Determining Where Resources Are Most Needed The Concept

Determining Where Resources Are Most Needed The Concept

Determining Where Resources Are Most Needed The Concept of Risk Achieving Impact in Auditing The Concept of Risk My early audits: Park chair audit. Book of remembrance entries. Car park income. What Is Risk? Does It Really Matter?

WHY DOES IT MATTER? When anyone asks me how I can describe my experience of nearly forty years at sea, I merely say uneventful. Of course there have been winter gales and storms and fog and the like, but in all my experience, I have never been in an accident in any sort worth speaking about. I have seen but one vessel in distress in all my years at sea... I never saw a wreck and have never been wrecked, nor was I ever in any predicament that threatened to end in disaster of any sort from a paper presented by EJ Smith, 1907

IT MATTERS! On 14 April 1912, HMS Titanic sank with the loss of 1500 lives..... One of which was its captain E J SMITH But does any of this really matter NOW? Risk Management Casualties.

Barings BCCI Hoover Sumitomo Bank Enron World Com. Parmalat

Pressures Greater transparency Better governance Better ethical standards Need for early warning systems

Demands for higher quality services New legislation Systems reform/project management What Is Risk? Definition of Risk. The threat that an event or action will adversely affect an organisations ability to achieve its business objectives and execute its strategies successfully Source :- The Economist

Intelligence Unit Business Risk Definition 2 The chance of something happening that will have an impact on business objectives Source :-Aus/NZ Risk Mgt Standard

Surprises Any organization that has encountered unwelcome surprises or unexpected losses will realize that most were preventable. Such events will almost certainly have been caused by risks that were not fully understood, or the processes to mitigate those events being inadequate. Wrong assumptions about risk Risk is just something for finance and insurance to worry about Risk comes up on the agenda once a year

Risk management is just another layer of unnecessary bureaucracy Risk management is about downside not creation of value Risk is a compliance issue Risk Management International expectations are now that all organisations should: Identify, evaluate and manage their key risks and assess how they are controlled Ensure that all aspects of internal control and risk management are regularly reviewed on an appropriate cyclical basis Have regular board level reviews of reports on risk

management and internal control Risk Management And that: Risk management and internal control should be: Embedded in the operations of an organisation Capable of responding to the changing risks it faces Include procedures for reporting major weaknesses immediately to appropriate levels of management Risk Management In the UK all public bodies have been told: it is important that authorities have arrangements in place for reviewing both

the nature and severity of riskssuch a review should not just be to obvious tangible risks such as arson,vandalism and other damage to property..risk management should be an integral part of an authoritys overall management arrangements. Risk Management It went on to add: In order to be successful it is likely that the approach will be cross-departmental and inter-disciplinary and that senior management will demonstrate commitment.

The AUS/NZ Risk Management Process Establish the context Identify risks Analyse

Evaluate Treat Communicate Monitor and Review Risk Identification and evaluation Types of Risk

Strategic Operational Reputation Information Financial People Regulatory Strategic Risks Risks that relate to doing the wrong things Operational Risks

Risks that relate to doing the right things in the wrong way Information Risks Risks that relate to loss or inaccuracy of data ,systems or reported information Financial Risks Risks that relate to losing monetary resources or incurring unacceptable liabilities People Risks The risks associated with Employees and

Management Regulatory Risk The Risks related to the regulatory environment Reputation Risk Risks that relate to the organizations brand or image Inherent and Residual Risk Inherent risk = Gross risk before controls/ mitigation Residual risk = Risk remaining after

applying controls Evaluation and Measurement of Risk Risk is measured in terms of consequences (or impact) and likelihood (or probability) Consequences Monetary (% of income or budget) Reputation Ability to recover Effect on Organisation

Insignificant,Minor, Moderate,Major Catastrophic Likelihood Rare (less than once in 20 years) Unlikely (once in 1020 years) Possible (once in 10 years) Likely (once in 3 years) Almost Certain (once a year)

Questions you need to answer What are the worst things that could happen to us? How likely are they to happen? Are we taking sufficient steps to prevent them? Risk Matrix Likelihood I

m p a c t Most Severe Major Moderate Minor Insignifica nt Rare

Unlikely Possible Likely Almost Certain Measurement of Risk:Risk Matrix HIGH 6

8 9 3 5 7 1 2

4 Impact Of Risk LOW Unlikely Likelihood of Occurrence Likely

RISK MATRIX High 18 19 20 28 16 17

21 25 IMPACT 15 1 2 3

4 5 22 26 23 27 6

7 8 9 10 11 12 13

14 24 Low LOW LIKELIHOOD HIGH Risk Matrix Over 5 million OR

Questions raised in Parliament Important risks might potentially affect provision of key services or duties Key risk- may potentially affect provision of key services or duties Immediate action

needed - serious threat to provision and/or achievement of key services or duties Monitor as necessary less important but still could have a serious effect on the provision of key services or duties Monitor as necessary - less

important but still could have a serious effect on the provision of key services or duties Key risks - may potentially affect provision of key services or duties Monitor as necessary - ensure being properly

managed Monitor as necessary - less important but still could have a serious effect on the provision of key services or duties 2million-5 million OR Reported in National Press 500,000 - 2 Million

