1 / 29

Risk Management

Risk Management. Instructor Abdel Fatah Afifi MA&T, MBA, ACPA, PCT. Risk. “The threat or possibility that an action or event will adversely or beneficially effect an organization’s ability to achieve its objectives.” Need to quantify risk and organize structure to manage.

driscoll-york
Download Presentation

Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management Instructor Abdel Fatah Afifi MA&T, MBA, ACPA, PCT

  2. Risk • “The threat or possibility that an action or event will adversely or beneficially effect an organization’s ability to achieve its objectives.” • Need to quantify risk and organize structure to manage.

  3. Quantitative Probability of Risk • The Value of Probability between (0-1) • Absolute Certainty , Value (1) • Certainty , Value (>0<1) • Absolute Impossibility , Value (0)

  4. Risk • The chance of something happening that will have an impacton objectives. • A risk is often specified in terms of an event or circumstance and the consequences that may flow from it. • Risk is measured in terms of a combination of the consequences of an event and their likelihood. • Risk may have a positive or negative impact. (AS/NZ 4360:2004).

  5. Why implement risk management? • Success = Vision Achievement + Associated Strategic Objectives. • Ultimately, must know the risks faced in achieving these goals, manage the risks effectively and ensure that effective risk treatments are, and continue to be in place as the environment changes over time. • Risk management is importance for EPF. Alternative is risky management which will not ensure desired outcomes.

  6. Benefits of risk management to EPF Increase risk awareness at all level of staff in order for them to effectively manage their risks. No unexpected surprises! Staff personal wellbeing Enable EPF’s BOD to comply with its organizational obligations and duties of care and diligence in accordance with the Malaysian Code on Corporate Governance (MCCG). Accountability, assurance and governance - Maintain integrity and confidence amongst EPF’s stakeholders and the public in general. Strengthening EPF’s competitive strategic and operational efficiency to increase long term stakeholder’s value. Safeguarding EPF’s assets and resources. Exploitation of opportunities Improved planning, performance and effectiveness  Improved information for decision making    Minimize unexpected impact to earnings and returns to Members. • . 8

  7. Malaysian Code of Corporate Governance Best Practices Provision AA I The board should explicitly assume the following specific responsibilities, which facilitate the discharge of the board’s stewardship responsibilities: • Identifying principal risksand ensure the implementation of appropriate systems to manage these risk; • Reviewing the adequacyandthe integrity of the company’s internal control systems and management information systems, including systems for compliance with applicable laws, regulations, rules, directives and guidelines.

  8. Enterprise Risk Framework Strategic Risk Market Risk Investment Risk Credit Risk Liquidity Risk Operational Risk Regulatory Risk Project Risk Reputational Risk

  9. Challenges in Implementing Risk Management (adapted from draft BS 31100 document) • Limited commitmentfrom the Board. • Risk Manager has limited/ambiguous/ no mandate. • No risk management orientation/awarenessprogram for senior management, executive and staff. • No uniform approach to risk management and reporting to ensure adoption of best practices. • No readily available formal risk management training and tools. • No buy-in from middle, junior managers and staff. • No regular assessment of risk management training needs. • No standard process/ procedure for addressing concerns about risk management tools or practices. • Inadequate budgetfor embedding and executing risk management. • No corporate process for identifying good practices or documenting them. • No sharing of good practices across the organization on a regular basis.

  10. Risk Management Standards • Risk Management Standard (IRM, ALARM and AIRMIC) U.K. • AZ/NZS 4360:2004 Risk Management Standard. • COSO Enterprise Risk Management, U.S. • Canadian Government Sector Standard. Draft • ISO 31000 Risk Management – Guidelines on principles and implementation of risk management. • ISO Guide 73 – Risk Management Vocabulary. • BS 31100 Code of practice for risk management.

  11. Risk Management • Risk management is the culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects within the organization environment. • It is an enterprise wide process multifaceted in dimension. • It is best achieved by a multidisciplinary team. • Risks must be appropriately communicated and shared.

