Chairman
ISO Working Group - Risk Management Terminology
Member
Standards Australia / Standards New Zealand
Joint Technical Committee OB/7 - Risk Management
E-mail: kknight@bigpond.net.au
THE CHANGING APPROACH
TO MANAGEMENT
C 1. Strategic Ct M
O O
M N
M I
U 2. Identify Threats T
N O
I R
C
A A 3. Analyze &
T S 4. Assess
E S R
E 5. Assess/ E
S V
C S I
O E
N W
S 7. Manage the Risk
U
L
T
Opportunities Risks
KEY CHALLENGES TO
IMPLEMENTING RISK MANAGEMENT
Risk measurement
The need for organisation specific scales to
estimate how often specified events may
occur and the magnitude of their
consequences.
The transition of measurement from
qualitative perspectives to quantitative
approximations.
KEY CHALLENGES TO
IMPLEMENTING RISK MANAGEMENT
Link to corporate strategy
The need for tailored integration with
business strategy.
Managing risk is a way of confidently taking
the right risks and then managing the
outcomes for success.
Organisational strategic goals are set for
all the right reasons, but generally not
connected to operational capabilities.
CHANGING TO A CULTURE OF
MANAGING STRATEGIC AS
WELL AS OPERATIONAL RISKS
Risk: Chance, unpredictability, opportunity.
Managed by: Predicting, analysing, caring, preparing,
preventing,
Understood through: Communicating
Leading to:
Business Business
Objectives Processes
Corporate Corporate
Risks Risks
KEY CHALLENGES TO
IMPLEMENTING RISK MANAGEMENT
Opportunities Risks
STRATEGIC PLANNING
Future State/ End Vision
SWOT, Opportunities and Risks
Strategy & Tactics
Planning
Review Execution/
Processes
& Change Integration
Implement and
monitor treatment
actions
Sep May
Determine risk
Budget and
treatment actions
business
planning
AN INTEGRATED MANAGEMENT SYSTEM TO ENSURE
PROGRESS IN STRATEGY IMPLEMENTATION
Business Strategies/Plans
Underpinned by:
AS/NZS ISO 14000: Environmental
Review management
AS/NZS ISO 9000: Quality management
Effectiveness AS/NZS 4360: Risk management
AS 4390: Records management
Board Review AS 3806: Compliance program
Management Review
AS 4269: Complaint handling
Action
Individual Team performance Change management
(review & reward) Continuous
External audit improvement
Risk management Service development
Systems development
Risk management
Measurement Implementation
Audit People; Information Technology;
Client feedback Process & Infrastructure;
Benchmarking Policies & Procedures;
Management information Change & Project management;
Risk management Risk management
KEY CHALLENGES TO
IMPLEMENTING RISK MANAGEMENT
Adding value
The need to establish processes to link
strategic risk management with value
creation/competitive advantage.
These outcomes need not be financial, but
must be agreed.
If you do not know where you are going,
any road will take you there.
Evaluate & Prioritise Risks
SEVERITY/IMPACT/CONSEQUENCES
Almost Certain
F
Reduce Likelihood Avoid R
Risks E
Q
Likely U
Reduce E
N
C
Y
Moderate /
L
I
Unlikely
K
E
Acceptable L
or Reduce Consequences I
Tolerable H
Rare Level of Risk O
O
D
0 Insignificant Minor Major Critical Extrem
e
EVALUATE & PRIORITISE RISKS
SEVERITY/IMPACT/CONSEQUENCES
Certain 1
F
Reduce Likelihood Avoid
Risks R
E
Almost certain Q
U
E
Reduce N
Likely C
Y
/
L
I
Possible
K
Tolerable Level E
of Risk L
Reduce Consequences I
Unlikely H
O
O
D
Not Possible
0 $1,000 $100,000 $1m $100m
Mild Severe Disastrous Total
Moderate
EVALUATE & PRIORITISE RISKS
SEVERITY/IMPACT/CONSEQUENCES
Certain 1
F
Reduce Likelihood Avoid
Risks R
E
Almost certain Q
Reduce U
E
N
Likely C
Y
/
L
I
Possible
K
E
L
Reduce Consequences
I
Unlikely Tolerable H
Level of O
Risk O
D
Not Possible
0 $1,000 $100,000 $1m $100m
Mild Severe Disastrous Total
Moderate
LEVEL OF RISK (RISK VALUE)
}SATISFACTORY
MOST COST
EFFECTIVE
}
ACCEPTED PRACTICE
BEST ACHIEVABLE
}
}
ABSOLUTE
}
MINIMUM
R
As
I Reasonabl
S Tolerable if cost of reduction
K y would exceed the
improvements
Practicable gained
Necessary to maintain
Broadly acceptable region assurance
that the risk remains at this
level
KEY CHALLENGES TO
IMPLEMENTING RISK MANAGEMENT
Common risk language
The need for consistent points of
reference for communications and
reporting, and for the application of risk
management methods.
