SlideShare ist ein Scribd-Unternehmen logo

Risk Management Fundamentals

M
mikaelastafrace
1 von 44
Risk Management Fundamentals Mikaela Reynoldson Claverhouse Risk & Legal
Page 2 • Have a better understanding of AS/NZS ISO 31000:2009 (Risk management – Principles and Guidelines) • Understanding the link between governance and risk in Victoria • Knowledge of each activity contained in the risk management process • An understanding of the linkage between governance, risk and control • Use of tools and techniques necessary for managing the risks facing your organisation • Apply the risk management principles within your area of responsibility • Conduct a basic risk assessment applying the tools supplied Learning outcomes and objectives
Risk defined Definition - What is Risk? “The chance of something happening that will have an impact on achieving objectives” -AS/NZS 4360:2004 “Effect of uncertainty on objectives” - ISO 31000 (Source: ISO31000 Risk Management – Principles and Guidelines on Implementation, 2009) Module 1 – Introduction to Governance and Risk Management
Risk Management - a comprehensive process Page 4 • Supported by appropriate strategies and frameworks • Designed to identify, analyse, evaluate, treat, monitor and communicate risks that could prevent a department or agency from achieving its objectives. • Covers strategic, operational, financial and compliance risks. • The term “enterprise-wide risk management” is widely used both by the Victorian public sector and the private sector to describe this comprehensive approach.
What are the benefits of a Risk Management framework? • Enables identification of threats and opportunities for an agency • Improves and informs the planning process • Reduces likelihood of costly “surprises” • Contributes to improved resource allocation • Improves efficiency and performance • Improves accountability • Encourages continual improvement
Governance and risk management in Victoria – why is risk management important? Page 6 Legislative obligation •Victorian Managed Insurance Authority Act (1996) and •Financial Management Act (1994). Financial Management Act – requires agencies to develop and implement a risk management strategy, and keep it under review. There is a quarterly monitoring process established under the Act. Victorian Managed Insurance Authority Act - requires participating bodies to develop and implement a risk management strategy, and keep it under review. Board obligation The Board is required to attest annually that the risk management framework is in place. The VGRMF imposes the obligation
Example of an attestation clause (VGRMF) I, [Accountable Officer], certify that as at 30th June 20XX the [Department] has risk management processes in place consistent with the Australian/New Zealand Risk Management Standard (or equivalent designated standard) and an internal control system is in place that enables the executive to understand, manage and satisfactorily control risk exposures. The audit committee verifies this assurance and that the risk profile of the [Department] has been critically reviewed within the last 12 months. (Source: Victorian Government Risk Management Framework, July 2007, Attachment A, p. 21)
Link between Governance and Risk Management What is Corporate Governance? •Three basic elements - stewardship, leadership, and control. •Corporate governance is the framework established by a governing body to ensure that stakeholders, primarily the Parliament, the Government and the Victorian community, have assurance that the agency is fulfilling its responsibilities with due diligence and accountability. •This stewardship relationship demands that Boards establish processes to both delegate and limit power to pursue the organisation’s strategy and direction in a way that enhances the prospects for the organisation’s long- term success. Page 8
Page 9 Risk management governance structure CEO Executive Team Management Team Manager, Quality & Risk Other Sub- Committees Service Quality and Risk Mgt Committee Risk Management Advisory Committee Quality Committee Audit & Risk Committee Board of Directors Operational Level Management Level Board Level Other Board Committees Oversight Oversight Critique Monitor & Review Guide Identify Identify Assesses Execute Monitor & Review Staff/ Volunteers
The integration of risk management Any successful alignment of risk management and governance requires four key factors: •an agency focus – where there is an identifiable source of risk management expertise in the agency and senior managers come together on a regular basis to discuss risk management issues •an agency direction – where a clear direction and strategy is established for risk management, including articulating the agency’s risk appetite and giving a clear mandate for what constitutes effective risk management •decision-making structures – where risk management is not a separate process, but a key consideration at all parts of the decision-making chain: being factored into strategic and operational planning; included as a common component in all project proposals and business cases; and incorporated into advice to Ministers; and Page 10
The integration of risk management • agency capacity and capability – where the agency’s executive management invests time and resources to build momentum, capacity and capability, including: ensuring that there is a shared language of risk management; a common understanding of the principles; training and development to build expertise; and established tools and processes for risk management. Integrated risk management requires an ongoing assessment of potential risks and opportunities for an agency at every level. The results should inform agency level risks, facilitate priority setting and improve an agency’s decision making. Clear links should be established between risk management, Government policies and priorities, agency objectives (vertical integration), and agency policy and operations (horizontal integration). Page 11
Enterprise wide perspective Mandate And Commitment Design of Framework For Managing Risk Monitoring & Review of The Framework Implementing Risk Management Continual Improvement of The Framework Risk Management Policy Risk Management Plan(s) Risk Register/ Risk Profile Risk Reporting 11 Principle s Risk Management Process(es) Assurance/ Attestation Plan Organisation al Strategy & Objectives (Measures & Targets)
Page 13 Integrated approach Achievement of Strategies & Objectives Corporate governance is the guidance system for achieving planned objectives – it is an objective-focused concept. It is a process by which organisations are directed, controlled and held to account. Corporate GovernanceCorporate Governance RiskRisk ControlsControls Risk controls provides reasonable assurance to Board & Management that objectives will be achieved within an acceptable degree of residual risk. RiskRisk ManagementManagement Risk management develops risk treatment plans, risk controls and strategies associated with achieving objectives. Quality &Quality & ComplianceCompliance Compliance & quality ensures that laws, regulations, codes, and organisational standards and requirements are met. Monitoring,Monitoring, Review &Review & ReportingReporting Monitor, review & report against performance measures for each objective. PerformancePerformance ManagementManagement Performance of individuals are managed, motivated & aligned to organisational & personal objectives
Page 14 Seven key questions A good risk management framework seeks to answer these basic questions: • what are we trying to achieve? • what events or circumstances that could affect the achievement of our objectives? • what are the consequences? • how likely are these events? • what can we do to manage these outcomes? • how will we maximise opportunities? • can the organisation recover if an risk eventuates? Module 2 – Framework for managing risk
Page 15 The trilogy of risk frameworks • AS/NZS ISO 31000:2009 – Risk management – Principles and guidelines (20 November 2009) **Replaced AS/NZ 4360 • Standard developed as a Guideline Document • Unlike other ISO standards, it is NOT for certification • ISO Guide 73:2009 - Risk management — Vocabulary (15 November 2009) • Defines important risk management terminology • IEC/ISO 31010:2009 Risk Management - Risk Assessment Techniques (1 December 2009) • A supporting standard for ISO 31000:2009 (15 November 2009) • Provides guidance (Annex A – Informative) on selection and application of systematic techniques for risk assessment • Is NOT for certification, regulatory or contractual use
Page 16 Related standards, handbooks and frameworks • HB 158:2010 – Delivering assurance based on ISO 31000:2009 • Help assurance providers to plan and implement their activities using the information arising from the (ISO 31000:2009) risk management process. • HB 327:2010 - Communicating and consulting about risk (23 February 2010) • Provides guidance to individuals and organisations to understand communication and consultation when managing risk. • AS/NZS 5050:2010 Business continuity - Managing disruption-related risk (28 June 2010) • The Standard describes the application of the principles, framework and process for risk management, as set out in AS/NZS ISO 31000:2009, to disruption-related risk. • Victorian Government Risk Management Framework (March 2011)
The one we use: Risk Management Framework - ISO 31000:2009 Communicate & Consult Treat Risks • Establish the Context Establish the Context • Identify Risks Identify Risks • Analyse Risks Analyse Risks Evaluate Risks Monitor & Review
