Risk management
This presentation is the property of its rightful owner.
Sponsored Links
1 / 41

RISK MANAGEMENT PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on
  • Presentation posted in: General

RISK MANAGEMENT. Central Queensland University. November 2006. BDO Kendalls’ Role – 2002/3. Guidance to the University in establishing Risk Management Policy and Process Framework Deliver training to key management groups Facilitate process implementation workshops

Download Presentation

RISK MANAGEMENT

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Risk management

RISK MANAGEMENT

Central Queensland University

November 2006


Bdo kendalls role 2002 3

BDO Kendalls’ Role – 2002/3

  • Guidance to the University in establishing Risk Management Policy and Process Framework

  • Deliver training to key management groups

  • Facilitate process implementation workshops

  • Provide feedback, information and outcomes to Risk Management Committee

  • Management own the process and its key elements

  • Key decision making remains with the University


Why risk management

Why Risk Management?

  • CQU is committed to a comprehensive and systematic approach to effective management of potential opportunities and adverse threats

  • Risk management is a key element in improving CQU’s business and services to assist in achieving its objectives

  • CQU aims to achieve best practice in controlling risks which may impact its business


Why risk management statutory requirements

Why Risk Management? Statutory Requirements

  • Financial Management Standard

    “The University must protect itself from unacceptable costs or losses associated with its operations.”

  • Workplace Health & Safety Act 1995

    Imposes obligations on people at workplace to ensure work place health and safety

  • AUQA

  • Common Law

    Duty of Care


What is risk

What is Risk?

The exposure to the possibility of something happening that will have an impact of the University’s organisational objectives

  • Objectives: Financial and Non Financial


Elements of risk

Elements of Risk

Risk arises out of uncertainty and has two elements:

  • Frequency / likelihood of something happening

  • Severity / impact of the consequences arising from the event.


Risk management is

Culture and process

Systematic application of management policies, procedures and practices

Effective management of opportunities and threats

Establishing context

Identifying

Analysing

Assessing

Treating

Monitoring

Communicating

Risk Management Is …


Risk management is not

Risk Management is Not …

  • Just accounting controls

  • Another name for insurance

  • About creating risk averse management

  • A label to hide inadequate analysis when something goes wrong

  • A green light for careless enthusiasm

  • An opening for ‘risky management”


Risk management objectives

Risk Management Objectives

  • Structured basis for strategic planning

  • Enhance governance and corporate management processes

  • Discharge statutory responsibilities

  • Practical framework for decision making

  • Protect unacceptable costs/losses

  • Minimise missed opportunities

  • Safeguard assets (including people)


University s rm objectives

University’s RM Objectives

  • Implement RM across all areas of the University in accordance with best practice guidelines

  • Integrate RM into the management culture of the University

  • Foster an environment where staff assume responsibility for managing risk


The process to date

The Process to Date …

  • CQU Risk Management Policy promulgated

  • Risk Management Committee and Terms of Reference Established

  • Workshop to identify Key Risk Categories

  • Policy Framework and Guidelines established

  • Templates:

    - Risk Mgt Standards- Risk Records

    - Risk Treatment Plans- Risk Register

    6.Pilot Launch – Health Safety and Security Key Risk Category


The process to date1

The Process to Date …

  • CQU Risk Management Workshops conducted, identifying risks and treatment plans

  • Risk Management Committee and Terms of Reference Established as sub-committee of Audit Committee

  • Significant change and restructure

  • AUQA Audit and Report

  • Risk Management Committee rolled into Audit Committee

  • Risk Management Software acquired

  • Re-launch of Risk Management to Senior Management


Key risk categories

Key Risk Categories

  • Corporate Governance & Compliance

  • Financial and Commercial

  • Operations

  • Student

  • Health, Safety & Security

  • Human Resources

  • Data & Information Technology

  • Reputation

  • Asset Maintenance

  • Environmental


Risk management process

Risk Management Process

AS/NZ 4360

(Refer Frame 1)


