Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identify Risk and Apply Risk Management

Similar presentations


Presentation on theme: "Identify Risk and Apply Risk Management"— Presentation transcript:

1 Identify Risk and Apply Risk Management
BSBRSK401A Identify Risk and Apply Risk Management

2 Introduction This manual is in four sections: Identify risks
Analyse and evaluate risks Treat risks Monitor and review effectiveness of treatment of risks

3 Identify Risks Part 1

4 Question for students to think about...
What is a risk?

5 Identify Risks Risk is anything with the potential to have an impact on the progress of a programme, or project, if it were to actually happen Risk can be: A situation An object Problem Activity etc.

6 Why take risks? Identify Risks
Risk is a natural part of all businesses Certain amount of risk is inevitable if we want to be successful and achieve our objectives We have to manage it effectively We have to have a risk management program in place

7 Effective Risk Management
Advantages: Certainty and fewer surprises Performance and service delivery Effectiveness of change Efficiency in resources use Better management at all levels through improved decision making Reduced waste, fraud Better value for money Innovation Management of contingent and maintenance activities

8 Effective Risk Management
Contingency plans in place for whatever surprises might occur Employees must be trained in how to handle these surprises, e.g.: Someone entering the store with a gun and asking for all the money in the cash register A river in town overflowing and flooding your place of business A colleague having a heart attack unexpectedly Your best supplier closing down

9 Risk Management Process
Steps Identify risks Analyse and evaluate the risks (measure) Control risks (formulate and implement strategies to limit the risks) Continuously monitor the effectiveness of your efforts

10 Identify Risks You are in best position to assess your risks
Use brainstorming and asks questions ‘What if this happens? Be thorough and go for simplicity Other options: Consulting companies (too specialized) Complex computer simulation models for anticipating risks (too time consuming and expensive)

11 Risk Identification The process of recognizing opportunities opened up by each activity or phase of the project and clarifying where the risk lies The agreed tolerance of risk should help identify the amount of time that should be spent in identifying the risk Identify at least 20% of risks that would have 80% of the potential impact

12 Identify Risks – How Techniques Critical task analysis
Behaviour analysis Environment analysis ‘What if’ analysis Fault tree analysis

13 Identify Risks - How Critical task analysis Concentrates on the task
Analysis of each step of the task Identification of potential risks Behaviour analysis Concentrates on the behaviour of employees Analysis of the way they work E.g. employee not taking health, safety seriously, not wearing PPE (training), employee reckless with locking the premises, handling with money etc.

14 Identify Risks - How Environment analysis
Concentrates on the actual workplace Analysis of the aspects of the workplace Identification of potential risks E.g. Ventilation, temperature, lighting, high crime area etc. ‘What if’ analysis Simulation of ‘what if’ scenarios Identification of potential risk E.g. What if this machine overheats, what if our best supplier closes down etc.

15 Identify Risks - How Fault tree analysis
Deductive, top-down method of analysing system design and performance Specify the top event to analyse (e.g. a fire) and then identify all associated elements in the system that could cause that top event to occur Use of symbolic representation

16 Identify Risks - How Other risk identification tools:
Brainstorming or SWOT analysis (workshops) Accident and incident investigations Assumptions analysis (make assumptions and then think about their consequences) Facilitated workshops (group of people, experienced facilitator, predetermined objectives – effective tool for cultural change, promoting buy-in and empowerment)

17 Identify Risks - How Influence diagrams (variables, decisions with the influence, analysing the impact of each variable/decision ) Checklists (e.g. novelty of the project, stability of the suppliers, software identification, flexibility of delivery) Decision trees (like flowchart diagrams; e.g. compare 2 options, analyse the impact each decision will have, make a decision; suitable for simple situations) Monte Carlo Simulation (3-point estimation; looks at the best, worse and most likely scenario and impact of each one of them)

18 Example of Influence Diagram
R&D Success Sales R&D investment decision Net profit

19 Decision Tree Diagram Income Range of Applicant <$30K
Criminal Record No => Loan Yes => No Loan $30K-$70K Years in Present Job <1 year => No Loan 1-5 years Makes Credit card Payments? Yes => Loan No => No Loan >5 years => Loan >$70K

20 Identify Risks Steps in the process
Identify the scope of the risk management activity Draw a context diagram Identify boundary of the risk management activity Identify risk factors Identify all assets that are at risk Identify all business processes at risk Identify all threats to these assets Identify any vulnerabilities to these threats

