8/12/2019 Risk Mgt Training
1/58
RISK
MANAGEMENTTRAINING
8/12/2019 Risk Mgt Training
2/58
8/12/2019 Risk Mgt Training
3/58
What is risk ?
Risk: the effect of uncertainty
on objectives.
(ISO 31000:2009)
8/12/2019 Risk Mgt Training
4/58
What is Risk Management ?
Risk Management: coordinatedactivities to direct and control and
organisation with regard to risk
(ISO 31000:2009)
8/12/2019 Risk Mgt Training
5/58
Risk Management Principles
1. Risk management creates & protects value
8/12/2019 Risk Mgt Training
6/58
Risk Management Principles
2. Risk management is an integral part of allorganizational processes
8/12/2019 Risk Mgt Training
7/58
Risk Management Principles
3. Risk management is part of decision making
8/12/2019 Risk Mgt Training
8/58
Risk Management Principles
4. Risk management explicitly addressesuncertainty
8/12/2019 Risk Mgt Training
9/58
Risk Management Principles
5. Risk management is systematic, structuredand timely
8/12/2019 Risk Mgt Training
10/58
Risk Management Principles
6. Risk management is based on the bestavailable information
8/12/2019 Risk Mgt Training
11/58
Risk Management Principles
7. Risk management is tailored
8. Risk management takes human & cultural
values into account
9. Risk management is transparent and inclusive.
8/12/2019 Risk Mgt Training
12/58
8/12/2019 Risk Mgt Training
13/58
Risk Management Framework
• Risk Management Framework: a set of
components that provide the foundations and
organizational arrangements for designing,
implementing, monitoring, reviewing andcontinually improving risk management
throughout the organization.• From ISO 31000:2009
8/12/2019 Risk Mgt Training
14/58
Mandate & Commitment
Design of framework for managing risks
Continual improvement of
the framework
Implementing Risk
Management
Monitoring & review of
the framework
8/12/2019 Risk Mgt Training
15/58
Continual Improvement &
PDCA Cycle
by Walter A. Shewhart
(1891 -1967)
8/12/2019 Risk Mgt Training
16/58
Design of framework for managing risks
• Understand the organisation & its context
• Establish risk management policy
•
Accountability• Integration into organisational processes
• Resources
• Establish internal communication & reporting• Establish external communication & reporting
8/12/2019 Risk Mgt Training
17/58
Risk Management – Notes 1
• Risk Management involves thinking – as the
answers are not in books, and not available
via Google.
8/12/2019 Risk Mgt Training
18/58
8/12/2019 Risk Mgt Training
19/58
Risk Management – Notes 2
• When implementing the Risk Management
process -
• In which time direction are we primarily
looking?
8/12/2019 Risk Mgt Training
20/58
8/12/2019 Risk Mgt Training
21/58
Risk Management – Notes 4
• History provides some guide to the future
based on the idea: history repeats itself
8/12/2019 Risk Mgt Training
22/58
Establish the context
Risk identification
Risk analysis
Risk evaluation
Manage / treat the risks
Monitor&
Review
Communicate&Consult
Risk acceptable?
Yes
No
8/12/2019 Risk Mgt Training
23/58
Establish the context
Establish the external context;
Establish the internal context;
Establish the risk management context;
Develop risk criteria
Define the structure for the rest of the process
http://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Strategic%20context.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Internal%20context.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20management%20context.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20evaluation%20criteria.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Structure.RM.Process.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Structure.RM.Process.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20evaluation%20criteria.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20management%20context.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Internal%20context.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Strategic%20context.1.ppt
8/12/2019 Risk Mgt Training
24/58
Establish the context
Establish the external context;
Establish the internal context;
Establish the risk management context;
Develop risk criteria
Define the structure for the rest of the process
http://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Strategic%20context.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Internal%20context.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20management%20context.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20evaluation%20criteria.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Structure.RM.Process.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Structure.RM.Process.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20evaluation%20criteria.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20management%20context.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Internal%20context.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Strategic%20context.1.ppt
8/12/2019 Risk Mgt Training
25/58
Identify Risks
Identify all risks, including those risks not
controlled by the organisation.
Tools and techniques for Risk Identification
http://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20Identification.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Methods%20of%20Risk%20Identification.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Methods%20of%20Risk%20Identification.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Methods%20of%20Risk%20Identification.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20Identification.1.ppt
8/12/2019 Risk Mgt Training
26/58
Risk Identification
Sources of risk
Key questions in
identifying risk
http://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Sources%20of%20Risk.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Sources%20of%20Risk.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Identification.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Identification.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Identification.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Identification.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Sources%20of%20Risk.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Sources%20of%20Risk.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Sources%20of%20Risk.ppt
8/12/2019 Risk Mgt Training
27/58
Risk Identification & Risk Analysis
• Risk Identification and Analysis is like looking
into the crystal ball
8/12/2019 Risk Mgt Training
28/58
Risk Analysis
In conducing a risk analysis we:
Put a value on Likelihood; and
Put a value on Consequence.
http://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Analysis.ppt
8/12/2019 Risk Mgt Training
29/58
8/12/2019 Risk Mgt Training
30/58
Risk Analysis
• Putting values on Likelihood & Consequence
is predicting the future.
