general risk management - delta univ · 2016. 3. 14. · •the time frame of the policy should be...
TRANSCRIPT
![Page 1: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/1.jpg)
General Risk Management
Dr. Hesham R. Lotfy
Faculty of Engineering
![Page 2: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/2.jpg)
Course outline
Introduction to risk concepts
Different types of risk
Risk estimation
Risk analysis
Remedy and proactive policies
Dr. Hesham R. Lotfy
![Page 3: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/3.jpg)
محتوى المقرر
.مقدمة عن مفهوم وإدارة المخاطر
.أنواع المخاطر
.تحليل المخاطر
.تقييم المخاطر
.خطوات إدارة المخاطر
Dr. Hesham R. Lotfy
![Page 4: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/4.jpg)
Learning Objectives
Upon completion of this course, you should be able
to:
– Understand and study the objectives of an
organization.
– Identify different risks that may hinder reaching
the objectives.
– Identify the risk categories.
Dr. Hesham R. Lotfy
![Page 5: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/5.jpg)
– Select from the risk mitigation strategy options to
control risk.
– Set a risk control management plan.
– Evaluate risk controls, and formulate a cost
benefit analysis.
– Maintain risk controls.
– Understand the approach to managing risk.
Dr. Hesham R. Lotfy
![Page 6: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/6.jpg)
األهداف المرجوة من دراسة المقرر
:ا المقرر يجب أن تكون قادرا عليذفي نهاية ه
. أهداف المؤسسةدراسة وفهم *
تحديد المخاطر المختلفة التي يمكن أن تحول دون*
وصول المؤسسة ألهدافها.
.تصنيف المخاطر*
Dr. Hesham R. Lotfy
![Page 7: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/7.jpg)
النظر في إستراتيجيات معالجة المخاطر الختيار العناصر*
. لمناسبة للتحكم في وعالج المخاطرا
. نقوم بإعداد خطة إدارة مخاطر خاصة بالمؤسسةلكذبعد *
. نقوم بتقييم الخطة ونعد دراسة جدوى اقتصادية للخطة*
. ا ثبت جدواهاذإندعم الخطة ونحافظ عليها *
. نوجد فهم عام ألسلوب مواجهة المخاطر بالمؤسسة*
Dr. Hesham R. Lotfy
![Page 8: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/8.jpg)
•Since time immemorial, human beings have tried to
manage risks faced in their day to day life.
•Keeping inflammable material away from fire,
saving for possible future needs are all examples of
an attempt at managing risk.
INTRODUCTION
![Page 9: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/9.jpg)
A risk is ANYTHING that may affect
the achievement of an organization’s
objectives.
Risk is the possibility of the actual
outcome being adverse compared to
expected outcome.
Definitions
Dr. Hesham R. Lotfy
![Page 10: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/10.jpg)
It is the expression of the likelihood
and impact of an event with the
potential to influence the achievement
of an organization’s objectives.
Dr. Hesham R. Lotfy
![Page 11: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/11.jpg)
المخاطر
احتمالبينربطعنعبارةهيالمخاطر,حدوثهعلىالمترتبةواآلثارحدثوقوعدونيحولأنعليالقدرةالحدثولهذا
.ألهدافهاالمؤسسةوصول
Dr. Hesham R. Lotfy
![Page 12: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/12.jpg)
Threats and opportunities
Threat – a risk that may HINDER the
achievement of objectives.
Opportunities - a risk that may HELP in the
achievement of objectives.
Dr. Hesham R. Lotfy
![Page 13: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/13.jpg)
بالجوانبارتباطهاأساسعلىالمخاطرإدارةإلىاإلشارةيتمبعينالمعياريأخذولذلكللخطر,والسلبيةاإليجابية
.واإليجابيالسلبيالجانبينحيثمنالمخاطراالعتبار
فياألخذيتمأنهعامةبصفةيالحظالسالمة,مجالفيخطرإدارةتركزلذلكفقط,سلبيةالنتائجأناالعتبار
.الضرروتخفيضمنععلىالسالمة
Dr. Hesham R. Lotfy
![Page 14: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/14.jpg)
The only alternative to risk management is crisis
management --- and crisis management is much more
expensive, time consuming and embarrassing.
