SlideShare una empresa de Scribd logo

Risk management standard_030820

Vijay Kejriwal
Vijay Kejriwal

Basic presentation by IRM

EmpresarialesEconomía y finanzas
1 de 17
A Risk Management Standard
Published by AIRMIC, ALARM, IRM: 2002
Introduction This Risk Management Standard is the should be viewed not just in the context of result of work by a team drawn from the the activity itself but in relation to the major risk management organisations in many and varied stakeholders who can be the UK - The Institute of Risk affected. Management (IRM),The Association of Insurance and Risk Managers (AIRMIC) There are many ways of achieving the and ALARM The National Forum for objectives of risk management and it Risk Management in the Public Sector. would be impossible to try to set them all out in a single document.Therefore it was In addition, the team sought the views and never intended to produce a prescriptive opinions of a wide range of other standard which would have led to a box professional bodies with interests in risk ticking approach nor to establish a management, during an extensive period certifiable process. By meeting the various of consultation. component parts of this standard, albeit in Risk management is a rapidly developing different ways, organisations will be in a discipline and there are many and varied position to report that they are in views and descriptions of what risk compliance.The standard represents best management involves, how it should be practice against which organisations can conducted and what it is for. Some form measure themselves. of standard is needed to ensure that there is The standard has wherever possible used an agreed: the terminology for risk set out by the • terminology related to the words used International Organization for • process by which risk management can be Standardization (ISO) in its recent carried out document ISO/IEC Guide 73 Risk Management - Vocabulary - Guidelines for • organisation structure for risk management use in standards. • objective for risk management In view of the rapid developments in this Importantly, the standard recognises that area the authors would appreciate feedback risk has both an upside and a downside. from organisations as they put the standard Risk management is not just something for into use (addresses to be found on the corporations or public organisations, but back cover of this Guide). It is intended for any activity whether short or long that regular modifications will be made to term.The benefits and opportunities the standard in the light of best practice. A Risk Management Standard © AIRMIC, ALARM, IRM: 2002 1
1. Risk Risk can be defined as the combination of negative aspects of risk.Therefore this the probability of an event and its standard considers risk from both consequences (ISO/IEC Guide 73). perspectives. In all types of undertaking, there is the In the safety field, it is generally recognised potential for events and consequences that that consequences are only negative and constitute opportunities for benefit (upside) therefore the management of safety risk is or threats to success (downside). focused on prevention and mitigation of harm. Risk Management is increasingly recognised as being concerned with both positive and 2. Risk Management Risk management is a central part of any It must be integrated into the culture of organisation’s strategic management. It is the organisation with an effective policy the process whereby organisations and a programme led by the most senior methodically address the risks attaching to management. It must translate the their activities with the goal of achieving strategy into tactical and operational sustained benefit within each activity and objectives, assigning responsibility across the portfolio of all activities. throughout the organisation with each The focus of good risk management is the manager and employee responsible for the identification and treatment of these risks. management of risk as part of their job Its objective is to add maximum description. It supports accountability, sustainable value to all the activities of the performance measurement and reward, organisation. It marshals the thus promoting operational efficiency at understanding of the potential upside and all levels. downside of all those factors which can affect the organisation. It increases the 2.1 External and Internal Factors probability of success, and reduces both The risks facing an organisation and its the probability of failure and the operations can result from factors both uncertainty of achieving the organisation’s external and internal to the organisation. overall objectives. Risk management should be a continuous The diagram overleaf summarises examples and developing process which runs of key risks in these areas and shows that throughout the organisation’s strategy and some specific risks can have both external the implementation of that strategy. It and internal drivers and therefore overlap should address methodically all the risks the two areas.They can be categorised surrounding the organisation’s activities past, further into types of risk such as strategic, present and in particular, future. financial, operational, hazard, etc. 2 A Risk Management Standard
2.1 Examples of the Drivers of Key Risks © AIRMIC, ALARM, IRM: 2002 3
2.2 The Risk Management Process The Organisation’s Strategic Objectives Risk Assessment Risk Analysis Risk Identification Risk Description Risk Estimation Modification Risk Evaluation Formal Audit Risk Reporting Threats and Opportunities Decision Risk Treatment Residual Risk Reporting Monitoring Risk management protects and adds value to the organisation and its stakeholders through supporting the organisation’s objectives by: • providing a framework for an use/allocation of capital and resources organisation that enables future activity within the organisation to take place in a consistent and • reducing volatility in the non essential controlled manner areas of the business • improving decision making, planning • protecting and enhancing assets and and prioritisation by comprehensive and company image structured understanding of business activity, volatility and project • developing and supporting people and opportunity/threat the organisation’s knowledge base • contributing to more efficient • optimising operational efficiency 4 A Risk Management Standard
3. Risk Assessment Risk Assessment is defined by the ISO/ analysis and risk evaluation. IEC Guide 73 as the overall process of risk (See appendix) 4. Risk Analysis 4.1 Risk Identification • Financial - These concern the effective Risk identification sets out to identify an management and control of the finances of organisation’s exposure to uncertainty.This the organisation and the effects of external requires an intimate knowledge of the factors such as availability of credit, foreign organisation, the market in which it operates, exchange rates, interest rate movement and the legal, social, political and cultural other market exposures. environment in which it exists, as well as the • Knowledge management - These concern development of a sound understanding of its the effective management and control of the strategic and operational objectives, knowledge resources, the production, including factors critical to its success and the protection and communication thereof. threats and opportunities related to the achievement of these objectives. External factors might include the unauthorised use or abuse of intellectual Risk identification should be approached property, area power failures, and in a methodical way to ensure that all competitive technology. Internal factors might significant activities within the organisation be system malfunction or loss of key staff. have been identified and all the risks • Compliance - These concern such issues as flowing from these activities defined. All associated volatility related to these health & safety, environmental, trade activities should be identified and descriptions, consumer protection, data categorised. protection, employment practices and regulatory issues. Business activities and decisions can be Whilst risk identification can be carried classified in a range of ways, examples of out by outside consultants, an in-house which include: approach with well communicated, • Strategic - These concern the long-term consistent and co-ordinated processes and strategic objectives of the organisation.They tools (see Appendix, page 14) is likely to be can be affected by such areas as capital more effective. In-house ‘ownership’ of the risk management process is essential. availability, sovereign and political risks, legal and regulatory changes, reputation 4.2 Risk Description and changes in the physical environment. The objective of risk description is to • Operational - These concern the day-to- display the identified risks in a structured day issues that the organisation is format, for example, by using a table.The confronted with as it strives to deliver its risk description table overleaf can be used strategic objectives. to facilitate the description and assessment © AIRMIC, ALARM, IRM: 2002 5
