Presentation on theme: "1. Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the."— Presentation transcript:
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences that may flow from it. Risk is measured in terms of a combination of the consequences of an event and their likelihood. Risk may have a positive or negative impact. 2
Why implement risk management? Success = Vision Achievement + Associated Strategic Objectives. Ultimately, must know the risks faced in achieving these goals, manage the risks effectively and ensure that effective risk treatments are, and continue to be in place as the environment changes over time. Risk management is importance for EPF. Alternative is risky management which will not ensure desired outcomes. 4
5. Benefits of risk management Increase risk awareness at all level of staff in order for them to effectively manage their risks. No unexpected surprises! Staff personal wellbeing Accountability, assurance and governance - Maintain integrity and confidence amongst stakeholders and the public in general. Strengthening competitive strategic and operational efficiency to increase long term stakeholder’s value. Safeguarding assets and resources. Exploitation of opportunities Improved planning, performance and effectiveness Improved information for decision making Minimise unexpected impact to earnings and returns to members.
Risk Management Risk management is the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects within the organisation environment. It is an enterprise wide process multifaceted in dimension. It is best achieved by a multidisciplinary team. Risks must be appropriately communicated and shared. 7
Risk Management Process Establish the Context: for strategic, organisational and risk management and the criteria against which busineess risks will be evaluated. Identify Risk: that could ‘prevent, degrade, delay or enhance’ the achievement of an organisation’s business and strategic objectives. Analyse Risk: consider the range of potential consequences and the likelihood that those consequences could occur. Evaluate Risks: compare risks against the firm’s pre-established criteria and consider the balance between potential benefits and adverse outcomes. Treat Risks: develop and implement plans for increasing potential benefits and reducing potential costs of those risks identified as requiring to be ‘treated’. Monitor and Review: the performance and cost effectiveness of the entire risk management system and the progress of risk treatment plans with a view to continuous improvement through learning from performance failures and deficiencies. Communicate and Consult: with internal and external ‘stakeholders’ at each stage of the risk management process. 8 Note that: Identify, Analyse and Evaluate Risks are collectively grouped as ‘Risk Assessment’.
For every risk Identify Causes and Consequences. Rate gross risk in term of possibility and impact (without controls or controls totally ineffective). Identify Primary Controls (preventive, detective and corrective) and Secondary Controls Rate control effectiveness (to reduce possibility and impact). Risk software calculate: Nett Risk Rating = Gross Risk – Control Effectiveness. Set Risk Targets Identify management actions to mitigate the risks. 10
Who manages risks? Board of DirectorsProvides oversight Board Risk Management Committee Approve risk management policies. Evaluate management of risks. “Big Picture” analysis of risk trends. Senior ManagementManages and monitors risk Executive Committees MORC assists Senior Management monitors risk. Audit and Compliance Audit – Provides independent assurance. Compliance – Provides independent review. Risk ManagementAssists in setting policies and standards that reflect the risk appetite of the organisation. Business UnitsResponsible for owning and managing risk. Set and implement policy consistent with enterprise-level policy. 12
Who manages risks in business units? Risk scorecard owner Responsible for risk management in department/branches/section/unit. To report effectiveness of risk management activities Risk owner Responsible to manage assigned risk by ensuring effectiveness controls and to recommend new Management Action Plans (MAP) to mitigate risk. Recommend risk rating to Risk Scorecard Owner. Control owner Responsible to ensure effectiveness of control. To report on control effectiveness to Risk owner. Management Action Plan (MAP) owner To ensure MAP is carried out as planned to mitigate risk. To report on MAP status to risk owner. Risk Champion Coordinator and risk advisor. Assist risk scorecard owner and ‘other owners’ on risk management. Individual staff Aware about risk and risk management. To highlight any new key risks to risk champion and/or risk scorecard owner. 13
Key Success Factors Full support from the Board, Investment Panel, CEO and Management. Committed Risk Champions. Competence and committed consultant. Effective Project Management. Risk Awareness Training and Facilitation Workshops. Computerised System. Organisation culture 14