Establishing context framework

Internal and external decision makers

Individuals directly and indirectly affected by decisions, actions and inactions

Unions, staff groups

Community groups

Statutory regulators (health, safety, environmental etc)

Politicians (all levels of govt) with electoral or portfolio interest

Non government groups

Users and suppliers of services and facilities

Establishing Context & Framework

  • Identify Internal and External Stakeholders


Establishing context framework1

Establishing Context & Framework

  • Purpose of stakeholder analysis is to provide decision makers with a documented profile of stakeholders to better understand needs, issues and responsibilities

  • Framework and Stakeholder Mix subject to constant change

  • Consultation and review process must be continuous and recurrent in the Risk Management process


Identifying risks

Identifying Risks

  • Aim to identify risks to be managed

  • Comprehensive identification critical

  • Potential risk not identified at this stage is excluded from further analysis

  • Identification should include all risks whether or not they are under the University’s control


Identifying risks1

Audits & physical inspections

Brainstorming

Decision trees

Examination of local or oversees experience

Expert judgment

History, incident reports

Interview, focus group discussions

Scenario analysis

SWOT analysis

Surveys, questionnaires etc…

Identifying Risks

Possible Methods of Identifying Key Risks


Identifying risks2

Commercial relationships

Legal relationships

Custody

Management activities and controls

Natural events

Political/legal

Occupational health and safety

Personnel/human behaviour

Property/facilities

Public liability

Security

Socio-economic

Etc …

Identifying Risks

Possible Sources of Risk


Identifying risks3

Identifying Risks

Documentation of this step

  • For a small process this step may be documented by a simple tabulation

  • More detailed documentation may be required for larger processes

  • List each risk and classify

  • Eg functional groups, exposure profiles etc


Analysing risks

Analysing Risks

CONSQUENCES AND LIKELIHOOD

  • The magnitude of consequencesof an event, should it occur, and the likelihood of the event and the associated consequences, are assessed in the context of no existing controls

  • Consequences and likelihood are combined to produce a level of risk


Analyse likelihood considering

How often situation occurs

How many operations/people exposed

Skills/experience of people exposed

Special characteristics of people exposed

Duration of exposure

Proximity of hazard to people exposed

Distractions

Quantity of materials or multiple exposure points involved

Environmental conditions

Condition of facilities, equipment

Effectiveness of existing control measures

Analyse LIKELIHOOD considering:


Analysing risks1

Analysing Risks

Analyse EXISTING CONTROLS considering:

  • Do controls represent good practice?

  • Are controls minimising exposure to risks?

  • Do stakeholders know about controls?

  • Are there adequate systems and procedures in place to support controls?

  • Is there adequate training/supervision in relations to controls?

  • Is there adequate maintenance of controls?

  • How easy is to to use, or work with, controls?


Analysing risks2

Potential for “chain reaction”

Concentration of risk exposures

Direct/indirect financial impact

Fines, penalties, rectification costs

Other regulatory impact

Business interruption

Position of stakeholders relative to exposure

Human impact

Analysing Risks

Analyse CONSEQEUENCE considering:


Analysing risks3

Analysing Risks

TOOLS FOR ANALYSIS

Qualitative Methods Used:

  • Where level of risk does not justify time and resources for numerical or detailed scientific analysis

  • For initial screening of risks

  • Where Numerical data inadequate

  • Valuable when analysis shared across range of people, backgrounds & interests


Analysing risks4

Analysing Risks

TOOLS FOR ANALYSIS

Semi-Qualitative MethodsAllocates a qualitative word ranking to likelihood (eg Almost Certain – Rare) high, medium or low and consequence (eg Extreme – Insignificant)

  • Rankings are shown against a word scale for ranking the level of risk (eg V.High – V.Low)

  • Avoid overcomplicating analysis. Relatively straightforward methods can be effective

  • Method, rationale and results should be documented


Evaluating and ranking risks

Evaluating and Ranking Risks

  • Risk evaluation involves comparing the level of risk determined during analysis with previously established criteria

