IRM M1 U1.3 Importance of ERM for organisations Flashcards
Why is risk management important
Positive ROI
Purpose of risk management
Consistency of decision making
Increase confidence
Retain brand / reputational value
Improve working relationships
Increase ability to hit strategic targets
Improve Transparency of risk culture
Ocado’s risk management process is designed to improve the likelihood of delivering our business objectives, protect the interests of our key stakeholders, enhance the quality of our decision making, and assist in the safeguarding of our assets, including people, finances, property and reputation.
They explain that their risk management process: is designed to identify key risks and to provide assurance that these risks are understood and managed in line with the agreed risk appetite.
Benefits of risk management
Strategy; Align risk appetite & strategy; Link growth, risk & return
Governance; - Comply, Improve governance
Org performance; - Increase likelihood of meeting org objective; Improve org resilience, minimise Ops lossess
People - Improve org learning, Optimise allocation of resources
The EY (2019) paper on “Why risk-informed decision-making matters” highlights
a risk informed strategy should be a Board priority, with the C-suite expecting ERM (Enterprise Risk Management) to play an increasing role in setting and implementing an organisation’s strategy.
been a disconnect between the ERM programme and strategic planning, ERM is not able to add value to an organisation as it is not informing business decision making, or ensuring limited resources are allocated to the principal risks.
The EY ‘Board priorities 2022’ report considers
that boards should start to focus their attention more on the fast-evolving business environment, and at the same time keep an eye on emerging risks rather than limiting their and their audit committee’s focus on financial reporting.
Risk and reward. Ex. Launch of a new product
Risk can be desirable and deliver benefits or rewards. A business will launch a new product because it sees opportunities from the successful marketing of that product. In undertaking the launch, the organization will allocate resources which may be wasted if the launch is not successful. These resources represent the value at risk and need to be within the risk appetite of the organization.
Risk management effort should produce rewards.
hazard risks, that reward will be fewer disruptive events in
project risks, the reward for increased risk management effort will be that the project is more likely to be delivered on time, within budget and to specification/quality.
For opportunity risks, risk management should result in a higher rate of successful new products launches or (at worst) a lower level of loss for all new activities or new products.
Attitudes to risk ISO
Risk attitude is the organization’s approach to assess, pursue, retain or avoid risks
Some organizations may be considered to be risk averse, whilst others will be risk aggressive.
Risk attitude vs Risk appetite
Risk attitude indicates the way the organization perceives the likelihood and impact of uncertainty (including what it can do about the uncertainty). Risk appetite indicates the amount of risk an organization is willing to seek or accept in pursuit of its long-term objectives
Risk management and the bow-tie
Sx. Kitchen Fire
The most popular method of analysing a risk is using a bow-tie.
A bow-tie is a simple way of analysing a risk to gain a greater understanding. The first stage is to put the risk description into the middle box. The causes of the risk then need to be recorded along with factors to influence its impact. This can be either preventive controls to minimize a threat or actions to optimize an opportunity. A hazard is used as an example in the figure below. The impact of the risk is also considered. This enables the identification of response controls to lessen the impact of the risk, should it occur
5 objectives of RM?
A
MADE2!
MANDATORY obligations are met
ASSURANCE that significant risks are being managed
DECISIONS are properly considered re risk
EFFECTIVE STOC processes
EFFICIENT STOC processes
What RMS tools used to achieve?
Risk management tools and techniques should be used to achieve the following:
compliance management provides risk governance;
hazard management makes outcomes less negative;
control management reduces the range of possible outcomes;
opportunity management maximizes the benefits of possible outcomes.
The most important point to make is that the support of senior management and (ideally) the sponsorship of the board are essential.
