Presentation on theme: "Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards."— Presentation transcript:
Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards
Introduction Definition of Risk Management Risk Management Principles & Practice Benefits of Risk Management Current Developments Anecdote
What do we mean by Risk? Contemporary Definition – Risk is the effect of uncertainty on objectives. (ISO Risk Management Principles and Guidelines (2009) Uncertainty can be positive or negative.
Towards a balance view of risk Traditional view All about threats Risk averse Cant Do Contemporary View About opportunities Risk enabling/managing Can Do
What is Risk Management The culture, processes and structures directed towards realising opportunities whilst managing adverse effects. Its purpose is not to eliminate risk, but to understand it so as to take advantage of the upside and minimise the downside.
Risk Management is not A new responsibility About eliminating risk An add-on A one-off exercise The universal answer
Why is risk management important? Good management practice Achievement of objectives Opportunities Assurance to stakeholders
What if we dont manage our risks? Corporate failures (private sector) Step-in (local government) Project failures Missed opportunities
The Risk Model Strategic Risks –High level –Owned at board level –Cross cutting Operational Risks –Departmental/business unit level –Any risk which is not strategic
Risk Management Process Risk Identification What could happen? How could it happen? Risk Assessment Likelihood?Impact? Risk Mitigation & Management Accept?Avoid? Reduce?Transfer? Risk Profiling Prioritisation Risk Monitoring & Review Ongoing process Reporting
Step 1 - Risk Identification Tools available to identify risk: PESTLE/SWOT Analysis Brainstorming/Challenge sessions Scenario Planning Audit reports
Step 2 - Risk Assessment Assess each risk in terms of: Likelihood (frequency/probability) Impact (Severity)
Level of Risk Risk Score (L x I) 11 – 16 5 – Risk Rating High Medium Low
Step 3 - Risk Profiling Impact 1 Minor 2 Significant 3 Serious 4 Major 4 – Very Likely L M H H 3 - Likely L M M H 2 - Unlikely L L M M 1 - Remote L L L L
Step 4 - Risk Mitigation & Management Tolerate the risk –Within Ealings risk appetite (need to monitor) Terminate the risk –Quit the operation (often not a real option) Treat the risk –Reduce likelihood (put in extra controls) –Reduce impact (PR, recovery/continuity plans etc.) Transfer the risk –Transfer exposure through insurance or to partner organisation