of risks.The use of a well designed structure detail. Identification of the risks associated is necessary to ensure a comprehensive risk with business activities and decision making identification, description and assessment may be categorised as strategic, project/ process. By considering the consequence and tactical, operational. It is important to probability of each of the risks set out in the incorporate risk management at the table, it should be possible to prioritise the conceptual stage of projects as well as key risks that need to be analysed in more throughout the life of a specific project. 4.2.1 Table - Risk Description 1. Name of Risk 2. Scope of Risk Qualitative description of the events, their size, type, number and dependencies 3. Nature of Risk Eg. strategic, operational, financial, knowledge or compliance 4. Stakeholders Stakeholders and their expectations 5. Quantification of Risk Significance and Probability 6. Risk Tolerance/ Loss potential and financial impact of risk Appetite Value at risk Probability and size of potential losses/gains Objective(s) for control of the risk and desired level of performance 7. Risk Treatment & Primary means by which the risk is currently managed Control Mechanisms Levels of confidence in existing control Identification of protocols for monitoring and review 8. Potential Action for Recommendations to reduce risk Improvement 9. Strategy and Policy Identification of function responsible for developing strategy Developments and policy 4.3 Risk Estimation Examples are given in the tables overleaf. Risk estimation can be quantitative, semi- Different organisations will find that quantitative or qualitative in terms of the different measures of consequence and probability of occurrence and the possible probability will suit their needs best. consequence. For example many organisations find that For example, consequences both in terms assessing consequence and probability as high, of threats (downside risks) and medium or low is quite adequate for their opportunities (upside risks) may be high, needs and can be presented as a 3 x 3 matrix. medium or low (see table 4.3.1). Probability may be high, medium or low but requires Other organisations find that assessing different definitions in respect of threats and consequence and probability using a 5 x 5 opportunities (see tables 4.3.2 and 4.3.3). matrix gives them a better evaluation. 6 A Risk Management Standard
Table 4.3.1 Consequences - Both Threats and Opportunities High Financial impact on the organisation is likely to exceed £x Significant impact on the organisation’s strategy or operational activities Significant stakeholder concern Medium Financial impact on the organisation likely to be between £x and £y Moderate impact on the organisation’s strategy or operational activities Moderate stakeholder concern Low Financial impact on the organisation likely to be less that £y Low impact on the organisation’s strategy or operational activities Low stakeholder concern Table 4.3.2 Probability of Occurrence - Threats Estimation Description Indicators High Likely to occur each year Potential of it occurring several times (Probable) or more than 25% chance within the time period (for example - of occurrence. ten years). Has occurred recently. Medium Likely to occur in a ten Could occur more than once within the (Possible) year time period or less time period (for example - ten years). than 25% chance of Could be difficult to control due to occurrence. some external influences. Is there a history of occurrence? Low Not likely to occur in a Has not occurred. (Remote) ten year period or less than Unlikely to occur. 2% chance of occurrence. © AIRMIC, ALARM, IRM: 2002 7
Table 4.3.3 Probability of Occurrence - Opportunities Estimation Description Indicators High Favourable outcome is Clear opportunity which can be relied (Probable) likely to be achieved in on with reasonable certainty, to be one year or better than achieved in the short term based on 75% chance of occurrence. current management processes. Medium Reasonable prospects of Opportunities which may be achievable (Possible) favourable results in one but which require careful management. year of 25% to 75% chance Opportunities which may arise over and of occurrence. above the plan. Low Some chance of favourable Possible opportunity which has yet to be (Remote) outcome in the medium fully investigated by management. term or less than 25% Opportunity for which the likelihood of chance of occurrence. success is low on the basis of management resources currently being applied. 4.4 Risk Analysis methods and treatment efforts.This ranks each identified techniques risk so as to give a view of the relative importance. A range of techniques can be used to analyse risks.These can be specific to This process allows the risk to be mapped upside or downside risk or be capable of to the business area affected, describes the dealing with both. (See Appendix, page 14, primary control procedures in place and for examples). indicates areas where the level of risk control investment might be increased, 4.5 Risk Profile decreased or reapportioned. The result of the risk analysis process can Accountability helps to ensure that be used to produce a risk profile which ‘ownership’ of the risk is recognised and gives a significance rating to each risk and the appropriate management resource provides a tool for prioritising risk allocated. 5. Risk Evaluation When the risk analysis process has been economic and environmental factors, completed, it is necessary to compare the concerns of stakeholders, etc. Risk estimated risks against risk criteria which evaluation therefore, is used to make the organisation has established.The risk decisions about the significance of risks to criteria may include associated costs and the organisation and whether each specific benefits, legal requirements, socio- risk should be accepted or treated. 8 A Risk Management Standard
6. Risk Reporting and Communication 6.1 Internal Reporting • have systems which communicate Different levels within an organisation need variances in budgets and forecasts at different information from the risk appropriate frequency to allow action to be management process. taken The Board of Directors should: • report systematically and promptly to • know about the most significant risks senior management any perceived new facing the organisation risks or failures of existing control • know the possible effects on shareholder measures value of deviations to expected performance ranges Individuals should: • ensure appropriate levels of awareness • understand their accountability for throughout the organisation individual risks • know how the organisation will manage a • understand how they can enable crisis continuous improvement of risk • know the importance of stakeholder management response confidence in the organisation • understand that risk management and • know how to manage communications risk awareness are a key part of the with the investment community where organisation’s culture applicable • be assured that the risk management • report systematically and promptly to process is working effectively senior management any perceived new • publish a clear risk management policy risks or failures of existing control covering risk management philosophy and measures responsibilities 6.2 External Reporting Business Units should: A company needs to report to its • be aware of risks which fall into their area stakeholders on a regular basis setting out of responsibility, the possible impacts these its risk management policies and the may have on other areas and the effectiveness in achieving its objectives. consequences other areas may have on them Increasingly stakeholders look to • have performance indicators which allow organisations to provide evidence of them to monitor the key business and effective management of the organisation’s financial activities, progress towards non-financial performance in such areas as objectives and identify developments community affairs, human rights, which require intervention (e.g. forecasts employment practices, health and safety and budgets) and the environment. © AIRMIC, ALARM, IRM: 2002 9
Good corporate governance requires that The formal reporting should address: companies adopt a methodical approach to • the control methods - particularly risk management which: management responsibilities for risk • protects the interests of their stakeholders management • ensures that the Board of Directors • the processes used to identify risks and discharges its duties to direct strategy, build how they are addressed by the risk value and monitor performance of the management systems organisation • the primary control systems in place to manage significant risks • ensures that management controls are in • the monitoring and review system in place place and are performing adequately Any significant deficiencies uncovered by The arrangements for the formal reporting the system, or in the system itself, should of risk management should be clearly stated be reported together with the steps taken and be available to the stakeholders. to deal with them. 7. Risk Treatment Risk treatment is the process of selecting The risk analysis process assists the effective and implementing measures to modify the and efficient operation of the organisation risk. Risk treatment includes as its major by identifying those risks which require element, risk control/mitigation, but attention by management.They will need extends further to, for example, risk to prioritise risk control actions in terms of avoidance, risk transfer, risk financing, etc. their potential to benefit the organisation. NOTE: In this standard, risk financing Effectiveness of internal control is the refers to the mechanisms (eg insurance degree to which the risk will either be programmes) for funding the financial eliminated or reduced by the proposed consequences of risk. Risk financing is not control measures. generally considered to be the provision of Cost effectiveness of internal control relates funds to meet the cost of implementing risk to the cost of implementing the control treatment (as defined by ISO/IEC Guide compared to the risk reduction benefits 73; see page 17). expected. Any system of risk treatment should The proposed controls need to be provide as a minimum: measured in terms of potential economic • effective and efficient operation of the effect if no action is taken versus the cost organisation of the proposed action(s) and invariably require more detailed information and • effective internal controls assumptions than are immediately • compliance with laws and regulations. available. 10 A Risk Management Standard