JAMES LAM, Enterprise Risk Management, Wiley Finance © 2003
Without good risk management practices, government
cannot manage its resources effectively. Risk
management means more than preparing for the
worst; it also means taking advantage of opportunities
to improve services or lower costs.Sheila Fraser, Auditor General of Canada
Why do we need Risk Management?
![Page 15: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/15.jpg)
Why bother with RM?
Increase risk awareness – What could
affect the achievement of objectives?
What could go wrong?
إدارة المخاطر تزيد من الوعي العام بالمخاطر وتحفز التفكير
.فيما قد يحدث ويحول دون تحقيق األهداف
Dr. Hesham R. Lotfy
![Page 16: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/16.jpg)
Promote a “healthy” risk culture (It’s
safe to talk about risk, open and
transparent).
تشجع علي وجود مناخ صحي يتيح الحديث عن المخاطر *
.بشفافية
Why bother with RM?
Dr. Hesham R. Lotfy
![Page 17: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/17.jpg)
Develop a common and consistent
approach to risk across the
organization.
.تنشئ إسلوب موحد للتعامل مع المخاطر بالمؤسسة*
Why bother with RM?
Dr. Hesham R. Lotfy
![Page 18: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/18.jpg)
Is proactive action not a reaction –
Prepare for risks before they happen.
Identify risks and develop appropriate
risk mitigating strategies.
تجهز لمنع أو , إدارة المخاطر هي خطة إستباقية*
.للتعامل مع المخاطر حال حدوثها
Why bother with RM?
Dr. Hesham R. Lotfy
![Page 19: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/19.jpg)
Improve outcomes – achievement of objectives.
Enables accountability, transparency and
responsibility.
And maybe even mean survival.
Why bother with RM?
Dr. Hesham R. Lotfy
![Page 20: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/20.jpg)
تساعدفهي.األهدافتحقيقمنتمكنالمخاطرإدارة*
لكلالمحتملةوالسلبيةاإليجابيةالجوانبفهمعلي
احتمالمنفتزيدالمنظمة,عليتؤثرقدالتيالمخاطر
منالتأكدوعدمالفشلاحتمالمنكالوتخفضالنجاح
. للمؤسسةالعامةاألهدافتحقيق
Dr. Hesham R. Lotfy
![Page 21: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/21.jpg)
إدارة المخاطر تساعد علي األعتماد علي النفس و الشفافية*
.وتحمل المسؤلية بالمؤسسة
.إدارة المخاطر تنقذ أرواح في كثير من األحيان*
Dr. Hesham R. Lotfy
![Page 22: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/22.jpg)
Definition of ERM
“ERM is a process, effected by an organization's
management and other personnel, applied in
strategy setting and across the enterprise,
designed to identify potential events that may
affect the organization, and manage risks to be
within its risk appetite, to provide reasonable
assurance regarding the achievement of entity’s
objectives.”
