Transcript MGMT15_Resources-Web-Test-Gray

1. Establish Risk Context
1.1 Review organisational process, procedures and requirements for
undertaking risk management
1.2 Determine scope for risk management process
1.3 Identify internal and external stakeholders and their issues
1.4 Review political, economic, social, legal, technological and policy
context
1.5 Review strengths and weakness of existing arrangements
1.6 Document critical success factors, goals or objectives for area
including in scope
1.7 Obtain support for risk management activities
1.8 Communicate with relevant parties about the risk management and
invite participation
2. Identify Risk
2.1 Invite relevant parties to assist in the identification of risks
2.2 Research risks that may apply to scope
2.3 Use the tools and techniques to generate a list of risks that apply to
the scope, in consultation with relevant parties
3. Analyse Risks
3.1 Review organisational process, procedures and requirements for
undertaking risk management
3.2 Determine scope for risk management process
3.3 Identify internal and external stakeholders and their issues
3.4 Review political, economic, social, legal, technological and policy
context
3.5 Review strengths and weakness of existing arrangements
3.6 Document critical success factors, goals or objectives for area
including in scope
4. Select and Implement Treatments
4.1 Determine and select most appropriate options for treating risks
4.2 Develop an action plan for implementing risk treatment
4.3 Communicate risk management process to relevant parties
4.4 Ensure all documentation is in order and appropriately stored
4.5 Implement and monitor action plan
4.6 Evaluate risk management process
Establish Risk Context
Defining Risk

Risk
‘The chance of something happening that will have an impact on
objectives’
(Australian Standard(AS/NZS4360:2004)

Risk Management
‘The guiding principles an organisation uses in relation to its
management of risk and the detail of how these principles will
operate in practice’

Risk management processes allow organisations to identify
potential risks situations, analyse the dimensions of the risk and
assess the organisation’s capacity to cope with and manage that
risk

In order to ‘survive’ it is necessary to strike an appropriate balance
between the amount of risk taken and the amount of the return
expected.
‘not too lax not too cautious!’

The first step in establishing the risk context is to critically examine
those elements of the risk management process that are already in
place. In some smaller organisations, formal risk management
procedures, processes and requirements may not be in place. In
this situation it will be necessary to consult with management to
gain understanding of the current risk management processes.

A good risk management plan provides clear guidance on how
various parts of the organisation can identify and manage risks they
face and those that might impact on the whole organisation.
There are five stages in the disciplined and interactive process in
manage risk:
Stage 1 Investigate and Identify the risk
Stage 2 Assess the risk
Stage 3 Analyse the risk
Stage 4 Management strategies
Stage 5 Monitor
The scope of risk management is concerned with what is included
in the strategy and the extent to which is it addressed.
The scope of a risk management strategy is entirely reflective of the
organisation, its activities the risk profile. It can also be indicative of
the following:
 Past history
 Knowledge and/or experience of risk management held by senior
management
 Available resources
 External environmental factors

The process of identifying stakeholders recognises the important of
taking into consideration the needs, objectives and influences of
both internal and external parties and how these factors might
impact upon risk management processes.
Internal Stakeholders such as:




Workers
Owners
Shareholders
Reference groups
External Stakeholders such as:






Government
Community members
Customers and suppliers
Customers
The media
Suppliers
The types of things to consider when examining the issues of
internal stakeholders include:



Cultural aspects of organisations
Power structures in organisations
Change processes within organisations
When establishing the risk management context it is essential to
gain an understanding of the environment in which the organisation
operates. During this stage you would typically identify any political,
economic, social, legal, technological and policy issues that may
have an impact on the risk management process.
Social
Economic
what obligations does the business
have to clients? How much, if any,
customer dissatisfaction is it
prepared to wear? Are the
perceptions and values of society
important to the success of the
business?
what are the forecasts for domestic and
international economies and how will
this impact upon your business. How
reliant is the business on the Australian
dollar and export/import markets? What
is the forecast for the specific industries
industry/ies the business operates in?
Policy
Are there any cooperate policies
that must be adhered to? Are there
any government policies (current or
proposed) that might impact upon
your business?
Technological
What technological advancements
are likely to impact upon the
business and is it essential to keep
pace?
Political
What is the current climate at local,
state and federal levels and how
might this affect your business?
What impacts will a change in
government have?
Legal
What regulations and legislation
must be adhered to?

Part of the process of reviewing existing processes, procedures and
requirements for risk management is to evaluate the strengths and
weaknesses of existing arrangements. During this stage the aim is
to identify any aspects that need modified and those that can be
extended or consolidated to assist future operations.

A SWOT analysis is a tool that helps organisations to focus on
strengths, minimise weaknesses, take advantage of opportunities
and reduce the threats that face their business.