Page 18 Process for managing risk (Clause 5) Overview of AS/NZS/ISO31000 & AS/NZ 4360 Principles for managing risk (Clause 3) 1) Creates value 2) Integral part of organisational processes 3) Part of decision making 4) Explicitly addresses uncertainty 5) Systematic, structured & timely 6) Based on the best available information 7) Tailored 8) Takes human & cultural factors into account 9) Transparent & inclusive 10) Dynamic, iterative & responsive to change 11) Facilitates continual improvement & enhancement of the organisation Framework for managing risk (Clause 4) Attributes of enhanced risk management (Annex A - Informative) Risk Assessment Establishing the Context Risk Identification Risk Analysis Risk Evaluation Risk Treatment Communication&Consultation Monitoring&Review AS4360 – Implicit, to some extent AS4360 – Covered partially in Section 4 “Establishing effective risk management” AS4360 – Fully covered in Section 3 “Risk Management Process” AS4360 – Not covered Mandate & commitment Continual improvement of the framework Design of framework for managing risk Monitoring & review of the framework Implementing risk management
Page 19 Framework for managing risk 4.2 Mandate and commitment 4.3 Design of framework for managing risk 4.3.1 Understanding the organisation and its environment 4.3.2 Establishing risk management policy 4.3.3 Accountability 4.3.4 Integration into organisational processes 4.3.5 Resources 4.3.6 Establishing external communication & reporting mechanisms 4.3.7 Establishing internal communication & reporting mechanisms 4.4 Implementing risk management 4.4.1 Implementing the framework for managing risk 4.4.2 Implementing the risk management process 4.5 Monitoring and review of the framework 4.6 Continual improvement of the framework (Source: AS/NZS/ISO31000:2009 Risk Management – Principles and Guidelines)
Page 20 Risk management should be embedded in all the organisation's practices and processes in a way that it is relevant, effective and efficient. The risk management process should become part of, and not separate from, those organisational processes. In particular, risk management should be embedded into the policy development, business and strategic planning and review, and change management processes. Fit-for-purpose? (Source: AS/NZS/ISO31000:2009 Risk Management – Principles and Guidelines) Module 3 – Embedding risk management
Page 21 Integrating risk management CEO Corporate Services Client Services Operations Governance Structure Board Strategic Objectives & Indicators Operational Objectives & Indicators Strategic Risk (Risk Register) Operational Risk (Risk Register) Strategic & Operational Planning Process Risk Management Process Aligned & Cascaded Down Cascaded Down Escalated Up Reporting Process CEO/ Board Report Operational Reports Evaluated & Reported Evaluated & Reported Consolidated & Escalated Up
Page 22 No Level Committee Name Frequency Members Responsibility (Terms of Reference) Reports To Map “as-is” committee/ meeting structure. Rationalise committees/ meetings, where possible Map “as-is” committee/ meeting structure. Rationalise committees/ meetings, where possible Review risk management roles of each committee/ meeting. Risk management as standing agenda item in all meetings Review risk management roles of each committee/ meeting. Risk management as standing agenda item in all meetings How to embed risk management-some examples Map “as-is” organisational/ reporting structure. Rationalise reports, where possible. Map “as-is” organisational/ reporting structure. Rationalise reports, where possible.
Embedding risk management -some more examples Page 23 • Include responsibility for risk management in all job descriptions• Include responsibility for risk management in all job descriptions Risk management as standard reporting item in all reports Risk management as standard reporting item in all reports Also remember: - introduce a language of risk - risk environment changes over time - organisational change means roles and responsibility for managing risk will change - clarify strategic and operational objectives and measures - articulate and document those objectives and measures
Content of a typical risk management plan • A statement of the risk management policy • Details of the scope and objectives of risk management in the agency • Consistent risk management language and definitions • Integration with other management practices and procedures • Risk Assessment criteria (consequence and likelihood ratings) • Description of the internal and external context in which the agency operates • List of analysed risks (detailed in the Risk Register) • Summary of the risk treatment plan • Outline of the risk reporting protocol • Outline of the monitoring and review program Page 24 Module 4 – Risk management policy and plan
Content of a typical risk management policy • Objectives, scope and coverage of the policy • Statement of commitment from the Board • Accountabilities and responsibilities for managing risk • Alignment with other management policies and procedures • Escalation and reporting protocols • Statement of risk appetite and tolerance • Processes, tools and templates for managing risk • Reporting and communication protocols • Statement about assessment, measurement and reporting methodology • Outline of DRP and BCP and regularity of testing regime Page 25
The Process of Risk Management? “Culture, process and structures that are directed towards realising potential opportunities whilst managing adverse effects” AS/NZS 4360: 2004 (Source: ISO31000 Risk Management – Principles and Guidelines on Implementation, 2009) “...Co-ordinated activities to direct and control an organisation with regard to risk” – ISO 31000 ISO 31000 Module 5 – Process for managing risk
5.2 C O M M U N I C A T I O N & C O N S U L T A T I O N 5.6 M O N I T O R I N G & R E V I E W 5.3 ESTABLISHING THE CONTEXT 5.4 RISK ASSESSMENT 5.4.3 RISK ANALYSIS 5.3.2 External Context 5.3.3 Internal Context 5.3.4 Risk Management Process Context 5.3.5 Developing Risk Criteria 5.5 RISK TREATMENT 5.5.2 Selection of risk treatment options 5.5.3 Preparing and implementing risk treatment plans 5.4.4 RISK EVALUATION (1) Compare against criteria. (2) Identify & assess options. (3) Decide on response. (4) Establish priorities. Determine existing controls Determine Consequences Determine Likelihood Determine Level of Risk 5.4.2 RISK IDENTIFICATION What can happen, when, where, how & why The risk management process described in more detail
Communication and Consultation Page 28 It is critical to: •Establish channels of communication with internal and external stakeholders •Risk management tasks and activities must be allocated with responsibilities, accountabilities and authorities clearly understood and defined •Draft a communications plan and a distribution timetable •Identify what specialist advice might be needed (engineers, actuaries, OHS specialists, VMIA support) •Identify the stakeholders – • Internal (Board, Minister, executive and operational management) • External (Regulators, customers, the public, key suppliers)
Establishing the context Page 29 Module 6 – Establishing the context Know and understand: - the purpose, goals and objectives of the agency; - where the risk management process is being applied within the agency; - the cost/benefit of the risk management program and the resource allocation required; - the need to maintain documented records of the program; - the external and internal environment in which the agency operates; - the sources of risk facing the agency; - the benchmarks around which risk will be evaluated within the agency; Risk Appetite and Tolerance Risk appetite - The amount and type of risk that an organisation is willing to accept in pursuit of its long term strategic and operational objectives Risk tolerance - The boundaries of risk taking outside of which the organisation is not prepared to venture in the pursuit of its long term objectives.
Page 30 Sources of risk FinancialFinancial OperationalOperational ClinicalClinical Health, Occupational, Safety Health, Occupational, Safety Human Resource Human Resource GovernanceGovernance Infra- structure/ Asset Infra- structure/ Asset StrategicStrategic Common Risk Categories Common Risk Categories
Consequence and Likelihood • A process for evaluating the risk facing the agency using agreed criteria; • Likelihood means the probability of the identified risk occurring • Severity means the impact on or cost to the agency if the identified risk occurred • The likelihood and severity ratings are multiplied together and plotted on a heat map which gives a view of the overall risk profile for the agency. An informed decision can then be taken as to the response strategies, treatment plan and resource allocation that might be appropriate. • Responsibilities can then be allocated to a risk owner with the treatment tasks allocated to a control owner. • Examples of the tools used to plot severity and likelihood are in the following slides Page 31
Tools for assessing risk - Risk rating scales (likelihood) L I K E L I H O O D Score Detailed description 5 Frequent The event is very likely to occur within 3 months 4 Likely The event will probably occur within 1 year 3 Occasionally The event could occur between 1-3 years 2 Unlikely The event could occur between 3-10 years 1 Rare The event may possibly occur, but unlikely at a frequency less than 10 yearly **A time horizon is selected that best suits the unique profile of the agency
