Risk Management MGMT15 BSBRSK501A
Element and Performance Criteria 1. Establish Risk Context 1.1 Review organisational process, procedures and requirements for undertaking risk management 1.2 Determine scope for risk management process 1.3 Identify internal and external stakeholders and their issues 1.4 Review political, economic, social, legal, technological and policy context 1.5 Review strengths and weakness of existing arrangements 1.6 Document critical success factors, goals or objectives for area including in scope
Element and Performance Criteria 1.7 Obtain support for risk management activities 1.8 Communicate with relevant parties about the risk management and invite participation
Element and Performance Criteria 2. Identify Risk 2.1 Invite relevant parties to assist in the identification of risks 2.2 Research risks that may apply to scope 2.3 Use the tools and techniques to generate a list of risks that apply to the scope, in consultation with relevant parties
Element and Performance Criteria 3. Analyse Risks 3.1 Review organisational process, procedures and requirements for undertaking risk management 3.2 Determine scope for risk management process 3.3 Identify internal and external stakeholders and their issues 3.4 Review political, economic, social, legal, technological and policy context 3.5 Review strengths and weakness of existing arrangements 3.6 Document critical success factors, goals or objectives for area including in scope
Element and Performance Criteria 4. Select and Implement Treatments 4.1 Determine and select most appropriate options for treating risks 4.2 Develop an action plan for implementing risk treatment 4.3 Communicate risk management process to relevant parties 4.4 Ensure all documentation is in order and appropriately stored 4.5 Implement and monitor action plan 4.6 Evaluate risk management process
Establish Risk Context Defining Risk • Risk ‘The chance of something happening that will have an impact on objectives’ (Australian Standard(AS/NZS4360:2004) • Risk Management ‘The guiding principles an organisation uses in relation to its management of risk and the detail of how these principles will operate in practice’
Establish Risk Context • Risk management processes allow organisations to identify potential risks situations, analyse the dimensions of the risk and assess the organisation’s capacity to cope with and manage that risk • In order to ‘survive’ it is necessary to strike an appropriate balance between the amount of risk taken and the amount of the return expected. ‘not too lax not too cautious!’
Establish Risk Context • The first step in establishing the risk context is to critically examine those elements of the risk management process that are already in place. In some smaller organisations, formal risk management procedures, processes and requirements may not be in place. In this situation it will be necessary to consult with management to gain understanding of the current risk management processes. • A good risk management plan provides clear guidance on how various parts of the organisation can identify and manage risks they face and those that might impact on the whole organisation.
Five stages There are five stages in the disciplined and interactive process in manage risk: Stage 1 Investigate and Identify the risk Stage 2 Assess the risk Stage 3 Analyse the risk Stage 4 Management strategies Stage 5 Monitor
Determine Scope for Risk Management Process The scope of risk management is concerned with what is included in the strategy and the extent to which is it addressed. The scope of a risk management strategy is entirely reflective of the organisation, its activities the risk profile. It can also be indicative of the following: • Past history • Knowledge and/or experience of risk management held by senior management • Available resources • External environmental factors
Identify Internal and External Stakeholders • The process of identifying stakeholders recognises the important of taking into consideration the needs, objectives and influences of both internal and external parties and how these factors might impact upon risk management processes.
stakeholders Internal Stakeholders such as: • Workers • Owners • Shareholders • Reference groups External Stakeholders such as: • Government • Community members • Customers and suppliers • Customers • The media • Suppliers
Examining the Issues of Internal Stakeholders The types of things to consider when examining the issues of internal stakeholders include: • Cultural aspects of organisations • Power structures in organisations • Change processes within organisations
Review Political, Economic, Social, Legal, Technological and Policy Context When establishing the risk management context it is essential to gain an understanding of the environment in which the organisation operates. During this stage you would typically identify any political, economic, social, legal, technological and policy issues that may have an impact on the risk management process.
Review Political, Economic, Social, Legal, Technological and Policy Context
Review Strengths and Weakness of Existing Arrangements • Part of the process of reviewing existing processes, procedures and requirements for risk management is to evaluate the strengths and weaknesses of existing arrangements. During this stage the aim is to identify any aspects that need modified and those that can be extended or consolidated to assist future operations.
SWOT Analysis • A SWOT analysis is a tool that helps organisations to focus on strengths, minimise weaknesses, take advantage of opportunities and reduce the threats that face their business. • It is an ideal tool to use when analysing the existing risk identification and management strategy of an organisation.
SWOT Analysis Capabilities Goals & Objectives Competitors Environment
SWOT Analysis Strengths: • What advantages do you have? • What do you do well? • What relevant resources do you have access to? • What do people see as your strengths
SWOT Analysis Weakness: • What could you improve? • What do you do badly? • What should you avoid?
SWOT Analysis Opportunities: • Where are there good opportunities facing you? • Are there any interesting trends you have noticed e.g. Changes in technology?
SWOT Analysis Threats: • What obstacles do you face? • What is your competition doing? • Is changing technology threatening your position? • Do you have bad debt or cash flow problems?
