Risk description training 22_dec12
-
Upload
umar-farooq -
Category
Business
-
view
1.357 -
download
4
description
Transcript of Risk description training 22_dec12
Enterprise Risk Management
Enterprise Risk Management
Risk Description Training
Enterprise Risk Management
Introduction & Objectives
What is risk?
How to write risk descriptions?
What is risk register?
How to identify risks?
Enterprise Risk Management
Introduction & Objectives
What is risk?
How to write risk descriptions?
What is risk register?
How to identify risks?
Enterprise Risk Management
INDIA (3)
What is Risk ?
“the chance of something happening that will
have an impact on objectives” (AS/NZS 4360:2004)
“effect of uncertainty on objectives”(ISO 31000:2009)
“Any uncertain event or set of circumstances that, should it occur, would have an effect on one
or more objectives”
(Association for Project Management 2004)
Enterprise Risk Management
Risk and Objectives:
Risk is not the same as uncertainty.
Risk arises when uncertainty has the potential to affect objectives.
There are uncertainties that cannot affect objectives, and which are therefore
not risks.
Enterprise Risk Management
Risk versus Reward:
Risk and Reward are two sides of the same coin.
Enterprise Risk Management
Positive Risks• Increased business
opportunities• Reduction in the
maintenance cost
Negative Risks• Loss of key resources• High staff turnover• Poor talent management
Enterprise Risk Management
Introduction & Objectives
What is risk?
How to write risk descriptions?
What is risk register?
How to identify risks?
Enterprise Risk Management
Enterprise Risk Management
As a result of (Definite cause), (an uncertain event/risk) may occur, which would lead to (an impact on objectives)
Risk Description
Cause Risk eventConsequen
ce
Improper server maintenance may result in failure of SAP server and loss of data which would lead to business interruption.
Enterprise Risk Management
As a result of band screen choke, all sea water intake pumps will trip, leading to plant black out.
As a result of high staff turn over, production and quality will get affected, leading to loss of revenue.
Delay in payment may cause vendors to stop supplying chemicals, leading to plant shutdown.
Insufficient purchase specification may result in inappropriate product procurement which will affect quality requirements.
Technical
HR
Finance
SCM
CauseRisk event
ConsequenceRisk Description Examples
Enterprise Risk Management
Risk Event
consequence
Cause
1 2
All elements present / Needs Improvement
Risk Description 1
CauseRisk event
Consequence
All elements present / Needs Improvement
Risk Description 1
Risk Description Activity
Comments
Comments
1. Identify 2 risk events in your area2. Determine the consequence and causes3. Describe the risk in the box
Enterprise Risk Management
Cause Risk eventConsequen
ce
Good risk descriptions shall have at least these
3 elements.
Which objective will be affected and to what extent?
Which uncertain event can go wrong and how?
Which reason will trigger the uncertain event?
Enterprise Risk Management
RISK TRIGGER
An indication that a risk has occurred or is about to occur. They sometimes are called risk symptoms or warning signs. Triggers may be
discovered in the risk identification process and watched in the risk monitoring and control process.
Enterprise Risk Management
Causal taxonomy of risk
Enterprise Risk Management
Flood risk from the householder perspective
Enterprise Risk Management
Interchangeability of concepts depending on perspective
Enterprise Risk Management
Enterprise Risk Management
Introduction & Objectives
What is risk?
How to write risk descriptions?
What is risk register?
How to identify risks?
Enterprise Risk Management
Enterprise Risk Management
Enterprise Risk Management
RISK REGISTER
Control Number
Controls
Control AttributesManual / Automated / Both
Preventive / Detective
Frequency
Control Rating
Residual Risk Impact
Residual Risk Likelihood
Residual Risk Rating
Risk Response (Mitigation Plan)
Risk owner
Timeline
Function Name
Process Name
Risk Category
Risk #
Risk Description
Link to Entity Risk Register
Inherent Risk Impact
Inherent Risk Likelihood
Inherent Risk Rating
B /A YX - 001
PlantC Corporate
S SIWPP
E Expansion
Q SQIWPP
B Barge
Y Qurayyah
R Rabigh
J Jeddah office
FunctionOPN Operation
MTC Maintenance
PLG Planning
QAC Quality Assurance and control
IMS Integrated Management System
SCM Supply Chain Management
HRD Human Resource Development
HSE Health, Safety & Environment
FIN Finance & Accounting
ITC Info. Tech & Communication
LGL Legal & Contracts
CBD Commercial & Business Development
CompanyN NOMAC
R ROMCO
S SunE NOMAC
Risk/ControlR Risk
C Control
Risk/Control Number
Risk/Control Coding System
Z / $
Enterprise Risk Management
Enterprise Risk Management
Sl. No.