Risk rating scales: consequence Score Description The categories below are possible categories only Financial Service Delivery Reputation People & Knowledge Health and Safety Legal and Regulatory 5 Catastrophic / Extreme 4 Major 3 Moderate 2 Minor 1 Insignificant
CONSEQUENCE LIKELIHOOD Insignificant 1 Minor 2 Moderate 3 Major 4 Catastrophic 5 Almost Certain 5 5 10 15 20 25 Likely 4 4 8 12 16 20 Possible 3 3 6 9 12 15 Unlikely 2 2 4 6 8 10 Rare 1 1 2 3 4 5 Risk matrix
Risk appetite and risk rating Large Appetite for Risk Standard Plan for All Extreme Risks Risk Averse Increasing Likelihood  Increasing Likelihood  Increasing Likelihood  Increasing Likelihood  IncreasingImpactIncreasingImpact Board CEO Manager Staff IncreasingImpactIncreasingImpact
Risk Type of Action Risk/ Audit Committee oversight Extreme Immediate action required Direct High Senior management attention needed Monitors Moderate Management responsibility must be specified Ensures sign offs and is advised of changes up or down Low Manage by routine procedures Ensures sign offs CEO/ BOARD GMs Risk response and escalation
Control effectiveness scales 1 Effective Indicates minimal uncontrolled risk, due to excellent risk management/controls in place, tested and monitored 2 Good Indicates good risk management and control system, but an opportunity for refinement exists to reduce risk further. 3 Fair/ Partially Effective Indicates a need for improvement in controls, increased adherence to controls or that controls are being developed, but are not fully in place and tested. 4 Poor Indicates effective risk controls have not yet been developed and a significant lack of risk control exists – additional risk management or treatment is a matter of priority
The Risk Register • The risk register is a key document which records the output of the risk management process • At a minimum it would contain the following: oRisk Description oAssessment of Inherent Risk oAssessment of Controls oAssessment of Residual Risk oTreatment of Risk o**Remember the distinction between inherent (untreated) and residual (treated) risk Module 7 – Risk assessment and treatment
Risk Register - Example Overall Effectively managed. Areas for Improvement: Formalised Training calendar to be introduced Input controls to be strengthened over Payroll Salary benchmark to be performed Internal Advertising of posts available to be sent out on monthly e-mails All issues to be tracked on tracking database. • Human Resources • Quarterly Reports submitted to Departmental Management regarding Performance Management System and Succession Planning • Divisional Management • Control Self Assessment performed 2 monthly which includes questions on PMS and succession planning • Internal Audit • An internal audit on Performance Management System to be performed during the 2011/12 year • External Audit • Payroll testing to be included in Annual Audit. • Competitive remuneration, strategies and structure • Defined targets and KPIs • Divisional and Departmental operating targets for all key employees • Work life balance • Training and internal growth opportunity • Non-remuneration employee benefit strategies (EAP) • Identification and grooming of employees into the succession role • Training to ensure success in the new role • Documented policies and procedures/information to retain knowledge • Loss of key employees leading to the loss of primary relationship contacts, loss of investment in training and development and loss of intellectual property. This may lead to stretched resources and disrupt the Department’s capability to continue critical business operations. Potential causes include: • Poaching of employees • Changes to the organisation influencing the culture and leading to instability/insecurity • Lack of availability of skilled and competent workers • Career/lifestyle change • Retirement, death/mental inability Loss of key personnel- Residual Risk Rating = Moderate (Consequence = Minor; Likelihood = Possible) Are Risks being managed effectively? (What more could be done?) Assurance Provider/ Monitoring Procedures Primary Controls / Processes/ Control Strategies EMPLOYEES Inherent Risk Description Overall Effectively managed. Areas for Improvement: Formalised Training calendar to be introduced Input controls to be strengthened over Payroll Salary benchmark to be performed Internal Advertising of posts available to be sent out on monthly e-mails All issues to be tracked on tracking database. • Human Resources • Quarterly Reports submitted to Departmental Management regarding Performance Management System and Succession Planning • Divisional Management • Control Self Assessment performed 2 monthly which includes questions on PMS and succession planning • Internal Audit • An internal audit on Performance Management System to be performed during the 20 year • External Audit • Payroll testing to be included in Annual Audit. • Competitive remuneration, strategies and structure • Defined targets and KPIs • Divisional and Departmental operating targets for all key employees • Work life balance • Training and internal growth opportunity • Non-remuneration employee benefit strategies (EAP) • Identification and grooming of employees into the succession role • Training to ensure success in the new role • Documented policies and procedures/information to retain knowledge • Loss of key employees leading to the loss of primary relationship contacts, loss of investment in training and development and loss of intellectual property. This may lead to stretched resources and disrupt the Department’s capability to continue critical business operations. Potential causes include: • Poaching of employees • Changes to the organisation influencing the culture and leading to instability/insecurity • Lack of availability of skilled and competent workers • Career/lifestyle change • Retirement, death/mental inability Loss of key personnel- Residual Risk Rating = Moderate (Consequence = Minor; Likelihood = Possible) Are Risks being managed effectively? (What more could be done?) Assurance Provider/ Monitoring Procedures Primary Controls / Processes/ Control Strategies EMPLOYEES Inherent Risk Description
Risk Treatment There are five risk treatment options available as defined below: o Avoid the Risk o Transfer the Risk o Share the Risk o Treat the Risk o Accept the Risk
Page 41 Volume of risk information Board Executive Management Business Units Operational and strategic risk information at Business level Significant / key operational and strategic risk information Strategic / Critical risk issues Op Risk Mgt Committee Risk/ Audit Committee Exec Risk Mgt Committee Reporting – the right things at the right level Module 8 – Monitoring and review
Page 42 Risk register, profiles and reports Risk Register Risk Register Risk Reports Risk Reports Risk Profile Risk Profile Risk Treatment Plans Risk Treatment Plans Risk Profile – Description of an organisation’s risk (ISO31000) Risk Register – Document used for recording risk management process for identified risks (ISO31000) It lists all identified risks, including description, likelihood of occurring, consequences on organisational objectives, proposed responses/ risk treatments and risk owners. Risk reporting – Development of reports including strategic, operational, financial and compliance-related risk information, as a basis for directing and controlling the organisation as well as for external accounting (ISO31000) Risk treatment – Development and implementation of measures to modify risk (ISO31000) Risk-Based Internal Audit Plan Risk-Based Internal Audit Plan Risk Audit – Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine extent to which the risk management policies and procedures are fulfilled (ISO31000) Internal audit plan identifies activities to be audited, which specifies the areas, allotted dates and personnel required to perform internal audits Risk Matrix Risk Matrix Risk matrix – Tool for ranking and displaying risks by defining risk categories and defining ranges for consequences and levels of likelihood for each category (ISO31000) Heat Map – Overview of the organisation’s main risks plotted in its risk matrix (ISO31000) Heat Map Heat Map Risk treatment plans includes (1) testing of existing controls or monitoring control effectiveness over time; or (2) tracking of the implementation of new controls and/or training programs.
Page 43 1st Business operations 2nd Oversight functions: Finance, HR, IT, Legal and Risk Management 3rd Independent assurance: Internal Audit, External Audit and other independent assurance providers RISK & CONTROL An established risk and control environment Strategic management, policy and procedure setting, functional oversight Provide independent challenge and assurance RISK & CONTROL RISK & CONTROL Board,Executive&AuditCommittee business operations Oversight functions Internal audit, external audit and other assurance providers First Line Second Line Third Line Three levels of defence
Page 44 In summary 1. AS/NZS ISO 31000:2009 is a principles-based standard that seeks to customise the risk management process fit-for-purpose to the context. 2. Risk management must be integrated/ embedded into existing organisational processes/practices. 3. Managing risk is about creating value out of uncertainty and achieving its objectives. 1. AS/NZS ISO 31000:2009 is a principles-based standard that seeks to customise the risk management process fit-for-purpose to the context. 2. Risk management must be integrated/ embedded into existing organisational processes/practices. 3. Managing risk is about creating value out of uncertainty and achieving its objectives.