Firstly, the cost of implementation has to compliance.There is only occasionally be established. This has to be calculated some flexibility where the cost of reducing with some accuracy since it quickly a risk may be totally disproportionate to becomes the baseline against which cost that risk. effectiveness is measured. The loss to be One method of obtaining financial expected if no action is taken must also protection against the impact of risks is be estimated and by comparing the through risk financing which includes results, management can decide whether insurance. However, it should be or not to implement the risk control recognised that some losses or elements of a measures. loss will be uninsurable eg the uninsured Compliance with laws and regulations is costs associated with work-related health, not an option. An organisation must safety or environmental incidents, which understand the applicable laws and must may include damage to employee morale implement a system of controls to achieve and the organisation’s reputation. 8. Monitoring and Review of the Risk Management Process Effective risk management requires a Changes in the organisation and the reporting and review structure to ensure environment in which it operates must be that risks are effectively identified and identified and appropriate changes made to assessed and that appropriate controls and systems. responses are in place. Regular audits of policy and standards compliance should be Any monitoring and review process should carried out and standards performance also determine whether: reviewed to identify opportunities for • the measures adopted resulted in what was improvement. It should be remembered intended that organisations are dynamic and operate in dynamic environments. Changes in the • the procedures adopted and information organisation and the environment in which gathered for undertaking the assessment it operates must be identified and were appropriate appropriate modifications made to systems. • improved knowledge would have helped The monitoring process should provide to reach better decisions and identify assurance that there are appropriate controls in what lessons could be learned for place for the organisation’s activities and that future assessments and management of the procedures are understood and followed. risks © AIRMIC, ALARM, IRM: 2002 11
9. The Structure and Administration of Risk Management 9.1 Risk Management Policy The Board should, as a minimum, An organisation’s risk management policy consider, in evaluating its system of internal should set out its approach to and appetite control: for risk and its approach to risk • the nature and extent of downside risks management.The policy should also set acceptable for the company to bear within out responsibilities for risk management its particular business throughout the organisation. • the likelihood of such risks becoming a Furthermore, it should refer to any legal reality requirements for policy statements eg. for • how unacceptable risks should be managed Health and Safety. • the company’s ability to minimise the Attaching to the risk management process probability and impact on the business is an integrated set of tools and techniques • the costs and benefits of the risk and for use in the various stages of the business control activity undertaken process.To work effectively, the risk • the effectiveness of the risk management management process requires: process • commitment from the chief executive and • the risk implications of board decisions executive management of the organisation • assignment of responsibilities within the 9.3 Role of the Business Units organisation This includes the following: • allocation of appropriate resources for • the business units have primary training and the development of an responsibility for managing risk on a day- enhanced risk awareness by all to-day basis stakeholders. • business unit management is responsible 9.2 Role of the Board for promoting risk awareness within their The Board has responsibility for operations; they should introduce risk determining the strategic direction of the management objectives into their business organisation and for creating the • risk management should be a regular environment and the structures for risk management-meeting item to allow management to operate effectively. consideration of exposures and to This may be through an executive group, a reprioritise work in the light of effective non-executive committee, an audit risk analysis committee or such other function that suits • business unit management should ensure the organisation’s way of operating and is that risk management is incorporated at capable of acting as a ‘sponsor’ for risk the conceptual stage of projects as well as management. throughout a project 12 A Risk Management Standard
9.4 Role of the Risk Management management processes across an Function organisation Depending on the size of the organisation • providing assurance on the management the risk management function may range of risk from a single risk champion, a part time • providing active support and involvement risk manager, to a full scale risk in the risk management process management department.The role of the • facilitating risk identification/assessment Risk Management function should include and educating line staff in risk the following: management and internal control • setting policy and strategy for risk • co-ordinating risk reporting to the board, management audit committee, etc • primary champion of risk management at In determining the most appropriate role strategic and operational level for a particular organisation, Internal Audit • building a risk aware culture within the should ensure that the professional organisation including appropriate requirements for independence and education objectivity are not breached. • establishing internal risk policy and 9.6 Resources and structures for business units Implementation • designing and reviewing processes for risk The resources required to implement the management organisation’s risk management policy • co-ordinating the various functional should be clearly established at each level of activities which advise on risk management management and within each business unit. issues within the organisation In addition to other operational functions • developing risk response processes, they may have, those involved in risk including contingency and business management should have their roles in co- continuity programmes ordinating risk management policy/strategy clearly defined.The same clear definition is • preparing reports on risk for the board also required for those involved in the audit and the stakeholders and review of internal controls and 9.5 Role of Internal Audit facilitating the risk management process. The role of Internal Audit is likely to differ Risk management should be embedded from one organisation to another. In within the organisation through the practice, Internal Audit’s role may include strategy and budget processes. It should be some or all of the following: highlighted in induction and all other • focusing the internal audit work on the training and development as well as within significant risks, as identified by operational processes e.g. product/service management, and auditing the risk development projects. © AIRMIC, ALARM, IRM: 2002 13
10. Appendix Risk Identification Techniques - Risk Analysis Methods and examples Techniques - examples • Brainstorming Upside risk • Questionnaires • Market survey • Business studies which look at each • Prospecting business process and describe both the • Test marketing internal processes and external factors • Research and Development which can influence those processes • Business impact analysis • Industry benchmarking • Scenario analysis Both • Risk assessment workshops • Dependency modelling • Incident investigation • SWOT analysis (Strengths,Weaknesses, Opportunities,Threats) • Auditing and inspection • Event tree analysis • HAZOP (Hazard & Operability Studies) • Business continuity planning • BPEST (Business, Political, Economic, Social,Technological) analysis • Real Option Modelling • Decision taking under conditions of risk and uncertainty • Statistical inference • Measures of central tendency and dispersion • PESTLE (Political Economic Social Technical Legal Environmental) Downside risk • Threat analysis • Fault tree analysis • FMEA (Failure Mode & Effect Analysis) On the following pages are extracts from the document PD ISO/IEC Guide 73: 2002 reproduced with the permission of British Standards Institution under licence number 2002SK/0313. British Standards can be obtained from BSI Customer Services, 389 Chiswick High Road, London W4 4AL. (Tel + 44 (0) 20 8996 9001) 14 A Risk Management Standard
The Institute of Risk Management 6 Lloyd’s Avenue, Telephone 020 7709 9808 London EC3N 3AX Facsimile 020 7709 0716 Email enquiries@theIRM.org www.theirm.org ALARM The National Forum for Queens Drive, Exmouth Risk Management in the Public Sector Devon, EX8 2AY Telephone 01395 223399 Facsimile 01395 223304 Email admin@alarm.uk.com www.alarm-uk.com The Association of 6 Lloyd’s Avenue, Insurance and Risk Managers London EC3N 3AX Telephone 020 7480 7610 Facsimile 020 7702 3752 Email enquiries@airmic.co.uk www.airmic.com This publication is available from the above organisations for download from their respective websites free of charge. Please contact the individual associations if you wish to purchase more copies of this Risk Management Standard in printed form

