Beruflich Dokumente
Kultur Dokumente
Publication Year
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
0
10
Rank
20
30
40
50
• Practitioner’s perspective
• Case-studies
• Interactive
• Participative
Session 1
What is Risk
Session 1: Overview
• What is risk?
• What is risk management?
• Why do we need it?
• Understanding the basics
– Definitions
– A typical Risk Management Framework
– Who’s involved?
TASK
You only find out who is swimming naked when the tide goes out.
WARREN BUFFETT, Chairman’s Letter to shareholders of Berkshire Hathaway Inc, 2001
Why do we need Risk Management?
• Increases risk awareness – What could affect
the achievement of objectives? What could
change? What could go wrong? What could
go right?
• Increases understanding of sensitivities. What
makes my risks increase/decrease/disappear?
• Promotes an open and transparent risk
culture – It’s safe to talk about risk.
• Develops a common and consistent approach
to risk - not intuition-based.
24
Why do we need Risk Management?
• Allows intelligent “informed” risk-taking
• Focuses efforts – helps prioritize. Top 10 list.
Or top 3. Or…
• Proactive not reactive – Prepare before things
happen.
• Helps achieve objectives (corporate, college,
unit etc)
• Enables accountability, transparency and
responsibility
• Can reduce the impact and provide assurance
if things do go wrong – we were responsible
not blind
• It’s good management …
25
Why do we need Risk Management?
For example:
• A few definitions
• Who’s involved?
Understanding the Basics: Definitions
Risk Source
Risk Levels
Risk Owner
Risk Manager
Impact
Likelihood
Identify Assess
Monitor
and Mitigate
• Risk Register
• Regular Reviews
Report • Risk Treatment
• Avoid
• Key Risk Indicators
• Transfer
• Incident
• Control / Contain /
Management
Reduce
• Audit
• Accept
• Board
Who is involved in Risk Management
in Universities?
Board
Senior Management / Executive
Planning Office
Finance Office
Middle Managers
Programme and Project Managers
Everyone
But with different responsibilities
depending on the risk level
Risk owners and risk managers
• Risk owners
– Usually members of executive
– Regular review of risk, receiving information from risk
managers
– Place risk in context of risk policy, audit advice
– Proactively manages changes to risk likelihood, impact,
appetite for their risks
• Risk managers
– Usually senior/middle management
– Closer to operational activity – see changes in risk in
daily work
– Identify mitigating activities – ensure they occur
– Advise risk owners
Elements of Risk Management Framework
Board Top-Down Integrated Board / Executive Reporting
Strategic Risk (monthly/quarterly) ‘Watch List’ of risky business
initiatives
Assessment
Key
KeyRisk
Risk&
&Mitigation
Mitigation
(annual) Reporting Key overall risks &
Reporting
adequacy of mitigation
Centre
Risk
Riskembedded
embeddedinin
Strategic
StrategicPlanning
Planning
Current & Future Risk Profile Feedback &
(monthly / quarterly) Actions
Executive High-level SWOT/STEP
Integration Action
& Strategic Risk Integration of
ofStrategic
Strategic&
& Action
Register Operation-wide
Operation-wideReviews
Reviews Planning
Planning
Planning Board understanding of Level of risk, mitigation effectiveness,
Coordinated
mitigation plan &
Office risk appetite Assessment of impact on overall risk profile action tracking
Senior
Managers Bottom-Up Collated operational risk reporting
Operations, Projects
Collation
Collation of
of
Operational
Operational RiskReviews
Risk Reviews
Middle
Managers
Operations
Operations Programme
Programme& &Project
Project Functional
FunctionalSupport
Support
Risk
RiskReview
Review Risk
RiskReview
Review Risk
RiskReview
Review
Operations risk reporting Programme & project risk reporting Functional risk reporting
with mitigating actions (quarterly) with mitigating actions (monthly) with mitigating actions (quarterly)
What makes for effective Risk
Management?
• Commitment from Senior Staff
• Integral to management practices
• Embedded in strategic and operational planning
• Open communication
• Appropriate ERM system
• Clear responsibility & accountability
• Normal part of program & project management
Note:
These are all characteristics of a mature
organization.
Have you been listening?