Dr. Hesham R. Lotfy
![Page 23: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/23.jpg)
هي عملية تفعل عن طريق مجلس إدارة المؤسسة وتكون مهمتها هي التعرف المنظمة جزء أساسي في إستراتيجية
اإلجراءات التيعلي األحداث التي قد تؤدي لمخاطر وتحدد بشكل منتظم لمواجهة األخطار ةتتبعها المنظميجب أن
المصاحبة ألنشطتها, بهدف تحقيق المزايا المستدامة من كل .األنشطة
التركيز األساسي إلدارة المخاطر الجيدة هو التعرف على .ومعالجة األخطار التي قد تواجه المؤسسة
خطة إدارة مخاطر المؤسسات
Dr. Hesham R. Lotfy
![Page 24: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/24.jpg)
علىمحصورةوسيلةليستالمخاطرإدارةأيضا ولكنهافقط,العامةوالمنظماتالمؤسسات
لكلووالصغيرةالكبيرةالخاصةالمؤسساتلكلدللفوائالنظرويجب.األمدوقصيرةطويلةاألنشطةبأطرافعالقتهافيالمخاطرإدارةمنوالفرصهاعالقتفيفقطوليسالمتأثرةالمختلفةالمصالح
.المنظمةبنشاط
Dr. Hesham R. Lotfy
![Page 25: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/25.jpg)
Slide 25
Categorizing Risk
1. Political or Reputational Risk
2. Financial Risk
3. Operational Risk
4. People / HR Risk
5. Knowledge Risk
6. Environmental Risk
7. Stakeholder Satisfaction / Public Perception Risk
8. Legal / Compliance Risk
9. Technology Risk
10. Security Risk
Dr. Hesham R. Lotfy
![Page 26: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/26.jpg)
منظمةأيتواجهالتيالمخاطرتنتجأنيمكنويمكن.وداخليةخارجيةعواملمنوأنشطتهاسياسيةمثلاألخطارمنأنواعإلىأكثرتقسيمها
,عاملون,تشغيلية,مالية,إستراتيجية,,أمنية,تكنولوجية,,قانونيةبيئية,معلوماتية
.الخ...سالمة
Dr. Hesham R. Lotfy
![Page 27: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/27.jpg)
Slide 27
Residual Risk
Residual risk is the level of risk afterevaluating the effectiveness of controls.
Acceptance or action should be based onresidual risk levels.
ATTACHED
Dr. Hesham R. Lotfy
![Page 28: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/28.jpg)
المخاطر المتبقية
المخاطر المتبقية هي المخاطر التي مازالت باقية بعد*
تطبيق خطة التحكم بالمخاطر بالمؤسسة.
قبول المخاطر المتبقية أو إتخاذ إجراءات تحكم *
.يةإضافية يعتمد علي حجم ومدي تأثيرالمخاطر المتبق
Dr. Hesham R. Lotfy
![Page 29: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/29.jpg)
Risk Prioritization – likelihood and impact
Likelihood of a risk event occurring
Very High: Is almost certain to occur
High: Is likely to occur
Medium: Is as likely as not to occur
Low: May occur occasionally
Very Low: Unlikely to occur
Risk Impact: Level of damage that can occur when a risk event occurs
Very High: Threatens the success of the project
High: Substantial impact on time, cost or quality
Medium: Notable impact on time, cost or quality
Low: Minor impact on time, cost or quality
Very Low: Negligible impact
![Page 30: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/30.jpg)
تقدير المخاطر
يمكن تقدير المخاطر بأسلوب كمي ونوعي من
:حيث احتمال التحقق والنتائج المحتملة
االحتماالت قد تكون مرتفعة جدا أو مرتفعة أو *
.متوسطة أو منخفضة أو منخفضة جدا
ا النتائج من حيث التهديدات قد تكون مرتفعة جد*
أو مرتفعة أو متوسطة أو منخفضة أو منخفضة
.جداDr. Hesham R. Lotfy
![Page 31: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/31.jpg)
Third dimension for rating risks - proximity
Immediate – now
Less than 6 months
Between 6-12 months
Between 12 – 24 months
Between 24 – 36 months
More than 36 months
![Page 32: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/32.jpg)
البعد الثالث في تقييم المخاطر هو مدي قربها الزمنى
في الحال*
بعد أقل من ستة أشهر*
شهرا12-6بعد مدة تتراوح بين *
شهرا 24-12بعد مدة تتراوح بين *
شهرا36-24بعد مدة تتراوح بين *
شهرا 36بعد أكثر من *
Dr. Hesham R. Lotfy
![Page 33: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/33.jpg)
Slide 33
Risk rating
Combining impact and likelihood
LIKELIHOOD
IMP
AC
T
1
1
2
2
3
3
4
4
5
5
RISK
I x L
RISK
I x L
RISK
I x L
RISK PRIORITIZATION MATRIX
![Page 34: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/34.jpg)
In the risk matrix, the risk level determines which
risks should be tackled first. However, it does
require expertise and experience to judge the
likelihood and impact of harm accurately. Getting
this wrong could result in applying unnecessary
control measures or failing to take important ones.
