Please enable JavaScript.
Coggle requires JavaScript to display documents.
RISK MANAGEMENT - Coggle Diagram
RISK MANAGEMENT
RISK & RISK MANAGEMENT
DEFINING Risk and Risk Management
Risk is an ever-present muôn thủa issue that every organization faces, regardless of size or industry.
RISK definition
- ISO: Risk is "the effect of uncertainty on objectives" can have a positive or negative impact to the objective
:!: Effects all aspects of project: on org's strategic success & survival,the mission to support better senior management decisions, budget, schedule, scope, the agreed level of quality, and so on...
:check: Know risk we can
- Increase probability of positive event
- Reduce the occurrence of negative event => Risk taken must align with strategic goals
RISK MANAGEMENT definition
- Is the identification, assessment, &prioritization of risks, & the application of resources, accordingly, to minimize, monitor, & control their probability & impact.
- ISO: Risk management as "coordinated activities to direct and control an organization with regard to risk"
- to change the probability of a risk event occurring and/or the degree of its impact on the organization’s objectives
CATEGORIES of Risk
Thinking about categorizing risks increases awareness of the overall characteristics of risk
KNOW-UNKNOW
KNOWS - KNOWS = MORE knowledge about occurrence + MORE knowledge about impact
- are events that are to be expected and so involve little uncertainty
KNOWS - UNNKNOWS = MORE (LESS) knowledge about occurrence + LESS (MORE) knowledge about impact
- are uncertainties that we know exist but we don’t know much about their probability or impact.
- risks we mistakenly think we understand.
UNKNOWS - UNKNOWS = LESS knowledge about occurrence + LESS knowledge about impact
- are risks that we don’t know exist. They are the events that “blindside” an organization (or individuals or entire cultures).
:!: Nassim Taleb’s “black swan” theory: are unforeseen “outlier” events that are extremely rare, have a major impact, and, when viewed in hindsight, are reasonably predictable
-
ENTERPRISE RISK
- STRATEGIC: risks that affect the organization’s ability to achieve its objectives
- OPERATIONAL: risks that affect the myriad vô số ways in which the organization creates value
- FINANCIAL: risks that affect the accuracy and timeliness of information about the organization’s financial performance and condition
- HAZARD: risks that have the potential to cause physical harm to property or people (for example, an illness or injury) in the immediate and long term
IN HR CONTEXT
STRATEGIC:
- Sources: Investment, Innovation, Competitive behavior, Consumer behavior, Partners, Employee engagement and diversity
- HR responsibilities: Workforce management, Talent management, Employee engagement, Management of HR function,Continuity of HR function
- HR process are: Recruitment, Succession planning, • Training and development, Employee communication, Reward system, Complaint resolution, Contingency planning
OPERATIONAL
- Sources: Sustainability, Supply chain, Data privacy, Process efficiency and effectiveness, Insufficient resources
- HR responsibilities: Performance management, Leadership development, Training and development, Job design
- HR process are: Workplace safety, Global assignments, Employee relations, Benefits administration, Contingency planning
FINANCIAL
- Sources: Growth of assets, Misappropriation of assets
- HR responsibilities: Measuring and reporting workforce data
- HR process: Technology, Data privacy, Analytics and decision support
HAZARD
- Sources: Natural, environmental, and elemental causes, Injury and illness, Health and safety, Employees, partners, contractors, suppliers
- HR responsibilities: Communication of safety procedures; Hazard assessments, job hazard analyses, HR audits; Duty of care
- HR process: Communication with employees, Contingency planning, Workplace safety
BENEFIT & BARRIER to HANDLING RISK
Risk management can benefit an organization in a number of interrelated ways when resources are effectively deployed to balance risk and support organizational goals.
BENEFITS
- LMS
- Embedding certain risk management strategies into the culture of the organization will positively impact customer satisfaction, reputation, and employee engagement
- Strong risk management strategies will enable HR to identify and avoid potential financial risks
- Organizations that implement rigorous risk management plans and strategies can enhance their attractiveness to prospective employees and customers and can become Certified B Corporations
- Compliance goes hand in hand with risk management.
- CLinh
- A systematic approach to risk management
- More effective respond to risk
- More consistent response to risk across the org; the same criteria & processes are applied, which yields bày ra greater predictability and control
- Losses are reduced, and the org's resource are not wasted. Opportunities are more readily identified, siezed nắm bắt, and enhanced
- The interralationship & possible interactions of risk across the org can be understood & managed
BARRIERS
- STRUCTURE. Organizations that are structured in a silo fashion tend to respond to risk in an operational rather than strategic manner.
