Please enable JavaScript.

Coggle requires JavaScript to display documents.

Risk control strategies - Coggle Diagram

- - - - the financial impacts of a loss event
      - the financial and non financial impacts of a loss event
- - - - Focus on addressing the cause of loss events and are a type of loss prevention tool
      - Preventative controls are designed to prevent things such as accidents, human error, misconduct or other sources of hazard or internal control fialure
      - Controls include
        
        Staff training
        
        PPE
        
        Asset maintenance
        
        Shredding confidentail documents
        
        Security arrangements
    - - Helps to correct the adverse consequences of a hazard or similar loss event that has occurred
      - Corrective controls are a type of loss reduction tool
      - Corrective controls include mechanisms to learn from loss events that have occurred such as post event investigations into what went wrong and why
      - Controls include
        
        Fire extinguishers
        
        Displicinary procedures
        
        Business continuity and recovery plans
        
        Data recovery procedures
        
        Occupational health arrangements
    - - Controls that are used to enforce desirable outcomes
      - From a hazard perspective, this might include the design and implementation of health and safety policies and procedures
      - Might include all of an organisation's policies and procedures that are related to risk management, governance or compliance
      - Other directive controls might include codes of conduct, instructions from line managers, or the roles and responsibilities assigned to employees within their job description.
      - Directive controls address the cause of loss events and are a type of loss prevention tool
    - - Controls help to indicate the onset of a hazard of subsequent loss event such as a fire or pollution
      - Detective controls may be used to highlight deficinies in preventive or directive controls that may influence their effectiveness
      - A detective control is a form of loss prevention tool where it helps to detect the causes of potential loss events and a loss reduction tool where it helps to detect the causes of potential loss events and a loss reduction tool where it helps to detect the occurrence of an actual loss event
      - By taking prompt action, an organisation may either help to correct the adverse effects of a loss event, or help to prevent future events by addressing weaknesses in preventive or directive controls
      - Detective controls
        
        Fire and burglar alarms
        
        Internal audits and compliance reviews
        
        Tests of business continuity and disaster recovery plans
        
        Health and safety inspections
        
        Inventory checks, to confirm that all equipment is in place and is in good condition
        
        Bank reconciliations to detect loss events such as fraud
  - - - Have a physical presence
      - Documented within a policy or procedure
      - They involve tangible sanctions
- - - - Organisational cash flows
      - Profit or surplus
      - The balance sheet, reducing assets or increasing liabilities
    - - The potential for a given loss event has not been identified (a failure in risk identification)
      - The full effects of a loss event are not understood (a failure in risk assessment)
      - There is a failure in risk transfer such as where an insurer disputes a claim or refuses to pay out in full
      - An organisation decides that the financial effects of a loss event are small enough to not require funding
- - - - 1. Signal detection: looking for early warning signs that a crisis could occur. This includes investigating near misses, IA findings and risk monitoring reports. It may also include looking at operational performance reports and external events in the wider world
      - 2. Preparation and prevention: where steps are taken to prepare for the occurrence of potential crisis events (often identified via scenario analysis) and to prevent these events by looking to control their causes
      - 3. Containment and damage control: where a loss event occurs that may or does not evolve into a crisis, steps must be taken to limit the adverse effects of this event. This may include implementing business continuity plans, communicating with key staff and stakeholders, working with the emergency services, or implementing a public relations plan to deal with any media interest
      - 4. Business recovery: it can take a long time to recover from a crisis but this duration can be reduced with effective recovery arrangements. These arrangements include quickly replacing lost assets and ensuring that funds are available to support the recovery
      - 5. Learning from the crisis: assuming that an organisation recovers from a crisis, it is imperative that lesson are learned from the experience to help prevent or reduce the effects of future crises. This might include implementing a post-event review of how the crisis was managed or finding ways to improve effectiveness of pre-crisis controls