Risk Description
1 Organization Scalability & Business Readiness Risk
2 Bid Management Risk
3 Design & Redundancy Risk
4 Construction Risk
5 Mobilization, Training & Handover Risk
6 Maintenance Risk
7 Unplanned Outage Risk
8 Quality Management Risk
9 Contractual Risk
10 Business Management Risk
11 Integration Challenge Risk
12 Commodity Risk
13 Health & Safety Risk
Sl. No.
Risk Description
14 Regulatory & Environment Risk
15 Technical Planning Risk
16 Procurement Planning Risk
17 Procurement Efficiency Risk
18 Inventory & Warehouse Management Risk
19 Warranty Management Risk
20 Manpower Planning Risk
21 Recruitment and Retention Risk
22 Challenges resulting from Saudization Targets
23 Working Capital Risk
24 Information for Decision Making Risk
25 Accounting & Reporting Risk
26 Information Technology Risk
NOMAC – Entity Risk Register
Enterprise Risk Management
Risk Assessment Criteria MatrixIMPACT LIKELIHOOD
Score
RatingFinancial
Impact (SAR)Organizational & Operational
ScopeReputation & HSE
ImpactScore Rating Certainty
Frequency
5 Critical > 15 Mn
- Inability to continue normal business operations (e.g. Catastrophic failure, termination etc)
- Non compliance to environmental regulatory requirements.
- Fatality- Failure to obtain,
maintain and renew approvals required under the law
- International reputation impact
5 Expected > 90% Often
4 Significant 10 to 15 Mn
- Extended unplanned Availability losses.
-Heat Rate / Specific power consumption in excess of contracted values for an extended period.
- Loss of multiple key resources.
- Permanent disability- Loss of trust of partners- Trend of adverse events- Inefficient crisis
management- National reputation
impact
4 Highly Likely < 90% 3-4 times a
year
3 High 7 to 10 Mn
- Unplanned Availability losses in excess of contracted values.
- Heat Rate / Specific power consumption in excess of contracted values.
- Loss of 2-3 key resources.- Disputes with off-taker / Project Company
- Major Injury/Major ill health
- Isolated adverse events- Considerable reputation impact
3 Likely <60%Less than 2
times a year
2 Moderate 3 to 7 Mn
- Unplanned Availability losses within contracted values.
- Heat Rate / Specific power consumption in excess to the projected values
- Loss of key resources.
- Minor Injury/Minor ill health
- Non compliance to regulatory requirements (other than environmental).
- Limited reputation impact
2 Slightly <30% Once a year
1 Low <3 Mn Slight Impact 1 Not Likely <10% 3 Years and
Beyond
Enterprise Risk Management
Immediate attention required to develop new mitigation plans so as to ensure treatment level is acceptable
Effectiveness and efficiency to be reviewed on periodic basis
Document exist for mitigation plans. Regular monitoring of risk and/or treatment required along with review of efficiencies and effectiveness.
Risks are mitigated but efficiencies and effectiveness to be reported on periodic basis
Attention required to ensure appropriate level of mitigation controls are in place and review of effectiveness to be carried out on periodic basis
Control Effectiveness
Risk Rating 1 - Excellent 2 - Good 3 - Fair 4 - Poor 5 - Unsatisfactory
5- Critical
4- Significant
3- High
2- Moderate
1- Low
Responsive Action Map
Enterprise Risk Management
Enterprise Risk Management
Introduction & Objectives
What is risk?
How to write risk descriptions?
What is risk register?
How to identify risks?
Enterprise Risk Management
HOW TO IDENTIFY RISKS?
Your own experience
Ask yourself “What-if” questions
Challenging and questioning assumptions
Thinking wider than the known facts
Expert and specialist judgment
Audit findings
Historic data and future trends
Critical path analysis
Scenario planning
Root cause analysis
One to one interviews
Anonymous questionnaires
Team Brainstorming
Structured discussions & Workshops
Enterprise Risk Management
This is not the end but just the beginning of Risk Management…
Thank you !
Enterprise Risk Management