© Business Controls Training

Business Risk Management & Controls

© Business Controls Training

xxx So, what is risk? One origin of the concept of risk is the term ‘to dare’; which means risk is seen by many as being related to choice rather than fate.

Risk is ‘To Dare’

© Business Controls Training

xxx

RISK

Any uncertainty about future events that impact

an organization’s ability to achieve its objectives.

Risk is measured in terms of its impact

and the likelihood that it materializes.

We have come up with a generally agreed definition of risk as being about uncertainty which affects our objectives. Which means we all have to live with some degree of uncertainty but it just depends on how much we can control and how much we have to put up with.

What is Risk?

© Business Controls Training

Eurozone Crisis

Global Financial

Crisis

Middle East Uprising

Hurricanes and Storms

Bird Flu

Floods and Fires Employee

Fraud

Legal Claims

Regulatory Fines

Major Complaints

Shareholder Revolt

Failure of Strategy

Breach of Data Privacy

Rogue Traders

Major Product Recall

High Staff Turnover

Aggressive Takeover

Major Project Failures

Need for Huge Budget Cuts

Decline in Consumer Spending

Surge in Energy Costs

Withdrawal of Key Partner

Counterfeit Goods

Political Unrest

Death/Injury of Employees

Major Industrial

Unrest

Industrial Unrest

Loss of a Major Contract

A Risk tightrope?

Horsemeat found in food products

IT Systems Crash

Building Collapse in a Sweat Shop

© Business Controls Training

xxx

IMPA

CT

One way of assessing risk is to work out what impact it would have on your ability to succeed at work. And whether this impact would rate as high or low.

Impact/Likelihood

© Business Controls Training

xxx

LIKELIHOOD %

IMPA

CT

The basic impact/likelihood criteria is pretty much accepted world-wide where it is possible to plot the implications of a risk by locating it on a grid. The vertical line represents the impact of the risk. The horizontal line is the probability (%) that the risk will materialize – that is low, medium or high impact/probability.

Impact/Likelihood

© Business Controls Training

A risk might have a number of consequences, some positive and some negative. Managing the risk and its consequences could change a consequence, potentially from negative to positive.

BSI 31100: 2008

Page 18

British Standards: Risk Management Code of Practice

© Business Controls Training

xxx

LIKELIHOOD

IMPA

CT

Low impact and low likelihood risks become green risks and so cause no real concerns to management. However, the further you go towards the top right hand of the grid the scarier it gets.

Impact/Likelihood

© Business Controls Training

xxx

LIKELIHOOD

IMPA

CT

Yellow risks sit in the middle of our grid. Impact/Likelihood

© Business Controls Training

LIKELIHOOD

IMPA

CT

xxx Red risks have the capacity to cause problems and are also extremely likely to arise. These high impact risks shift our ability to succeed and will probably occur, so they need to be pinned down. Management will want frequent reports on these risks.

Impact/Likelihood

© Business Controls Training

xxx

2008 Global Financial Crisis

2010 Icelandic Volcano

2011 Japanese Earthquake

2011 Middle East Uprising

2012 Eurozone Crisis

Some serious risks come about as a result of a ‘perfect storm’ and are so hard to predict they can literally creep up on us.

Black Swans

© Business Controls Training

xxx

Let’s have a quick look at health and safety as most countries have laws that require businesses to protect their employees from hazards and the risk of accidents.

Health and Safety

A health and safety risk assessment must be 'suitable and sufficient', i.e. it should show that:

• A proper check was made.

• You asked who might be affected.

• You dealt with all the obvious significant hazards, taking into account the

number of people who could be involved.

• The precautions are reasonable, and the remaining risk is low.

• You involved your employees or their representatives in the process.

• Where the nature of your work changes fairly frequently or the workplace

changes and develops (e.g. a construction site), or where your workers move

from site to site, your risk assessment may have to concentrate more on a

broad range of risks that can be anticipated.

