View
1
Download
0
Category
Preview:
Citation preview
19/03/2013
1
Innovation and Change ManagementMGN240
Chapter Five : Risk ManagementProf Ahmed Hanane MBA CMA EngProf. Ahmed Hanane, MBA, CMA, Eng
Email: ahanane360@gmail.com
Basic Concepts
2
19/03/2013
2
Learning Objectives
After completing this chapter, students will be able to:Define riskDefine risk .Recognize four key stages in project risk management and the steps necessary to manage risk.Understand five primary causes of risk and four major approaches to risk identification.Recognize four primary risk mitigation strategies.Explain the Risk Analysis and Change Management process.
01‐03
Linkages – course logic
Risk
Innovation
19/03/2013
3
Risk
Risk management the art and science ofRisk management ‐ the art and science of identifying, analyzing, and responding to risk factors throughout the life of a project and in the best interest of its objectives.
01‐05
A risk is ANYTHING that may affect the achievement of an organization’s objectives.
Basic principles, concepts, definitions
f g jIt is the UNCERTAINTY that surrounds future events and outcomes.
It is the expression of the likelihood and impact of an event with the potential to influence the
6
an event with the potential to influence the achievement of an organization’s objectives.
19/03/2013
4
Historical Damaging Tsunamis along Japanese Coast (between 1896 and 1993)
Name (Magnitude) Year Dead or Missing
Meiji-Sanriku Earthquake and Tsunami (M8.5) 1896 22,000Meiji Sanriku Earthquake and Tsunami (M8.5) 1896 22,000Showa-Sanriku Earthquake and Tsunami (M8.1) 1933 3,064
Tonankai Earthquake (M7.9) 1944 1,251 1)
Nankai Earthquake (M8.0) 1946 1,443 1)
Chile Earthquake (Mw9.5) 2) 1960 142Tokachi-Oki Earthquake (M7.9) 1968 52 1)
Nihonkai-Cyubu Earthquake (M7.7) 1983 104 1)
Hokkaido-Nansei-oki Earthquake (M7.8) 1993 230 1)
1) The number includes dead or missing from earthquakes.
2) Tsunami generated at far off Japanese coast.
8
Tsunami Warning System Elements
Communication & Transmission of Tsunami Warning to Localities & Civil Defense Authorities
Signboard
TSUNAMIWARNING
Central Government
TSUNAMI
Local government
TV/Radio Station
TSUNAMIWARNING
Radio
TV(Telops, Warning maps)
TSUNAMI
WARNING
13
19/03/2013
5
Promoting Basic Knowledge Promoting Basic Knowledge about about ““TSUNAMI” DisasterTSUNAMI” Disaster
Safe Evacuation Route++
Early WarningEarly Warning=
Appropriate Risk Awaweness of LAppropriate Risk Awaweness of Local ocal CommunitiesCommunities
Understanding of Hazardous Areas
Safe EvacuationSafe Evacuation 16
Tsunami Hazard Area Tsunami Evacuation Area Tsunami Evacuation Building
Pictogram on TsunamiPictogram on Tsunami
There is a high possibility to be flooded in this areawhen earthquake occurs.
Safe place/hill for evacuationagainst Tsunami.
Building for evacuation against Tsunami.
21
19/03/2013
6
Process of Risk Management
• What is likely to happen?
• What can be done?
• What are the warning signs?
• What are the likely outcomes?
Risk = (Probability of Event)(Consequences of Event)
07‐011
Four Stages of Risk Management
1. Risk identification. Risk identification
2. Analysis of probability and consequences
3. Risk mitigation strategies
4. Control and documentation
07‐012
19/03/2013
7
Risk Clusters
Financial CommercialE tiTechnical
Contractual/Legal
Execution
Common Types• Absenteeism • Skills unavailable• Resignation• Staff pulled away• Time overruns
• Ineffective Training• Specs incomplete• Change orders
07‐013
Risk Factor Identification
Brainstorming meetingsrainstorming meetings
Expert opinion
Past history
Multiple (or team based) assessments
07‐014
19/03/2013
8
Threats and opportunitiesThreat – a risk that may HINDER the achievement of objectives
Opportunities ‐ a risk that may HELP in the achievement of objectives
Interest rates
Foreign exchange rates
Supply of service/product/resources
Demand/uptake for service/product/resources
ThThe economy
The weather
The stock market
Interactive Session #1 – 10 minutes
• In teams of two, identify three risks related
1
to your future• Pick 2 risks – discuss them as both a threat and an opportunity
• Report to the large group. Pick a k
16
spokesperson.
19/03/2013
9
Risk Management BasicsRisk (uncertainty) may affect the achievement of objectives.
Effective mitigation strategies/controls can reduce ti i k i t itinegative risks or increase opportunities.
Residual risk is the level of risk after evaluating the effectiveness of controls.
Acceptance and action should be based on residual risk levels.