Dr. Hesham R. Lotfy
![Page 35: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/35.jpg)
األخطارلوحةطريقعنباإلهتماماألولياألخطارتحديديتم
تقديربلوحةالعمليسندأنإلياألنتباهيجب.كالسابقة
وقوعإحتمالتقديرفيكبيرةخبرةويذألشخاصاألخطار
يسيؤدالتقديروالترتيبفيالخطأألن,األخطارتأثيروشدة
.األهتمامتستحقأخطاروإغفاللهاالداعيمعاييرتطبيقإلي
Dr. Hesham R. Lotfy
![Page 36: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/36.jpg)
Risk Management Process
Risk management needs to be looked at as an
organizational approach, as risks may result from
various activities in the firm, and the personnel
responsible for the activities do not always
understand the risk attached to them.
Dr. Hesham R. Lotfy
![Page 37: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/37.jpg)
Risk Management Process
Determining Objectives
Identify risks
Evaluate risks
Select risk management techniques
Implement and review decisions
Dr. Hesham R. Lotfy
![Page 38: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/38.jpg)
خطوات عملية إدارة المخاطر
.تحديد األهداف
.التعرف على المخاطر وتحديدها
.تقدير وتقييم المخاطر
.إعداد خطة إدارة المخاطر
.إعداد إستراتيجية معالجة المخاطر
.تطبيق مع مراقبة ومراجعة عمليات إدارة المخاطر
Dr. Hesham R. Lotfy
![Page 39: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/39.jpg)
A) Determining Objectives:
Determination of objectives is the first step in the
risk management function. The objective may be
to protect profits or to develop competitive
advantage. The objective of risk management
needs to be decided upon by the management, so
that the risk manager may fulfill his
responsibilities in accordance with the set
objectives.
Dr. Hesham R. Lotfy
![Page 40: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/40.jpg)
تحديد األهداف
خطواتمنخطوةأولهواألهدافتحديد
مناألهدافتتبابين.مخاطرإدارةخطةإعداد
عليوالحفاظالماديالربحعليالحفاظ
منالحمايةإليللمؤسسةتنافسيةمميزات
أهداف.البيئيةواألخطارالتشغيلأخطار
حتياألدارةبواسطةتحددأنيجبالمؤسسة
.بمهامهاالقياممنالمخاطرإدارةتتمكنDr. Hesham R. Lotfy
![Page 41: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/41.jpg)
B) Identifying Risks:
Every organization face different risks, based on its
business, the economic, social and political factors,
the degree of competition, the strengths and
weaknesses of its competitors, availability of raw
material, dependence on foreign markets for inputs,
sales, or finances, capabilities of its staff and so on.
Dr. Hesham R. Lotfy
![Page 42: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/42.jpg)
•Each corporate needs to identify the
possible sources of risks and the kinds of
risks faced by it.
•For this, the risk manager needs to develop a
fundamental understanding of all the firm's
activities and the external factors that
contribute to risk.
•The risk manager needs to identify the
sources of risks that are not so obvious.
Dr. Hesham R. Lotfy
![Page 43: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/43.jpg)
التعرف علي المخاطر
للحالةطبقامختلفةمخاطرمؤسسةكلتواجه
عليتأثيرهاومديوالسياسيةواألجتماعيةاألقتصادية
الضعفوعواملالمنافسةفدرجة.المؤسسةعملمجال
الخامالموادتوافرمدىوأيضاالمنافسينلديوالقوة
وخبرةومقدرةالمتاحةواألسواقالصعبةوالعملة
مخاطرمصدرتكونأنيمكنأموركلهاالعمالة
.للمؤسسة
Dr. Hesham R. Lotfy
![Page 44: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/44.jpg)
C) Risk Evaluation:
•Once the risks are identified, they need to be
evaluated for determining their significance.
•The significance of a particular risk depends upon
the size of the loss that it may result in, and the
probability of the occurrence of such loss.
•On the basis of these factors, the various risks
faced by the corporate need to be classified as
critical risks, important risks and not-soimportant
risks.
