Development of risk management Unit 1.4
timeline of risk management
1995-2004: The introduction of risk management standards (frameworks) 2004-2017: COSO ERM Frameworks and ISO 31000
(RIMS) Enterprise Risk Management
A strategic business discipline that supports the achievement of an organisation's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.
HM treasury definition of risk management
All the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress.
ISO Guide 73 definitions of risk management
Co-ordinated activities to direct and control an organisation with regard to risk
Enterprise Risk Management
ERM takes a more integrated or holistic approach than more traditional risk management. When an organisation considers all of the risks that it faces and how these risks could impact its strategy, projects and operations, then the organisation is embarking on an enterprise risk management approach. An enterprise-wide approach has considerable advantages because it analyses the potential for disruption to the overall stakeholder expectation.
Trends in risk management
In the last few hundred years there was another significant trend towards: • More knowledge of causes and effects • Turning mystery and superstition into unknown uncertainty and then into known uncertainty, which moved onto people being able to measure risk using statistics
IRM definition of risk management
Process which aims to help organisations understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure.
Hopkins- RM
Risk management is the set of activities within an organisation undertaken to deliver the most favourable outcome and reduce the volatility or variability of that outcome.
LSE- RM
Selection of those risks a business should take and those which should be avoided or mitigated, followed by action to avoid or reduce risk.
Danger of risk management
there is a danger that organisations will become obsessed with risk management to the point that important decisions are not taken. At this point, it may be said that too much attention and concern about risk and risk management will cause the organisation to deform its operations.
Specialist areas of risk management
• Health and safety at work - one of the best known and specialist areas of risk management • Disaster recovery planning and business continuity planning • Quality management - very well-developed branch of risk management, given the high profile attached to quality management systems • Project risk management - emphasis on the management of uncertainty or control risks • Clinical/medical risk management - primarily concerned with patient care • Energy risk management - mainly concerned with the future price of energy and with exploration risk • Financial risk management - focuses on operational risks, as well as market, credit and other types of financial risks • IT risk management - management of and security of data
Risk management process- 8RS, 4TS
• Recognition of risks - identifying nature and materialising circumstances • Rating of risks - magnitude and likelihood to produce a 'risk profile' • Ranking against risk criteria - ranking the residual level against the risk appetite • Responding to significant risks - including the decision to tolerate or treat or transfer or terminate • Resourcing controls - introduce and sustain necessary control activities • Reaction (and event) planning - for hazard risks this includes disaster recovery or business continuity planning • Reporting and monitoring the risk performance, actions, events and issues • Reviewing the risk management system (Hazard Risk Management only)
Levels of risk management sophistication
• Unaware of obligations - INFORM • Awareness of non-compliance - REFORM (change) • Actions to ensure compliance - CONFORM (obey) • Achieve business opportunities - PERFORM • Inactivity caused by obsession - DEFORM (distort)