- COGNITIVE nhận thức. Managing risk effectively also requires imagination and openness to change. try new approaches to managing risk; if-then (đến lúc đó thì…) → passive (bị động) vs what-if (nếu chuyện đó xảy ra thì….) → active (chủ động)
- CULTURE. The cultural barriers ultimately involve what types of mindsets are sought tìm kiếm, instilled thấm nhuần, and rewarded
:check: The org needs to cultivate a culture to manage risk, clearly communicate risk position & appetite khẩu vị, the discipline of risk management.
:check:They must create risk awareness and risk intelligence throughout the organization; must encourage, reward the right attitude of risk management
ISO risk management APPROACH
In its Standard 31000, ISO has articulated 11 principles for risk management that allow an organization to assess its ability to manage risk and its level of risk management maturity.
ISO 31000 Principle of An effective risk management program
- Create and protect value
- Be an integral part of all organizational processes.
- Be part of decision making.
- Explicitly *rõ ràng *address uncertainty.
- Be systematic, structured, and timely.
- Be based on the best available information.
- Fit an organization’s risk and control environment.
- Take into account human and cultural factors.
- Be transparent and inclusive.
- Be dynamic, iterative lặp đi lặp lại, and responsive to change.
- Facilitate continual improvement of the organization.
FREAMWORK that supports the creation of a risk-aware and risk-intelligent culture.
- INTERGATION: Management commitment to risk management and clear direction that risk management is part of the organization’s strategy and culture.
- DESIGN of a framework for managing risk that includes the organization’s governance layer of explicit policies and processes designed to fulfill those policies.
- IMPLEMENTING risk management to determine the management approach for specific risks. This part of the framework includes a risk management process.
- EVALUATION Periodic monitoring and review of the framework to make sure that it is delivering on the goals of risk management.
- Continual IMPROVEMENT of the framework, which could involve realigning the framework to a new organizational strategy for risk management, making the framework more responsive to emerging risks, increasing awareness of and experience with new management approaches, and improving auditing tactics.
Risk management PROCESS
2 DIMENSION AT ALL PROCESS
- COMMUNICATION & CONSULTANT
:check: underscores nhấn mạnh the need to include internal and external stakeholders at all stages of the risk management process
:check: make risk identification and analysis more complete and balanced and help make sure that controls are designed to work in their intended environments.
:check: creates ownership in control plans and makes the risk management process more sustainable.
- MONITOR & REVIEW
:check: help make sure that risk management strategies are aligned with overall strategy, are following defined policies and processes, and are effectively and efficiently meeting the goals established for the management of each identified risk.
PROCESS ISO 31000
- ESTABLISTING THE CONTEXT OF RISK
- Define risk appetite & set risk management goal
- IDENTIFY & ANALYZE RISKS
- Gather information in order to accurately evaluate and prioritize risk
- MANAGE RISK
- Adopt and implement risk responses appropriate to each risk
- EVALUATION
- Audit risk controls, review effectiveness and monitor for changes in risk
Phase 3: MANAGING RISK
TACTIC
UPSIDE >< DOWNSIDE BY 4 APPROACH
ELIMINATE UNCERTAINLY: OPTIMIZE >< AVOID
the organization or function takes steps to guarantee that positive risk events will happen and negative ones will not happen
REDEFINE OWNERSHIP: SHARE >< TRANSFER
Ownership in this case refers to responsibility for financial costs and operations
- SHARING means that another party will be brought in to help maximize the upside potential of an uncertain event.
- TRANSFERING means that a third party, frequently an insurer, will bear financial losses, obligations, or, possibly, liabilities in exchange for a fee
EMOLOYEE LEVERS TO INCREASE OR DECREASE EFFECT: ENHANCE >< MITIGATE
- ENHANCING involves increasing the probability that an opportunity will materialize thành hiện thực.
- MITIGATING aims at reducing the probability that a risk will occur or decreasing the negative impact it will have
:!: enhancement and mitigation efforts can be expensive.
TAKE NO ACTION: IGNORE >< ACCEPT
an organization decides to ignore or pass up possible opportunities, or to accept the occurrence of a threat
OTHER CONCEPTS
- AVOIDANCE. The decision not to become involved in or action to withdraw from a risk situation.
- REDUCTION. The actions taken to lessen the probability, negative consequence, or both associated with a risk.
- SHARING. Sharing with another party the burden of loss or benefit of gain for a risk. Risk sharing can be done through insurance or other agreements.
- RETENTION. The acceptance of the burden of loss or benefit of gain for a risk.
-
-
-
-
-
-