2013

Assignment # 03 Muhammad Umer Khan

[IMPLEMENTATION

OF RISK MANAGEMENT AND EMERGING

TRENDS IN RISK MANAGEMENT

IMPLEMENTATION OF RISK MANAGEMENT AND EMERGING TRENDS IN RISK MANAGEMENT

INTRODUCTION
What is risk and risk management? According the PMBOK, Risk is an uncertain event that can be either positive or negative. Additionally, risk management is, the systematic process of identifying, analyzing, and responding to project risk. Risk management incorporates various processes. Models differ one example is Risk Planning, Identification, Qualitative Analysis, Quantitative Analysis, Response Planning, and Monitoring and Controlling. The successful implementation of risk management and recent trends are discussed next.

1. IMPLEMENTATION OF RISK MANAGEMENT

The risk management implementation roadmap is described at two levels: Process groups and Processes

Fig. 1. Risk Management Implementation Roadmap

1.1.ROADMAP PROCESSGROUPS The process group description, is used to demonstrate qualities of the risk management implementation roadmap. First, there are links between the process groups indicating that outputs from one group are inputs to the next group. Next, the roadmap is an iterative process, indicated by the feedback loops. The process groups given in figure 1 are briefly defined as follows:

Initiate Achieve commitment to a sound risk management practice. Plan Develop the risk management system (plans, processes, and tools) suited to the project or enterprise. Execute Install and begin using the risk management system. Control Measure and improve risk management performance. Close Celebrate project success, capture lessons learned, and identify need for continuedfacilitation.

1.2.IMPLEMENTATION PROCESSES The following is a description of the core set of common processes that are employed when establishing a risk management practice in an organization or an enterprise. 1.2.1. INITIATE RISK MANAGEMENT PRACTICE Initiation of the implementing risk management within an organization begins with a risk management expert, recognizing the benefit and taking action to see that the practice is implemented.The responsibility of this expert is to promote risk management and to gain commitment of the senior manager. Implementation of risk management changes the way an organization operates and change meets resistance for a number of reasons. This needs in fact a facilitator so that he reminds the past implementation processes and through his experience provides skills in conflict resolution, group interaction, and other similar skills to reduce organizational stress. 1.2.2. INSTILL RISK MANAGEMENT CULTURE Before introducing the risk management culture it should be realized that one cannot inculcate a risk management culture in a single step; however, the intent of this process is to provide initial awareness and understanding, followed by a desire to use risk management. This is accomplished by identifying a core team of individuals that are involved in the risk management implementation and providing them with necessary training. The training includes an explanation of risk management, why the organization is adopting it, the outcomes that are expected, and the individual roles and responsibilities. Effective training enables this core team to be positive change agents within the organization. 1.2.3. TAILOR RISK MANAGEMENT PRACTICE The first step in tailoring the risk management practice is identifying the organizations success criteria: goals, objectives, requirements, and constraints. The success criteria are analyzed to determine the consequences of non-achievement. This serves to prioritize the success criteria. Risks analysis criteria are devised that weigh the risk impact on the high-priority success criteria. Threats, or risk categories, are identified to determine the most likely sources of risk. Risk identification tools are developed to ensure that risks in these areas are targeted. In tailoring the risk management practice, one must also consider the organizations Key PerformanceIndicators (KPIs), which are used in risk analysis and risk control. For analysis, graduations in the KPI measures are used to gauge the risk tolerance of the organization. For example, low, medium and high risks. Within risk control, KPIs are also indicators of whether risk handling plans are effective or risks are being realized. KPI values, called triggers, are identified that indicate the need to re-plan the handling strategy or execute a contingency plan if reached. The implementing organization may have existing documentation that details the success criteria, threats, KPIs, organization structure, and decision-making processes. If not, then missing information is best gathered through

a Risk Planning Workshop. Once the information is gathered and assessed, the final product is a Risk Management Plan. The Risk Management Plan documents the goals of the practice, the risk management organization, roles and responsibilities, the risk management process, which forums are used to make risk decisions, and other practice details.

Fig. 2. The Risk Management Implementation Plan Process Detail

1.2.4. RISK MANAGEMENT IMPLEMENTATION PLANNING In the Risk Management Plan, the deliverables of the risk management implementation project are well-defined, and this makes it possible to finalize the Risk Management Implementation Project Plan. The Risk Management Implementation Project Plan details include activities to install the practice (tools and training), begin the practice (facilitated risk management), operate and maintain the practice, and continually improve the practice. The Risk Management Implementation Project Plan contains the following components:

-Risk management overview -Objectives -General approach and methodology -Imposed standards -Tasks and deliverables 1.2.5. INSTALLING RISK MANAGEMENT TOOLS

-Roles and responsibilities -Resources required -Consultant, Project control planning -Reporting requirements -Schedules Budget and training

Tools are required to support each step of the risk management process. Risk identification tools include questionnaires and analytical tools which focus on the threat areas. Risk analysis tools are qualitative and quantitative instruments based upon the KPIs. These same tools are also used to judge the predicted effectiveness of risk management implementation plans.

1.2.6. TRAIN PERSONNEL

Once the risk management process is defined and tools are deployed, it is time to roll-out the risk management practice to the workforce. This is accomplished through risk management training. The risk management training topics should include: -Risk management terminology

-Risk management concepts and principles -Expected benefits -Roles and responsibilities -Process elements -Tool application and demonstration
The training contributes to developing and maintaining a strong risk management culture.

