You are on page 1of 127

1

3
2

loading…
….
Che Wan Ahmad Bin Che Wan Sudin
Risk Manager

RISK MANAGEMENT RISK
MANAGEMENT RISK
MANAG MANAGEMENT
RISK MANAGEMENT RISK
MANAGE MANAGEMENT
RISK MANAGE

Enterpri
se

EVEN I AM
BUMBLEBEE I STILL
CANT AVOID FALL
DOWN. SO, PLAN
THE RISK!!!

Management

.

Strategic Objectives and Risks .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Steps in Implementing ERM
• Risk assessment looks at the impact of potential
risk on achievement of objectives.
• Management should assess events from two
perspectives – likelihood and impact – and
normally uses a combination of ___________ and
__________ methods.
• The positive and negative impacts of potential
events should be examined, individually or by
category, across the entity.
• Potentially negative events are assessed on both
an inherent and a residual basis.

Steps in Implementing ERM .

the better prepared you will be .Steps in Implementing ERM • This is the phase where you rank the risks you’ve identified. medium. are the consequences positive or negative? * the earlier you know about risk. low? 1-10? –What is the impact if the risk does occur? High. low? 1-10? What is the financial impact. Things to remember –Perform Qualitative Risk Analysis is subjective –What is the probability of the risk occurring? High. medium.

Steps in Implementing ERM Tools and Techniques of Qualitative Analysis • Risk Data Quality Assessment – What is the quality of the data used to determine or assess the risk? Think about the following –Extent of the understanding of the risk –Data available about the risk –Quality of the data –Reliability & Integrity of the data • Probability & Impact Matrix – a matrix that creates a consistent evaluation of high. or low for your projects. . medium..

Steps in Implementing ERM Tools and Techniques of Qualitative Analysis • Risk Categorization – Which of your categories has more risk than others? Which of your work packages could be most affected by risk? • Risk Urgency Assessment – Which of your risks could occur soon. or require a longer planning time? .

Steps in Implementing ERM Prioritize Risks .

Steps in Implementing ERM .

Steps in Implementing ERM Prioritize Risks .

Steps in Implementing ERM Risk Assessment .

Steps in Implementing ERM Outputs of Perform Qualitative Risk Analysis •Risk Register Updates –Risk ranking for the project compared to other projects –List of prioritized risks and their probability and impact ratings –Risks grouped by categories –List of risks requiring additional analysis in the near term –List of risks for additional analysis and response –Watchlist (non-critical risks) –Trends .

Steps in Implementing ERM .

Steps in Implementing ERM

Steps in Implementing ERM
• Risk management where you conduct
numerical analysis
Things to remember
Quantitative analysis is used to….
–Determine which of your risks should
have a response plan
–Determine overall project risk
–Determine the probability of delivering
your project objectives

Steps in Implementing ERM
Tools and Techniques of Quantitative Analysis
•Sensitivity Analysis – Which risks will have the most impact on
the project?
•Monte Carlo Analysis – A technique that uses simulation to show
the probability of completing your project on time and within budget.
–Determines the overall risk of the project, not the task
–Determines the probability of completing the project on a specific
day and for a specific cost
–Used to evaluate the impact to your schedule and budget
–Due to the complicated mathematical computations used, Monte
Carlo analysis is usually done with a computer program
* Perform Quantitative Risk Analysis is a numerical analysis

Steps in Implementing ERM .

Steps in Implementing ERM Tools and Techniques of Quantitative Analysis • EMV –– Expected Monetary Value Example .

00 EMV = -16.80 Mudslide: 5% x -750 = -37.70 .Steps in Implementing ERM Tools and Techniques of Quantitative Analysis • EMV –– Expected Monetary Value Example High winds: 35% x -48 = -16.80 + -37.50 + 120.00 = -30.00 Truck rental: 10% x -350 = -35.50 Wind generator: 15% x 800 = 120.00 + -35.

2. calculate the total EMV.Exercise 1. Calculate the EMV for each of these three risks. Now the cost of replacement rations goes up to $150. What’s the new EMV for the project? 4. If these are the only risks on the project. What’s the new EMV for the project . The latest weather report came out. and there is now a 20% chance of unseasonably warm weather. 3.

risk management is an iterative process.Steps in Implementing ERM Outputs of Perform Quantitative Risk Analysis •Risk Register Updates –Prioritized list of quantified risks –Amount needed for contingency reserves for time and cost –Confidence levels of completing the project on a certain date for a certain amount of money –The probability of delivering the project objectives –Trends . as you repeat the process you can track your overall project risk and determine the trend (if you are decreasing or increasing the level of risk on your project) .

Steps in Implementing ERM .

Steps in Implementing ERM •Risk Response –Management selects risk responses – avoiding. accepting. reducing or sharing – developing sets of actions to align risks with the entity’s risk tolerance and risk appetite .

Steps in Implementing ERM .

sharing and acceptance. •Responses include risk avoidance. management determines how it will respond. reduction. . management considers costs and benefits. •In considering its response.Steps in Implementing ERM • Having assessed relevant risks. and selects a response that brings expected likelihood and impact within the desired risk tolerances.

Steps in Implementing ERM •This is the phase of risk management where you decide how you will respond to your most important risks •Risk Response Strategies Threats –Avoid – remove the cause of the risk so that it never materializes –Mitigate – reduce the probability and or impact of the risk –Transfer – transfer the risk to another party. usually done with insurance. performance bonds. warranties. Opportunities –Exploit – make sure the opportunity occurs. you can add work or make a change to the project –Enhance – increase the probability and or positive impact of the risk –Share – share the opportunity with a third party to be able to take advantage of the opportunity . guarantees or outsourcing the work.

Steps in Implementing ERM •Risk Response Strategies For both Threats & Opportunities –Accept – Active acceptance – preparing a contingency reserve of cost or time reserves in case the risk does happen Passive acceptance – preparing for the dealing with the effects of the risk after the risk has occurred .

Exercise .

Exercise .

Exercise .

Exercise .

risk triggers. developing a response strategy.Steps in Implementing ERM Outputs of Risk Response Planning •Project Management Plan Updates – Changes made due to risk management will be changes made to the project and should be updated in the project management plan •Updates to Risk Register –Residual Risks – risks that are left over after Plan Risk Response –Contingency Plans – plans of action in case the risk does occur –Risk Response Owners – the person on the team responsible for monitoring the risk. and implementing the strategy should the risk occur –Secondary Risks – new risks that result from the implementation of the contingency plans for the primary risks .

–Management reserves – these are estimated and made part of the project budget. Management approval is needed to use the management reserve. .Steps in Implementing ERM Outputs of Risk Response Planning •Updates to Risk Register –Risk Triggers – early warning signs that there is a high probability the risk will occur –Fallback Plans – a secondary contingency plan. covers the residual risks. The contingency reserve is calculated and made part of the baseline. not the baseline.covers the cost for ‘known unknowns’ discovered during risk management. in case the contingency plan does not work or is not effective Reserves –Contingency reserves .

Steps in Implementing ERM .

. They include approvals.Steps in Implementing ERM •Control Activities –These are policies and procedures that are developed to ensure the risk responses are carried out. These activities occur throughout the entity. at all levels and in all functions. review of performance. verification. authorisations. performance indicators and segregation of duties. reconciliation.