Empfohlen

Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides SlideTeam
 
Risk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesRisk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesILRI
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
 
Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Saras Singh
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 

Empfohlen

Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides SlideTeam
 
Risk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesRisk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesILRI
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 
Risk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesRisk Management Process And Procedures PowerPoint Presentation Slides
Risk Management Process And Procedures PowerPoint Presentation SlidesSlideTeam
 
Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Saras Singh
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk managementKannan Subbiah
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesSlideTeam
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.Miyelani Shibambo
 
Risk management
Risk managementRisk management
Risk managementMichael Alonzo
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementJorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Risk appetite
Risk appetite Risk appetite
Risk appetite Michel Rochette
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk AssessmentCompliance Consultant
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteTowers Perrin
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reportingShivaLeela Choudary
 
Managing Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointManaging Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointAscendore Limited
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management FrameworkAnand Subramaniam
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management processMuizz Anibire
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
R3 Process Training
R3 Process TrainingR3 Process Training
R3 Process TrainingMike Sloop
 
Context Statement.docx
Context Statement.docxContext Statement.docx
Context Statement.docxNader Jarmooz
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk managementKannan Subbiah
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesSlideTeam
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.Miyelani Shibambo
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reportingShivaLeela Choudary
 
Managing Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointManaging Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointAscendore Limited
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management processMuizz Anibire
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 

Was ist angesagt? (20)

Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk management
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation Slides
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.
 
Risk management
Risk managementRisk management
Risk management
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
Risk appetite
Risk appetite Risk appetite
Risk appetite
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking Sector
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reporting
 
Managing Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPointManaging Your Risk Taxonomy within StratexPoint
Managing Your Risk Taxonomy within StratexPoint
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management Framework
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management process
 
Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management Overview
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 

Andere mochten auch

R3 Process Training
R3 Process TrainingR3 Process Training
R3 Process TrainingMike Sloop
 
Context Statement.docx
Context Statement.docxContext Statement.docx
Context Statement.docxNader Jarmooz
 
Fundamentals Of Risk Management
Fundamentals Of Risk ManagementFundamentals Of Risk Management
Fundamentals Of Risk ManagementDr David Hancock
 
Risk mangement
Risk mangementRisk mangement
Risk mangementcollege
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
Risk Management And Communication Maps
Risk Management And Communication MapsRisk Management And Communication Maps
Risk Management And Communication MapsJonelle Hilleary
 
Does corporate governance beget firm’s performance2
Does corporate governance beget firm’s performance2Does corporate governance beget firm’s performance2
Does corporate governance beget firm’s performance2Adeeldd
 
Risk Management Policy (NRDM)
Risk Management Policy (NRDM)Risk Management Policy (NRDM)
Risk Management Policy (NRDM)Komal Zahra
 
The monitoring & delegation of the risk management function under AIFMD
The monitoring & delegation of the risk management function under AIFMDThe monitoring & delegation of the risk management function under AIFMD
The monitoring & delegation of the risk management function under AIFMDArkus Financial Services
 
Bcu msc cg week 5 rm framework
Bcu msc cg week 5 rm frameworkBcu msc cg week 5 rm framework
Bcu msc cg week 5 rm frameworkStephen Ong
 
Meeting the Challenges of Enterprise Risk Management
Meeting the Challenges of Enterprise Risk Management Meeting the Challenges of Enterprise Risk Management
Meeting the Challenges of Enterprise Risk Management SAS Institute India Pvt. Ltd
 
Twas the day before renewal[1]
Twas the day before renewal[1]Twas the day before renewal[1]
Twas the day before renewal[1]Praxiom
 
EY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesEY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesMatthew Whalley
 

Andere mochten auch (20)

R3 Process Training
R3 Process TrainingR3 Process Training
R3 Process Training
 
Context Statement.docx
Context Statement.docxContext Statement.docx
Context Statement.docx
 
Fundamentals Of Risk Management
Fundamentals Of Risk ManagementFundamentals Of Risk Management
Fundamentals Of Risk Management
 
Risk mangement
Risk mangementRisk mangement
Risk mangement
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009
 
Risk Management And Communication Maps
Risk Management And Communication MapsRisk Management And Communication Maps
Risk Management And Communication Maps
 
Does corporate governance beget firm’s performance2
Does corporate governance beget firm’s performance2Does corporate governance beget firm’s performance2
Does corporate governance beget firm’s performance2
 
Risk Management Policy (NRDM)
Risk Management Policy (NRDM)Risk Management Policy (NRDM)
Risk Management Policy (NRDM)
 
Risk Management System
Risk Management SystemRisk Management System
Risk Management System
 
Quad bikes - Our story: managed risk rather than risk elimination
Quad bikes - Our story: managed risk rather than risk eliminationQuad bikes - Our story: managed risk rather than risk elimination
Quad bikes - Our story: managed risk rather than risk elimination
 
The monitoring & delegation of the risk management function under AIFMD
The monitoring & delegation of the risk management function under AIFMDThe monitoring & delegation of the risk management function under AIFMD
The monitoring & delegation of the risk management function under AIFMD
 
IIT Academy: Scaling Agile 205
IIT Academy: Scaling Agile 205IIT Academy: Scaling Agile 205
IIT Academy: Scaling Agile 205
 
Bcu msc cg week 5 rm framework
Bcu msc cg week 5 rm frameworkBcu msc cg week 5 rm framework
Bcu msc cg week 5 rm framework
 
Beyond Compliance
Beyond ComplianceBeyond Compliance
Beyond Compliance
 
Meeting the Challenges of Enterprise Risk Management
Meeting the Challenges of Enterprise Risk Management Meeting the Challenges of Enterprise Risk Management
Meeting the Challenges of Enterprise Risk Management
 