Recomendados

UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
 
Presentation qrm shc
Presentation qrm shcPresentation qrm shc
Presentation qrm shcPeter Schellinck
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk TransformationAndrew Smart
 
Erm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & MethodologyErm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & Methodologysteinkamps6
 
Enterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy JacobusEnterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy JacobusDeddy Jacobus
 
Robert jones & agnes hunt hospital presentation
Robert jones & agnes hunt hospital presentationRobert jones & agnes hunt hospital presentation
Robert jones & agnes hunt hospital presentationLawson Odere
 
Risk Management in Business
Risk Management in BusinessRisk Management in Business
Risk Management in Businesspaperpublications3
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 

Recomendados

UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
 
Presentation qrm shc
Presentation qrm shcPresentation qrm shc
Presentation qrm shcPeter Schellinck
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk TransformationAndrew Smart
 
Erm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & MethodologyErm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & Methodologysteinkamps6
 
Enterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy JacobusEnterprise Risk Management - Deddy Jacobus
Enterprise Risk Management - Deddy JacobusDeddy Jacobus
 
Robert jones & agnes hunt hospital presentation
Robert jones & agnes hunt hospital presentationRobert jones & agnes hunt hospital presentation
Robert jones & agnes hunt hospital presentationLawson Odere
 
Risk Management in Business
Risk Management in BusinessRisk Management in Business
Risk Management in Businesspaperpublications3
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAndre Knipe
 
ERM overview
ERM overviewERM overview
ERM overviewHisham Haridy MBA, PMP®, RMP®, SP®
 
Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012Good Light Massage Center
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
SMUSA Risk Management (December 2014)
SMUSA Risk Management (December 2014)SMUSA Risk Management (December 2014)
SMUSA Risk Management (December 2014)James Patriquin
 
Ssg supplement 102009
Ssg supplement 102009Ssg supplement 102009
Ssg supplement 102009ACTUS Foundation for Financial Research
 
B322
B322B322
B322performanceweb
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSODina Pramudianti
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 
B322
B322B322
B322performanceweb
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCPRon Andrews
 
Risk managemnt 2_gc-cp-rapm-090327
Risk managemnt 2_gc-cp-rapm-090327Risk managemnt 2_gc-cp-rapm-090327
Risk managemnt 2_gc-cp-rapm-090327Alberto Garcia Romera
 
Risk Mgt
Risk Mgt Risk Mgt
Risk Mgt Morris Muhwezi
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
Risk Management / Information Security
Risk Management / Information SecurityRisk Management / Information Security
Risk Management / Information SecurityNicollai Kostadinov
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820สปสช นครสวรรค์
 
99469 633604361858906250
99469 63360436185890625099469 633604361858906250
99469 633604361858906250Nitesh Jain
 
Dfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreDfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreNitesh Jain
 
Zoskctr hints tips 20090723doc
Zoskctr hints tips 20090723docZoskctr hints tips 20090723doc
Zoskctr hints tips 20090723docUniversity High School - Fresno
 
Simple perl scripts
Simple perl scriptsSimple perl scripts
Simple perl scriptsUniversity High School - Fresno
 
Dfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreDfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreNitesh Jain
 

Más contenido relacionado

La actualidad más candente

Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementAndre Knipe
 
Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012Good Light Massage Center
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right postureParag Deodhar
 
SMUSA Risk Management (December 2014)
SMUSA Risk Management (December 2014)SMUSA Risk Management (December 2014)
SMUSA Risk Management (December 2014)James Patriquin
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSODina Pramudianti
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management Surajit Datta
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCPRon Andrews
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
Risk Management / Information Security
Risk Management / Information SecurityRisk Management / Information Security
Risk Management / Information SecurityNicollai Kostadinov
 

La actualidad más candente (17)

Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
ERM overview
ERM overviewERM overview
ERM overview
 
Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012Coordinating risk mgt and assurance march 2012
Coordinating risk mgt and assurance march 2012
 
IT Risk Management - the right posture
IT Risk Management - the right postureIT Risk Management - the right posture
IT Risk Management - the right posture
 
SMUSA Risk Management (December 2014)
SMUSA Risk Management (December 2014)SMUSA Risk Management (December 2014)
SMUSA Risk Management (December 2014)
 
Ssg supplement 102009
Ssg supplement 102009Ssg supplement 102009
Ssg supplement 102009
 
B322
B322B322
B322
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSO
 
Common failures of risk management
Common failures of risk management Common failures of risk management
Common failures of risk management
 
B322
B322B322
B322
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
 
Risk managemnt 2_gc-cp-rapm-090327
Risk managemnt 2_gc-cp-rapm-090327Risk managemnt 2_gc-cp-rapm-090327
Risk managemnt 2_gc-cp-rapm-090327
 
Risk Mgt
Risk Mgt Risk Mgt
Risk Mgt
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
Risk Management / Information Security
Risk Management / Information SecurityRisk Management / Information Security
Risk Management / Information Security
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820
 

Destacado

99469 633604361858906250
99469 63360436185890625099469 633604361858906250
99469 633604361858906250Nitesh Jain
 
Dfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreDfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreNitesh Jain
 
Dfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreDfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreNitesh Jain
 
Authors metadatarightssocialmediafv
Authors metadatarightssocialmediafvAuthors metadatarightssocialmediafv
Authors metadatarightssocialmediafvpeterclifton
 

Destacado (9)

99469 633604361858906250
99469 63360436185890625099469 633604361858906250
99469 633604361858906250
 
Dfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreDfasggfdsnodjfoejoenuretjerfhrejmtklre
Dfasggfdsnodjfoejoenuretjerfhrejmtklre
 
