Risk Analysis and Assessment - Tools (English)

Introduction to Organizational
Risk Management
Waqas I. Yousafzai
Вакас И. Юзафзэй
Policy and Government Relations Advisor
The Uniterra program receives funding from
the Government of Canada, provided through
Global Affairs Canada.

Risk 101: DefinitionsUnderstanding Risk
- What do you think when someone
says ‘Risk’
- What does someone saying “that is
risky” mean to you?
Вакас И. Юзафзэй | Waqas I. Yousafzai

Risk 101: DefinitionsWhat is Risk?
Risk is the “effect of uncertainty on
objectives”
- ISO 31000 Definition

Hazard is defined as anything that has the potential to
cause harm, ill health, injury, damage to property,
products or the environment, production losses or an
increase in liabilities
Risk is the combination of the likelihood of a
hazardous event occurring and the subsequent
consequences of the event
Risk = likelihood x consequence
Risk 101: DefinitionsHazard vs. Risk

Risk 101: DefinitionsRisk Explained
• Risks are an expression of uncertainty
• Risks are events that may occur, and if they occur, have
harmful or negative effects on the achievement of results

Risk 101: Definitions
For Business:
• Risks are closely related to the
results and should consequently
be analysed against the results
framework of the organization
• Risk analyses strengthen the
basis for choosing realistic
objectives and level of ambitions

7
Risk Management
Risk management includes an assessment/evaluation of
the risks and its related components. There are four
components :
- Risk Assessment/Risk Evaluation
- Risk Communication
- Risk Perception
- Risk Management
Objective is to minimize risk because it can never be fully
eliminated

8
Definition of Enterprise Risk Management (ERM)
1. It is a strategic discipline that
supports the achievement of
an organization’s objectives
2. It addresses the full spectrum
of risks and manages the
combined impact as an
interrelated risk portfolio.

9
Benefits of Enterprise Risk Management
 Reduces surprises
o Improve control of adverse events
and take action
 Exploitation of opportunities
o Seek opportunities
 Improved planning, performance,
effectiveness and utilization of
resources.

10
Benefits of Enterprise Risk Management
 Positive effect on ‘Reputation’
o Attracts-investors, employees, improved quality
 Documentation for
actions and enquiries
o liability coverage
 Accountability,
assurance and
governance
o Maintain integrity and
confidence

11
Four ‘types’ of Risks
Trends in Risk:
• Measured and maintained by organization
• Oversight by Executive management
• Oversight by Board of Directors through an Audit
committee

12
Risk 101
Internal organizational functions Related to ERM

13
Risk 101

14
ISO 31000 Risk Framework and Process

16
Risk 101
RISK can be measured at any level

17
Risk Attitude
Risk Avoiding Risk SeekingRisk
Optimizing

18
Risk Appetite and Tolerance
Risk Appetite: Amount and type of risk that an organization
is willing to pursue or retain.
Risk Tolerance: Organization’s or stakeholder’s readiness to
bear the risk after risk treatment in order to achieve its
objectives.
 Organizational Risk Appetite comes from Executive
Management
 Tries to answer: How much risk is acceptable? What is
tolerable?

19
Risk and Assumptions
• A lot of risk comes from untested assumptions.
• Assumptions are:
• Necessary conditions that allow for a succesful cause-
and-effect relationship between the different levels of
results.
• Critical success factors.
• Formulated after the objectives, to ensure results are
anchored in reality

20
Example of Assumptions
Outcome
Company increases its net
revenues and increases its
shares of sector profits by
10% from 2014-2017
Output
Sales of wool products
increase by 30% from
2014 to 2017.
Assumption
Machinery,
Electricity, and other
inputs are
operational and
function without fail

21
Risk Identification
Risk identification:
• Done in all phases of a company or value chain
• Requires several contributers from different areas of business
• is expressed as negative statements in relation to achievement of
the desired result or final outcomes
• May include perception of conflict of interest regarding sharing
information on risks (i.e maybe perceived as ’weakness’)
• Always document your risk identification, analysis and mitigation

22
Risk Categories
There are no specific number of categories that risk can fall into.
Examples include:
1) Governance Risk (Institutional, management, transparency,
accountability)
2) Strategic Risk
3) Compliance Risk
4) Operational/Technical Risk
5) Regulatory Risk (compliance, corruption, procurement)
6) Financial Risk
7) Reputational Risk
8) Systemic Risk
9) Environmental Risk
10) Partner Risk

Examples of Human Risk
• Death
• Owner
• Employee
• Illness
• Short term
• Long term
• Indefinite
Source: Participant Risk Management, Small Business Administration (US)

• Theft and fraud
• Product and inventory theft
• Time sheet/Employee fraud
• Accounting and cash fraud
• Low morale, dissatisfaction
• Failure to perform
• Sabotage of systems,
equipment or customers

Examples of Operational Risks
• Equipment breakdowns
• New equipment integration
• Worn older equipment
• Damage to vehicles,
machiners, building, etc.

• IT/Computer system downtime
• Lack of backup or recovery system
• Updates and repairs
• Power and connectivity (physical damage and
outdated systems)
• Lack of administrative controls

Examples of Other Internal Risk
• Physical plant repairs
• Breaks in lines or utilities
• Routine maintenance time
• Incidents
• Work related injuries
• Damage to others’
property by employees
• Damage to your property
by othersSource: Participant Risk Management, Small Business Administration (US)

Example of Financial Risks
• Cash flow changes
• Unexpected costs
• Loss of credit lines
• Expenses to establish lines of credit

Examples of External Risks: Competition
and Market Risks
• Loss of clients or customers
• Loss of employees
• Decrease in sales prices/fluctuating markets
• Increases in vendor costs
• Oil or gasoline price increases
• Fixed cost changes (e.g., rent)

Examples of External Risks: Business
Environment Risks
• Laws
• Weather
• Natural Disaster
• Community

SME/Micro Enterprises’ Unique Risks
• Family obligations, illnesses or deaths
• Events of disaster that affect the home
• Community involvement
• Complacency

32
Risk Assessment
• Risk assessment is a forward-looking exercise
• Make sure to distinguish probability and consequence
• The aim is not to avoid all risks
• High risk is often acceptable in contexts where expected
impact and benefits are higher than the potential risk.

33
Risk Identification and Analysis
Best Practice is to incorporate the risk identification, analysis, and
mitigation process as part of the annual work and strategic planning
process.
Increasingly donor agencies,
banks and credit agencies,
auditors, and partner
organizations are asking for
risk assessments.
It is important to utilize
‘outside the box’ thinking

34
The Uniterra program receives funding from the Government
of Canada, provided through Global Affairs Canada.
-- Lunch Break --
https://www.facebook.com/WUSCofMongolia

Risk Analysis and Assessment - Tools (English)

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Risk Analysis and Assessment - Tools (English)

Similaire à Risk Analysis and Assessment - Tools (English) (20)

Dernier

Dernier (20)

Risk Analysis and Assessment - Tools (English)

Notes de l'éditeur