2009 irmcaug iso31000
2009 irmcaug iso310002009 irmcaug iso31000
2009 irmcaug iso31000
 
Twas the day before renewal[1]
Twas the day before renewal[1]Twas the day before renewal[1]
Twas the day before renewal[1]
 
Learning
LearningLearning
Learning
 
Tools used in climate risk management policies
Tools used in climate risk management policies Tools used in climate risk management policies
Tools used in climate risk management policies
 
EY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesEY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pages
 

Ähnlich wie Risk Management Fundamentals

Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital PresentationLawson Odere
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfabdo badr
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationDavid Fernandes
 
A to Z of Risk Management
A to Z of Risk ManagementA to Z of Risk Management
A to Z of Risk ManagementMark Conway
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Nidhi Gupta
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Nidhi Gupta
 
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahiSN Panigrahi, PMP
 
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final CopyCase Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final CopyKevin Fryatt
 
Audit of Risk Management Final Report
Audit of Risk Management Final ReportAudit of Risk Management Final Report
Audit of Risk Management Final Reportessbaih
 
The IRM India- A Risk Management Standard
The IRM India- A Risk Management StandardThe IRM India- A Risk Management Standard
The IRM India- A Risk Management StandardThe IRM India
 
Session 6 Power Point
Session 6 Power PointSession 6 Power Point
Session 6 Power Pointhiratufail
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 

Ähnlich wie Risk Management Fundamentals (20)

Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital Presentation
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital Presentation
 
Southmead Hospital Presentation
Southmead Hospital PresentationSouthmead Hospital Presentation
Southmead Hospital Presentation
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
 
Risk management erm
Risk management ermRisk management erm
Risk management erm
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
 
A to Z of Risk Management
A to Z of Risk ManagementA to Z of Risk Management
A to Z of Risk Management
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
 
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi
 
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final CopyCase Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
 
Audit of Risk Management Final Report
Audit of Risk Management Final ReportAudit of Risk Management Final Report
Audit of Risk Management Final Report
 
The IRM India- A Risk Management Standard
The IRM India- A Risk Management StandardThe IRM India- A Risk Management Standard
The IRM India- A Risk Management Standard
 
Session 6 Power Point
Session 6 Power PointSession 6 Power Point
Session 6 Power Point
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 

Mehr von mikaelastafrace

Regulatory reform in the australian general insurance market
Regulatory reform in the australian general insurance marketRegulatory reform in the australian general insurance market
Regulatory reform in the australian general insurance marketmikaelastafrace
 
Legal implications for authorised representatives
Legal implications for authorised representativesLegal implications for authorised representatives
Legal implications for authorised representativesmikaelastafrace
 
Strategically managing your insurance program
Strategically managing your insurance programStrategically managing your insurance program
Strategically managing your insurance programmikaelastafrace
 
Regulatory compliance update
Regulatory compliance updateRegulatory compliance update
Regulatory compliance updatemikaelastafrace
 
Liability of insurance agents to their clients
Liability of insurance agents to their clientsLiability of insurance agents to their clients
Liability of insurance agents to their clientsmikaelastafrace
 
The intersection between corporate and clinical governance - implications for...
The intersection between corporate and clinical governance - implications for...The intersection between corporate and clinical governance - implications for...
The intersection between corporate and clinical governance - implications for...mikaelastafrace
 
Indemnity clauses - what they are, how they work and how to make them for you
Indemnity clauses - what they are, how they work and how to make them for youIndemnity clauses - what they are, how they work and how to make them for you
Indemnity clauses - what they are, how they work and how to make them for youmikaelastafrace
 

Mehr von mikaelastafrace (7)

Regulatory reform in the australian general insurance market
Regulatory reform in the australian general insurance marketRegulatory reform in the australian general insurance market
Regulatory reform in the australian general insurance market
 
Legal implications for authorised representatives
Legal implications for authorised representativesLegal implications for authorised representatives
Legal implications for authorised representatives
 
Strategically managing your insurance program
Strategically managing your insurance programStrategically managing your insurance program
Strategically managing your insurance program
 
Regulatory compliance update
Regulatory compliance updateRegulatory compliance update
Regulatory compliance update
 
Liability of insurance agents to their clients
Liability of insurance agents to their clientsLiability of insurance agents to their clients
Liability of insurance agents to their clients
 
The intersection between corporate and clinical governance - implications for...
The intersection between corporate and clinical governance - implications for...The intersection between corporate and clinical governance - implications for...
The intersection between corporate and clinical governance - implications for...
 
Indemnity clauses - what they are, how they work and how to make them for you
Indemnity clauses - what they are, how they work and how to make them for youIndemnity clauses - what they are, how they work and how to make them for you
Indemnity clauses - what they are, how they work and how to make them for you
 