• There is no ‘right’ or ‘wrong’ value for
Likelihood nor Consequence, because
We are looking into the future, and
No-one knows the future, except maybe
the
8/12/2019 Risk Mgt Training
31/58
CONSEQUENCE
L I K E L I H O OD
1 2 3 4 5
Insignificant Minor Moderate Major Catastrophic
5 Almost Certain 5 10 15 20 25
4 Above Average 4 8 12 16 20
3 Moderate 3 6 9 12 15
2 Rare 2 4 6 8 10
1 Very Rare 1 2 3 4 5
8/12/2019 Risk Mgt Training
32/58
Risk Analysis
The objectives of risk analysis are to:
separate the minor acceptable risks from the
major risks; and
provide information to assist the evaluation
and management of risks.
Key Questions related to Risk Analysis
http://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Analysis.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Analysis.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Analysis.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Analysis.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Analysis.ppt
8/12/2019 Risk Mgt Training
33/58
Risk Analysis
The consequences of risks, and the likelihood
that the risks may occur, are combined to
produce:
a level of risk
(or risk rating).
8/12/2019 Risk Mgt Training
34/58
8/12/2019 Risk Mgt Training
35/58
Risk Evaluation
Risk evaluation involves:
comparing the level of risk found during the risk
analysis process,
with previously established risk criteria.
http://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20Evaluation.1.ppthttp://localhost/var/www/apps/conversion/tmp/scratch_1/RM%20Linked%20Docs.Light/Risk%20Evaluation.1.ppt
8/12/2019 Risk Mgt Training
36/58
Risk Evaluation
The output of risk evaluation is:
1. determination of which risks are
significant, and therefore require treatment;
and
2. a prioritised list of significant risks for
treatment.
8/12/2019 Risk Mgt Training
37/58
Risk evaluation should take into account:
the existing controls over the risk;
the cost impacts of the risk;
the benefits and opportunities presented by therisk.
8/12/2019 Risk Mgt Training
38/58
Risk Treatment / Risk Management
Risk treatment: process to modify risk.
8/12/2019 Risk Mgt Training
39/58
Risk Acceptable ?
Identify treatment options
Assess treatment options
Prepare treatment plans
Implement treatment plans
Residual Risk Acceptable ?
No
Monitor&
Review
Communicate&
Consult
Yes
No
Yes
8/12/2019 Risk Mgt Training
40/58
Residual Risk
Definition: The ‘risk remaining after risk
treatment’ From: ISO 31000:2009
http://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Analysis.ppt
8/12/2019 Risk Mgt Training
41/58
Risk treatment options for risks with
positive outcomes
Actively seek an opportunity;
8/12/2019 Risk Mgt Training
42/58
Risk treatment options for risks with
positive outcomes
Change the likelihood of the opportunity (for
increased beneficial outcomes);
8/12/2019 Risk Mgt Training
43/58
Risk treatment options for risks with
positive outcomes
Change the consequences of the
opportunity (for increased beneficial
outcomes);
8/12/2019 Risk Mgt Training
44/58
Risk treatment options for risks with
positive outcomes
Share the opportunity
f
8/12/2019 Risk Mgt Training
45/58
Risk treatment options for risks with
positive outcomes
Retain the residual opportunity.
k f k h
8/12/2019 Risk Mgt Training
46/58
Risk treatment options for risks with
negative outcomes
Avoid the risk;
Reduce the likelihood of the risk causing
negative outcomes;
i k i f i k i h
8/12/2019 Risk Mgt Training
47/58
Risk treatment options for risks with
negative outcomes
Reduce the consequences of the risk
causing negative outcomes;
8/12/2019 Risk Mgt Training
48/58
Ri k i f i k i h
8/12/2019 Risk Mgt Training
49/58
Risk treatment options for risks with
negative outcomes
Share the risk;
Ri k i f i k i h
8/12/2019 Risk Mgt Training
50/58
Risk treatment options for risks with
negative outcomes
Retain the residual risk.
8/12/2019 Risk Mgt Training
51/58
Risk Treatment
1. Identify risk treatmentoptions
2. Assess risk treatment options
3. Prepare Risk Treatment Plans
4. Implement Risk TreatmentPlans
http://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Risk%20Treatment%20Solutions.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Treatment.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Treatment.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Key%20Questions-Risk%20Treatment.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Risk%20Treatment%20Solutions.ppthttp://localhost/var/www/Documents%20and%20Settings/kw2285/Local%20Settings/Temporary%20Internet%20Files/OLK3/RM%20Linked%20Docs.Light/Risk%20Treatment%20Solutions.ppt
8/12/2019 Risk Mgt Training
52/58
8/12/2019 Risk Mgt Training
53/58
Escalation in Risk Management
Risk rating escalation
- Is critical to ensure
risks are known &
accepted at the
appropriate
management level
8/12/2019 Risk Mgt Training
54/58
Escalation in Risk Management
Risk rating escalation
- Is critical to ensure
risks are known &
accepted at the
appropriate
management level
• Reputation• Penalties
• new projects
• existing work
• viability of
BP
8/12/2019 Risk Mgt Training
55/58
Monitor & Review
It is essential to continually monitor and
review:
the identified risks; the effectiveness of the Risk Management
Plan; and
the outcomes of the Risk Management
Plans.
8/12/2019 Risk Mgt Training
56/58
8/12/2019 Risk Mgt Training
57/58
Did we achieve the objectives?
Do you understand:
1. The Risk Management process?
• Establish the risk context;
• Assess risks;
•
Manage / treat risks;• Monitor risks & risk management actions.
2. ISO 31000:2009
8/12/2019 Risk Mgt Training
58/58
RISK MANAGEMENT
The End
Thank you
remember Risk
Management is as
important as your
own life