Zoskctr hints tips 20090723doc
Zoskctr hints tips 20090723docZoskctr hints tips 20090723doc
Zoskctr hints tips 20090723doc
 
Simple perl scripts
Simple perl scriptsSimple perl scripts
Simple perl scripts
 
Dfasggfdsnodjfoejoenuretjerfhrejmtklre
DfasggfdsnodjfoejoenuretjerfhrejmtklreDfasggfdsnodjfoejoenuretjerfhrejmtklre
Dfasggfdsnodjfoejoenuretjerfhrejmtklre
 
Simple perl scripts
Simple perl scriptsSimple perl scripts
Simple perl scripts
 
Capm time mgmt fas track as
Capm time mgmt fas track asCapm time mgmt fas track as
Capm time mgmt fas track as
 
Fdasfasfasd
FdasfasfasdFdasfasfasd
Fdasfasfasd
 
Authors metadatarightssocialmediafv
Authors metadatarightssocialmediafvAuthors metadatarightssocialmediafv
Authors metadatarightssocialmediafv
 

Similar a Risk management standard_030820

The IRM India- A Risk Management Standard
The IRM India- A Risk Management StandardThe IRM India- A Risk Management Standard
The IRM India- A Risk Management StandardThe IRM India
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOPiTech
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Adnan Naseem
 
An Investigation Of Risk Management Strategies In Projects
An Investigation Of Risk Management Strategies In ProjectsAn Investigation Of Risk Management Strategies In Projects
An Investigation Of Risk Management Strategies In ProjectsNancy Ideker
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfRobert Serena, FSA, CFA, CPCU
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalSyzygal
 
A to Z of Risk Management
A to Z of Risk ManagementA to Z of Risk Management
A to Z of Risk ManagementMark Conway
 
project risk management
project risk managementproject risk management
project risk managementAshima Thakur
 
insurance-busines.pdf
insurance-busines.pdfinsurance-busines.pdf
insurance-busines.pdfyebegashet
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfabdo badr
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management ProgramAlicia Edwards
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...Hassan Zaitoun
 
Risk Management and Risk Transfer
Risk Management and Risk TransferRisk Management and Risk Transfer
Risk Management and Risk TransferCBIZ, Inc.
 
Chapter 1 risk management (3)
Chapter 1 risk management (3)Chapter 1 risk management (3)
Chapter 1 risk management (3)rafeeqameen
 
12-RISK-MANAGEMENT-PROCEDURES-METHODS-AND-EXPERIENCES-RTA_2_2010-09.pdf
12-RISK-MANAGEMENT-PROCEDURES-METHODS-AND-EXPERIENCES-RTA_2_2010-09.pdf12-RISK-MANAGEMENT-PROCEDURES-METHODS-AND-EXPERIENCES-RTA_2_2010-09.pdf
12-RISK-MANAGEMENT-PROCEDURES-METHODS-AND-EXPERIENCES-RTA_2_2010-09.pdfGabayo
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introductionSpyros Ktenas
 

Similar a Risk management standard_030820 (20)

The IRM India- A Risk Management Standard
The IRM India- A Risk Management StandardThe IRM India- A Risk Management Standard
The IRM India- A Risk Management Standard
 
Risk management standard 030820
Risk management standard 030820 Risk management standard 030820
Risk management standard 030820
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_en
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)
 
Risk Health Check
Risk Health CheckRisk Health Check
Risk Health Check
 
An Investigation Of Risk Management Strategies In Projects
An Investigation Of Risk Management Strategies In ProjectsAn Investigation Of Risk Management Strategies In Projects
An Investigation Of Risk Management Strategies In Projects
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
 
Management of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - SyzygalManagement of Risk M_o_R Dubai - Syzygal
Management of Risk M_o_R Dubai - Syzygal
 
A to Z of Risk Management
A to Z of Risk ManagementA to Z of Risk Management
A to Z of Risk Management
 
project risk management
project risk managementproject risk management
project risk management
 
Risk management erm
Risk management ermRisk management erm
Risk management erm
 
insurance-busines.pdf
insurance-busines.pdfinsurance-busines.pdf
insurance-busines.pdf
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdfSun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
Sun-Pharma-Risk-Management-Policy-Synopsis-May-2022.pdf
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...
 
Risk Management and Risk Transfer
Risk Management and Risk TransferRisk Management and Risk Transfer
Risk Management and Risk Transfer
 
Chapter 1 risk management (3)
Chapter 1 risk management (3)Chapter 1 risk management (3)
Chapter 1 risk management (3)
 
12-RISK-MANAGEMENT-PROCEDURES-METHODS-AND-EXPERIENCES-RTA_2_2010-09.pdf
12-RISK-MANAGEMENT-PROCEDURES-METHODS-AND-EXPERIENCES-RTA_2_2010-09.pdf12-RISK-MANAGEMENT-PROCEDURES-METHODS-AND-EXPERIENCES-RTA_2_2010-09.pdf
12-RISK-MANAGEMENT-PROCEDURES-METHODS-AND-EXPERIENCES-RTA_2_2010-09.pdf
 
Management of risk introduction
Management of risk introductionManagement of risk introduction
Management of risk introduction
 

Último

8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
PB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandPB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandSharisaBethune
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesDavidSamuel525586
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 

Último (20)

8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
PB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal BrandPB Project 1: Exploring Your Personal Brand
PB Project 1: Exploring Your Personal Brand
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in Philippines
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 