1.2.7. FACILITATE RISK MANAGEMENT Once the risk management is tailored, tools are installed, and personnel are trained, the practice of risk management can be executed. The Risk Management Plan describes how this is to be accomplished. However, initiating the process can be a overwhelming task. There must be a way to facilitate specific process steps or to provide in-line support throughout the risk management lifecycle. Some organizations have internal resources available to provide facilitation. NASA Centers, for example, use Safety & Mission Assurance or Systems Management organizations to help perform practice elements. Proper facilitation reinforces training and establishes good practices.

1.2.8. IMPROVE RISK MANAGEMENT PRACTICE Once routine risk management practices are established in an organization, there is opportunity to assess the risk management implementation and make improvements. Such opportunities are identified through on-going monitoring and by conducting assessments at periodic checkpoints. Opportunities include improvements to policies, plans, processes, methods, and tools. Improvement may also involve ensuring consistency across all areas of an organization. Implementation of process improvements may lead to revisiting each step in the risk management implementation roadmap. 1.2.9. CAPTURE LESSONS LEARNED There are well-defined events that mark the termination of a risk management implementation project. Internal to an organization, a risk management practice may terminate at the end of a project phase, with a shift in business focus, or even with a change in organization leadership. This does not necessarily mark the end to risk management, but rather the beginning of a new risk management implementation project due to significant changes in the success criteria. At this point it is appropriate to capture lessons learned for use on the next project. These materials become a reference for future risk management implementation teams. Lessons learned are also useful in refining the risk management implementation; the documentation and shortcomings.

2. TRENDS IN RISK MANAGEMENT

To win in the marketplace, organizations must move faster, entering new markets, being more accessible to clients, launching new products and pricing more effectively. But as businesses innovate and compete, by default they must take on more risk. Those that succeed in that high-innovation environment must have better risk management capabilities. Consequently, across industries there is a movement of risk management activities and focus from the back office to the front office, from compliance and cost control to differentiation. Below are some of the recent trends are briefly discussed that can shape the risk management; 2.1.CHIEF RISK OFFICER AND CHIEF FINANCE OFFICER There was often a lack of consistency between chief risk officers (CROs) and chief financial officers (CFOs) across processes, systems and data in financial crisis. The two sides were speaking a different language and unintentionally creating challenges for the organization with conflicting priorities and messages. Today, some aspects of the crisis have helped to push the agendas together, and the trend is toward tighter alignment and collaboration between the CRO and CFO, resulting in more consistency across finance and risk.

2.2.THE IMPORTANCE OF CULTURE Many organizations leave risk appetite as a concept and fail to translate this into limits and specific direction. A risk culture is a set of guidelines and expectations from the top down on appropriate risk taking and decision making. Both the CRO and chief human resource officer should determine the proper training and discussions needed throughout the financial institution to ensure that all employees understand their roles in managing risk. 2.3.COMPLEXITY To manage the business, firms need risk management capabilities to support scenario planning and risk mitigation, and they need information based on more than just a finance or process perspective. They need to be able to look at different markets, customers and product lines in a more sophisticated manner. 2.4.GEOGRAPHICAL SHIFT Another change that has taken place is that risk management best practice is no longer concentrated in the usual regional centers. Global Risk Management research shows that more than 90 percent of Latin American firms have existing enterprise risk management programs in place, compared to only 52 percent of European companies and 60 percent of North American ones. Also, 90 percent of Latin American firms foresee significant or moderate increases in risk management spending, compared to only 82 percent of companies in North America and Asia Pacific. 2.5.TECHNOLOGY AS AN ENABLER

Over the years, data volumes, along with regulatory and business requirements, have driven organizations to take a leading position in technology, developing new features and sophisticated, automated solutions that cover more countries and business activities. However, these requirements have also progressively contributed to a dramatic increase in IT costs as demands have become more complex and the resulting systems more diverse. The important technological change designed to meet the increasing demands is in the way that the application architecture is built which is layer-by-layer. Each layer carried a function and interfaced with the others through transformational rules, lead times, shortcuts, complex reporting rules, and so on. However, that horizontal structure is changing to something much more vertical. Consequently, individual pieces of information will be able to be gathered from the bottom up, elevating the reporting lines and data governance where necessary. 2.6.PARTNERSHIPS This is beyond the traditional in-house versus outsourcing debate. Given the levels of complexity faced by financial institutions, firms are likely to have little choice other than to partner in new ways, including traditional competitors and peers, as well as IT and change specialists. Given the recent level of investment in risk management, it will be critical for CROs to demonstrate the benefits and tie the outcomes from risk management projects more directly to business outcomes and tangible cost reductions. To achieve this, many organizations are more actively seeking collaboration. 2.7.REGULATION AS A STRATEGIC BUSINESS INPUT Compliance and regulation have always been key drivers in terms of defining budgets. However, this has resulted in many organizations making significant investments in projects for specific regulations only to have an ROI based on ticking the regulatory box. Having done that for four or five regulatory waves, it's now time to implement an integrated risk management framework more appropriate for the strategic business needs. 2.8.HARMONIZATION OF TECHNOLOGY Many financial institutions are looking to consolidate vendor applications, particularly in areas such as data warehousing, the applications themselves (e.g., the risk calculation engines), and reporting or business intelligence environments. Pressures on margins, the high cost of technology and burgeoning regulation mean that firms are searching for competitive differentiation by moving from compliance to performance and adopting more effective and efficient risk management practices. Technology is playing a key role as an enabler for this transformation, driving demand for new architectures and high-performance computing. However, technology alone is not going to deliver the desired outcomes. Culture and collaboration are also critical success factors. Ultimately, successful organizations will look beyond regulation and cost-reduction and view risk management as a strategic element of their value chain, delivering sustainable growth and innovation.