1

3
2

loading
.
Che Wan Ahmad Bin Che Wan Sudin
Risk Manager

RISK MANAGEMENT RISK

MANAGEMENT RISK
MANAG MANAGEMENT
RISK MANAGEMENT RISK
MANAGE MANAGEMENT
RISK MANAGE

Enterpri
se

EVEN I AM
BUMBLEBEE I STILL
CANT AVOID FALL
DOWN. SO, PLAN
THE RISK!!!

Management

Strategic Objectives and Risks

Steps in Implementing ERM

Risk assessment looks at the impact of potential
risk on achievement of objectives.
Management should assess events from two
perspectives likelihood and impact and
normally uses a combination of ___________ and
__________ methods.
The positive and negative impacts of potential
events should be examined, individually or by
category, across the entity.
Potentially negative events are assessed on both
an inherent and a residual basis.

Steps in Implementing ERM

Steps in Implementing ERM

This is the phase where you rank the risks youve
identified.
Things to remember
Perform Qualitative Risk Analysis is subjective
What is the probability of the risk occurring? High,
medium, low? 1-10?
What is the impact if the risk does occur? High,
medium, low? 1-10? What is the financial impact, are
the consequences positive or negative?
* the earlier you know about risk, the better prepared
you will be

Steps in Implementing ERM

Tools and Techniques of Qualitative Analysis
Risk Data Quality Assessment What is the
quality of
the data used to determine or assess
the risk? Think about the following
Extent of the understanding of the risk
Data available about the risk
Quality of the data
Reliability & Integrity of the data
Probability & Impact Matrix a matrix that
creates a consistent evaluation of high, medium, or
low for your projects..

Steps in Implementing ERM

Tools and Techniques of
Qualitative Analysis
Risk Categorization Which of
your categories has more risk than
others? Which of your work packages
could be most affected by risk?
Risk Urgency Assessment
Which of your risks could occur soon,
or require a longer planning time?

Steps in Implementing ERM

Prioritize Risks

Steps in Implementing ERM

Steps in Implementing ERM

Prioritize Risks

Steps in Implementing ERM

Risk Assessment

Steps in Implementing ERM

Outputs of Perform Qualitative Risk Analysis
Risk Register Updates
Risk ranking for the project compared to other projects
List of prioritized risks and their probability and impact
ratings
Risks grouped by categories
List of risks requiring additional analysis in the near
term
List of risks for additional analysis and response
Watchlist (non-critical risks)

Trends

Steps in Implementing ERM

Steps in Implementing ERM

Steps in Implementing ERM

Risk management where you conduct
numerical analysis
Things to remember
Quantitative analysis is used to.
Determine which of your risks should
have a response plan
Determine overall project risk
Determine the probability of delivering
your project objectives

Steps in Implementing ERM

Tools and Techniques of Quantitative Analysis
Sensitivity Analysis Which risks will have the most impact on
the project?
Monte Carlo Analysis A technique that uses simulation to show
the probability of completing your project on time and within budget.
Determines the overall risk of the project, not the task
Determines the probability of completing the project on a specific
day and for a specific cost
Used to evaluate the impact to your schedule and budget
Due to the complicated mathematical computations used, Monte
Carlo analysis is usually done with a computer program
* Perform Quantitative Risk Analysis is a numerical analysis

Steps in Implementing ERM

Steps in Implementing ERM

Tools and Techniques of Quantitative Analysis
EMV Expected Monetary Value
Example

Steps in Implementing ERM

Tools and Techniques of Quantitative Analysis
EMV Expected Monetary Value
Example
High winds: 35% x -48 = -16.80
Mudslide: 5% x -750 = -37.50
Wind generator: 15% x 800 = 120.00
Truck rental: 10% x -350 = -35.00

EMV = -16.80 + -37.50 + 120.00 + -35.00 = -30.70

Exercise

1. Calculate the EMV for each of these three risks.

2. If these are the only risks on the project, calculate the
total EMV.
3. The latest weather report came out, and there is now a
20% chance of unseasonably warm weather. Whats the new
EMV for the project?
4. Now the cost of replacement rations goes up to $150.
Whats the new EMV for the project

Steps in Implementing ERM

Outputs of Perform Quantitative Risk Analysis
Risk Register Updates
Prioritized list of quantified risks
Amount needed for contingency reserves for time and cost
Confidence levels of completing the project on a certain
date
for a certain amount of money
The probability of delivering the project objectives
Trends - risk management is an iterative process; as you
repeat the process you can track your overall project risk
and
determine the trend (if you are decreasing or
increasing the
level of risk on your project)

Steps in Implementing ERM

Steps in Implementing ERM

Risk Response
Management selects risk responses
avoiding, accepting, reducing or
sharing developing sets of actions
to align risks with the entitys risk
tolerance and risk appetite

Steps in Implementing ERM

Steps in Implementing ERM

Having assessed relevant risks,
management determines how it will
respond.
Responses include risk avoidance,
reduction, sharing and acceptance.
In considering its response,
management considers costs and
benefits, and selects a response that
brings expected likelihood and impact
within the desired risk tolerances.

Steps in Implementing ERM

This is the phase of risk management where you decide how you will
respond to your most important risks
Risk Response Strategies
Threats
Avoid remove the cause of the risk so that it never materializes
Mitigate reduce the probability and or impact of the risk
Transfer transfer the risk to another party; usually done with
insurance, performance bonds, warranties, guarantees or outsourcing
the work.
Opportunities
Exploit make sure the opportunity occurs, you can add work or
make a change to the project
Enhance increase the probability and or positive impact of the risk
Share share the opportunity with a third party to be able to take
advantage of the opportunity

Steps in Implementing ERM

Risk Response Strategies
For both Threats & Opportunities
Accept
Active acceptance preparing a
contingency reserve of cost or time
reserves in case the risk does happen
Passive acceptance preparing for the
dealing with the effects of the risk after
the risk has occurred

Exercise

Exercise

Exercise

Exercise

Steps in Implementing ERM

Outputs of Risk Response Planning
Project Management Plan Updates Changes made due to risk
management will be changes made to the project and should be
updated in the project management plan
Updates to Risk Register
Residual Risks risks that are left over after Plan Risk
Response
Contingency Plans plans of action in case the risk does occur
Risk Response Owners the person on the team responsible
for monitoring the risk, risk triggers, developing a response
strategy, and implementing the strategy should the risk occur
Secondary Risks new risks that result from the
implementation of the contingency plans for the primary risks

Steps in Implementing ERM

Outputs of Risk Response Planning
Updates to Risk Register
Risk Triggers early warning signs that there is a high
probability the risk will occur
Fallback Plans a secondary contingency plan, in case the
contingency plan does not work or is not effective
Reserves
Contingency reserves - covers the cost for known unknowns
discovered during risk management; covers the residual risks.
The contingency reserve is calculated and made part of the
baseline.
Management reserves these are estimated and made part of
the project budget, not the baseline. Management approval is
needed to use the management reserve.

Steps in Implementing ERM

Steps in Implementing ERM

Control Activities
These are policies and procedures that
are developed to ensure the risk responses
are carried out. These activities occur
throughout the entity, at all levels and in
all functions. They include approvals,
authorisations, verification, reconciliation,
review of performance, performance
indicators and segregation of duties.