Presentation on theme: "Understanding & Managing Risk. Why is risk important? How does it effect me? Risk is a part of life Personal life: damage to home or car Family life:"— Presentation transcript:
Understanding & Managing Risk
Why is risk important? How does it effect me? Risk is a part of life Personal life: damage to home or car Family life: poor health of family members Work life: not doing a job properly
What does risk mean? Risk = Exposure to possible loss x The probability of such a loss Anything that can stop you from attaining your goals & objectives - OR -
Risk Management Process Key Steps Risk management requires you to: Analyze functions and processes to identify risk Assess risks to measure the level or severity of the risk Define the management techniques needed to control and mitigate the risk Periodically review the techniques and controls to monitor and ensure ongoing adequacy and effectiveness
Risk Analysis To analyze a function for risk you should: Document & understand objectives of the function Identify risks associated with the function Document risks identified Discuss risks identified with associates and one-up manager Determine if existing processes address identified risks Identify risks not controlled by processes or systems Determine corrective actions to be taken (if any) Quantify risk as high, medium, or low
What is a control? An action or series of actions that results in a reduction of risk to within acceptable tolerances.
What is the purpose of having controls? Controls are used to ensure: Resources are adequately protected Significant financial, managerial, and operating data is accurate and reliable Employees’ actions are in compliance with laws, regulations, policies, procedures, and standards Resources are employed effectively
Characteristics of Control Controls are adequate and effective Adequate: a control must be designed to provide reasonable assurance that risk will be mitigated Effective: a control must actually work as it was designed and the control objective is achieved
Controls should also be predictive … That is, the limits of controls should be known as volumes of other factors approach the capacity of the control. For example, a control may be adequate and effective based on current volumes up to an additional 25%. Beyond that level, adequacy and effectiveness are diminished and modifications are needed.
What types of controls are there? Preventative: actions designed to impede undesirable outcomes. Detective: actions that measure the effectiveness of preventative controls and identify errors when they occur. Corrective: actions that resolve problems identified by preventative and detective controls.
Risk Management Steps After you analyze a function to identify risks, you: Quantify & measure risks as high, medium, or low to prioritize risks Define and apply the controls and management techniques to manage the risks Review periodically to monitor the organization, functions, and control environment
Risk Management Steps The best way to ensure ongoing adequacy and effectiveness is by conducting periodic reviews to ensure adequacy and effectiveness Why conduct a periodic review?
Risk Management Steps How often do I conduct a periodic review? High Risk Functions: review not less than quarterly Medium Risk Functions: review semi-annually or annually Low Risk Functions: review at leas annually
Risk Management Steps Why monitor the risk management process? Accountability, which includes maintaining an adequate and effective control environment Responsiveness, which includes effective communications, process improvement, and reliability