17Slide 17
INHERENT
Risk Management is critical to ALL levels of decisions
UNCERTAINTY
Strategic Decisions
Strategic Strategic
Programme Programme
Project & Op erational
Strategic Decisions
Decisions transferring strategy into action
Decisions required for implementation
18
& Operational Project & Opera
19/03/2013
10
Categorizing Risk – Comprehensive1. Political or Reputational Risk
2. Financial Risk
3. Service Delivery or Operational Risk
4 P l / HR Ri k4. People / HR Risk
5. Information/Knowledge Risk
6. Strategic / Policy Risk
7. Stakeholder Satisfaction / Public Perception Risk
8. Legal / Compliance Risk
9. Technology Risk
10 G / O i ti l Ri k
19Slide 19
10. Governance / Organizational Risk
11. Privacy Risk
12. Security Risk
13. Equity Risk
14. Patient Safety
Risk Prioritization – likelihood and impact
Likelihood of a risk event occurring• Very High: Is almost certain to occur
Risk Impact: Level of damage that can occur when a risk event occurs
• High: Is likely to occur
• Medium: Is as likely as not to occur
• Low:May occur occasionally
• Very High: Threatens the success of the project
• High: Substantial impact on time, cost or quality
• Medium: Notable impact on time, cost or quality
• Low:Minor impact on time, cost or
20Slide 20
• Very Low: Unlikely to occur
quality
• Very Low: Negligible impact
19/03/2013
11
Third dimension for rating risks ‐ proximity
• Immediate – nowL th 6 th• Less than 6 months
• Between 6‐12 months• Between 12 – 24 months
• Between 24 – 36
21
months• More than 36 months
Risk rating …Combining impact and likelihood
IMPA
CT
22Slide 22
19/03/2013
12
Risk reporting and communications
Risk Level Action and Level of Involvement Required
Critical Risk • Inform Chief Executive Officer and Board of Directors • Immediate action required
High Risk • Inform Chief Executive Officer • Strategy Team involvement/attention is essential to manage risks
– provide report to Board as appropriate
• Management mitigation and ongoing monitoring required
23
Moderate Risk • Management mitigation and ongoing monitoring required• Inform relevant Strategy Team members
Low Risk • Accept, but monitor risks • Manage by routine procedures within the program and site
Interactive Session #2 – 20 minutes
After graduation you landed a good job in R b Af 3 h h CEO f h
1
Rabat. After 3 months, the CEO of the company announced that the whole office will be moving to Casablanca. – Identify 5 risks related to this move– Determine their level of likelihood
24
– Determine their level of impact– Chart your risks on the risk matrix– Report back.
19/03/2013
13
Project Risk Scoring
1. Identify factors and assess the probability (P ) d (C ) f f il(Pf ) and consequences (Cf) of failure
2. Calculate overall probability & consequence
3m c d
fP P PP + +
=4
c s r pf
C C C CC
+ + +=
3. Calculate overall risk factor
3f 4
( )( )f f f fRF P C P C= + −Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall
Risk Mitigation Strategies
• Accept• Minimize• Share• Transfer• Contingency Reserves
–Task contingency–Managerial contingency
• Mentoring• Cross training
07‐26
19/03/2013
14
Control & Documentation
Help managers classify and codify risks, responses, and outcomes
Change management report system answers• What?• Who?• When?• Why?• How?
07‐27
28
19/03/2013
15
EXAMPLES OF KRIsHuman resource• Average time to fill vacant positions• Staff absenteeism /sickness
Information Technology• Systems usage versus capacity• Number of system upgrades/
Finance• Daily P&L adjustments (#, amt)• Reporting deadlines missed
rates• Percentage of staff appraisals below “satisfactory”Age demographics of key managers
y pgversion releases• Number of help desk calls
p g(#)• Incomplete P&L sign-offs (#, aged)
Legal/compliance• Outstanding litigation cases (#, amt)
Audit• Outstanding high risk issues (#, aged)
Risk management• Management overrides• Limit breaches (#, amt)
• Compliance investigations (#)• Customer complaints (#)
• Audit findings (#, severity)• Revised management action target dates (#)
29
Measure and report RM implementation progress
Excellent
• Advanced capabilities to identify, measure, manage all risk exposures within tolerances
• Advanced implementation, development and execution of ERM parameters• Consistently optimizes risk adjusted returns throughout the organizationy p j g g
Strong
• Clear vision of risk tolerance and overall risk profile• Risk control exceeds adequate for most major risks• Has robust processes to identify and prepare for emerging risks• Incorporates risk management and decision making to optimize risk adjusted
returns
• Has fully functioning control systems in place for all of their major risks• May lack a robust process for identifying and preparing for emerging risks
30
AdequateMay lack a robust process for identifying and preparing for emerging risks
• Performing good classical “silo” based risk management• Not fully developed process to optimize risk adjusted returns
Weak• Incomplete control process for one or more major risks• Inconsistent or limited capabilities to identify, measure or manage major risk
exposures
Source: Standard & Poor
19/03/2013
16
Interactive Session #3 – 15 minutes
For the risks you previously identified: .
1
– Define a control strategy for the critical and the vey high ones
– Determine KRIs– What’s expected outcome from your controls– Report back
31
Report back.
An Approach to Risk Management
• Establish centralized support
Develop a standardized framework• Develop a standardized framework
• Provide education and coaching
• Ensure company‐wide implementation
• Embed IRM into all major processes including strategic planning and resource allocations decisions
32
• Enable our stewardship role
19/03/2013
17
The Approach
• Incorporates risk information into the strategic direction setting making decisions thatdirection‐setting, making decisions that consider established risk tolerance levels.
• Takes a systems approach to managing risk at the strategic, operational and project levels which is continuous, proactive and systematic.
33
• Fosters a working culture that values learning, innovation, responsible risk‐taking and continuous improvement.
Keep it simple
34
19/03/2013
18
ERM/IRM can be complex and messy
35
Recommended