Risk Management

Name the second 6 Principles of Operational Risk Management!

7. Risk management is a part art, part science 8. Models are always only part of an overall risk management approach and must include common sense 9. Complexity is the enemy of speed and responsiveness: try hard for simplicity 10. Self-management and leadership with regard to a culture of open communication based on "experience" and know-how are increasingly challenging: Ban knowledge-hoarders and turn knowledge-givers into heroes as part of evaluation/incentive process 11. Responsible control/compliance/risk culture is as important as the most sophisticated quantification 12. Successful risk management is primarily the result of the capacity, aptitude and attitude of the people involved: people shape the culture, reputation and brand equity

What are the Organizational Models for Managing Risks?

A survey identified 3 generic organizational models for Operational Risk management: - A head office operational risk function - A dedicated but decentralized support - Internal Audit playing a lead role in Operational Risk Management

Define Project risks!

- They threaten the project plan - If they become real, it is likely that the project schedule will slip and that costs will increase

Define Technical Risks!

- They threaten the quality and timeliness of the software to be produced - If they become real, implementation may become difficult or impossible

Explain the third dimension for rating risks - proximity!

Immediate - now Less than 6 months Between 6-12 months Between 12-24 months Between 24-36 months More than 36 months

What are Reactive Risk Strategies?

- "Don't worry", I'll think of something" - The majority of software teams and managers rely on this approach - Nothing is done about risks until something goes wrong -> The team then files into action in an attempt to correct the problem rapidly (fire fighting) - Crisis management is the choice of management techniques

What is the definition of Risk?

- A Risk is a potential problem - it might happen and it might not - Risk regarding the possibility of loss can be especially problematic - If a loss is certain to occur -> It may be planned for in advance and treated as a definite, known expense - When there is uncertainty about the occurrence of a loss -> Risk becomes an important theoretical as well as practical problem

Name the Form of Risk Appearance!

- Company Risk - Risk in finance - Medical risk - Political risk - Social risk - Reputation Risk

Name the Risk categories in Business!

- Force Majeure Risk (Natural Disaster, Illness) - Political and Economic Risk (laws & regulations) - General Business Risk - Operational Risk (failure of employees, calculation) - Evaluation Risk - Commercial Risk - Reputation Risk

What are the Major Areas of Risk in Business?

- Interest Rates - Foreign exchange rates - Supply of service/product/resources - Demand/uptake for service/product/resources - The economy - The weather - The stock market

In which types can risks be prioritize?

- Likelihood of a risk event occurring - Risk Impact: Level of damage that can occur when a risk event occurs

What categories of risks exist?

- Project risks - Technical risks - Business risks - Sub-categories of Business risks - Known Risks - Predictable risks - Unpredictable risks

How are risks classificate?

- Referring to probabilities - Referring to the extend of negative impact

Define the Risk Management Basics!

- Risk (uncertainly) may affect the achievement of objectives - Effective mitigation strategies/controls can reduce negative risks or increase opportunities - Residual risk is the level of risk after evaluating the effectiveness of controls - Acceptance and action should be based on residual risk levels

What is the conceptual definition of risk?

- Risk concerns future happenings - Risk involves change in mind, opinion, actions, places, etc. - Risk involves choice and the uncertainty that choice entails

What are Proactive Risk Strategies?

- Steps for Risk management are followed - Primary objective is to avoid risk and to have a contingency plan in place to handle unavoidable risks in a controlled and effective manner

Define Business Risks!

- They threaten the viability of the software to be built - If they become real, implementation may become difficult or impossible

Name the 4 Steps for Risk Management!

1) Identify possible risks; recognize what can go wrong 2) Analyze each risk to estimate the probability that it will occur and the impact (i.e., damage) that it will do if it does occur 3) Rank the risks by probability and impact -> Impact may be negligible, marginal, critical and catastrophic 4) Develop a contingency plan to manage those risks having high probability and high impact

Name the first 6 Principles of Operational Risk Management!

1. Risk is uncertainty about future results 2. The 6 S's for the systematic mental discipline of an organization: the logical sequence. -Strategy -structure -system -systems -safety -speed 3. Clear culture, allocation of responsibility and accountability and discipline are basic preconditions 4. Rigorous measures in case of non-compliance/breaches 5. Completeness, integrity and relevance of data/systems/information as basis 6. Risk management is a tenacious process not a program

Explain Risk Impact!

Level of Damage that can occur when a risk event occurs Very high: Threatens the success of the project High: Substantial impact on time, cost or quality Medium: Notable impact on time, cost or quality Low: Minor impact on time, cost or quality Very Low: Negligible impact

Explain Likelihood!

Likelihood of a risk event occurring Very high: Is almost certain to occur High: Is likely to occur Medium: Is as likely as not to occur Low: May occur occasionally Very Low: Unlikely to occur

Define the Sub-categories of Risks!

Market risk: building an excellent product or system that no one really wants Strategic risk: building a product that no longer fits into the overall business strategy for the company Sales risk: building a product that he sales force doesn't understand how to sell Management risk: losing the support of senior management due to a change in focus or a change in people Budget risk: losing budgetary or personnel commitment

Name the Attitudes towards risk!

Risk proclivity: - Preferring risky outcomes Risk neutrality: - Do not reflect on risk; not being influenced by different risks Risk aversion - Preferring save outcomes

Explain why Risk Management is critical to all levels of decisions!

Risks can be categorized into three types. The amount of risk (uncertainty) varies with the type of decisions. Most decisions are concerned with implementation.

Define Predictable Risks!

Those risks that are extrapolated from past project experience (e.g., past turnover)

Define Unpredictable Risks!

Those risks that can and do occur, but are extremely difficult to identify in advance

Define Known risks!

Those risks that can be uncovered after careful evaluation of the project plan, the business and technical environment in which the project is being developed, and other reliable information sources (e.g., unrealistic delivery date)

Name the two characteristics of risk!

Uncertainty: the risk may or may not happen, that is, there are no 100% risks Loss: The risk becomes a reality and unwanted consequences or losses occur