Dr. Hesham R. Lotfy
![Page 45: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/45.jpg)
تقدير المخاطر.بعد تحديد المخاطر يجب تقديرحجمهم لتحديد مدي أهميتهم
أهمية خطر معين تعتمد علي حجم الخسائر التي قد يسببها حال
.حدوثة ومدي إحتمالية حدوثة
:بناءا علي ماسبق يجب تصنيف المخاطر المحتملة للمؤسسة إلي
.مخاطر حرجة*
.مخاطر هامة*
. مخاطر ليست شديدة األهمية*
Dr. Hesham R. Lotfy
![Page 46: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/46.jpg)
•Critical risks are those that may result in
bankruptcy of the firm.
•Important risks are those that may not result in
bankruptcy, but may cause severe financial stress.
•The not-soimportant risks are those that may result
in losses which the firm may easily bear in the
normal course of business.
Dr. Hesham R. Lotfy
![Page 47: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/47.jpg)
. المخاطر الحرجة هي المخاطر التي يمكن أن تتسبب في إفالس المؤسسة*
المخاطر الهامة هي التي ال ينتج عنها إفالس المؤسسة ولكنها تتسبب في *
ضغط مادي شديد.
المخاطر الغير شديدة األهمية هي المخاطر التي يمكن للمؤسسة أن تتحملها*
خالل برنامج عملها العادي
Dr. Hesham R. Lotfy
![Page 48: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/48.jpg)
D) Development of Policy:
•Based on the risk tolerance level of the firm, the
risk management policy needs to be developed.
•The time frame of the policy should be
comparatively long, so that the policy is relatively
stable.
•A policy generally takes the form of a declaration
as to how much risk should be covered, or in other
words, how much risk the firm is ready to bear.
Dr. Hesham R. Lotfy
![Page 49: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/49.jpg)
إستحداث سياسة عامة إلدارة المخاطر
يتمالمخاطربعضتحملعليالمؤسسةقدرةعليبناءا
.المخاطردارةإسياسةإستحداث
لهاققليتحنسبيااألمدطويلةتكونيجبالمخاطرإدارةسياسة
.اإلستقراربعض
عنإعالنشكلتأخذماغالباالمخاطرإلدارةالعامةالسياسة
يمكنالذيالخطرحجموماهومواجهتهاالالزمالمخاطر
.تتحملةأنللمؤسسة
Dr. Hesham R. Lotfy
![Page 50: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/50.jpg)
•The policy may specify that a specific percentage,
say 20%, of all risks are to be covered or that not
more than a specific sum can be at risk at any point
of time. The development of Value at Risk (VaR)
model provides a solution.
Dr. Hesham R. Lotfy
![Page 51: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/51.jpg)
E) Development of Strategy:
• Based on the policy, the firm then needs to develop
the strategy to be followed for managing risk.
•The tenure of a strategy is shorter than a policy, as it
needs to factor in various variables that keep
changing.
• A strategy is essentially an action plan, which
specifies the nature of risk to be managed, the tools
to be used and the timing.
Dr. Hesham R. Lotfy
![Page 52: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/52.jpg)
إستحداث إستراتيجية إلدارة المخاطر
حداثإستيتمللمؤسسةالمخاطردارةإسياسةعليبناءا
اتيجيةلإلسترالزمنيةالمدة.المخاطرإلدارةإستراتيجية
تعتمدةاإلستراتيجيألنالعامةالسياسةمدةمنأقلتكون
تيجيةاإلستراتكونأنويجبمتغيرةكثيرةعواملعلي
تحددتفصيليةعملخطةهياإلستراتيجية.مرنة
.بدقةواألوقاتمعهاالتعاملوطرقالمخاطر
Dr. Hesham R. Lotfy
![Page 53: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/53.jpg)
F) Implementation:
Once the policy and strategy in place, they are to be
implemented for actually managing the risks. This
is the operational part of risk management. It
includes taking care of the details in the operational
part.