It is an ideal tool to use when analysing the existing risk
identification and management strategy of an organisation.
Capabilitie
s
Goals &
Objectives
Environmen
t
Strengths
Weakness
Opportunities
Threats
Competitor
s
Strengths:
1.
2.
3.
4.
What advantages do you have?
What do you do well?
What relevant resources do you have access to?
What do people see as your strengths
Weakness:
1.
2.
3.
What could you improve?
What do you do badly?
What should you avoid?
Opportunities:
1.
2.
Where are there good opportunities facing you?
Are there any interesting trends you have noticed e.g. Changes in
technology?
Threats:
1.
2.
3.
4.
What obstacles do you face?
What is your competition doing?
Is changing technology threatening your position?
Do you have bad debt or cash flow problems?





Social / Cultural Landscape
Technological Landscape
Ecological (or natural) environment
Economic / Fiscal Landscape
Political / Regulatory / Legal Landscape

The cultural environment is made up of institutions and other forces
that affect society’s basic values, perceptions, preferences, and
behaviours. People grow up in a particular society that shapes their
basic beliefs and values. They absorb a world view that defines
their relationships to themselves and others. The following cultural
characteristics can affect marketing decisions.

Demographic
 Changing age structure of population
 Changing household
 Geographic shift in population
 Better educated and more white-collar population
 Increased ethnic diversity

Social
 Changes in income
 Changing consumer spending patterns
Demographic Environment
Growing
Ethnic
Diversity
Education
Geographic
Shifts
Age
Structures
Key
Demographic
Trends
Changing
Family
Structure
Fast Pace of
Change
High R & D
Budgets
Issues in the
Technological
Environment
Focus on Minor
Improvements
Increased
Regulation
Ecological (or natural) environment
Shortage of
Raw Materials
Government
Intervention
Key Areas
of Concern
in the Natural
Environment
Increased
Pollution
Energy
Costs
Economic / Fiscal Landscape
Economic
Development
Key
Economic
Concerns for
Marketers
Changes
in Income
Changes
in Consumer
Spending Patterns

An important element in the risk management process is to clearly
identify ‘what will be deemed as success’. This means for each part
of the risk management scope there should be a clearly
documented set of goals, objectives and performance indicators.
A successful approach to risk management involves obtaining the
support of senior management.





Encouraging the active and on going support of organisation’s
management team
Encouraging the appointment of a senior manager to lead risk
management initiatives
Involving senior management in the development of risk
management policies and procedures
Encourage an organisational culture that supports a planned and
open approach to risk management
Including management in the team responsible for communicating
risk management policies
Identify the organisation or business you work for or that you are
closely associated with.
1. What message does management conveys in regards to risk
management?
2. How would you go about obtaining their support for risk
management activities?
Effective Communication is a key component of gaining support for
risk management activities
It is important to convey the risk management process clearly to
staff and other relevant stakeholders and reinforce a responsible
culture of risk management that includes planning, management
and regular review.
Target audiences






Executive team
Risk management committee
Risk management coordinator
Shareholders
Customers
Suppliers
Key messages are the heart of the communications.
Each target audience requires a key message `with the emphasis
on:




What is risk management and the organisation’s approach?
How is it being implemented and what do I need to do?
What are the benefits and what is my role in its implementation?
How can I actively participate to ensure successful implementation?
Methods to engage relevant parties in the risk management process
might include:




Working groups or sub-committees
Including risk management as an agenda item at meetings
Giving presentations at community forums or management
meetings
Inviting the public to provide submissions
In order to create an environment that will encourage suggestions
you should






Establish and maintain open and honest communication
Actively listen to each suggestion
Encourage informal discussion
Of continual improvement
Clearly and constantly communicate the organisation’s mission,
aims and objectives
Establish a formal mechanism for consultation/submitting ideas
Identify Risk
Internal Staff
Many organisations choose to conduct their risk identifications as
an in-house process. That is they use existing staff to assist in the
identification of risks. This will ensure risks are identified effectively,
different areas of expertise are brought together and different views
are appropriately considered in identifying risks.
There are a number of techniques that can be used to effectively
solicit input from stakeholder groups about the risks that they have
identified.
 Brain storming
 Suggestion box
 Project meetings
 Customer feedback forms
 One-to-one discussions / interviews
External Experts
At times the organisation will use external experts such as
consultants, auditors and trainers to advise on risk.
Advantages of using external experts


A consultant provides knowledge or skills that the organisation does
not have in-house
The consultant works provides a neutral perspective that can be
used to manage discussion and debate without any bias or favour
External Experts
With all benefits there are costs and the organisation must be sure
that they they will obtain a good return on their investment in using
a risk consultant.
Researching risks involves identifying what could happen and how
and why it could happen. At this stage it is necessary to examine all
possible sources of risk.
Sources of Risk
Most businesses use generic risk categories such as legal, financial
or natural events. A generic list of the sources of risk might include:








Commercial and legal relationships
Economic circumstances
Human behaviour
Natural events
Political
Technology and technical issues
Management activities and controls
Individual activities
The method of research include:





Market research
Data or statistical information
Public consultation
Lesson learned from other activities
Review of other information sources
Techniques that can be used to identify risks include:







Checklist
Judgments based on experience and records
Flow charts
Brainstorming
System analysis
Scenario analysis
System engineering techniques
Example
Market Mind Pty Ltd wants to identify risks associate with the manufacture
of a new product. To do this, senior management decides to have a
brainstorming session in which they undertake SWOT analysis. Other
stakeholders in the process include the company’s distributor and an
independent expert in the field. The group identifies:
The strengths of the new products – is it likely to be successful received?
Does it fill a gap in the market?
 The weakness of the new products – has it been tested sufficiently?
 Possible threats such as competition from from imported products, price,
market, the effect of the rising dollar on exports.
 Opportunities that development on the product might bring such as new
customers who may also purchase existing products.

Analyse Risk
Assess Likelihood of Risk Occurring



Estimating the likelihood of an event occurring is part of the risk
analysis process because it helps determine risk level.
In calculating the probability (likelihood) for an event, managers
provide a basis for risk evaluation, risk acceptance and risk
treatment.
Likelihood involves frequency, probability and proximately
Assess Likelihood of Risk Occurring
Frequency is a measure of the rate of occurrence of an event
expressed as the number of occurrences of an event in a given
time. In some cases frequency of occurrence is important, for
example, shoplifting has a high rate of occurrence and a high rate of
significance for retail business. In other cases frequency is
irrelevant. Qantas has never had a fatal jet airline accident but there
is nevertheless a significant risk to be managed.
Assess Likelihood of Risk Occurring

Probability is the likelihood of a specific event or outcome,
measured by the ratio of specific events or outcomes to the total
number of possible events or outcomes. Probability can be
expressed as a scale in numerical or other terms.

Proximity indicates the time that the risk might occur if this is known,
for example, it is known that bushfires are more likely to occur
between January and March in Australia.
Assess Likelihood of Risk Occurring
Likelihood can be described in the following categories:





Very likely
Likely
Possible
Unlikely
Rare
Likelihood Rank
Frequency description
Could consider as
percentage
Very low
Rare – cannot believe this
will happen
0-5%
Low
Unlikely – do not expect it
to happen but it is possible
6-20%
Medium
Possible – might occur
occasionally
21-40%
High
Likely – will probably occur 41-80%
again
Very high
Almost certain – would
expect to occur regularly
Over 80%
Assess Impact or Consequences of Risk Occur
Impact or consequence rating can include:




Disastrous
Severe
Moderate impact
Minimal impact
Activity
Indicate on a scale of 1 to 5 how you would rate the risk involved in
the following
investing in the share market
keeping money in a bank
buying a new car
taking a new job
traveling around Australia
1. Ask at least three people to give their rating of each
2. Do there rating differ
3. What does this say about the objectives assessment of consequences?
4. Is it matter for perception?
Evaluate and Prioritise Risk Treatment

Once your company has assessed the likelihood and
consequences of risk occurring, management should evaluate it by
considering whether it is acceptable or whether and how it should
be treated.

At the end of the evaluation process the company should have a list
of priorities for treatment of risk consistent with its aims and
objectives
Evaluate and Prioritise Risk Treatment
It is important to note that because of the generally subjective
nature of risk, even at a corporate level its perception is influenced
by a number of factors including:





Control
Dread
Familiarity
Timing
Social influences
Evaluate and Prioritise Risk Treatment




Management needs to review the analysis during the evaluation
process.
At this stage the person undertaking this process can consider and
possibly remove minor or significant risks.
Any risks that have had their significance rated too high or too low
can also be adjusted at this stage.
Documentation is important, and records of alterations for tracing
purposes should be retained.
Evaluate and Prioritise Risk Treatment


Every organisation or project trying to manage risk should
undertake continuous risk management.
Once the evaluation is completed, risk treatment strategies can be
devised and implemented.
Select and Implement Treatments
Determine and Select Most Appropriate Options for
Treating Risks




Risk treatment is the process of selecting and implementing risk
control options.
Risk treatment strategies contributed to the overall improvement of
an organisation.
An organisation’s risk profile is not static. It must be continually be
reviewed, and the options for handling risk reassessed.
It is a circular process, which, with each cycle, strengthens an
organisation against the likelihood and consequences of further
risk.
Determine and Select Most Appropriate Options for
Treating Risks
Four basic strategies can be used in the risk treatment process:




Avoidance
Reduce the likelihood or consequences of occurrence
Transfer
Retention
Determine and Select Most Appropriate Options for
Treating Risks
Risk Avoidance
Risk avoidance is taking a decision not to become involved in a risk
situation. This could involve termination, non-initiation or withdrawal
form an activity, for example, a factory choose to shut down its plant
for a day rather than breach safety standards and put workers at
serious risk.
Determine and Select Most Appropriate Options for
Treating Risks
Risk Control
1.
Control the likelihood of risk
This involve actions to reduce the likelihood of a particular risk
occurring
1.
Reducing consequences of risk
This involves taking action to reduce the negative consequences of
a particular risk.
Determine and Select Most Appropriate Options for
Treating Risks
Risk Transfer
Risk transfer or ‘risk sharing’ is defined as sharing with another
party the benefit of gain or burden of loss from consequences of a
particular risk. This may create new risks and may be limited or
prohibited by legal or statutory requirements.
Determine and Select Most Appropriate Options for
Treating Risks
Risk Retention
Risk retention is the acceptance of the burden of loss or benefit of
gain from the consequences in the event of a particular risk. It will
include risks not identified but not risks treated through insurance.
Risk may be retained in the following situations:


Residual risk that remains after treatment of particular risks.
Risk which are untreated because they have not been identified or
transferred, or which cannot be economically treated. Risk
identification may not bring to light all risks, particularly as
conditions are always changing
Develop an Action Plan for Implementing Risk
Treatment

Once the appropriate risk treatment options have been selected, a
risk treatment plan must be prepared and the plans implemented as
illustrated
Identify
risk
treatment
options
Access
and select
the
options
Implement
the plans
Prepare
risk
treatment
plans
Develop an Action Plan for Implementing Risk
Treatment
The purpose of a treatment plan is to document how the chosen
options will be implemented and that the plan should include






Proposed action
Resource requirements
Responsibilities
Timing
Performance measures
Reporting and monitoring requirements
It will also provide information on expected forms of communication
and staff training.
Communicate Risk Management Processes to
Relevant Parties
Communication of risk management processes is necessary for a
number of reasons, including:



To inform the people who are responsible for implementing the
processes of their responsibilities
To ensure effective change management
To maintain the support and commitment of senior management to
the risk management process.
The risk management plan is an excellent form of communication
in it self, provided it is clear, up to date and readily assessable
to staff and other relevant stakeholders.
Ensure all Documentation is in Order and
Appropriately Stored
Having identified risk treatment options and developed an action
plan for implementation, you must document the entire process.
Documentation should be kept throughout the risk management
process because it:






Demonstrates that the process has been properly conducted
Provides evidence of a systematic approach to risk management
Provides a record and extends the organisation’s knowledge pool
Provides an audit trail
Communicates information
Provide accountability
Ensure all Documentation is in Order and
Appropriately Stored
An example of the documentation you should keep includes:



Details of communications, consultation and research undertaken in
the process of establishing the risk context
A risk register, which provides a record of the risks you have
previously identified
A risk treatment schedule and action plan, including relevant
performance measures and who is responsible for implementation
Ensure all Documentation is in Order and
Appropriately Stored
The format of risk register will vary according to the needs and
preferences of the organisation but are likely to be along the
following lines:






Identify risk
Name of person who identified the risk and the date
Description of the risk in terms of the source and/or threat
Potential impact of the risk
Probability
Proximity
Implement and Monitor Action Plan



Monitoring and review is a vital part of risk management process.
The monitoring and review process is undertaken in respect to the
risk exposures of the organisation and the relevance and
effectiveness of the risk management plan, and in regard to specific
activities and functions.
Risk management is a continuous process of monitoring these
elements to identify potential of risks and new sources of risk.
Implement and Monitor Action Plan
A review might show that any or all of the following have occurred:





The original risk management plan was inadequate
The steps and processes it identified were not followed
Risk management activities were not suitable, incomplete or not to
date
Circumstances that were out of the control of the organisation
impacted on it
Staff were not adequately trained to identify and control risks
Evaluate Risk Management Process
The evaluation process should be built into the normal planning
cycle and address the following factors:








Currency
Relevance, accuracy and completeness
Level of stakeholder support for the plan
How much the plan is in integrated into functional work area processes
Other contextual and organisational changes that have occurred since it
was developed that now need to be considered
Changes that have occurred in organisational goals, policies and priorities
Areas that the plan did not address, where risk has been an issue
Incident that have occurred, which have indicated a near miss

Project Management, Stephen Hartley, 2008, Pearson Education,
Australia

Slideshow creation MnM Institute Pty Ltd
www.mnminstitute.com
[email protected]