Professional Documents
Culture Documents
Lecture 6
RISK MANAGEMENT PROCESS
RISK MANAGEMENT PROCESS
Lecture Content
Definition of Risk
Categories of Risks
Risk Management Cycle
Risk Management process
Possible pitfall in Risk management Process
H.M 3
RISK MANAGEMENT
H.M 5
CONT..
What is Risk?
A risk is an uncertain event which may occur in the future
A situation involve exposure to danger.
A risk may prevent or delay the achievement of organization's objectives or
goals. Or
Is the chance of something happening that will impact on the objectives.
A risk is not certain-It is a likelihood can only be estimated.
Note: all risks is bad, some level of risk must be taken in order to progress/
prevent stagnation.
CATEGORIES OF RISKS
There are multiple ways into which the risks can be categorized.
Financial
Reduction in funding
Failure to safeguard assets
Poor cash flow management
Fraud/ Theft
Poor budgeting
CATEGORIES OF RISKS
Operational
These risks result from failed or inappropriate policies, procedure or activities
Failure of an IT system
Poor quality of service delivered
Staff skill level
CATEGORIES OF RISKS
Reputational
Organizational engage in activities that could threaten its good name
Through association with other bodies
Staff/member acting in a criminal or unethical way
Poor stakeholder relations
CATEGORIES OF RISKS
Strategic
Engage in activity at variance with its stated objectives.
Fails to engage in activity that would support its stated objectives.
CATEGORIES OF RISKS
Governance and Compliance
Organizational engage in activities that could threaten its good name
Segregation of duties not defined formally
Ensuring compliance with funders terms and conditions.
Compliance with applicable legislation
• Taxation Law
• Data protection
• Health and safety law
RISK MANAGEMENT CYCLE
H.M 12
RISK MANAGEMENT PROCESS
Risk management Process consists of a series of steps that when undertaken in
sequence enable the continual improvement in decision making.
The following are five steps of Risks management process.
Risk identification
Risk Analysis
Evaluate or rank the Risk
Treat the risks
Monitor and Review the Risks
RISK MANAGEMENT
Risk management Cycle- Step1
CONT…
Risk Management Cycle-Step 2
•Risk Identification- what are the threats and uncertainties associated with my
organization’s objectives.
•Involve identifying the risks that the business or organization is exposed to in its
operating environment.
•There are so many different types of risks, legal risk, market risks, environmental
risks and much more.
•It is important to identify as many as many of these risks a possible.
H.M 15
CONT…
The aim of risk identification is to identify possible risks that may affect, either
negatively or positively, the objectives of the business and the activity under
analysis.
Answering the following questions identifies the risk:
CONT…
1. Retrospective risks are those that have previously occurred, such as incidents
or accidents.
Retrospective risk identification is often the most common way to identify risk,
and the easiest. It’s easier to believe something if it has happened before.
It is also easier to quantify its impact and to see the damage it has caused.
CONT…
There are many sources of information about retrospective risk. These include:
• Hazard or incident logs or registers
• Audit reports
• Customer complaints
• Accreditation documents and reports
• Past staff or client surveys
• Newspapers or professional media, such as journals or websites.
CONT…
2-Identifying prospective risks
Prospective risks are often harder to identify.
These are things that have not yet happened, but might happen some time in the
future.
Identification should include all risks, whether or not they are currently being
managed.
The rationale here is to record all significant risks and monitor or review the
effectiveness of their control.
TIP FOR EFFECTIVE RISKS IDENTIFICATION
Involve the right people in risk identification activities
Take a life cycle approach to risk identification and determine how risks change and evolve
throughout this cycle.
CONT..
Analysis of the Risk
Once the risks has been identified it need to be analyzed.
The Scope of the risk must be determined.
It is important to understand the link between the risks and different factors with
in the organization.
It is also important to determine how many business functions the risks affects.
This step will assist in determining which risks have a greater consequence or
impact than other.
Element of Risks analysis
The elements of risks analysis are as follows
Identify existing strategies and controls that act to minimize negative risks and
enhance opportunity.
Determine the consequences of a negative
impact or an opportunity (these may be positive or negative).
Determine the likelihood of a negative consequence or an opportunity.
Estimate the level of risk by combining consequence and likelihood.
Consider and identify any uncertainties in the estimates.
CONT…
Risk Management Cycle-Step 3
Evaluate the risk
Risk evaluation involves comparing the level of risk found during the analysis process with
previously established risk criteria, and deciding whether these risks require treatment.
The result of a risk evaluation is a prioritized list of risks that require further action.
A risk that may cause some inconvenience is rated lowly and the risks that can results in
catastrophic loss are rated highest.
This step is about deciding whether risks are acceptable or need treatment.
The highest rated risks is enough to require intervention.
The business may be vulnerable to several low level risks, but may not require an intervention.
CONT..
Risk acceptance
A risks may be accepted for the following
• The cost of treatment far exceeds the benefit, so that acceptance is the only
option (applies particularly to lower ranked risks)
• The level of the risk is so low that specific treatment is not appropriate with
available resources
• The opportunities presented outweigh the threats to such a degree that the risks
justified.
• The risk is such that there is no treatment available.
H.M 24
CONT..
Risk Management Cycle-Step 4
•Treat the Risk or Take action
• Every risks need to be eliminated.
•This is done by connecting with the experts of the field to which the risks is
belong.
CONT..
Risk treatment is about considering options for treating risks that were not
considered acceptable or tolerable on the previous step.
Risk treatment involves identifying options for treating or controlling risk, in
order to either reduce or eliminate negative consequences, or to reduce the
likelihood of an adverse occurrence.
Risk treatment should also aim to enhance positive outcomes.
CONT..
Options for risk Treatment
Identifies the following options that may assist in the minimization of negative
risk or an increase in the impact of positive risk.
• 1- Avoid the risk
• 2- Change the likelihood of the occurrence
• 3- Change the consequences
• 4- Share the risk
• 5- Retain the risk
CONT..
Tips for implementing risk treatment
When implementing the risk treatment plan, ensure that adequate resources are
available, and define a timeframe, responsibilities and a method for monitoring
progress against the plan
Physically check that the treatment implemented reduces the residual risk level
In order of priority, undertake remedial measures to reduce the risk.
Risk management Cycle: step 5 Monitor and review/report
Monitor and review is an essential and integral step in the risk management
process.
A business owner must monitor risks and review the effectiveness of the
treatment plan, strategies and management system that have been set up to
effectively manage risk.
RISK REGISTER
What is it?
Components
How to report on it.
CONT…
Risk register is management tool used to record relevant details relating to risks.
It is database of information on risks.
RISK MANGEMENT- REGISTER Example
CONT…
CONT…
TIPS FOR SUCCESS
Involve all level of staff and management in the process
Check control that are relevant and effective
Ensure risk owner take responsibility for management of risks under their control
Focus on risks cause and not its symptoms
Why Risk Management May Fail