21 Analyse and Evaluate Risks
Part 2

22 Risk Analysis Risk analysis attempts to find the cause of the risks
It allows us to determine why risks occur and what can we do about them Risk assessment attempts to find the potential impact of the risk and frequency with which it is likely that the company will be exposed to the risk Risk categorization attempts to find which risks should be attended to first by looking at the impact and frequency - priority

23 Risk Assessment It is important to attempt to determine exactly what the risk of a hazard causing harm actually is Probability and level of risk (consequence) of any harm occurring Likelihood of any harm Severity of that harm The higher the risk, the higher the consequences, the more stringent your controls should be

24 Risk Assessment The first stage in risk assessment is assessing the probability of harm actually occurring There are many hazards in a workplace and only a fraction of them will pose a significant risk of actually occurring on a regular basis Therefore attempt to determine how often a hazard is likely to cause harm, and concentrate on those that are most likely to cause harm regularly if not controlled

25 Risk Assessment Likelihood (probability) Very likely Likely Unlikely
Very unlikely

26 Risk Assessment The second major risk factor that must be considered is what are the consequences of a certain hazard should it occur We need to balance the chance of something occurring with the consequences should it actually occur Those hazards that will cause serious harm should be dealt with ahead of any matters that will only cause minor harm

27 Risk Assessment Consequence (severity, level of risk): Negligible
Minor Major Critical Fatal

28 Risk Categorization After you have analysed the hazards, you need to prioritize them You need to rank them in a chronological order, i.e. which hazards needs to be controlled as a matter of urgency, which hazards must be controlled in the second place etc.

29 Risk Categorization Deal with hazards in this order
Hazards that may occur regularly and cause serious harm (e.g. very likely and fatal) Hazards that may occur rarely and cause serious harm Hazards that may occur rarely that will cause harm

30 Typical Objectives of Risk Analysis
Understand the identified risks Assets at risk Business processes at risk Threats to these assets and business processes Vulnerabilities to these threats

31 Typical Objectives of Risk Analysis
Analyse the identified risks and prioritise them Analyse the threats to these assets and business processes Estimate the risks’ probabilities of occurrence Estimate the potential impact of each risk Estimate the importance and priority of each risk Categorise risks

32 Typical Objectives of Risk Analysis
Develop steps and techniques to: Avoid each significant risk Mitigate each significant risk if it occurs Control and monitor each significant risk Assign responsibilities and resources to perform risk avoidance, mitigation and monitoring

33 Risk Management Tools for risk management: Probability-Impact Table
Cost/benefit Benefit/risk Gap analysis Pareto analysis

34 Probability-Impact Table (P-I)
Probability-Impact Table (P-I) is a tool that can be used to assess the risk Look at the best, worse and most likely case scenarios and then plan what impact each one of them has For each risk establish 2 major criteria: Probability criteria Impact criteria

35 Probability-Impact Table (P-I)
PROBABILITY CRITERIA Remote 1-20% (unlikely but not impossible) Possible 21-50% (could occur) Probable 51-80% (more likely to occur than not) Very probable >80% (almost certain to occur) IMPACT CRITERIA Low Small impact on objectives and their delivery Medium Impact on objectives could result in their non-delivery High Severe impact on objectives resulting in failure unless action is taken

36 Probability-Impact Table (P-I)
Prepare a matrix to identify the Red, Amber and Green risks Highlight which risks should be dealt with first or escalated through the management

37 Probability-Impact Table (P-I)
Likelihood Remote Possible Probable Very Probable Low Medium High Impact

38 Probability-Impact Table (P-I)
Red requires immediate management of risk via controls to ensure it is mitigated The aim of risk control is to reduce the probability and impact to amber, or even better, green Amber requires management as risk could materialise with an impact Green should be considered after Red and Amber

39 Cost/Benefit This technique is used to determine cost-effectiveness of risk avoidance/mitigation and monitoring steps and techniques It is used to make decisions about accepting the risk or using some other risk management techniques

40 Benefit/Risk Management tool that compares the risk with the costs and benefits associated with it

41 Gap Analysis Management tool that consists of identifying:
The current state The desired (target) state The gap between them The gap or risk Where are we now Where we want to be!