We all manage risk consciously or
unconsciously - but rarely systematically.
KEY CHALLENGES TO
IMPLEMENTING RISK MANAGEMENT
Management buy-in
Reducing resistance to change; buy-in
from operations will facilitate acceptance
of responsibilities and proactive
participation.
STR ITICA
PO
GE E &
2 Insurable risks
AT E L
L
2
A N AL
CH MOR :
LE
CU Disaster risks & incidents
3
GIC
S
S& OP
QU TO (BCP)
A L ME
OH PE
3 4 Policies & strategies for mana
R,
IT R
Y UR
risks
T
R UC
LE G S T
AL R RA E
ISKS 4 IN F
& S
T
SE
AS
NC E INFO FRAFRA
LIA F UDUD
P
CO
M
S T R IN A
IN N
VE E AS CE
RMA NTERR
SK
RI
ON
ST U &
R U SS
CT M RY
TION
P TI
EN :
I
JE
INT USINE
O TS
PR
SYS TION
ER
B
UP
TEM
S
Board of Directors
Approves policy
Approves risk limits
Approves risk tolerance
Provides oversight
Executive
Management
Line Managers Establishes policy
Identify risk Establishes risk limits
Propose risk limits Establishes risk tolerances
Control Reports to Board
Report Enforces
RISK MANAGEMENT POLICY
Risk Management Processes
The policy will be implemented by each business unit:
Maintaining documented business risk profiles using
analytical techniques to identify, evaluate, and manage
risks in compliance with AS/NZS 4360.
Communication of risk management issues, where
appropriate, to all relevant stakeholders.
C 1. Strategic Ct M
O O
M N
M 2. Identify Threats I
U T
N O
I R
C A 3. Analyze
A
T
S
S
E
4. Assess
5. Assess/
&
The culture, processes and structures which
E R
S
S
E
V are directed towards the effective management of
C I
O
N
7. Manage the Risk E
W potential opportunities and adverse effects.
S
U
L
T
Processes
RISK MANAGEMENT POLICY
Risk Management Structure & Responsibility
The Board approves the corporate risk management policy
and strategy.
The Board Risk Management Committee reviews the
effectiveness of the policy.
All managers and staff are responsible for managing risk.
The Risk Management Champion is responsible for
facilitating the risk management program and reporting to
the Board Risk Management Committee.
The culture, processes and structures which
are directed towards the effective management of
potential opportunities and adverse effects.
Structure Direction
KEY CHALLENGES TO
IMPLEMENTING RISK MANAGEMENT
SURVIVAL IS NOT
COMPULSORY
Rather than have the carpet
pulled out from under you
Visit
www.riskbusiness.com
to learn how to dance on a
moving surface.
The greatest risk of
all
is to take no risk at
all!
A journey . A race In pursuit of performance Building Value
The End
C 1. Strategic Ct M
O O
M N
M I
U 2. Identify Threats T
N O
I R
C
A 3. Analyze
A &
S 4. Assess
T
S
E R
E 5. Assess/ E
S
V
S
C I
O E
N
S
7. Manage the Risk
W
Opportunities Risks
U
L
T