Introduction to Risk Management 26 September 2014 Peter Fowler CPPD.

Slides:



Advertisements
Similar presentations
Hazard and Risk Analysis What are the socio-economic and political trends? Consider recent assessment / reviews / baseline studies / analytical exercises.
Advertisements

Module 1 Evaluation Overview © Crown Copyright (2000)
Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Defence Project Management 2007 Learning to love project risk management Dr Andrew Tyler DG Ships, DE&S.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
The Data Protection (Jersey) Law 2005.
Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
BSBPMG508A Manage Project Risk 11.3 Perform Qualitative Risk Analysis Adapted from PMBOK 4 th Edition InitiationPlanning ExecutionClose Monitor Control.
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
The Australian/New Zealand Standard on Risk Management
Seminar brought to you by Risk Appetite vs Risk Capacity.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
First Practice - Information Security Management System Implementation and ISO Certification.
1 Risk management and Investigation Peter Roberts
Risk Assessment Frameworks
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
Information Systems Controls for System Reliability -Information Security-
Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.
COBIT® 5 for Risk Introduction
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Equity Housing Group Risk Management. 05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The.
RISK ASSESSMENT 2010/2011 M.J Ramakgolo. THE PURPOSE The aim of the risk assessment session is to develop the Strategic Risk Profile for the municipality.
Basics of OHSAS Occupational Health & Safety Management System
Risk Management, Culture & Governance. Agenda  What is risk management?  A framework for risk management  Establishing a good risk culture  Getting.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
The Chicken or the Egg: A study of Risk Management and Strategic Planning Presented by Raven Henderson Raven Lane, LLC.
Lesson 5. International standard on auditing 315, states that the auditor should:  “…obtain an understanding of the entity and its environment sufficient.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Risk Management For the Board of The Law Society 16 February 2005.
1 TenStep Project Management Process ™ PM00.7 PM00.7 Project Management Preparation for Success * Manage Risk *
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Engin Ali ARTAN Industrial Engineering
Shaping healthcare … for you and your family Philip Tremewan, Designated Nurse for Safeguarding Adults Guildford & Waverley CCG Safeguarding Adults & Mental.
Copyright © 2007 Pearson Education Canada 1 Chapter 21: Completing the Audit.
Everyone is a risk manager Risk & Opportunity Management.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Project Risk Management Planning Stage
Presented to Managers. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an organization.
The Risk Management Process
Project Management Risk and Quality.
1 Project Management C53PM Session 4 Russell Taylor Staff Work-base – 1 st Floor
UNECE – SC2 Rail Security Analysis and economic assessment of rail transport security 1st October 2009 Andrew Cook.
Risk Management and the Audit Plan abc CIPFA in the Midlands Audit Training Seminar Wednesday 24th November 2004 Tina Spiers.
Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
Welcome to the ICT Department Unit 3_5 Security Policies.
An Overview on Risk Management
Monitoring and Evaluation Systems for NARS organizations in Papua New Guinea Day 4. Session 12. Risk Management.
11.1 Plan Risk Management The process of defining how to conduct risk management activities for a project Detailed risk planning enhances the overall probability.
11.3 Perform Qualitative Risk Analysis
Risk Management Policy & Procedures
COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,
COBIT® 5 for Risk Introduction
Quality Risk Management
ITPD ISSUE MANAGEMENT PROCESS SEPTEMBER 5, 2008
Detecting, reporting & investigating data breaches under GDPR
Confidence in Managing Risk
RISK MANAGEMENT MARKET & SOCIAL RESEARCH
COBIT® 5 for Risk Introduction
COBIT® 5 for Risk Introduction
A New Concept for Laboratory Quality Management Systems
Operational Risk Management
Presentation transcript:

Introduction to Risk Management 26 September 2014 Peter Fowler CPPD

“There are “known knowns”. [These are things we know that we know.] There are “known unknowns”. [That is to say, there are things that we know we don't know.] But there are also “unknown unknowns”. [There are things we don't know we don't know.]” Donald Rumsfeld (Feb 12, 2002) “The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair.” Douglas Adams in Mostly Harmless (the fifth book in the Hitchhiker's Guide to the Galaxy trilogy)

Risk Management Definitions Uncertainty - changing circumstances or situation Risk - effect of uncertainty on objectives Opportunity - the positive impact on objectives Issue - an event that has happened or will happen

Types of Risk Management Safety risk management Insurance risk management Financial (Investment) risk management Project risk management Business risk management Information risk management

Tasmanian Government Information Security Policy 1.Purpose The purpose of the Policy is to provide a consistent approach to managing information security risks across Government. 2.Scope This Policy applies to Tasmanian Government agencies as custodians of information on behalf of the Crown. 3.Policy Principles This Policy is based upon the following information security policy principles: Availability: information is accessible and usable to authorised entities. Integrity: the accuracy and completeness of information is protected. Confidentiality: information is not made available or disclosed to unauthorised individuals, entities or processes. Proportionality: measures to protect information are relative to the risk of loss or failure of availability, integrity and confidentiality.

Tasmanian Government Information Security Policy Manual Information security risks are threats or vulnerabilities that introduce uncertainty regarding the availability, confidentiality or integrity of information. Structured risk assessments help to prioritise risks and implement appropriate risk management procedures. Information security risk management can be undertaken as part of a broader agency risk management approach. Each agency MUST identify, quantify and prioritise risks against risk acceptance criteria and determine appropriate controls to protect against risks.

After completing a risk assessment there may be residual information security risks where the agency has: elected to accept a risk by doing nothing, or adopted a mitigation strategy that does not completely eliminate a risk.

Process from AS/NZS ISO 31000: 2009

Common failures when managing risks Not establishing the context: Misunderstand organisational attitudes and risk appetite Risk attitude. Organization's approach to assess and eventually pursue, retain, take or turn away from risk Risk appetite. The amount and type of risk that an organisation is willing to pursue or retain Source: ISO GUIDE 73: 2009 Risk management — Vocabulary

Common failures when managing risks Not establishing the context: Misunderstand organisational attitudes and risk appetite Not focussing on the appropriate risks (business efficiency vs information security) Business efficiency risk – Information cannot be located quickly as a result of poor categorisation resulting in more time/ resources required to find records. Information security risk. Information cannot be located as a result of poor file categorisation resulting in not finding important records.

Common failures when managing risks Not establishing the context: Misunderstand organisational attitudes and risk appetite Not focussing on the appropriate risks (business efficiency vs information security Inappropriate measures used for the analysis Consequence – If the event occurs what will the consequence be: Critical High Medium Low Very low Likelihood - What is the likelihood that the event will occur and result in the consequence indicated: Almost certain Likely As likely as not Possible unlikely But what do these terms mean?

Common failures when managing risks Not establishing the context: Misunderstand organisational attitudes and risk appetite Not focussing on the appropriate risks (business efficiency vs information security Inappropriate measures used for the analysis Generalisation of risk statements (leads to misunderstanding) 1.Inappropriate file categorisation 2.Cannot find board meeting minutes State the full story: What could happen, why could it happen (cause) and what would the result be “Board meeting minutes cannot be located as a result of poor file categorisation resulting in disputed decisions having to be reversed”

Common failures when managing risks Not establishing the context: Misunderstand organisational attitudes and risk appetite Not focussing on the appropriate risks (business efficiency vs information security Inappropriate measures used for the analysis Generalisation of risk statements (leads to misunderstanding) Fake treatment (either won’t mean anything or not followed through) 1.Ensure board meeting minutes are categorised appropriately 2.Provide training for staff on board meeting minute categorisation Would that stop people categorising incorrectly Only appropriate if not already being done!

Questions?

Introduction to Risk Management 26 September 2014 Peter Fowler CPPD

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.