Risk Management Fundamentals

  • 1. Risk Management Fundamentals Mikaela Reynoldson Claverhouse Risk & Legal
  • 2. Page 2 • Have a better understanding of AS/NZS ISO 31000:2009 (Risk management – Principles and Guidelines) • Understanding the link between governance and risk in Victoria • Knowledge of each activity contained in the risk management process • An understanding of the linkage between governance, risk and control • Use of tools and techniques necessary for managing the risks facing your organisation • Apply the risk management principles within your area of responsibility • Conduct a basic risk assessment applying the tools supplied Learning outcomes and objectives
  • 3. Risk defined Definition - What is Risk? “The chance of something happening that will have an impact on achieving objectives” -AS/NZS 4360:2004 “Effect of uncertainty on objectives” - ISO 31000 (Source: ISO31000 Risk Management – Principles and Guidelines on Implementation, 2009) Module 1 – Introduction to Governance and Risk Management
  • 4. Risk Management - a comprehensive process Page 4 • Supported by appropriate strategies and frameworks • Designed to identify, analyse, evaluate, treat, monitor and communicate risks that could prevent a department or agency from achieving its objectives. • Covers strategic, operational, financial and compliance risks. • The term “enterprise-wide risk management” is widely used both by the Victorian public sector and the private sector to describe this comprehensive approach.
  • 5. What are the benefits of a Risk Management framework? • Enables identification of threats and opportunities for an agency • Improves and informs the planning process • Reduces likelihood of costly “surprises” • Contributes to improved resource allocation • Improves efficiency and performance • Improves accountability • Encourages continual improvement
  • 6. Governance and risk management in Victoria – why is risk management important? Page 6 Legislative obligation •Victorian Managed Insurance Authority Act (1996) and •Financial Management Act (1994). Financial Management Act – requires agencies to develop and implement a risk management strategy, and keep it under review. There is a quarterly monitoring process established under the Act. Victorian Managed Insurance Authority Act - requires participating bodies to develop and implement a risk management strategy, and keep it under review. Board obligation The Board is required to attest annually that the risk management framework is in place. The VGRMF imposes the obligation
  • 7. Example of an attestation clause (VGRMF) I, [Accountable Officer], certify that as at 30th June 20XX the [Department] has risk management processes in place consistent with the Australian/New Zealand Risk Management Standard (or equivalent designated standard) and an internal control system is in place that enables the executive to understand, manage and satisfactorily control risk exposures. The audit committee verifies this assurance and that the risk profile of the [Department] has been critically reviewed within the last 12 months. (Source: Victorian Government Risk Management Framework, July 2007, Attachment A, p. 21)
  • 8. Link between Governance and Risk Management What is Corporate Governance? •Three basic elements - stewardship, leadership, and control. •Corporate governance is the framework established by a governing body to ensure that stakeholders, primarily the Parliament, the Government and the Victorian community, have assurance that the agency is fulfilling its responsibilities with due diligence and accountability. •This stewardship relationship demands that Boards establish processes to both delegate and limit power to pursue the organisation’s strategy and direction in a way that enhances the prospects for the organisation’s long- term success. Page 8
  • 9. Page 9 Risk management governance structure CEO Executive Team Management Team Manager, Quality & Risk Other Sub- Committees Service Quality and Risk Mgt Committee Risk Management Advisory Committee Quality Committee Audit & Risk Committee Board of Directors Operational Level Management Level Board Level Other Board Committees Oversight Oversight Critique Monitor & Review Guide Identify Identify Assesses Execute Monitor & Review Staff/ Volunteers
  • 10. The integration of risk management Any successful alignment of risk management and governance requires four key factors: •an agency focus – where there is an identifiable source of risk management expertise in the agency and senior managers come together on a regular basis to discuss risk management issues •an agency direction – where a clear direction and strategy is established for risk management, including articulating the agency’s risk appetite and giving a clear mandate for what constitutes effective risk management •decision-making structures – where risk management is not a separate process, but a key consideration at all parts of the decision-making chain: being factored into strategic and operational planning; included as a common component in all project proposals and business cases; and incorporated into advice to Ministers; and Page 10
  • 11. The integration of risk management • agency capacity and capability – where the agency’s executive management invests time and resources to build momentum, capacity and capability, including: ensuring that there is a shared language of risk management; a common understanding of the principles; training and development to build expertise; and established tools and processes for risk management. Integrated risk management requires an ongoing assessment of potential risks and opportunities for an agency at every level. The results should inform agency level risks, facilitate priority setting and improve an agency’s decision making. Clear links should be established between risk management, Government policies and priorities, agency objectives (vertical integration), and agency policy and operations (horizontal integration). Page 11
  • 12. Enterprise wide perspective Mandate And Commitment Design of Framework For Managing Risk Monitoring & Review of The Framework Implementing Risk Management Continual Improvement of The Framework Risk Management Policy Risk Management Plan(s) Risk Register/ Risk Profile Risk Reporting 11 Principle s Risk Management Process(es) Assurance/ Attestation Plan Organisation al Strategy & Objectives (Measures & Targets)
  • 13. Page 13 Integrated approach Achievement of Strategies & Objectives Corporate governance is the guidance system for achieving planned objectives – it is an objective-focused concept. It is a process by which organisations are directed, controlled and held to account. Corporate GovernanceCorporate Governance RiskRisk ControlsControls Risk controls provides reasonable assurance to Board & Management that objectives will be achieved within an acceptable degree of residual risk. RiskRisk ManagementManagement Risk management develops risk treatment plans, risk controls and strategies associated with achieving objectives. Quality &Quality & ComplianceCompliance Compliance & quality ensures that laws, regulations, codes, and organisational standards and requirements are met. Monitoring,Monitoring, Review &Review & ReportingReporting Monitor, review & report against performance measures for each objective. PerformancePerformance ManagementManagement Performance of individuals are managed, motivated & aligned to organisational & personal objectives
  • 14. Page 14 Seven key questions A good risk management framework seeks to answer these basic questions: • what are we trying to achieve? • what events or circumstances that could affect the achievement of our objectives? • what are the consequences? • how likely are these events? • what can we do to manage these outcomes? • how will we maximise opportunities? • can the organisation recover if an risk eventuates? Module 2 – Framework for managing risk
  • 15. Page 15 The trilogy of risk frameworks • AS/NZS ISO 31000:2009 – Risk management – Principles and guidelines (20 November 2009) **Replaced AS/NZ 4360 • Standard developed as a Guideline Document • Unlike other ISO standards, it is NOT for certification • ISO Guide 73:2009 - Risk management — Vocabulary (15 November 2009) • Defines important risk management terminology • IEC/ISO 31010:2009 Risk Management - Risk Assessment Techniques (1 December 2009) • A supporting standard for ISO 31000:2009 (15 November 2009) • Provides guidance (Annex A – Informative) on selection and application of systematic techniques for risk assessment • Is NOT for certification, regulatory or contractual use
  • 16. Page 16 Related standards, handbooks and frameworks • HB 158:2010 – Delivering assurance based on ISO 31000:2009 • Help assurance providers to plan and implement their activities using the information arising from the (ISO 31000:2009) risk management process. • HB 327:2010 - Communicating and consulting about risk (23 February 2010) • Provides guidance to individuals and organisations to understand communication and consultation when managing risk. • AS/NZS 5050:2010 Business continuity - Managing disruption-related risk (28 June 2010) • The Standard describes the application of the principles, framework and process for risk management, as set out in AS/NZS ISO 31000:2009, to disruption-related risk. • Victorian Government Risk Management Framework (March 2011)
  • 17. The one we use: Risk Management Framework - ISO 31000:2009 Communicate & Consult Treat Risks • Establish the Context Establish the Context • Identify Risks Identify Risks • Analyse Risks Analyse Risks Evaluate Risks Monitor & Review