STEEP Analysis • Social / Cultural Landscape • Technological Landscape • Ecological (or natural) environment • Economic / Fiscal Landscape • Political / Regulatory / Legal Landscape
Cultural Environment • The cultural environment is made up of institutions and other forces that affect society’s basic values, perceptions, preferences, and behaviours. People grow up in a particular society that shapes their basic beliefs and values. They absorb a world view that defines their relationships to themselves and others. The following cultural characteristics can affect marketing decisions.
Demographic and Economic Environments • Demographic • Changing age structure of population • Changing household • Geographic shift in population • Better educated and more white-collar population • Increased ethnic diversity • Social • Changes in income • Changing consumer spending patterns
Demographic Environment Growing Ethnic Diversity Age Structures Key Demographic Trends Education Changing Family Structure Geographic Shifts
Fast Pace of Change High R & D Budgets Issues in the Technological Environment Focus on Minor Improvements Increased Regulation
Ecological (or natural) environment Shortage of Raw Materials Key Areas of Concern in the Natural Environment Government Intervention Energy Costs Increased Pollution
Economic / Fiscal Landscape Economic Development Changes in Income Key Economic Concerns for Marketers Changes in Consumer Spending Patterns
Document Critical Success Factors, Goals for Area Included in Scope • An important element in the risk management process is to clearly identify ‘what will be deemed as success’. This means for each part of the risk management scope there should be a clearly documented set of goals, objectives and performance indicators.
Obtain Support For Risk Management Activities A successful approach to risk management involves obtaining the support of senior management. • Encouraging the active and on going support of organisation’s management team • Encouraging the appointment of a senior manager to lead risk management initiatives • Involving senior management in the development of risk management policies and procedures • Encourage an organisational culture that supports a planned and open approach to risk management • Including management in the team responsible for communicating risk management policies
Activity Identify the organisation or business you work for or that you are closely associated with. 1. What message does management conveys in regards to risk management? 2. How would you go about obtaining their support for risk management activities?
Communicate with Relevant Parties and Invite Participations Effective Communication is a key component of gaining support for risk management activities It is important to convey the risk management process clearly to staff and other relevant stakeholders and reinforce a responsible culture of risk management that includes planning, management and regular review.
Communicate with Relevant Parties and Invite Participations Target audiences • Executive team • Risk management committee • Risk management coordinator • Shareholders • Customers • Suppliers
Communicate with Relevant Parties and Invite Participations Key messages are the heart of the communications. Each target audience requires a key message `with the emphasis on: • What is risk management and the organisation’s approach? • How is it being implemented and what do I need to do? • What are the benefits and what is my role in its implementation? • How can I actively participate to ensure successful implementation?
Methods to engage relevant parties in the risk management process Methods to engage relevant parties in the risk management process might include: • Working groups or sub-committees • Including risk management as an agenda item at meetings • Giving presentations at community forums or management meetings • Inviting the public to provide submissions
Actively Encourage Contributions In order to create an environment that will encourage suggestions you should • Establish and maintain open and honest communication • Actively listen to each suggestion • Encourage informal discussion • Of continual improvement • Clearly and constantly communicate the organisation’s mission, aims and objectives • Establish a formal mechanism for consultation/submitting ideas
Invite Relevant Parties to Assist in the identification of Risks Internal Staff Many organisations choose to conduct their risk identifications as an in-house process. That is they use existing staff to assist in the identification of risks. This will ensure risks are identified effectively, different areas of expertise are brought together and different views are appropriately considered in identifying risks.
Invite Relevant Parties to Assist in the identification of Risks There are a number of techniques that can be used to effectively solicit input from stakeholder groups about the risks that they have identified. • Brain storming • Suggestion box • Project meetings • Customer feedback forms • One-to-one discussions / interviews
Invite Relevant Parties to Assist in the identification of Risks External Experts At times the organisation will use external experts such as consultants, auditors and trainers to advise on risk. Advantages of using external experts • A consultant provides knowledge or skills that the organisation does not have in-house • The consultant works provides a neutral perspective that can be used to manage discussion and debate without any bias or favour
Invite Relevant Parties to Assist in the identification of Risks External Experts With all benefits there are costs and the organisation must be sure that they they will obtain a good return on their investment in using a risk consultant.
Research Risk that May Apply to Scope Researching risks involves identifying what could happen and how and why it could happen. At this stage it is necessary to examine all possible sources of risk.
Research Risk that May Apply to Scope Sources of Risk Most businesses use generic risk categories such as legal, financial or natural events. A generic list of the sources of risk might include: • Commercial and legal relationships • Economic circumstances • Human behaviour • Natural events • Political • Technology and technical issues • Management activities and controls • Individual activities
Research Risk that May Apply to Scope The method of research include: • Market research • Data or statistical information • Public consultation • Lesson learned from other activities • Review of other information sources
Use Tools and Techniques to Generate a List of Risks that Apply to the Scope, in consultation with Relevant Parties Techniques that can be used to identify risks include: • Checklist • Judgments based on experience and records • Flow charts • Brainstorming • System analysis • Scenario analysis • System engineering techniques