42 Gap Analysis The gap analysis attempts to determine those areas of the business where the present state differs from the desired state and looks at the risks associated with getting over this gap

43 Pareto Analysis Pareto analysis suggests that most effects come from relatively few causes 80% of risks come from 20% of the causes Therefore if you aim your efforts right at those 20% of the causes you can solve 80% of the problems

44 Treat Risks Part 3

45 Treating or Minimising Risk
Avoiding risk (elimination) Reducing risk Ignoring risk Shifting risk

46 Avoiding Risk Some companies are willing to take higher risks for potentially high rewards than others Some companies are unwilling to risk the potential losses involved in developing new, untried products Avoiding risk may ensure profitability, but it stifles innovation, thus these risk adverse companies are rarely leaders in the industry

47 Reducing Risk Companies can reduce the risk by taking preventative measures They develop safety programs to educate employees about potential hazards and proper methods of performing certain tasks

48 Reducing Risk The most common tool used in risk management is insurance Standard health insurance Life insurance Disability insurance Liability Property insurance Specialised insurance for particular risks in your business

49 Ignoring Risk If the chance of a risk occurring is minimal, or severity is very low, accept the chance of it occurring

50 Shifting Risk Transferring the risk to others in the operation
If you have subcontractors, you may make them responsible, although this is likely to push the cost up significantly

51 Treating or Minimising Risk
If you need additional finance, having a good risk management system in place will impress the lender and may aid in obtaining the funds Specific examples of the types of resources you need to protect: People Records General facilities Conduct inspections twice a year

52 Treating or Minimising Risk
People Back up the performance of each key employee Someone else should have the understanding of another person’s role in case this person is not able to perform the role for any reason (e.g. Vacation) Use up-to-date job descriptions, to-do lists, regular status reports

53 Treating or Minimising Risk
Records Keep proper records in a central locations and well labelled Keep critical documents in a fireproof box Personnel files should be locked; access given only to senior management and their assistants Back up copies and store it securely off-site Allocate a number of hours each year for staff to audit the documentation for relevance, adequate labelling and reasonable organisation

54 Treating or Minimising Risk
General facilities Always lock your doors Ensure your fire protection systems are fully functional Schedule to test the fire alarms twice a year

55 Treating or Minimising Risk
Conduct inspections twice a year to: Inspect the floors for ripped carpets Look for cables, wires laying on the floor Notice electrical outlets with black soot near them Ask all staff if the office accommodations are sufficient (e.g. lighting, comfortable chairs) Ensure a well-stocked first-aid kit is available to all staff Notice heavy items on the floor that staff need to lift Emergency numbers on the wall near the central phone Schedule 10 min in a staff meeting once a year for the entire staff to reflect on the quality of the facilities

56 Monitor and Review Effectiveness of Treatment of Risks
Part 4

57 Performance Standards
The greatest risks need to be carefully monitored The risks will little impact or that unlikely to occur, will generally require less monitoring Performance standards are used as a basis for a company’s evaluation of its own success, in this case success of the risk treatment plan

58 Performance Standards
Well written performance standards will: Describe the performance expectations Specify the acceptable margin for error (do not expect perfection, as it does not happen) Refer to any specific conditions under which the performance is expected to be accomplished or performance assessed (e.g. Given the economic conditions etc.)

59 Performance Standards
When writing performance standards ensure: They are realistic They are specific They are based on measurable data, observation, or verifiable information They are consistent with organizational goals They are challenging They are clear and understandable They are dynamic

60 Performance Standards
When writing performance standards ensure: They are related to the operation’s assigned work and job requirements Reporting systems are adequate to measure and report quantitative data you list They are described in clear and specific terms

61 Meeting Expectations It will not serve the company well to have the performance standards in place if they are not being continuously monitored to ensure compliance If such monitoring system is not in place and working effectively, the organization may not be able to pick up on significant variances that will have a negative impact on the company

62 Monitor and Review Effectiveness
The outcome of a monitoring system is data that can evaluate the current performance of the organization’s risk management processes Evaluation takes place by taking the current measure, and comparing this against the required benchmark of performance Any variances that exist (either positive or negative) needs to be calculated and this can then be used to start an analysis of the process

63 Monitor and Review Effectiveness
After you complete the monitoring of your risk management systems, you may be asked to report your findings to senior management Report how well the operational objectives and goals you set at the beginning of the process have been met , and if not, what you will do for non-compliance

64 Monitor and Review Effectiveness
After determining the cause of the variances you should attempt to find the solutions that would solve the problems Define and describe the problem, its magnitude and determine the cause of the problem Gather more specific facts Generate alternative solutions Analyse the alternatives Weigh and decide among alternatives Formulate and implement a plan

65 Summary All businesses face a variety of risks in their every day operation These may range from a very minor risk of a natural disaster through to those which may occur on a daily basis (e.g. not reaching sales targets) An effective risk management system needs to be put in place in order to eliminate or minimise the risk and its impact

66 End of the Presentation
Thank you for your attention Enjoy the rest of your day


Download ppt "Identify Risk and Apply Risk Management"

Similar presentations


Ads by Google