  • 18. Page 18 Process for managing risk (Clause 5) Overview of AS/NZS/ISO31000 & AS/NZ 4360 Principles for managing risk (Clause 3) 1) Creates value 2) Integral part of organisational processes 3) Part of decision making 4) Explicitly addresses uncertainty 5) Systematic, structured & timely 6) Based on the best available information 7) Tailored 8) Takes human & cultural factors into account 9) Transparent & inclusive 10) Dynamic, iterative & responsive to change 11) Facilitates continual improvement & enhancement of the organisation Framework for managing risk (Clause 4) Attributes of enhanced risk management (Annex A - Informative) Risk Assessment Establishing the Context Risk Identification Risk Analysis Risk Evaluation Risk Treatment Communication&Consultation Monitoring&Review AS4360 – Implicit, to some extent AS4360 – Covered partially in Section 4 “Establishing effective risk management” AS4360 – Fully covered in Section 3 “Risk Management Process” AS4360 – Not covered Mandate & commitment Continual improvement of the framework Design of framework for managing risk Monitoring & review of the framework Implementing risk management
  • 19. Page 19 Framework for managing risk 4.2 Mandate and commitment 4.3 Design of framework for managing risk 4.3.1 Understanding the organisation and its environment 4.3.2 Establishing risk management policy 4.3.3 Accountability 4.3.4 Integration into organisational processes 4.3.5 Resources 4.3.6 Establishing external communication & reporting mechanisms 4.3.7 Establishing internal communication & reporting mechanisms 4.4 Implementing risk management 4.4.1 Implementing the framework for managing risk 4.4.2 Implementing the risk management process 4.5 Monitoring and review of the framework 4.6 Continual improvement of the framework (Source: AS/NZS/ISO31000:2009 Risk Management – Principles and Guidelines)
  • 20. Page 20 Risk management should be embedded in all the organisation's practices and processes in a way that it is relevant, effective and efficient. The risk management process should become part of, and not separate from, those organisational processes. In particular, risk management should be embedded into the policy development, business and strategic planning and review, and change management processes. Fit-for-purpose? (Source: AS/NZS/ISO31000:2009 Risk Management – Principles and Guidelines) Module 3 – Embedding risk management
  • 21. Page 21 Integrating risk management CEO Corporate Services Client Services Operations Governance Structure Board Strategic Objectives & Indicators Operational Objectives & Indicators Strategic Risk (Risk Register) Operational Risk (Risk Register) Strategic & Operational Planning Process Risk Management Process Aligned & Cascaded Down Cascaded Down Escalated Up Reporting Process CEO/ Board Report Operational Reports Evaluated & Reported Evaluated & Reported Consolidated & Escalated Up
  • 22. Page 22 No Level Committee Name Frequency Members Responsibility (Terms of Reference) Reports To Map “as-is” committee/ meeting structure. Rationalise committees/ meetings, where possible Map “as-is” committee/ meeting structure. Rationalise committees/ meetings, where possible Review risk management roles of each committee/ meeting. Risk management as standing agenda item in all meetings Review risk management roles of each committee/ meeting. Risk management as standing agenda item in all meetings How to embed risk management-some examples Map “as-is” organisational/ reporting structure. Rationalise reports, where possible. Map “as-is” organisational/ reporting structure. Rationalise reports, where possible.
  • 23. Embedding risk management -some more examples Page 23 • Include responsibility for risk management in all job descriptions• Include responsibility for risk management in all job descriptions Risk management as standard reporting item in all reports Risk management as standard reporting item in all reports Also remember: - introduce a language of risk - risk environment changes over time - organisational change means roles and responsibility for managing risk will change - clarify strategic and operational objectives and measures - articulate and document those objectives and measures
  • 24. Content of a typical risk management plan • A statement of the risk management policy • Details of the scope and objectives of risk management in the agency • Consistent risk management language and definitions • Integration with other management practices and procedures • Risk Assessment criteria (consequence and likelihood ratings) • Description of the internal and external context in which the agency operates • List of analysed risks (detailed in the Risk Register) • Summary of the risk treatment plan • Outline of the risk reporting protocol • Outline of the monitoring and review program Page 24 Module 4 – Risk management policy and plan
  • 25. Content of a typical risk management policy • Objectives, scope and coverage of the policy • Statement of commitment from the Board • Accountabilities and responsibilities for managing risk • Alignment with other management policies and procedures • Escalation and reporting protocols • Statement of risk appetite and tolerance • Processes, tools and templates for managing risk • Reporting and communication protocols • Statement about assessment, measurement and reporting methodology • Outline of DRP and BCP and regularity of testing regime Page 25
  • 26. The Process of Risk Management? “Culture, process and structures that are directed towards realising potential opportunities whilst managing adverse effects” AS/NZS 4360: 2004 (Source: ISO31000 Risk Management – Principles and Guidelines on Implementation, 2009) “...Co-ordinated activities to direct and control an organisation with regard to risk” – ISO 31000 ISO 31000 Module 5 – Process for managing risk
  • 27. 5.2 C O M M U N I C A T I O N & C O N S U L T A T I O N 5.6 M O N I T O R I N G & R E V I E W 5.3 ESTABLISHING THE CONTEXT 5.4 RISK ASSESSMENT 5.4.3 RISK ANALYSIS 5.3.2 External Context 5.3.3 Internal Context 5.3.4 Risk Management Process Context 5.3.5 Developing Risk Criteria 5.5 RISK TREATMENT 5.5.2 Selection of risk treatment options 5.5.3 Preparing and implementing risk treatment plans 5.4.4 RISK EVALUATION (1) Compare against criteria. (2) Identify & assess options. (3) Decide on response. (4) Establish priorities. Determine existing controls Determine Consequences Determine Likelihood Determine Level of Risk 5.4.2 RISK IDENTIFICATION What can happen, when, where, how & why The risk management process described in more detail
  • 28. Communication and Consultation Page 28 It is critical to: •Establish channels of communication with internal and external stakeholders •Risk management tasks and activities must be allocated with responsibilities, accountabilities and authorities clearly understood and defined •Draft a communications plan and a distribution timetable •Identify what specialist advice might be needed (engineers, actuaries, OHS specialists, VMIA support) •Identify the stakeholders – • Internal (Board, Minister, executive and operational management) • External (Regulators, customers, the public, key suppliers)
  • 29. Establishing the context Page 29 Module 6 – Establishing the context Know and understand: - the purpose, goals and objectives of the agency; - where the risk management process is being applied within the agency; - the cost/benefit of the risk management program and the resource allocation required; - the need to maintain documented records of the program; - the external and internal environment in which the agency operates; - the sources of risk facing the agency; - the benchmarks around which risk will be evaluated within the agency; Risk Appetite and Tolerance Risk appetite - The amount and type of risk that an organisation is willing to accept in pursuit of its long term strategic and operational objectives Risk tolerance - The boundaries of risk taking outside of which the organisation is not prepared to venture in the pursuit of its long term objectives.
  • 30. Page 30 Sources of risk FinancialFinancial OperationalOperational ClinicalClinical Health, Occupational, Safety Health, Occupational, Safety Human Resource Human Resource GovernanceGovernance Infra- structure/ Asset Infra- structure/ Asset StrategicStrategic Common Risk Categories Common Risk Categories
  • 31. Consequence and Likelihood • A process for evaluating the risk facing the agency using agreed criteria; • Likelihood means the probability of the identified risk occurring • Severity means the impact on or cost to the agency if the identified risk occurred • The likelihood and severity ratings are multiplied together and plotted on a heat map which gives a view of the overall risk profile for the agency. An informed decision can then be taken as to the response strategies, treatment plan and resource allocation that might be appropriate. • Responsibilities can then be allocated to a risk owner with the treatment tasks allocated to a control owner. • Examples of the tools used to plot severity and likelihood are in the following slides Page 31
  • 32. Tools for assessing risk - Risk rating scales (likelihood) L I K E L I H O O D Score Detailed description 5 Frequent The event is very likely to occur within 3 months 4 Likely The event will probably occur within 1 year 3 Occasionally The event could occur between 1-3 years 2 Unlikely The event could occur between 3-10 years 1 Rare The event may possibly occur, but unlikely at a frequency less than 10 yearly **A time horizon is selected that best suits the unique profile of the agency
  • 33. Risk rating scales: consequence Score Description The categories below are possible categories only Financial Service Delivery Reputation People & Knowledge Health and Safety Legal and Regulatory 5 Catastrophic / Extreme 4 Major 3 Moderate 2 Minor 1 Insignificant
  • 34. CONSEQUENCE LIKELIHOOD Insignificant 1 Minor 2 Moderate 3 Major 4 Catastrophic 5 Almost Certain 5 5 10 15 20 25 Likely 4 4 8 12 16 20 Possible 3 3 6 9 12 15 Unlikely 2 2 4 6 8 10 Rare 1 1 2 3 4 5 Risk matrix