Dr. Hesham R. Lotfy
![Page 54: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/54.jpg)
سة تبدأ عملية التطبيق الفعلي إلدارة المخاطر فور إقرار سيا
فاإلستراتيجية هي الجزء . دارة المخاطر واإلستراتيجيةإ
العملي إلدارة المخاطر والتي تهتم بكافة تفاصيل خطة إدارة
.المخاطر
Dr. Hesham R. Lotfy
![Page 55: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/55.jpg)
G) Review:
The function of risk management need to be
reviewed periodically. Sometimes, the decisions
taken earlier may not prove to be correct, or the
changing circumstances may make some other
option more effective.
Dr. Hesham R. Lotfy
![Page 56: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/56.jpg)
A periodic review ensures whether the risk
management function is achieving the set objectives
or not, and to find an alternative course of action if
the results are not in accordance with expectations.
Dr. Hesham R. Lotfy
![Page 57: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/57.jpg)
ةالمراجعتلزمالمخاطردارةإإستراتيجيةتطبيقبعد
صممتالتياألهدافتحققأنهامنللتأكدالدورية
أنيثبتفقدالقراراتكافةمراجعةويلزم.أجلهامن
ولمصائبةتكنلماتخذتالتيالقراراتبعض
.تغييرهاويلزممالئمةتعدلمأومنهاالمرجوتحقق
Dr. Hesham R. Lotfy
![Page 58: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/58.jpg)
Risk Control Strategies
An organization must choose one of four basic
strategies to control risks :
Avoidance: applying safeguards that eliminate or
reduce risks.
Transference: shifting the risk to other areas or
to outside entities.
Mitigation: reducing the impact should the
vulnerability be exploited.
Acceptance: understanding the consequences and
accept the risk without control or mitigation.
![Page 59: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/59.jpg)
معالجة المخاطر
تعتبر معالجة المخاطر بمثابة عملية اختيار وتطبيق إجراءات
وتتضمن معالجة المخاطر تجنب . بغرض التغيير في المخاطر
كأحد ( التحكم في المخاطر)التخفيض , نقل المخاطر, المخاطر
.أهم عناصرها أوقبول المخاطر
:ما يلي( كحد أدنى)يجب أن يقدم أي نظام لمعالجة المخاطر
.التشغيل الفعال والكفء للمنظمة*
الرقابة الداخلية الفعالة*
.أتباع القوانين والتشريعات*
تكلفة ترتبط عملية فعالية تكلفة إجراءات التحكم في المخاطر بمقارنة
.تطبيق تلك اإلجراءات بالمزايا المتوقعة من تخفيض المخاطر
Dr. Hesham R. Lotfy
![Page 60: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/60.jpg)
طرق التعامل مع المخاطرعها بعد أن تتم عملية التعرف على المخاطر وتقييمها فإن جميع التقنيات المستخدمة للتعامل م
:تقع ضمن مجموعات رئيسية هي
ومثال على . وتعني محاولة تجنب النشاطات التي تؤدي إلى حدوث خطر ما:التجنبإن التجنب . ذلك عدم شراء ملكية ما أو الدخول في عمل ما لتجنب تحمل المسؤولية
يبدو حال لجميع المخاطر ولكنه في الوقت ذاته قد يؤدي إلى الحرمان من الفوائد .واألرباح التي كان من الممكن الحصول عليها من النشاط الذي تم تجنبه
وهي وسائل تساعد على قبول الخطر من قبل طرف آخر وعادة ما تكون عن :النقل. التأمين هو مثال على نقل الخطر عن طريق العقود. طريق العقود أو الوقاية المالية
وقد يتضمن العقد صيغة تضمن نقل الخطر إلى جهة أخرى دون االلتزام بدفع أقساط .التأمين
ر ومثال على ذلك شركات تطوي. وتشمل طرق للتقليل من حدة الخسائر الناتجة:التقليصالبرمجيات التي تتبع منهجيات للتقليل من المخاطر وذلك عن طريق تطوير البرامج
.بشكل تدريجي
ة في إن هذه الطريقة تعتبر إستراتيجية مقبول. وتعني قبول الخسائر عند حدوثها:القبول حالة المخاطر الصغيرة والتي تكون فيها تكلفة التأمين ضد الخطر على مدى الزمن
. أكبر من إجمالي الخسائر
![Page 61: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/61.jpg)
AvoidanceAvoidance is the risk control strategy that
attempts to prevent the exploitation of the
vulnerability
Avoidance is accomplished through:
– Application of policy
– Application of training and education
– Countering threats
Dr. Hesham R. Lotfy
![Page 62: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/62.jpg)
Transference
Transference is the control approach that attempts
to shift the risk to other assets, other processes,
or other organizations
May be accomplished by:
– Rethinking how services are offered
– Outsourcing to other organizations
– Purchasing insurance
– Implementing service contracts with providers
Dr. Hesham R. Lotfy
![Page 63: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/63.jpg)