© Business Controls Training

xxx

Risk Identification

Formal Disclosures

As you make key business decisions, one way of working out which risks should be on your list, is to go through the rick cycle.

Risk Management Cycle

© Business Controls Training

Business Aims

Business Aims Start with working through your business aims and ensuring staff can see where risk mitigation fits in with their overall objectives.

Risk Management Cycle

© Business Controls Training

Business Aims

Risk Identification

Risk Assessment

Risk Identification The next stage is to work through the types of risks that could arise in your area of responsibility.

Business Aims Start with working through your business aims and ensuring staff can see where risk mitigation fits in with their overall objectives.

Risk Assessment This simply means working through the risks you identified and giving each one a score to reflect the relative importance of the risk.

Risk Management Cycle

© Business Controls Training

Business Aims

Risk Identification

Risk Assessment

Risk Management

Risk Identification The next stage is to work through the types of risks that could arise in your area of responsibility.

Business Aims Start with working through your business aims and ensuring staff can see where risk mitigation fits in with their overall objectives.

Risk Assessment This simply means working through the risks you identified and giving each one a score to reflect the relative importance of the risk.

Risk Management

Risk Management The next stage is problem solving where you will need to work through the measures that can be taken to mitigate the key risks as identified and judged to have an important impact on business success.

© Business Controls Training

Business Aims

Risk Identification

Risk Assessment

Risk Management

Review

Risk Identification The next stage is to work through the types of risks that could arise in your area of responsibility.

Risk Management The next stage is problem solving where you will need to work through the measures that can be taken to mitigate the key risks as identified and judged to have an important impact on business success.

Review This is about revisiting your risk reviews and keeping the findings and action plans up to date, particularly against a changing environment where new threats and opportunities are constantly changing.

Business Aims Start with working through your business aims and ensuring staff can see where risk mitigation fits in with their overall objectives.

Risk Assessment This simply means working through the risks you identified and giving each one a score to reflect the relative importance of the risk.

Risk Management Cycle

© Business Controls Training

Okay so what’s the problem? Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.

A Brief Conversation

© Business Controls Training

Okay so what’s the problem?

That’s not the way I see it. Risk management should sit with the way you work.

Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.

A Brief Conversation

© Business Controls Training

Okay so what’s the problem?

That’s not the way I see it. Risk management should sit with the way you work.

Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.

But I have a corporate strategy to guide me and a performance framework to measure how I’m doing. I really don’t need another head office routine.

A Brief Conversation

© Business Controls Training

Okay so what’s the problem?

That’s not the way I see it. Risk management should sit with the way you work.

I see it as a way of ensuring we build a sensible response to uncertainty into our work.

Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.

But I have a corporate strategy to guide me and a performance framework to measure how I’m doing. I really don’t need another head office routine.

A Brief Conversation

© Business Controls Training

Okay so what’s the problem?

That’s not the way I see it. Risk management should sit with the way you work.

I see it as a way of ensuring we build a sensible response to uncertainty into our work.

Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.

But I have a corporate strategy to guide me and a performance framework to measure how I’m doing. I really don’t need another head office routine.

But I still don’t see why I need to add another distraction into my work in terms of this risk cycle.

A Brief Conversation

HOW WOULD YOU ANSWER?

© Business Controls Training

Okay so what’s the problem?

That’s not the way I see it. Risk management should sit with the way you work.

I see it as a way of ensuring we build a sensible response to uncertainty into our work.

Okay - how about I show you how the risk cycle can sit inside your work rather than as a separate process. Have a look at part two.

Hi Katrina, you talk about the risk management cycle. But doesn’t this mean we simply have another cumbersome corporate process to go with the many others that get in our way.

But I have a corporate strategy to guide me and a performance framework to measure how I’m doing. I really don’t need another head office routine.

But I still don’t see why I need to add another distraction into my work in terms of this risk cycle.

A Brief Conversation