1

3
2

loading
.
Che Wan Ahmad Bin Che Wan Sudin
Risk Manager

RISK MANAGEMENT RISK

MANAGEMENT RISK
MANAG MANAGEMENT
RISK MANAGEMENT RISK
MANAGE MANAGEMENT
RISK MANAGE

Enterpri
se

EVEN I AM
BUMBLEBEE I STILL
CANT AVOID FALL
DOWN. SO, PLAN
THE RISK!!!

Management

Definition
s

ERM is a process, effected by an

entitys board of directors,
management, and other personnel,
applied in strategy setting and
across the enterprise, designed to
identify potential events that may
affect the entity, and manage risk to
be within the risk appetite, to
provide reasonable assurance
By
regarding the achievement COSOs
of entity
objectives.

 The casualty actuarial society committee on enterprise risk

management has adopted the following definition of ERM:
ERM is the disciplined by which an organization in any industry
assesses, controls, exploits, finance and monitors risks from all
sources for he purposed of increasing the organizations short term and
long term value to its stakeholder

Strategic risk
A possible source of loss that might arise
from the pursuit of an unsuccessful
business plan.
For example, strategic risk might arise
from making poor business decisions,
from the substandard execution of
decisions, from inadequate resource
allocation, or from a failure to respond
well to changes in the business
environment.

Business operation risk

the risk of direct or indirect loss resulting
from inadequate or failed internal
processes, people and systems or from
external events.
This definition includes legal risk, but
excludes strategic and reputational risk.
Legal risk includes, but is not limited to
exposure to fines, penalties, or punitive
damages resulting from supervisory
actions, as well as private settlements

Financial risk
The probability of loss inherent in financing
methods which may impair the ability to
provide adequate return
Types of risk :

Asset-backed risk
Credit risk
Foreign investment risk
Liquidity risk
Market risk
Operational risk
Model risk

Hazard risk

A hazard is any source of potential damage, harm or adverse health effects

on something or someone under certain conditions at work
A common way to classify hazards is by category:
biological - bacteria, viruses, insects, plants, birds, animals, and
humans, etc.,
chemical - depends on the physical, chemical and toxic properties of
the chemical.
ergonomic - repetitive movements, improper set up of workstation,
etc.,
physical - radiation, magnetic fields, pressure extremes (high pressure
or vacuum), noise, etc,
psychosocial - stress, violence, etc.,
safety - slipping/tripping hazards, inappropriate machine guarding,
equipment malfunctions or breakdowns

Risk Appetite Setting

Risk appetite is the amount of risk on a broad level
an entity is willing to accept in pursuit of value.
It reflects the enterprise risk management
philosophy and in turn influences the entity culture
and operating style
Risk appetite is considered in strategy setting where
the desired return from a strategy should be aligned
with the entity risk appetite
Different strategies will expose the entity to
different level of risk and enterprise risk
management applied in strategy setting help the
management select a strategy consistent with the
entity risk appetite

Risk identification and

anticipation
Risk identification , management recognizes that
uncertainties exists but does not know whether an event
will occur or when or its precise impact should it occur.
The objective of risk identification is the early and
continuous identification of events that, if they occur, will
have negative impacts on the project's ability to achieve
performance or capability outcome goals.
They may come from within the project or from external
sources.
Risk identification is the process of determining risks that
could potentially prevent the program, enterprise, or
investment from achieving its objectives. It includes
documenting and communicating the concern.

Risk evaluation
Determination of risk management priorities through
establishment of qualitative and/or quantitative
relationships between benefits and associated risks.
Risk evaluation attempts to define what the
estimated risk actually means to people concerned
with or affected by the risk.
A large part of this evaluation will be the
consideration of how people perceive risks.
This provides an overview of the psychometric and
cultural approaches underpinning risk perception,
offering an insight into the reasons why risks are
perceived in different ways.

Risk treatment

Risk treatment involves identifying the range of options for treating risk, assessing
those options, preparing risk treatment plans and implementing them.
The options available for the treatment of risks include:
Retain/accept the risk - if, after controls are put in place, the remaining risk is
deemed acceptable to the organization, the risk can be retained. However, plans
should be put in place to manage/fund the consequences of the risk should it
occur.
Reduce the Likelihood of the risk occurring - by preventative maintenance,
audit & compliance programs, supervision, contract conditions, policies &
procedures, testing, investment & portfolio management, training of staff,
technical controls and quality assurance programs etc.
Reduce the Consequences of the risk occurring - through contingency
planning, contract conditions, disaster recovery & business continuity plans,
off-site back-up, public relations, emergency procedures and staff training etc.
Transfer the risk - this involves another party bearing or sharing some part of
the risk by the use of contracts, insurance, outsourcing, joint ventures or
partnerships etc.
Avoid the risk - decide not to proceed with the activity likely to generate the
risk, where this is practicable.

Business continuity and succession

management overview
Business continuance (sometimes referred to as business
continuity) describes the processes and procedures an
organization puts in place to ensure that essential
functions can continue during and after a disaster.
Business continuance planning seeks to prevent
interruption of mission-critical services, and to reestablish
full functioning as swiftly and smoothly as possible
Succession planning focuses on managing risk and
ensuring continuity across all levels of the organization risk of untimely departures of critical personnel, risk of
retirees taking their skills and knowledge with them and
leaving nothing behind, and risk of losing high-value
employees to competitors.