Mitigation
Mitigation is the control approach that attempts to
reduce, by means of planning and preparation,
the damage caused by the exploitation of
vulnerability
This approach includes three types of plans:
Disaster recovery plan
Incident response plan
Business continuity plan
Mitigation depends upon the ability to detect and
respond to an attack as quickly as possibleDr. Hesham R. Lotfy
![Page 64: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/64.jpg)
Acceptance
Acceptance is the choice to do nothing to protect
an asset and to accept the loss when it occurs.
This control, or lack of control, assumes that it may
be a prudent business decision to:
Examine alternatives.
Conclude the cost of protecting an asset does
not justify the security expenditure.
Dr. Hesham R. Lotfy
![Page 65: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/65.jpg)
Dr. Hesham R. Lotfy
Acceptance (Continued)
Only valid use of acceptance strategy occurs when
organization has:
– Determined level of risk to its assets
– Assessed probability of attack and likelihood of a
successful exploitation of vulnerability
– Estimated potential loss from attacks
– Performed a thorough-out cost benefit analysis
– Evaluated controls using each appropriate type of
feasibility
– Decided that the assets did not justify the cost of
protection
![Page 66: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/66.jpg)
Thank You
![Page 67: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/67.jpg)
TO NOTE
![Page 68: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/68.jpg)
Meet with current staff to determine causes for turnover (e.g., poor working conditions, low pay, competitive job market)
Mitigate those causes that are under our control before the project starts
Once the project commences, assume turnover will occur and develop techniques to ensure continuity when people leave
Organize project teams so that information about each development activity is widely dispersed
Define documentation standards and establish mechanisms to ensure that documents are developed in a timely manner
Conduct peer reviews of all work (so that more than one person is "up to speed")
Assign a backup staff member for every critical technologist
Example: Strategy for Reducing Staff
Turnover
![Page 69: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/69.jpg)
Common goal of risk management and
financial management:
•The overall goal of financial management is to
create shareholder wealth.
•Shareholder's wealth is created by undertaking
projects which generate a positive Net Present
Value. Thus, the final goal of risk management
should be to make sure that funds for such
investments are available at the appropriate time.
Dr. Hesham R. Lotfy
![Page 70: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/70.jpg)
Proper mix of risk management techniques:
No risk management can be complete or fool proof
in itself. A firm has to ensure that it employs the
most optimum mix of risk control, risk prevention,
risk transfer and risk retention, as also that of various
internal and external hedging techniques.
Dr. Hesham R. Lotfy
![Page 71: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/71.jpg)
Though it is not possible to accurately predict the
movement of many variables, the risk manager
needs to make an attempt to forecast the same.
These forecasts should be used for management of
risks. Risk management cannot be done after the
happening of an event, it has to be done in its
anticipation.
Dr. Hesham R. Lotfy
![Page 72: General Risk Management - Delta Univ · 2016. 3. 14. · •The time frame of the policy should be comparatively long, so that the policy is relatively stable. •A policy generally](https://reader033.vdocuments.net/reader033/viewer/2022051907/5ff993d1bcb7117a033a6b4b/html5/thumbnails/72.jpg)
Flexibility:
The risk management strategies should not be too
rigid. They should be flexible enough to allow the
risk manager to make the most appropriate decision
according to the circumstances.
Dr. Hesham R. Lotfy