  • 35. Risk appetite and risk rating Large Appetite for Risk Standard Plan for All Extreme Risks Risk Averse Increasing Likelihood  Increasing Likelihood  Increasing Likelihood  Increasing Likelihood  IncreasingImpactIncreasingImpact Board CEO Manager Staff IncreasingImpactIncreasingImpact
  • 36. Risk Type of Action Risk/ Audit Committee oversight Extreme Immediate action required Direct High Senior management attention needed Monitors Moderate Management responsibility must be specified Ensures sign offs and is advised of changes up or down Low Manage by routine procedures Ensures sign offs CEO/ BOARD GMs Risk response and escalation
  • 37. Control effectiveness scales 1 Effective Indicates minimal uncontrolled risk, due to excellent risk management/controls in place, tested and monitored 2 Good Indicates good risk management and control system, but an opportunity for refinement exists to reduce risk further. 3 Fair/ Partially Effective Indicates a need for improvement in controls, increased adherence to controls or that controls are being developed, but are not fully in place and tested. 4 Poor Indicates effective risk controls have not yet been developed and a significant lack of risk control exists – additional risk management or treatment is a matter of priority
  • 38. The Risk Register • The risk register is a key document which records the output of the risk management process • At a minimum it would contain the following: oRisk Description oAssessment of Inherent Risk oAssessment of Controls oAssessment of Residual Risk oTreatment of Risk o**Remember the distinction between inherent (untreated) and residual (treated) risk Module 7 – Risk assessment and treatment
  • 39. Risk Register - Example Overall Effectively managed. Areas for Improvement: Formalised Training calendar to be introduced Input controls to be strengthened over Payroll Salary benchmark to be performed Internal Advertising of posts available to be sent out on monthly e-mails All issues to be tracked on tracking database. • Human Resources • Quarterly Reports submitted to Departmental Management regarding Performance Management System and Succession Planning • Divisional Management • Control Self Assessment performed 2 monthly which includes questions on PMS and succession planning • Internal Audit • An internal audit on Performance Management System to be performed during the 2011/12 year • External Audit • Payroll testing to be included in Annual Audit. • Competitive remuneration, strategies and structure • Defined targets and KPIs • Divisional and Departmental operating targets for all key employees • Work life balance • Training and internal growth opportunity • Non-remuneration employee benefit strategies (EAP) • Identification and grooming of employees into the succession role • Training to ensure success in the new role • Documented policies and procedures/information to retain knowledge • Loss of key employees leading to the loss of primary relationship contacts, loss of investment in training and development and loss of intellectual property. This may lead to stretched resources and disrupt the Department’s capability to continue critical business operations. Potential causes include: • Poaching of employees • Changes to the organisation influencing the culture and leading to instability/insecurity • Lack of availability of skilled and competent workers • Career/lifestyle change • Retirement, death/mental inability Loss of key personnel- Residual Risk Rating = Moderate (Consequence = Minor; Likelihood = Possible) Are Risks being managed effectively? (What more could be done?) Assurance Provider/ Monitoring Procedures Primary Controls / Processes/ Control Strategies EMPLOYEES Inherent Risk Description Overall Effectively managed. Areas for Improvement: Formalised Training calendar to be introduced Input controls to be strengthened over Payroll Salary benchmark to be performed Internal Advertising of posts available to be sent out on monthly e-mails All issues to be tracked on tracking database. • Human Resources • Quarterly Reports submitted to Departmental Management regarding Performance Management System and Succession Planning • Divisional Management • Control Self Assessment performed 2 monthly which includes questions on PMS and succession planning • Internal Audit • An internal audit on Performance Management System to be performed during the 20 year • External Audit • Payroll testing to be included in Annual Audit. • Competitive remuneration, strategies and structure • Defined targets and KPIs • Divisional and Departmental operating targets for all key employees • Work life balance • Training and internal growth opportunity • Non-remuneration employee benefit strategies (EAP) • Identification and grooming of employees into the succession role • Training to ensure success in the new role • Documented policies and procedures/information to retain knowledge • Loss of key employees leading to the loss of primary relationship contacts, loss of investment in training and development and loss of intellectual property. This may lead to stretched resources and disrupt the Department’s capability to continue critical business operations. Potential causes include: • Poaching of employees • Changes to the organisation influencing the culture and leading to instability/insecurity • Lack of availability of skilled and competent workers • Career/lifestyle change • Retirement, death/mental inability Loss of key personnel- Residual Risk Rating = Moderate (Consequence = Minor; Likelihood = Possible) Are Risks being managed effectively? (What more could be done?) Assurance Provider/ Monitoring Procedures Primary Controls / Processes/ Control Strategies EMPLOYEES Inherent Risk Description
  • 40. Risk Treatment There are five risk treatment options available as defined below: o Avoid the Risk o Transfer the Risk o Share the Risk o Treat the Risk o Accept the Risk
  • 41. Page 41 Volume of risk information Board Executive Management Business Units Operational and strategic risk information at Business level Significant / key operational and strategic risk information Strategic / Critical risk issues Op Risk Mgt Committee Risk/ Audit Committee Exec Risk Mgt Committee Reporting – the right things at the right level Module 8 – Monitoring and review
  • 42. Page 42 Risk register, profiles and reports Risk Register Risk Register Risk Reports Risk Reports Risk Profile Risk Profile Risk Treatment Plans Risk Treatment Plans Risk Profile – Description of an organisation’s risk (ISO31000) Risk Register – Document used for recording risk management process for identified risks (ISO31000) It lists all identified risks, including description, likelihood of occurring, consequences on organisational objectives, proposed responses/ risk treatments and risk owners. Risk reporting – Development of reports including strategic, operational, financial and compliance-related risk information, as a basis for directing and controlling the organisation as well as for external accounting (ISO31000) Risk treatment – Development and implementation of measures to modify risk (ISO31000) Risk-Based Internal Audit Plan Risk-Based Internal Audit Plan Risk Audit – Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine extent to which the risk management policies and procedures are fulfilled (ISO31000) Internal audit plan identifies activities to be audited, which specifies the areas, allotted dates and personnel required to perform internal audits Risk Matrix Risk Matrix Risk matrix – Tool for ranking and displaying risks by defining risk categories and defining ranges for consequences and levels of likelihood for each category (ISO31000) Heat Map – Overview of the organisation’s main risks plotted in its risk matrix (ISO31000) Heat Map Heat Map Risk treatment plans includes (1) testing of existing controls or monitoring control effectiveness over time; or (2) tracking of the implementation of new controls and/or training programs.
  • 43. Page 43 1st Business operations 2nd Oversight functions: Finance, HR, IT, Legal and Risk Management 3rd Independent assurance: Internal Audit, External Audit and other independent assurance providers RISK & CONTROL An established risk and control environment Strategic management, policy and procedure setting, functional oversight Provide independent challenge and assurance RISK & CONTROL RISK & CONTROL Board,Executive&AuditCommittee business operations Oversight functions Internal audit, external audit and other assurance providers First Line Second Line Third Line Three levels of defence
  • 44. Page 44 In summary 1. AS/NZS ISO 31000:2009 is a principles-based standard that seeks to customise the risk management process fit-for-purpose to the context. 2. Risk management must be integrated/ embedded into existing organisational processes/practices. 3. Managing risk is about creating value out of uncertainty and achieving its objectives. 1. AS/NZS ISO 31000:2009 is a principles-based standard that seeks to customise the risk management process fit-for-purpose to the context. 2. Risk management must be integrated/ embedded into existing organisational processes/practices. 3. Managing risk is about creating value out of uncertainty and achieving its objectives.

Hinweis der Redaktion

  1. How does the above match with what the participants hope to get out of this course ? 9.30am TIME
  2. Risk management is HOW a business or Government achieve its objectives. The focus should be on how it will add VALUE to what is being undertaken and how best to achieve that. Too often the focus shifts from what is trying to be achieved and whether there is any value in undertaking the activity to focusing on all the things that could go wrong and finding ways to prevent it. This stifles innovation and creativity.
  3. It needs to be a “living document” with consistent and frequent reporting to relevant stakeholders