1. A new wave sweeping global business
Risk Management as a corporate
enterprise and business strategy
2. Risk
– Risk is a function of the likelihood of
something happening and the degree of
losing which arises from a situation or
activity. Losses can be direct or indirect.
– “Risks are usually defined by the adverse
impact on profitability of several distinct
sources of uncertainty” (Partnerships
BC, 2005 and NIST, 2004).
NB: Risks are usually defined by the adverse
impact on profitability of several distinct
sources of uncertainty. While the types and
degree of risks an organization may be exposed
to depend upon a number of factors such as
its size, complexity business activities, volume
etc” (SBP, 2003, p.1)
3. Risk [cont’d]
Risk can also be views as „Probability or
threat of damage, injury, liability, loss,
or any other negative occurrence that is
caused by external or internal
vulnerabilities, and that may be avoided
through pre-emptive action.‟
(George, 2008)
6. RISK APPETITE
It is the level of risk that an
organization is prepared to accept,
before action is deemed necessary
to reduce it.
It represents a balance between
the potential benefits of
innovation and the threats that
change inevitably brings.
NOTE: It can guide people on the
level of risk permitted and encourage
consistency of approach across an
organization.
7. Levels of risk appetite
a) Averse: Avoidance of risk and uncertainty is a key organization
objective.
b) Minimal: Preference for ultra-safe options that are low risk and
only have a potential for limited reward.
c) Cautious: Preference for safe options that have a low degree of
risk and may only have limited potential for reward.
d) Open: Willing to consider all potential options and choose the one
most likely to result in successful delivery, while also providing an
acceptable level of reward and value for money.
e) Hungry: Eager to be innovative and to choose options offering
potentially higher business rewards, despite greater inherent risk.
NB: Defined acceptable levels of risk also means that resources are not
spent on further reducing risks that are already at an acceptable level.
8.
9. Risk management(RM)
Risk management(RM) is define as:
a. The process to eliminate, reduce and
control risks.
b. It involves identifying, analyzing,
measuring, monitoring and controlling
risks.
c. Reducing the negative and emerging
opportunities.
d. Achievement of business strategy and
objectives.
[Anderson and Terp (2006)]
These present the different views to consider
in RM
10. OBJECTIVES OF RISK MGT
To Maximize the potential of success
To Minimize the probability of future losses.
To reduce the severity of risk exposures
To offer better corporate imagery to firms
12. Risk Management process
Defined as "the systematic application of
management policies, procedures and practices to
the tasks of establishing the context, identifying,
analyzing, assessing, treating, monitoring and
communicating risk".(AS/NZS 4360:2004)
13.
14.
15. RISK MGT PROCESS
1. Communicate and consult Communication and consultation aim
to identify who should be involved in the assessment of risk
including identification, analysis and evaluation and who will be
involved in the treatment, monitoring and reviewing of risk.
(Standards Australia and Standards New Zealand, 2004).
2.Establish the context By establishing the context, the organization
defines the parameters to be taken into account when managing
risk, and sets the scope and risk criteria for the remaining process.
This process needs to be considered in greater detail and particularly
how it relates to the scope of the particular risk management
process.
[External – Internal – Risk mgt – Develop Risk Evaluation Criteria –
define the structure of risk analysis.]
16. 3. Risk identification This step reveals and determines the potential risks
which are highly occurring and other events which occur very frequently.
Risk is investigated by looking at the activity of organizations in all
directions and attempting to introduce the new exposure which will arise
in the future from changing the internal and external environment.
(Tcankova, 2002)
4. Risk analysis It is concerned with assessing the potential impact of
exposure and likelihood of the particular outcome actually occurring. The
impact of exposure should be considered under the elements of time,
quality, benefit and resource.
5. Risk evaluation Before determining the probability, it is essential to
consider risk tolerance. The organizations will consider “risk appetite”
(the amount of risk they are willing to take) and decide upon acceptable
or unacceptable risk. The acceptable level of risk depends upon the
degree of voluntaries. Risk evaluation is important for making sense in
specific situations and provides adequate material for decision making
(Vrijling, Hengel and Houben, 1995). This step is about deciding whether
risks are acceptable or need treatment.
17. 6. Risk treatment: involves selecting and implementing one or
more options for treating risks; avoid risk, change the likelihood
of occurrence, change the consequences, share risk and retain
risk (residual risk may be retained if it is at an acceptable level).
[Standards Australia and Standards New Zealand(2004)]
7.Monitoring and review: it is an essential and integral step in the
risk management process. Risk needs to be monitored to ensure
the changing environment does not alter risk priorities and to
ensure the risk management process is effective both in design
and in operation. The organization should review at least on an
annual basis alongside set KPIs
18. Critical success factors of RM
a. Commitment & support from top mgt
b. Communication
c. Culture
d. Organizational structure
e. Training
f. Trust and improved relations(internal & external)
g. Incorporating information & communication
technology
h. Consultancy/ benchmarking
19.
20.
21. Components of Effective Risk Mgt
1. Infrastructure : (System & Process)
"Having the right system and proper process for effective and
efficient risk management"
Key to being efficient and effective is to leverage off
technology by bringing the appropriate IT system
infrastructure to cater to our needs. This includes
risk systems and the reporting and monitoring
solutions.
Complementing system infrastructure is an efficient
process flow that covers risk identification, risk
measurement, monitoring and risk mitigation.
22. Cont’d
2. People
"Having the right people to do the right thing"
• Firstly is bringing in the right people to drive risk
management. This involves recruitment as well as
technical training to ensure a dynamic, forward looking
high performance risk team. Succession planning and
cross discipline training are key to ensure the continuity
in risk management and the organization.
• Secondly, is getting the organization to embrace risk
management as a culture, via organization-wide risk
awareness seminars, technical risk training and hands
on engagement at all levels of staff..
23. 3. Framework & Policies
"Setting the rules of the game clearly and upfront
A well-documented Risk Framework and its ancillary
policies are essential to inform all stakeholders of the
way the business is conducted and obtain an
understanding on the important method of risk
management in our organization.
Risk management goes hand in hand with investment
goals, both long-term and short-term. Risk
Management is an essential partner in setting and
achieving organizational goals.
Profits targets are set in tandem with risk limits to ensure
a return profile that commensurate with our risk
appetite.