risk management process by derek hendrikz
DESCRIPTION
Risk management process by Derek Hendrikz covers identification, evaluation, financing, control, establishing context, management and assessment. www.derekhendrikz.comTRANSCRIPT
Copyright © 2014
Derek Hendrikz Consulting
www.derekhendrikz.com
Basic Principles of Risk Management…
• RM should create value.
• RM should be an integral part of organizational processes.
• RM should be part of decision making.
• RM should explicitly address uncertainty.
• RM should be systematic and structured.
• RM should be based on the best available information.
• RM should be tailored.
• RM should take into account human factors.
• RM should be transparent and inclusive.
• RM should be dynamic, iterative and responsive to change.
• RM should be capable of continual improvement and enhancement.
www.derekhendrikz.com
The Risk Management Process:
www.derekhendrikz.com
Risk Identification…
• Risk identification starts with the source of problems or with the problem itself.
• This implies both source analysis and problem analysis.
• Major risk identification entails the identification of major risks that may have a significant impact (financial or otherwise) on the organisation.
• Micro risk identification aims to identify sub-risks within the major risk class, where such activity is pivotal to the risk control objectives.
www.derekhendrikz.com
Risk Evaluation…
• Risk evaluation is the expression of risk in numerical terms.
• Areas of risk evaluation includes:• Loss dimensions;• Loss frequencies and probabilities;• Loss frequency distributions; and• Variability as measure of risk.
www.derekhendrikz.com
Risk Control (risk response)…
• Risk control aims to prevent and control organizational risks and resultant losses.
• Risk control is therefore any process which prevents losses or curtails their effects.
• Risk control counters risks in the following ways:• It eliminates or reduces the factors that may cause
loss to a person or organization;• It minimizes the actual loss that occurs when
preventative methods have not been fully effective.
www.derekhendrikz.com
Risk Financing…
• Risk financing pursues the minimizing of ‘total cost-of-risk’ to an organization.
• Cost of risk will include:• Insurance cost;• Un-reimbursed losses (inadequate insurance,
excess payments, etc);• Loss prevention and risk control cost; and• Administrative cost
www.derekhendrikz.com
6-Step Process to Managing
Risk
1. Develop your assumptions regarding risks
and possible risk scenarios;
2. Assume the risks relating to your task;
3. Determine the signals or early warning
systems that will alert the risk as soon as
possible;
4. Quantify and prioritise the risks;
5. Develop risk management plan with control
measures; and
6. Monitor the risk management plan.www.derekhendrikz.com
Traditional Approach to Risk Management
Risk
Establish Context
Risk Identification
Risk Assessment
Risk Management
www.derekhendrikz.com
Establish Context…
• Establish social scope• Identify objectives of stakeholders• Establish criteria for risk evaluation• Identify constraints• Define a risk management framework
www.derekhendrikz.com
Risk Identification…
• Source analysis• Problem analysis• Objectives-based risk identification• Taxonomy-based risk identification • Common-risk checking• Risk charting
www.derekhendrikz.com
Risk Assessment…
• Establish probability of occurrence• Establishing potential severity & impact• Ability to detect possible risk events• Quantification of occurrence rate• Quantification of severity of
consequence• Prioritising risk values
www.derekhendrikz.com
Risk Management…
• Mitigate the risk• Retain the Risk• Avoid the risk• Transfer the risk• Monitor the risk
www.derekhendrikz.com
In your team....Develop a relevant disaster management process....
www.derekhendrikz.com
Objectives?
Assumptions?
Purpose?
Risk Management Purpose…
The purpose of risk management is to understand,
quantify and manage events that pose threats to the
health and safety of people, damage to infrastructure
& assets, the survival of our organisation and
environment through providing effective solutions
and processes for the prevention and management of
such risks.
www.derekhendrikz.com
(1) To understand risk events, where possible to do so, and the
effect of its consequence, return and cost on organisational
mission and outcomes. www.derekhendrikz.com
(2) To quantify the probability and impact relating to any specific
risk.
www.derekhendrikz.com
(3) To manage identified risks through mitigative strategies and
contingency planning.
www.derekhendrikz.com
Process to Objectives…
Understand Quantify Manage
www.derekhendrikz.com
Risk Management Assumptions (1)…
1. That analysis of the relationship between probability and impact is the best way to understand risk and disaster management.
2. That a risk is an event of which we have an understanding of both the impact and the probability of occurrence.
3. That a disaster is an event which we have failed to prevent or avoid.
4. That the difference between disaster and risk management stays academic in nature, and that it is practically never possible to separate the two concepts when managing disaster risks.
5. That risk management is most effective when abdicated and that where we have to take the risk, we should find effective ways in reducing the uncertainty surrounding such risk.
6. Where the management of probability is inadequate, we have to manage impact. This is best done through effective response control and recovery management techniques.
www.derekhendrikz.com
Risk Management Assumptions (2)…
7. That effective policy formulation, risk-exposure analysis and adequate risk-disaster funding are three essential pillars for the effective management of risks and disasters.
8. That essentially, there are only four ways of managing risks, which are transference, avoidance, mitigation and retention.
9. That risk retention has both pre-loss and a post-loss retention dimensions, and that pre-loss retention primarily concerns itself with risk mitigation whereas post-lost retention concerns itself with risk response and risk recovery. Furthermore the field of disaster management encapsulates the response and recovery elements of risk management.
10. That the primary outcome of risk avoidance and transference is abdication of risk.
11. That the primary outcome of pre-loss risk retention is eradication of the uncertainty surrounding risk.
12. That the primary outcome of post-loss risk retention is to restore, business operation, environment and people dynamics to its original state.
www.derekhendrikz.com