Risk management standard_030820

  • 1. A Risk Management Standard
  • 2. Published by AIRMIC, ALARM, IRM: 2002
  • 3. Introduction This Risk Management Standard is the should be viewed not just in the context of result of work by a team drawn from the the activity itself but in relation to the major risk management organisations in many and varied stakeholders who can be the UK - The Institute of Risk affected. Management (IRM),The Association of Insurance and Risk Managers (AIRMIC) There are many ways of achieving the and ALARM The National Forum for objectives of risk management and it Risk Management in the Public Sector. would be impossible to try to set them all out in a single document.Therefore it was In addition, the team sought the views and never intended to produce a prescriptive opinions of a wide range of other standard which would have led to a box professional bodies with interests in risk ticking approach nor to establish a management, during an extensive period certifiable process. By meeting the various of consultation. component parts of this standard, albeit in Risk management is a rapidly developing different ways, organisations will be in a discipline and there are many and varied position to report that they are in views and descriptions of what risk compliance.The standard represents best management involves, how it should be practice against which organisations can conducted and what it is for. Some form measure themselves. of standard is needed to ensure that there is The standard has wherever possible used an agreed: the terminology for risk set out by the • terminology related to the words used International Organization for • process by which risk management can be Standardization (ISO) in its recent carried out document ISO/IEC Guide 73 Risk Management - Vocabulary - Guidelines for • organisation structure for risk management use in standards. • objective for risk management In view of the rapid developments in this Importantly, the standard recognises that area the authors would appreciate feedback risk has both an upside and a downside. from organisations as they put the standard Risk management is not just something for into use (addresses to be found on the corporations or public organisations, but back cover of this Guide). It is intended for any activity whether short or long that regular modifications will be made to term.The benefits and opportunities the standard in the light of best practice. A Risk Management Standard © AIRMIC, ALARM, IRM: 2002 1
  • 4. 1. Risk Risk can be defined as the combination of negative aspects of risk.Therefore this the probability of an event and its standard considers risk from both consequences (ISO/IEC Guide 73). perspectives. In all types of undertaking, there is the In the safety field, it is generally recognised potential for events and consequences that that consequences are only negative and constitute opportunities for benefit (upside) therefore the management of safety risk is or threats to success (downside). focused on prevention and mitigation of harm. Risk Management is increasingly recognised as being concerned with both positive and 2. Risk Management Risk management is a central part of any It must be integrated into the culture of organisation’s strategic management. It is the organisation with an effective policy the process whereby organisations and a programme led by the most senior methodically address the risks attaching to management. It must translate the their activities with the goal of achieving strategy into tactical and operational sustained benefit within each activity and objectives, assigning responsibility across the portfolio of all activities. throughout the organisation with each The focus of good risk management is the manager and employee responsible for the identification and treatment of these risks. management of risk as part of their job Its objective is to add maximum description. It supports accountability, sustainable value to all the activities of the performance measurement and reward, organisation. It marshals the thus promoting operational efficiency at understanding of the potential upside and all levels. downside of all those factors which can affect the organisation. It increases the 2.1 External and Internal Factors probability of success, and reduces both The risks facing an organisation and its the probability of failure and the operations can result from factors both uncertainty of achieving the organisation’s external and internal to the organisation. overall objectives. Risk management should be a continuous The diagram overleaf summarises examples and developing process which runs of key risks in these areas and shows that throughout the organisation’s strategy and some specific risks can have both external the implementation of that strategy. It and internal drivers and therefore overlap should address methodically all the risks the two areas.They can be categorised surrounding the organisation’s activities past, further into types of risk such as strategic, present and in particular, future. financial, operational, hazard, etc. 2 A Risk Management Standard
  • 5. 2.1 Examples of the Drivers of Key Risks © AIRMIC, ALARM, IRM: 2002 3
  • 6. 2.2 The Risk Management Process The Organisation’s Strategic Objectives Risk Assessment Risk Analysis Risk Identification Risk Description Risk Estimation Modification Risk Evaluation Formal Audit Risk Reporting Threats and Opportunities Decision Risk Treatment Residual Risk Reporting Monitoring Risk management protects and adds value to the organisation and its stakeholders through supporting the organisation’s objectives by: • providing a framework for an use/allocation of capital and resources organisation that enables future activity within the organisation to take place in a consistent and • reducing volatility in the non essential controlled manner areas of the business • improving decision making, planning • protecting and enhancing assets and and prioritisation by comprehensive and company image structured understanding of business activity, volatility and project • developing and supporting people and opportunity/threat the organisation’s knowledge base • contributing to more efficient • optimising operational efficiency 4 A Risk Management Standard
  • 7. 3. Risk Assessment Risk Assessment is defined by the ISO/ analysis and risk evaluation. IEC Guide 73 as the overall process of risk (See appendix) 4. Risk Analysis 4.1 Risk Identification • Financial - These concern the effective Risk identification sets out to identify an management and control of the finances of organisation’s exposure to uncertainty.This the organisation and the effects of external requires an intimate knowledge of the factors such as availability of credit, foreign organisation, the market in which it operates, exchange rates, interest rate movement and the legal, social, political and cultural other market exposures. environment in which it exists, as well as the • Knowledge management - These concern development of a sound understanding of its the effective management and control of the strategic and operational objectives, knowledge resources, the production, including factors critical to its success and the protection and communication thereof. threats and opportunities related to the achievement of these objectives. External factors might include the unauthorised use or abuse of intellectual Risk identification should be approached property, area power failures, and in a methodical way to ensure that all competitive technology. Internal factors might significant activities within the organisation be system malfunction or loss of key staff. have been identified and all the risks • Compliance - These concern such issues as flowing from these activities defined. All associated volatility related to these health & safety, environmental, trade activities should be identified and descriptions, consumer protection, data categorised. protection, employment practices and regulatory issues. Business activities and decisions can be Whilst risk identification can be carried classified in a range of ways, examples of out by outside consultants, an in-house which include: approach with well communicated, • Strategic - These concern the long-term consistent and co-ordinated processes and strategic objectives of the organisation.They tools (see Appendix, page 14) is likely to be can be affected by such areas as capital more effective. In-house ‘ownership’ of the risk management process is essential. availability, sovereign and political risks, legal and regulatory changes, reputation 4.2 Risk Description and changes in the physical environment. The objective of risk description is to • Operational - These concern the day-to- display the identified risks in a structured day issues that the organisation is format, for example, by using a table.The confronted with as it strives to deliver its risk description table overleaf can be used strategic objectives. to facilitate the description and assessment © AIRMIC, ALARM, IRM: 2002 5