OR Reported in Local Paper 100,000 - 500,000 OR Unacceptable levels of Complaints Under 100,000 OR No action necessary Some complaints from individuals. Rare- once in 20 years

UnlikelyOnce in 1020 years PossibleOnce in 10 years LikelyOnce in 3years CertainOnce a year Treatment of Risks How are we going to manage the risks that we

have identified down to a level that we can live with. Risk Treatment Risk Transfer Insure Exposure Outsource Determine Evaluate

Recover Reduce Control Loss reduction Contingency Plans BCP Measure, Manage, Monitor, Report

Action Plans Cost RISK MAP High 18 19 20 28

16 17 21 25 IMPACT 15 1

2 3 4 5 22 26 23

27 6 7 8 9 10 11

12 13 14 24 Low LOW LIKELIHOOD HIGH

The Risk Management Process Risk Management Framework Embrace the issue of risk Manage not tolerate Make it a top down process Ensure a positive slant Make it the pulse of your organisation The Risk Management Cycle

Risk Identification Monitoring & Review Risk Analysis Risk Control Risk Identification Process Clarification of Strategic Business Objectives Consideration of threats to achievement

Identification of key risks and opportunities Sifting and clustering of output Evaluation of risks (by impact and likelihood of occurrence) Use of Workshops Use of Workshops Workshop Ingredients FACILITATOR ACCURATE ASSESSMENT

FRAMEWORK And CONTROL CHALLENGER RISK And CONTROL EXPERTISE PARTICIPANTS BUSINESS And PRACTICAL EXPERIENCE Typical Agenda for a Workshop

Introduction Discussion of objectives/processes Brainstorming of risks Categorisation Assessment of risks Risk Mitigation Process Evaluation of actions in place to reduce

risks Identification of risk exposures and latent opportunities Assessment of the effect of mitigation Development of focussed action plans Preparation of a Risk Register RISK REGISTER Area of Risk Inherent Risk Mitigation Residual Risk per Procedures/Controls Risk per

matrix in place matrix (1-9) Exposures / Opportunities identified Actions Planned KRI

Recently Viewed Presentations

  • Copyright Copyright2004 2004Miss MissAmerica  AmericaOrganization Organization Copyright 2004

    Copyright Copyright2004 2004Miss MissAmerica AmericaOrganization Organization Copyright 2004

    Miss America Organization Other titles: Arial Georgia MissAmerica 1_MissAmerica 2_MissAmerica Slide 1 Slide 2 Slide 3 ...
  • Delivering Excellence: Deutsche Bank, Product Overview

    Delivering Excellence: Deutsche Bank, Product Overview

    VRDOs are considered short-term securities with liquidity provided with a "put" feature that occurs with the timing of yield reset (daily, monthly, quarterly). VRDOs provide investors with an ability to invest in a high quality/high liquid tax-exempt instruments. VRDOs are...
  • Diet Pepsi Advertisement Analysis - Butler.edu

    Diet Pepsi Advertisement Analysis - Butler.edu

    Diet Pepsi Print Ad - Style. Golden Mean. Golden Mean. 2/3 one part of the ad and 1/3 the other part. In this case, no shading or color divide the ad; however, all except a small portion of the text,...
  • Effingham County High School Celebrates May 1, 2013 National ...

    Effingham County High School Celebrates May 1, 2013 National ...

    National College Decision Day 2016. May 1st is the date that many colleges in the US require that seniors who have been admitted either accept or reject their offer of admission. Here at ECHS, today is our day to celebrate...
  • ISRAEL AND THE CHRISTIAN CHURCH - Bradley University

    ISRAEL AND THE CHRISTIAN CHURCH - Bradley University

    In the discipline of Systematic Theology, this discussion is generally located under Ecclesiology. Ecclesiology is an area of the discipline of Systematic Theology that is concerned with the origin, nature, function, and structure of the CHURCH.While the relationship between Israel...
  • The Clinical Competency Committee

    The Clinical Competency Committee

    1. Are you (will you be) on the Clinical Competency Committee for your program? 2. Who is on this webinar with you? (select all that apply) 3. Who is (will be) on your CCC? (select all that apply) **** When...
  • Sound Devices in Poetry - Cintra's Class

    Sound Devices in Poetry - Cintra's Class

    Listen as I read the following poem: Hear the sleighs with the bells - Silver bells!What a world of merriment their melody foretells!How they tinkle, tinkle, tinkle,In the icy air of night!While the stars that oversprinkleAll the heavens seem to...
  • 5-Minute Check on Lesson 1-2 1. What 4

    5-Minute Check on Lesson 1-2 1. What 4

    Calculate and interpret measures of variability (IQR, standard deviation, range) for a distribution of quantitative data. Explain how outliers and skewness affect measures of center and variability. Identify outliers using the 1.5 x IQR rule. Make and interpret boxplots of...