8. A Quick Risk Exercise Identify risks (threats and opportunities) that a cyclist faces in cycling to campus for work. How would you mitigate the threats? How would you maximize the opportunity? Report back
  • 9. Identifying the risks in cycling Threats:  Injury  Death  Reputation  Financial expense  Damage or theft  Weather Issues Opportunities:  Exercise and good health  Fresh air  Reputation  Financial savings  Role model  Environmental impact
  • 10. Mitigation strategies for threats associated with cycling  Injury and death – helmet, bright clothes, lights, bell, obey traffic laws, stay alert  Reputation – great biking outfit, change of clothes, openly promote alternative transportation  Financial – inexpensive transportation, avoid traffic citations  Damage or theft – regular maintenance, know the route, avoid obstacles and things that puncture tires, high quality lock  Weather issues – carry filled water bottle, warm/waterproof outerwear and gloves
  • 11. The Risk Management Principles Risk is the uncertainty that surrounds future events and outcomes. Risk is the expression of the likelihood and impact of any event with the potential to influence the achievement of an organization’s objectives.
  • 12. Risk Management Basics  Risk (uncertainty) may affect the achievement of objectives.  Effective mitigation strategies and controls can reduce negative risks (threats) or increase opportunities.  Residual risk is the level of risk remaining after applying risk controls.  Acceptance and action should be based on residual risk levels.
  • 13. Definition of Strategic Risk Management “… a process, effected by an entity's board of directors, management and other personnel, applied in a strategic setting and across the enterprise, designed to identify potential events that may affect the entity, and manage those events within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Source: COSO Enterprise Risk Management – Integrated Framework. 2004. The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
  • 14.  SRM removes silo-based decision making  SRM becomes embedded in key processes such as strategic, budgeting and project planning  Identify and understand risks that positively or negatively impact the achievement of strategic goals  Evaluate risk priorities and allocate resources strategically  Improve overall risk tolerance Why are we implementing SRM?
  • 15.  Practice proactivity rather than reactivity  Identify new risk and develop appropriate strategies for mitigating or profiting from it  Establish accountability, transparency and responsibility  Realize programmatic success, defined as implementation and practice throughout the entire organization  Promote a healthy risk culture, where risk is a routine and expected topic of conversation.  Develop a common and consistent approach to addressing risk across the institution
  • 16. CSUCI has established its Strategic Objectives Establish Objectives
  • 17. CSUCI 2015-2020 STRATEGIC OBJECTIVES Facilitate Student Success • Provide University access to students who bring diverse perspectives • Provide a mission-driven education that prepares students for individual success • Provide support for degree completion Provide High Quality Education • Hire and support quality faculty and staff who are committed to the mission of the University • Infuse integrative approaches, community engagement, multicultural learning, and international perspectives into all aspects of learning • Engage undergraduate and graduate students in research and creative activities Realize Our Future • Build infrastructure capacity • Leverage the use of technology • Seek, cultivate, and steward resources, both public and private • Implement collaborative planning and accountability processes
  • 19. Risk Number Risk Short Name Risk Description Existing Risk Controls/Measures in Place Outcome Impact Likelihood Impact Score Likeli- hood Score Net Score Risk Mitigation Actions Responsibility Cost Estimate Resources Needed Target Date for Completion Mitigation Complete EXAMPLE Access To High Hazard Areas The risk of unauthorized access to hazardous areas outside of normal business hours *Perimeter doors have mechanicallocks that are randomly spot checked by police after normal business hours. *Some buildings with high hazard areas are open to the public, increasing the chances of unauthorizedor accidental access to high hazard areas *Random spot checks not adequate considering the life/safetyrisks in some areas. Serious Likely 4 3 12 *Installation of electronic door locks (proxy cards) will allow 24/7 security control as only authorized users will have access to the area. John Doe $3,000 3/14/2015 1 #N/A #N/A #N/A 2 #N/A #N/A #N/A 3 #N/A #N/A #N/A 4 #N/A #N/A #N/A 5 #N/A #N/A #N/A 6 #N/A #N/A #N/A 7 #N/A #N/A #N/A 8 #N/A #N/A #N/A 9 #N/A #N/A #N/A Identification Assess and Prioritize Take Action – Mitigate or Accept Risk Inventory
  • 20. Identification of Risk Identify Risks  Financial Risk - unplanned losses or expenses  Service Delivery/Operational Risk - lapses in continuity of operations  HR Risk – Employment practices; retention  Strategic Risk – untapped opportunities  Reputational Risk – damage to relationship with community at large (loss of revenue)  Legal/Compliance Risk – noncompliance with statutory or regulatory obligations  Technology/Privacy Risk – threats to and breaches in IT security  Governance Risk – wide-spread non-compliance with policies and standards  Physical Security/or Hazard Risk – harm or damage to people, property or environment
  • 21. A B C D E Risk Number Risk Short Name Risk Description Existing Risk Controls/Measures in Place Outcome 1 Access To High Hazard Areas The risk of unauthorized access to hazardous areas outside of normal business hours Perimeter doors have mechanical locks that are randomly spot checked by police after normal business hours. *Some buildings with high hazard areas are open to the public, increasing the chances of unauthorized or accidental access to high hazard areas *Random spot checks not adequate considering the life/safety risks in some areas. 2 Risk #2 3 Risk #3 4 Risk #4 5 Risk #5 6 Risk #6 7 Risk #7 8 Risk #8 9 Risk #9 Identification of Risks – Creating a Risk Inventory