  • 8. of risks.The use of a well designed structure detail. Identification of the risks associated is necessary to ensure a comprehensive risk with business activities and decision making identification, description and assessment may be categorised as strategic, project/ process. By considering the consequence and tactical, operational. It is important to probability of each of the risks set out in the incorporate risk management at the table, it should be possible to prioritise the conceptual stage of projects as well as key risks that need to be analysed in more throughout the life of a specific project. 4.2.1 Table - Risk Description 1. Name of Risk 2. Scope of Risk Qualitative description of the events, their size, type, number and dependencies 3. Nature of Risk Eg. strategic, operational, financial, knowledge or compliance 4. Stakeholders Stakeholders and their expectations 5. Quantification of Risk Significance and Probability 6. Risk Tolerance/ Loss potential and financial impact of risk Appetite Value at risk Probability and size of potential losses/gains Objective(s) for control of the risk and desired level of performance 7. Risk Treatment & Primary means by which the risk is currently managed Control Mechanisms Levels of confidence in existing control Identification of protocols for monitoring and review 8. Potential Action for Recommendations to reduce risk Improvement 9. Strategy and Policy Identification of function responsible for developing strategy Developments and policy 4.3 Risk Estimation Examples are given in the tables overleaf. Risk estimation can be quantitative, semi- Different organisations will find that quantitative or qualitative in terms of the different measures of consequence and probability of occurrence and the possible probability will suit their needs best. consequence. For example many organisations find that For example, consequences both in terms assessing consequence and probability as high, of threats (downside risks) and medium or low is quite adequate for their opportunities (upside risks) may be high, needs and can be presented as a 3 x 3 matrix. medium or low (see table 4.3.1). Probability may be high, medium or low but requires Other organisations find that assessing different definitions in respect of threats and consequence and probability using a 5 x 5 opportunities (see tables 4.3.2 and 4.3.3). matrix gives them a better evaluation. 6 A Risk Management Standard
  • 9. Table 4.3.1 Consequences - Both Threats and Opportunities High Financial impact on the organisation is likely to exceed £x Significant impact on the organisation’s strategy or operational activities Significant stakeholder concern Medium Financial impact on the organisation likely to be between £x and £y Moderate impact on the organisation’s strategy or operational activities Moderate stakeholder concern Low Financial impact on the organisation likely to be less that £y Low impact on the organisation’s strategy or operational activities Low stakeholder concern Table 4.3.2 Probability of Occurrence - Threats Estimation Description Indicators High Likely to occur each year Potential of it occurring several times (Probable) or more than 25% chance within the time period (for example - of occurrence. ten years). Has occurred recently. Medium Likely to occur in a ten Could occur more than once within the (Possible) year time period or less time period (for example - ten years). than 25% chance of Could be difficult to control due to occurrence. some external influences. Is there a history of occurrence? Low Not likely to occur in a Has not occurred. (Remote) ten year period or less than Unlikely to occur. 2% chance of occurrence. © AIRMIC, ALARM, IRM: 2002 7
  • 10. Table 4.3.3 Probability of Occurrence - Opportunities Estimation Description Indicators High Favourable outcome is Clear opportunity which can be relied (Probable) likely to be achieved in on with reasonable certainty, to be one year or better than achieved in the short term based on 75% chance of occurrence. current management processes. Medium Reasonable prospects of Opportunities which may be achievable (Possible) favourable results in one but which require careful management. year of 25% to 75% chance Opportunities which may arise over and of occurrence. above the plan. Low Some chance of favourable Possible opportunity which has yet to be (Remote) outcome in the medium fully investigated by management. term or less than 25% Opportunity for which the likelihood of chance of occurrence. success is low on the basis of management resources currently being applied. 4.4 Risk Analysis methods and treatment efforts.This ranks each identified techniques risk so as to give a view of the relative importance. A range of techniques can be used to analyse risks.These can be specific to This process allows the risk to be mapped upside or downside risk or be capable of to the business area affected, describes the dealing with both. (See Appendix, page 14, primary control procedures in place and for examples). indicates areas where the level of risk control investment might be increased, 4.5 Risk Profile decreased or reapportioned. The result of the risk analysis process can Accountability helps to ensure that be used to produce a risk profile which ‘ownership’ of the risk is recognised and gives a significance rating to each risk and the appropriate management resource provides a tool for prioritising risk allocated. 5. Risk Evaluation When the risk analysis process has been economic and environmental factors, completed, it is necessary to compare the concerns of stakeholders, etc. Risk estimated risks against risk criteria which evaluation therefore, is used to make the organisation has established.The risk decisions about the significance of risks to criteria may include associated costs and the organisation and whether each specific benefits, legal requirements, socio- risk should be accepted or treated. 8 A Risk Management Standard
  • 11. 6. Risk Reporting and Communication 6.1 Internal Reporting • have systems which communicate Different levels within an organisation need variances in budgets and forecasts at different information from the risk appropriate frequency to allow action to be management process. taken The Board of Directors should: • report systematically and promptly to • know about the most significant risks senior management any perceived new facing the organisation risks or failures of existing control • know the possible effects on shareholder measures value of deviations to expected performance ranges Individuals should: • ensure appropriate levels of awareness • understand their accountability for throughout the organisation individual risks • know how the organisation will manage a • understand how they can enable crisis continuous improvement of risk • know the importance of stakeholder management response confidence in the organisation • understand that risk management and • know how to manage communications risk awareness are a key part of the with the investment community where organisation’s culture applicable • be assured that the risk management • report systematically and promptly to process is working effectively senior management any perceived new • publish a clear risk management policy risks or failures of existing control covering risk management philosophy and measures responsibilities 6.2 External Reporting Business Units should: A company needs to report to its • be aware of risks which fall into their area stakeholders on a regular basis setting out of responsibility, the possible impacts these its risk management policies and the may have on other areas and the effectiveness in achieving its objectives. consequences other areas may have on them Increasingly stakeholders look to • have performance indicators which allow organisations to provide evidence of them to monitor the key business and effective management of the organisation’s financial activities, progress towards non-financial performance in such areas as objectives and identify developments community affairs, human rights, which require intervention (e.g. forecasts employment practices, health and safety and budgets) and the environment. © AIRMIC, ALARM, IRM: 2002 9
  • 12. Good corporate governance requires that The formal reporting should address: companies adopt a methodical approach to • the control methods - particularly risk management which: management responsibilities for risk • protects the interests of their stakeholders management • ensures that the Board of Directors • the processes used to identify risks and discharges its duties to direct strategy, build how they are addressed by the risk value and monitor performance of the management systems organisation • the primary control systems in place to manage significant risks • ensures that management controls are in • the monitoring and review system in place place and are performing adequately Any significant deficiencies uncovered by The arrangements for the formal reporting the system, or in the system itself, should of risk management should be clearly stated be reported together with the steps taken and be available to the stakeholders. to deal with them. 7. Risk Treatment Risk treatment is the process of selecting The risk analysis process assists the effective and implementing measures to modify the and efficient operation of the organisation risk. Risk treatment includes as its major by identifying those risks which require element, risk control/mitigation, but attention by management.They will need extends further to, for example, risk to prioritise risk control actions in terms of avoidance, risk transfer, risk financing, etc. their potential to benefit the organisation. NOTE: In this standard, risk financing Effectiveness of internal control is the refers to the mechanisms (eg insurance degree to which the risk will either be programmes) for funding the financial eliminated or reduced by the proposed consequences of risk. Risk financing is not control measures. generally considered to be the provision of Cost effectiveness of internal control relates funds to meet the cost of implementing risk to the cost of implementing the control treatment (as defined by ISO/IEC Guide compared to the risk reduction benefits 73; see page 17). expected. Any system of risk treatment should The proposed controls need to be provide as a minimum: measured in terms of potential economic • effective and efficient operation of the effect if no action is taken versus the cost organisation of the proposed action(s) and invariably require more detailed information and • effective internal controls assumptions than are immediately • compliance with laws and regulations. available. 10 A Risk Management Standard