  12. Risk Management Process • Adopted the Corporate Risk Scorecard (CRS) methodology to implement Risk Management in EPF. • CRS methodology is consistent with Australian/New Zealand Standard AS/NZS 4360:2004 on Risk Management. • Spelt out in the Risk Management Framework.

  13. Board of Governors President’s President’s Provost and Vice President Academic - Vice President (Finance & Resources) Executive Executive and/or Committee Committee Risk Management Steering Committee Risk Management Steering Committee Risk Information and Metrics Operational Risk Management Committee Operational Risk Management Committee Risk Risk Colleges Colleges Management Management & Units & Units and Insurance and Insurance Services Services Audit Services Security Services Information Technology Health, Safety & Environment ERM Policies Audit Security Health, Research Research Services Services Services Safety & Services Services Environment Student & Student & Enrolment Services Financial Facilities Facilities Management Financial Services Others Enrolment Services Management Services Services Risk Management Structure

  14. Risk Attitude Risk Awareness Risk Management Risk Reporting Risk Management Cycle Risk Management Review

  15. Strategy Policy Appetite Exposure Tolerance why and what how RM operates risk-seeking/adverse open/closed limits Risk Attitude

  16. Risk AwarenessEnterprise-wide Risk Management (ERM) • Identify/analyse/categorize • governance, management, operations, reputation, resources, finance, strategic • Evaluate and rank • Probability, impact • Identify actions • Forecast new probability impact after actions • Implement actions • Accountability

  17. Risk Management Actions • Not only negative (ensuring that bad things are less likely to happen) • But also positive (making it more likely that good things will happen) • Not an end in itself but part of good management & business process for determining & attaining the strategic objectives of the organization • Enables assessment of risk implications in terms of governance, management, quality & reputation as well as resources

  18. Risk Management (RM) • Avert potential misfortunes and disasters • Guard against harm & damage to individuals, infrastructure & reputation • Minimize missed opportunities

  19. Risk Management • Treatment • Avoid, accept, accept but control, reduce, share • Monitor • Periodic, early worry, key indicators, fluctuation • Residual risk

  20. Risk Reporting • Risk Register • Identify/categorize • Evaluate • Assign probability and impact (1 to 5) • Treatment • Appraised

  21. Risk Classification • Use probability/impact rankings • Impact: insignificant, minor, moderate, major, catastrophic • Probability: rare, unlikely, possible, likely, almost certain • Identify • Most important (red) – critical • Moderate (yellow) • Least important (green) –not material

  22. Actions • Needed when risk “red” • Identify responsibility /accountability • Status of risk • Measurable • Timeframe • Change over time

  23. U of S Strategic Directions • Attract & retain outstanding faculty. • Increase campus-wide commitment to research, scholarly and artistic work. • Establish the U of S as a major presence in graduate education. • Recruit & retain a diverse and academically promising body of students & prepare them for success in the knowledge age.

  24. U of S Example Risk: investment returns lower than forecast Probability (1-5) 3 Impact (1-5) 4 Red Strategy: reduce, avoid, share Actions • establish BoG Investment Committee • establish Money Purchase pension plans • increase professional strength in Treasury • change endowment spending policy

  25. U of S Example (cont’d) Risk: investment returns lower than forecast Actions (continued) • broader range of investments • change fund managers • communicate with donors Revised Probability (1-5) 3 Impact (1-5) 4 Yellow Accountable: Treasurer

  26. U of S Example Risk: failure to recruit, renew, retain faculty Probability (1-5) 4 Impact (1-5) 5 Red Strategy: reduce Actions • increase new faculty support • change collective agreement • promote campus

  27. U of S Example (cont’d) Risk: failure to recruit, renew, retain faculty Revised Probability (1-5) 2 Impact (1-5) 5 Remains Red Accountable: HRD/Colleges

More Related