  • 22. Risk Assessment – Consider Impact and Likelihood to Prioritize Risks Likelihood of a risk event occurring  5 Expected: Is almost certain to occur  4 Highly Likely: Is likely to occur  3 Likely: Is as likely as not to occur  2 Not Likely: May occur occasionally  1 None/Slight: Unlikely to occur Impact - level of damage sustained when a risk event occurs  5 Critical: Threatens the success of the project  4 Serious: Substantial impact on time, cost or quality  3 Moderate: Notable impact on time, cost or quality  2 Minor: Minor impact on time, cost or quality  1 Insignificant: Negligible impact Slide 22 Prioritize
  • 23. F G H I J Impact Likelihood Impact Score Likeli- hood Score Net Score Serious Likely 4 3 12 #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A #N/A Assessing Risks – Considering the Likelihood and Impact Scoring risks Impact: Critical - 5 Serious - 4 Moderate - 3 Minor - 2 Insignificant - 1 Likelihood: Expected - 5 Highly Likely - 4 Likely - 3 Not Likely - 2 None/Slight - 1
  • 24. Risk Mitigation Actions Responsibility Cost Estimate Resources Needed Target Date for Completion Mitigation Complete *Installation of electronic door locks (proxy cards) will allow 24/7 security control as only authorized users will have access to the area. John Doe $3,000 3/14/2015 Mitigating or Treating Risks – Accept? Alter? Transfer? Decline? K L M N O Take Action
  • 25. Risk Number Risk Short Name Risk Description Existing Risk Controls/Measures in Place Outcome Impact Likelihood Impact Score Likeli- hood Score Net Score Risk Mitigation Actions Responsibility Cost Estimate Resources Needed Target Date for Completion Mitigation Complete EXAMPLE Access To High Hazard Areas The risk of unauthorized access to hazardous areas outside of normal business hours *Perimeter doors have mechanicallocks that are randomly spot checked by police after normal business hours. *Some buildings with high hazard areas are open to the public, increasing the chances of unauthorizedor accidental access to high hazard areas *Random spot checks not adequate considering the life/safetyrisks in some areas. Serious Likely 4 3 12 *Installation of electronic door locks (proxy cards) will allow 24/7 security control as only authorized users will have access to the area. John Doe $3,000 3/14/2015 1 #N/A #N/A #N/A 2 #N/A #N/A #N/A 3 #N/A #N/A #N/A 4 #N/A #N/A #N/A 5 #N/A #N/A #N/A 6 #N/A #N/A #N/A 7 #N/A #N/A #N/A 8 #N/A #N/A #N/A 9 #N/A #N/A #N/A Identification Assessment Mitigation or Treatment Risk Inventory
  • 26. Risk Heat Map LIKELIHOOD IMPACT 1 1 2 2 3 3 4 4 5 5 RISK I x L RISK I x L RISK I x L RISK PRIORITIZATION MATRIX
  • 27. Risk Level Action and Level of Involvement Required Critical Risk  Inform Cabinet  Immediate action required High Risk  Inform division Vice President  Attention is essential to manage risks – provide report to VP as directed Moderate Risk  Inform relevant administrators  Mitigation and ongoing monitoring by managers is required Low Risk  Accept, but monitor risks  Manage by routine procedures within the program or department Risk reporting and communications
  • 28. Personnel Resources • Average time to fill vacant positions • Staff absenteeism /sick time rates • Percentage of staff appraisals below “satisfactory” • Age demographics of key managers Information Technology • Systems usage versus capacity • Number of system upgrades/version releases • Number of help desk calls Finance • Reporting deadlines missed (#) • Incomplete P&L sign-offs (#, aged) Legal/Compliance • Number and cost of litigated cases • Compliance investigations (#) • Customer complaints (#) Audit • Outstanding high risk issues (no., aged) • Audit findings (no., severity) • Revised target dates for clearing findings (no.) Risk management • Risk Management overrides • Limit Breaches (#, amounts) Monitoring and Reassessing – Examples of Key Risk Indicators Monitor and Reassess
  • 29. Excellent • Advanced capabilities to identify, measure, manage all risk exposures within tolerances • Advanced implementation, development and execution of SRM parameters • Consistently optimizing risk adjusted returns throughout the organization Strong • Clear vision of risk tolerance and overall risk profile • Risk controls in place for most major risks • Robust processes to identify and prepare for emerging risks • Incorporates risk management and decision making to optimize risk Adequate • Risk controls in place for some of identified major risks • May lack a robust process for identifying and preparing for emerging risks • Performing solid classical “silo” based risk management • No fully developed process to optimize risk opportunities Weak • Incomplete control process for at least major risk • Inconsistent or limited capabilities to identify, measure or manage major risk exposures Monitor, Measure and Report SRM Implementation Progress
  • 30.
  • 31. Ask questions and develop your approach  Do we understand our major risks? Do we know what is causing our risks to increase, decrease or stay the same?  Have we assessed the likelihood and impact of our risks?  Have we identified the sources and causes of our risks?  How well are we managing our risks?  Are we trying to prevent the downside of risk, or are we seemingly trying to recover from them?
  • 32. Considerations back at the office  Why is the organization interested in SRM? What are we hoping will be achieved with its implementation?  Who is doing what? Roles and responsibilities must be clearly defined. Leadership must support SRM and use SRM results to when making decisions. Everyone is a risk manager. Make sure that all risks have owners and the responsibilities for mitigation are assigned.  How will it be implemented? What is your framework? How will risks be measured and reported? Who is your champion?  Where will you start? Where you can most easily succeed, or where it is needed the most?  When will it be implemented? SRM is a journey, not a destination; risks should be continually assessed and mitigation methods re-considered. Change is inevitable; recognize new risks and opportunities.
  • 33. Questions? Thank you for participating!