  • 13. Firstly, the cost of implementation has to compliance.There is only occasionally be established. This has to be calculated some flexibility where the cost of reducing with some accuracy since it quickly a risk may be totally disproportionate to becomes the baseline against which cost that risk. effectiveness is measured. The loss to be One method of obtaining financial expected if no action is taken must also protection against the impact of risks is be estimated and by comparing the through risk financing which includes results, management can decide whether insurance. However, it should be or not to implement the risk control recognised that some losses or elements of a measures. loss will be uninsurable eg the uninsured Compliance with laws and regulations is costs associated with work-related health, not an option. An organisation must safety or environmental incidents, which understand the applicable laws and must may include damage to employee morale implement a system of controls to achieve and the organisation’s reputation. 8. Monitoring and Review of the Risk Management Process Effective risk management requires a Changes in the organisation and the reporting and review structure to ensure environment in which it operates must be that risks are effectively identified and identified and appropriate changes made to assessed and that appropriate controls and systems. responses are in place. Regular audits of policy and standards compliance should be Any monitoring and review process should carried out and standards performance also determine whether: reviewed to identify opportunities for • the measures adopted resulted in what was improvement. It should be remembered intended that organisations are dynamic and operate in dynamic environments. Changes in the • the procedures adopted and information organisation and the environment in which gathered for undertaking the assessment it operates must be identified and were appropriate appropriate modifications made to systems. • improved knowledge would have helped The monitoring process should provide to reach better decisions and identify assurance that there are appropriate controls in what lessons could be learned for place for the organisation’s activities and that future assessments and management of the procedures are understood and followed. risks © AIRMIC, ALARM, IRM: 2002 11
  • 14. 9. The Structure and Administration of Risk Management 9.1 Risk Management Policy The Board should, as a minimum, An organisation’s risk management policy consider, in evaluating its system of internal should set out its approach to and appetite control: for risk and its approach to risk • the nature and extent of downside risks management.The policy should also set acceptable for the company to bear within out responsibilities for risk management its particular business throughout the organisation. • the likelihood of such risks becoming a Furthermore, it should refer to any legal reality requirements for policy statements eg. for • how unacceptable risks should be managed Health and Safety. • the company’s ability to minimise the Attaching to the risk management process probability and impact on the business is an integrated set of tools and techniques • the costs and benefits of the risk and for use in the various stages of the business control activity undertaken process.To work effectively, the risk • the effectiveness of the risk management management process requires: process • commitment from the chief executive and • the risk implications of board decisions executive management of the organisation • assignment of responsibilities within the 9.3 Role of the Business Units organisation This includes the following: • allocation of appropriate resources for • the business units have primary training and the development of an responsibility for managing risk on a day- enhanced risk awareness by all to-day basis stakeholders. • business unit management is responsible 9.2 Role of the Board for promoting risk awareness within their The Board has responsibility for operations; they should introduce risk determining the strategic direction of the management objectives into their business organisation and for creating the • risk management should be a regular environment and the structures for risk management-meeting item to allow management to operate effectively. consideration of exposures and to This may be through an executive group, a reprioritise work in the light of effective non-executive committee, an audit risk analysis committee or such other function that suits • business unit management should ensure the organisation’s way of operating and is that risk management is incorporated at capable of acting as a ‘sponsor’ for risk the conceptual stage of projects as well as management. throughout a project 12 A Risk Management Standard
  • 15. 9.4 Role of the Risk Management management processes across an Function organisation Depending on the size of the organisation • providing assurance on the management the risk management function may range of risk from a single risk champion, a part time • providing active support and involvement risk manager, to a full scale risk in the risk management process management department.The role of the • facilitating risk identification/assessment Risk Management function should include and educating line staff in risk the following: management and internal control • setting policy and strategy for risk • co-ordinating risk reporting to the board, management audit committee, etc • primary champion of risk management at In determining the most appropriate role strategic and operational level for a particular organisation, Internal Audit • building a risk aware culture within the should ensure that the professional organisation including appropriate requirements for independence and education objectivity are not breached. • establishing internal risk policy and 9.6 Resources and structures for business units Implementation • designing and reviewing processes for risk The resources required to implement the management organisation’s risk management policy • co-ordinating the various functional should be clearly established at each level of activities which advise on risk management management and within each business unit. issues within the organisation In addition to other operational functions • developing risk response processes, they may have, those involved in risk including contingency and business management should have their roles in co- continuity programmes ordinating risk management policy/strategy clearly defined.The same clear definition is • preparing reports on risk for the board also required for those involved in the audit and the stakeholders and review of internal controls and 9.5 Role of Internal Audit facilitating the risk management process. The role of Internal Audit is likely to differ Risk management should be embedded from one organisation to another. In within the organisation through the practice, Internal Audit’s role may include strategy and budget processes. It should be some or all of the following: highlighted in induction and all other • focusing the internal audit work on the training and development as well as within significant risks, as identified by operational processes e.g. product/service management, and auditing the risk development projects. © AIRMIC, ALARM, IRM: 2002 13
  • 16. 10. Appendix Risk Identification Techniques - Risk Analysis Methods and examples Techniques - examples • Brainstorming Upside risk • Questionnaires • Market survey • Business studies which look at each • Prospecting business process and describe both the • Test marketing internal processes and external factors • Research and Development which can influence those processes • Business impact analysis • Industry benchmarking • Scenario analysis Both • Risk assessment workshops • Dependency modelling • Incident investigation • SWOT analysis (Strengths,Weaknesses, Opportunities,Threats) • Auditing and inspection • Event tree analysis • HAZOP (Hazard & Operability Studies) • Business continuity planning • BPEST (Business, Political, Economic, Social,Technological) analysis • Real Option Modelling • Decision taking under conditions of risk and uncertainty • Statistical inference • Measures of central tendency and dispersion • PESTLE (Political Economic Social Technical Legal Environmental) Downside risk • Threat analysis • Fault tree analysis • FMEA (Failure Mode & Effect Analysis) On the following pages are extracts from the document PD ISO/IEC Guide 73: 2002 reproduced with the permission of British Standards Institution under licence number 2002SK/0313. British Standards can be obtained from BSI Customer Services, 389 Chiswick High Road, London W4 4AL. (Tel + 44 (0) 20 8996 9001) 14 A Risk Management Standard
  • 17. The Institute of Risk Management 6 Lloyd’s Avenue, Telephone 020 7709 9808 London EC3N 3AX Facsimile 020 7709 0716 Email enquiries@theIRM.org www.theirm.org ALARM The National Forum for Queens Drive, Exmouth Risk Management in the Public Sector Devon, EX8 2AY Telephone 01395 223399 Facsimile 01395 223304 Email admin@alarm.uk.com www.alarm-uk.com The Association of 6 Lloyd’s Avenue, Insurance and Risk Managers London EC3N 3AX Telephone 020 7480 7610 Facsimile 020 7702 3752 Email enquiries@airmic.co.uk www.airmic.com This publication is available from the above organisations for download from their respective websites free of charge. Please contact the individual associations if you wish to purchase more copies of this Risk Management Standard in printed form