  • Decides whether risks are acceptable or unacceptable

  • Output of risk evaluation is a prioritised list of risks for further action (ranking)


Evaluating ranking risks

Consider:

Degree of control over risk

Cost impact, benefits and opportunities presented by risk

Significance of risk & importance of policy, program, process or activity

Risk may be accepted if consequence & likelihood is consistent with established criteria

Acceptance may follow risk reduction measures

Regularly review and monitor for changing circumstances

Process and rationale should be documented

Evaluating & Ranking Risks

Acceptable and Unacceptable Risk


Evaluating ranking risks1

Evaluating & Ranking Risks

Reasons a risk may be accepted:

  • Level of risk so low that specific treatment not appropriate within available resources

  • Cost of treatment is so excessive compared to benefit that acceptance is only option

  • Opportunities presented outweigh threats to such a degree that risk is justified

  • No treatment is available


Evaluating ranking risks2

Evaluating & Ranking Risks

Unacceptable risks:

  • Risks not considered acceptable are those which will be treated in some way

  • These are prioritised for subsequent management action as a component of the management’s and the University’s Risk Actions Plans and Risk Register


Risk treatment

Risk Treatment

Risk Treatment involves

  • Identifying and considering the range of Optionsfor Treatment

  • Assessing those options

  • Preparing Risk Treatment Plans

  • Implementing Risk Treatment Plans


Risk treatment1

Risk Treatment

OPTIONS to Manage the Risk

  • ELIMINATE the risk

  • TRANSFER the risk

  • PREVENT or MINIMISE the consequences and/or likelihood of the risk

    • Substitution

    • Redesign

    • Isolation

  • RETAIN the risk - when exposure is not or cannot be minimised by other means:

    • Eg Administrative controls

    • Eg Personal protection

      (Refer Frame 4 – Risk Treatment Process)


Risk treatment2

Risk Treatment

Preparing Risk Treatment Plans

  • Plans document how chosen options will be implemented

  • Plans identify:

    • Responsibilities

    • Schedules

    • Expected outcome of treatments

    • Budgeting,

    • Performance measures

    • Review, assessment and monitoring processes


Risk treatment3

Risk Treatment

Implementing Risk Treatment Plans

  • Developing Standards and Procedures

  • Communicating

  • Training and instruction

  • Supervision

  • Maintenance


Risk treatment4

Risk Treatment

Monitoring and Reviewing Risk Treatment

  • Chosen controls have been implemented as planned:

    • Are chosen control in place?

    • Are controls being used?

    • Are controls used correctly?

  • Control controls are working:

    • Have changes made to control exposure resulted in planned outcome?

    • Has exposure to risk been diminished or adequately reduced?

  • Are they any new problems?

    • Have implemented control measures resulted in introduction of new problems?

    • Have implemented control measures resulted in worsening of existing problems?


Documentation

Documentation

  • Each stage of the Risk Management Process should be documented:

    • Demonstrate the process

    • Evidence of systematic process

    • Record to develop risk database

    • Provide decision makers with RM plan for approval and implementation

    • Accountability mechanism and tool

    • Facilitate continuing monitoring and review

    • Provide audit trail

    • Share and communicate information


Documentation1

Documentation

  • Risk Register

  • Risk Management Standards for Specific Risk Category


Responsibility

Responsibility

  • For RM to be effective it must be implemented by every person within the organisation

    • Council, VC, DVC,

    • Directors, Deans, HODS,

    • Line Management,

    • Staff, Students and 3rd Parties

  • RM is not just the responsibility of management

  • RM must become and integral part of the University’s culture


Managing risk

Managing Risk

  • Managing risk means forward thinking

  • Managing risk means responsible thinking

  • Managing risk means balanced thinking

  • RM provides a framework to facilitate more effective decision making

  • RM is all about maximising opportunity by managing risk


Contact

Contact

Daniel Nolan

Acting Internal Audit Manager

Extension 6932


  • Login