Beruflich Dokumente
Kultur Dokumente
MONITORING ACTIVITIES:
The internal and external environments of an entity changes over
time
-Risk responses that were once effective may become irrelevant
-Control activities may become less effective, or no longer
performed
-Entity objectives may change.
Hence, management needs to determine whether the functioning
of ERM continues to be effective.
1. Crisis Anticipation:
-Crisis inventoryWhat Could Go Wrong (worst-case scenario);
How to Avoid It (Loss Prevention, safety measures in place? Place
check-mark and date, or action+date); If It Happens (Loss
Reduction)
What must we do and know to avoid the most damage?
What decisions must we make? Who else must make
decisions? Whom must we contact?
What will the public need to know immediately? How can we
get this information?
What resources will we require? Where can we get them?
What emergency supplies will we need? Do we have them
available? Where? What first-aid training do we have? Who
can do CPR and other life-saving procedures?
2. Crisis Prevention (monitoring):
-Ensure safety measures are maintained
-Help organization to identify a potential crisis and ward it off
before it escalates into a full-scale disaster.
-Media analysis and consumer surveys
3. Crisis Preparation:
i) Establish a Crisis Management Team (Core Team)
-The outcome of the crisis depends on the performance of the
people making the decisions.
-Determine who on your team will:
be involved in handling each aspect of the crisis
make what kinds of decisions
ii) Develop a Crisis Management Plan:
-Evaluate the inventory list of crisis, deliberate on the issues your
organization may be involved in for each worst-case scenario,
determine which component of plan accordingly. Some
questions:
Should employees stay at home?
When to evacuate a building?
-identify key stakeholders including the media, government
agencies, suppliers, customers, etc
Determine who should you inform in the event of a crisis
-Make sure everyone in the firm is aware of the plan and that
they need to follow it should the occasion arise.
-Plans should react properly to perils to which the organization is
particularly subjected to.
-Plans should include the setting up of a crisis center.
iii) Update and practice it regularly
-Play out a potential crisis to test your plan, revise it, and enable
people to practice in peace what they may need to do in chaos
iv) Make sure everyone in the firm is aware of the plan and that
they need to follow it should the occasion arise.
v) Establish strong relationship with the companys legal counsels
vi) Provide media training for the crisis response team. (know how
to deal with the news media)
vii) Establish communication protocols so that there are no weak
links in the system. Remember to test them!
4. Crisis Recognition:
-Ensure a threat is recognized before it becomes into a
full-blown crisis at hand
5. Crisis Containment (how to react to a crisis):
i) Operational response is essential
-The first hours following a crisis public will form its
own opinions. Tough decisions have to be made fast
ii) Ability to communicate
Companies thus should:
Communicate early and often.
Show compassion, and be sure the company is doing
everything possible to improve the situation.
Be honest and open.
Be consistent in the message.
Monitor public opinion using new technology (chat
rooms, message boards, discussion groups, surveys).
Follow up with public opinion surveys and employee
questionnaires to learn from mistakes.
6. Recovery and Rebuilding:
-Need to assess the damage (beyond economics)
-Determine how the crisis has affected the key
stakeholders of the company
Conduct dialogue sessions and meetings with them
-Try to turn the crisis into a positive experience:
Assess the effectiveness of the plan
Update and change it if necessary
-Need to deal with the media.
Heuristics: Judgmental Biases
1. Availability
2. Representativeness
3. Anchoring and Adjustment
4. Hindsight (to avoid this, conduct walkthrough)
5. Overconfidence
6. Out of sight, out of mind
7. It wont happen to me
Qualitative dimensions of risks:
Voluntariness
Immediacy of Effect
Knowledge about Risk (2 areas)
Control over Risk
Newness
Chronic Catastrophic
Common/Dread
Severity of Consequences
RISK = HAZARD + OUTRAGE
Strong culture:
Organizations with strong cultures generally achieve
higher results because employees sustain focus on both
what to do and how to do it. These same factors are
essential for building an effective RM culture.
Control Environment:
Culture of the companyis the organization taking internal
controls seriously; in the mind; tone from the topthey
must emphasize (Relied on trust, not enforcing control
weak control env, relied on safeguards in the system??)
When analysing an organisation:
Attitudebelief
Awarenessknowledge; do people know what to do;
control-conscientiousness + alertness
Actionimplementation (a solid internal control system
verification procedure to approve the disbursement of
funds, prevention/detection work such as random audit
checks to prevent and deter experienced employees from
exploring loop holes and outsmarting the processes and
systems in place
Control activities (procedures):
Actions established by policies and procedures to help
ensure that managements directives to mitigate risks to the
achievement of objectives are carried out.
Information:
Relevant, reliable, complete
Monitoring:
--Must be able to enforce if not no one will follow
--ongoing (supervision) & separate evaluation (audit)
--internal audit falls under monitoring
Disaster recoveryIT (restore loss of data, power loss,
telecom), have backup systems to store customer data
Business recoveryalternative suppliers for goods and/or
delivery trucks, keeping goods in separate warehouses
and stock up on goods
Business reputationcustomer relationship management
Crisis containmentinstall a fire alarm to draw attention to
the fire before it becomes a full-scale outbreak, and to
alert passers-by to call 911; fire sprinklers to reduce the
incidence or speed of the fire spreading
Emergency responsefirst aid equipment, trained in first
aid
Crisis communicationconstantly update contact list,
customer reassurance