Professional Documents
Culture Documents
22-Oct Geo Unit Risk Analysis
22-Oct Geo Unit Risk Analysis
1
Workshop Objective
2
An interesting thought…
“The cost of responding to unanticipated problems is
always much larger than the cost of risk responses
planned well in advance.”
Author Unknown
“It ain’t what you don’t know that gets you into trouble,
it’s what you know for sure that just ain’t so.”
Mark Twain
3
Risk Assessment Workshop
4
Risk Assessment Workshop
What is a risk?
Any ideas?
5
What is Risk?
6
What is the IEEE Definition of Risk?
7
Where Can We Find Risk?
8
How Do We Classify Risk?
9
Risk in the Business World
Let’s review where we find risk in the business world
External
Exposure to uncertainty affecting the communities served by
IEEE (Members, Volunteers)
Financial risks
Exposure to uncertainly regarding the management and control
of the finances of the organization (Conference Banking, Cash
Reserves)
Exposure to loss arising from damage to property or from
fortuitous acts typically include the perils covered by insurance
(Fire in Building, Injury to Visitors in Offices)
10
Risk Categories
Human Assets: Exposure to uncertainty related to compliance with
personnel policies and procedures, employee morale, and organizational
culture
Legal/Regulatory Compliance: Exposure to uncertainty related to laws,
statues, and administrative regulations that govern how IEEE operates.
(PCI compliance issues, State and Federal Laws)
Operational: Exposure to uncertainty related to day-to-day business
activities (Reduced membership, Loss of sales of publications)
Reputational: Exposure to uncertainty related to brand, perceived value,
organizational status, and public perception and trust (Media related
issues)
Strategic: Exposure to uncertainty related to long-term policy directions
of the organization. These are ‘big picture’ risks (Electronic publishing,
handheld delivery of products)
11
Characteristics of Risk
12
Risk Probability
A risk can be classified under one of the five categories:
13
Risk Severity
The consequences of a risk define its severity and can
fall into five categories:
14
Risk Management Matrix
Using the estimated probability and severity,
we are able to identify potential risk impact
15
The Risk Universe
16
How to perform a risk assessment?
Review the Risk Universe
Strategy & Initiatives Marketing & Business Development Billing & Collections Market (Interest Rate) Governance
*Succession Planning *Compliance with contract terms (L&C) *Foreign currency exchange rate volatility *Foreign currency exchange rate volatility *Development and enforcement of policies & procedures
Voluteer Engagement *Loss of brand value (L&C) *Customer defaults on accounts receivables *Impact/Effect on business internationally (L&C) *Use of MOU's
*Timely and robust communications with *Inadequate investment in new products *Transparency and accountability in communications
MGA/Region leadership *Value of investments (IEEE) with elected leadership
*Including competition's IP in IEEE content Supply Chain (Business Partners) *Management of executive sessions
*Lack of products for practicing engineers *Management of third party vendors Liquidity & Credit Hierarchy of IEEE and MGA policies and procedures
*Organizers choose alternate partners for conferences *Disruption of services due to external vendors *Local unit cash balance not reported/remitted
*Ability to conduct business internationally (L&C) *Use of CB accounts when possible
Communications & Stakeholder
Relations (L&C) *Third party service delivery *Banking relationships/Line of credit Code of Conduct
*Loss of brand value People (Human Assets) *Education, training, monitoring and auditing compliance
*Governance, reporting and investigation of Code of Ethics,
Principles of Business Conduct/Conflict of Interest violations.
*Unmoderated social media *Generational and cultural differences
*Enforcement and discipline under Code of Ethics, Principles
*Loss of strategic partnerships
*Misuse of IEEE brand Information Technology Accounting & Financial Reporting of Business Conduct/Conflict of Interest and related policies.
*Creation of unauthorized IEEE domains *Hiring of employees by sections & conferences *Use of cloud computing providers (L&C) *Accounting for US and non US entities
*Misrepresentation on the IEEE site *Unexpected/inappropriate human behavior (L&C) Data security (non IEEE hosted sites) *Exposure to net income loss Legal
*Copyright infringement on the IEEE site *Succession planning not defined *security of web content *Lack of timely/accurate financial reporting *Creation of non US entities/subsidiaries/offices
*Communications regarding Conference
cancellations *Use of temporary services (L&C) *hacking/breach of IEEE unit *Geographically dispersed (local) cash accounts *Compliance with applicable laws of 160+ countries
*Web content *Use of consultants (L&C) *cyber attack *Proper controls on expenditures *Compliance with written and oral contract terms
*unauthorized access *Conference cancellations *Intellectual Property protection
*loss of data, theft of data *Unauthorized purchases by volunteers (L&C) *Enforcement of Privacy Laws
Market Dynamics Emergency Preparedness (L&C) *inadequate equipment, applications *Applicable accounting changes *Violation of government rules or regulations
*Political unrest *Civil disturbance *system/service failures *Major contract negotiations
*Declining global economy *Testing of BCM/DR plan *Records retention/data retention
*General economic conditions *Conference cancellations
*General loss of membership *Effect of emergency conditions Physical Security Tax and related issues
*Dilution of IEEE message *Safety at large gatherings *Testing of BCM/DR plan *Taxes for US and non US entities (L&C) Regulatory
*Crisis communication plan not tested *global (non US) offices *Proper collection & remittance of taxes *Compliance with applicable domestic regulations
* Pandemic response *Safety at large gatherings *Applicable accounting changes *Compliance with OFAC and related regulations
*Independent contractors
HEAT MAP
mission critical, high risk impact
significant impact, requires attention
moderate impact, needs attention
least impact, lower priority than top 3
LEGEND
(L&C) denotes that the risk statement includes a Legal/Compliance element
Risk Statements developed from RIAG Risk Assessment
Risk Statements may appear in more than one category
19
QUESTIONS?
orims@ieee.org
20
21