Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Risk management and Investigation Peter Roberts

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Risk management and Investigation Peter Roberts"— Presentation transcript:

1 1 Risk management and Investigation Peter Roberts peroberts@csu.edu.au

2 2 Session Overview 1 What is risk management? 2 How to do risk management 3 How CSU staff can use risk management

3 3 What is Risk Management Contents The notion of risk Defining risk management The objectives of risk management Organisational responsibilities and obligations in risk management

4 4 What is risk? Common language understanding Formal ‘The chance of something happening that will have an impact upon objectives’ Represents a rational response to dealing with an unknowable future Can be measured in terms of likelihood and consequence

5 5 Risk management Definition ‘The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects” Treadway, COSO and Cadbury Australian /New Zealand Risk Management Standard 4360:1999.

6 6 Risk Management Objective ‘To enable business operations to be conducted within an environment of acceptable loss’ Process ‘The systematic application of management policies,procedures and practices to the tasks of establishing the context, identifying analysing, evaluating, treating monitoring and communicating risk’ The ‘Why?’ of risk management

7 7 Professional/Organisational overview Professional reasons common language rationality, consistency Organisational reasons legal, ethical, business responsibilities safety, fraud control, insurance, disaster recovery

8 8 Professional reasons for risk management Standard 4360:1999 imposes a common language on key terms which is universally accepted in public and private enterprise encourages to think rationally promotes consistency in decisions assists in defending key decisions

9 9 Organisational reasons for risk management Organisational Legal Obligations –contracted –legislated Other Organisational Responsibilities –ethical –self-regulated agreements

10 10 Organisational Legal Obligations Contractual –employment agreements Legislated –OH&S & EEO –environmental –Myriad of other regulatory statutes Use words like ‘reasonable’

11 11 Corporate Ethical Responsibilities Includes a range of socially based expectations, including: fairness internal self regulation industry self regulation maintaining industry standards

12 12 The result Risk management provides a proactive contribution to: contracted, legislated and ethical compliance increased revenue reduced costs positive ethical climate within the organisation

13 13 The ‘how’ of risk management

14 14 Australian /New Zealand Risk Management Standard 4360:1999 1) establish the context 2) identify risks 3) analyse risks 4) evaluate and prioritise risks 5) treat (or recommend treatments) for risks –Consult and communicate at each stage –Monitor and Evaluate at each Stage and loop back to earlier stages if necessary

15 15 Establishing the context strategic context organisational context risk management context

16 16 Establishing the context (cont) Start with objectives ‘The chance of something happening that will have an impact upon objectives’

17 17 Establishing the context (cont) To define the objective, consider: what do we do? how do we do it? who are our customers/stakeholders? what do they want? what does all this mean to us?

18 18 Establishing the context (cont) Three key elements: 1 what is/are our objectives? 2 what activities need to be completed to achieve the objectives 3 what resources are available for use to perform the activities which will lead to the successful achievement of the objectives?

19 19 Establishing the context (cont) Develop risk evaluation criteria based upon policy, goals, objectives, stakeholder interests –operational –technical –financial –legal –social humanitarian

20 20 Identifying risks/threats Link all customers/stakeholders to: objectives activities resources

21 21 Identifying risks/threats (cont) Identify what can happen to threaten the the process or system being analysed and how that threat may occur Then list all those risks/threats

22 22 Assessing risks/threats Quantitatively –historical data –statistical information on incidents –surveys Qualitatively –determine likelihood –determine consequence

23 23 Assessing risks - rating the impact Disastrous - achieving the objective may not be attainable. May be forced to discontinue or transfer function Critical - Will produce difficulties beyond the capacity of existing resources. May require additional resources or funding to restore/achieve minimum function Serious - Will produce difficulties to function that can be readily absorbed by current resources Minor - Anything less than above

24 24 Assessing risks - rating likelihood Definite - almost certain to occur Probable - distinct possibility of occurring in the time given Possible - likely to occur over an extended period of time Remote - more likely not to occur Improbable - very unlikely to occur

25 25 Presenting the risks Can use a matrix - one provided in papers Can develop different kinds of ratings for different circumstances Can apply numerical values to the ratings - this helps when prioritising a large number of risks Can use a risk register

26 26 Treating risks Identify treatment options Evaluate treatment options Recommend treatment options Prepare treatment plan Implement treatment plan

27 27 Developing/implementing a risk management program Appendix B of the Standard Step 1- Support of senior management Step 2 - Develop organisational policy Step 3 - Communicate policy Step 4 - Manage risks organisationally Step 5 - Manage risks at work unit level Step 6 - Monitor and review

28 28 Who should be involved horizontal spread - as many different functions as necessary vertical spread - as many levels of the organisation as possible skill spread external stakeholders consultants?

29 29 Revisit key elements of Standard 1) establish the context 2) identify risks 3) analyse risks 4) evaluate and prioritise risks 5) treat (or recommend treatments) for risks –Consult and communicate at each stage –Monitor and Evaluate at each Stage and loop back to earlier stages if necessary

30 30 Establishing CSU context Three key elements: 1 what is/are our objectives? 2 what activities need to be completed to achieve the objectives 3 what resources are available for use to perform the activities which will lead to the successful achievement of the objectives?

31 31 CSU context (cont) Develop risk evaluation criteria based upon policy, goals, objectives, stakeholder interests amount lost damage to reputation of organisation threat to health, safety, security These criteria feed into the risk assessment process

32 32 Identifying risks Identify what can happen to threaten the the process or system being analysed and how that risk may occur Then list all those risks

33 33 Assessing risks Quantitatively –historical data, internal audit reports –files –statistical information on incidents Qualitatively –determine likelihood –determine consequence

34 34 Treating risks Identify treatment options Evaluate treatment options (cost, effectiveness) Recommend treatment options Prepare treatment plan Implement treatment plan

35 35 Other governance processes Cross linkage with other governance processes. Each of these organisational policies need to be integrated with each other:eg –Corporate planning –Physical security –Computer security –Internal audit –Organisational ethics –Anti-corruption activity

36 36 Any comments?

Download ppt "1 Risk management and Investigation Peter Roberts"

Similar presentations

The Risk Management Process (AS/NZS 4360, Chapter 3)

The Risk Management Process (AS/NZS 4360, Chapter 3)
A Joint Code of Practice Objectives and Summary Presentation

A Joint Code of Practice Objectives and Summary Presentation
Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
Risk Management Awareness Presentation

Risk Management Awareness Presentation
Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.

Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.
More than OH&S. Definitions of Risk Risk is virtually anything that threatens or limits the ability of a community or non-profit organisation to achieve.

More than OH&S. Definitions of Risk Risk is virtually anything that threatens or limits the ability of a community or non-profit organisation to achieve.
Comparative Emergency Management

Comparative Emergency Management
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Control and Accounting Information Systems

Control and Accounting Information Systems
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Slide 1 OHSI Presentation on Risk Profile Kimberley Turner Chief Executive Officer Aerosafe Risk Management EXHIBIT/P-00058.

Slide 1 OHSI Presentation on Risk Profile Kimberley Turner Chief Executive Officer Aerosafe Risk Management EXHIBIT/P
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Risk management Module 1 Introduction to risk management.

Risk management Module 1 Introduction to risk management.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
Risk Management/ Gestion des Risques ……. In the context of Projects & Organisations PH department, DT-Science-Techno Tea meeting, September 2011 Mark Hatch.

Risk Management/ Gestion des Risques ……. In the context of Projects & Organisations PH department, DT-Science-Techno Tea meeting, September 2011 Mark Hatch.

Similar presentations

Ads by Google