Introduction to

Risk Management

Kannan Subbiah
Director, Operations
Knowledge Universe Technologies India
1

Objectives
Understanding Risk
Risk Management as a process
Exercise
Q&A

How to learn Risk Management?

http://www.youtube.com/watch?v=laKprX-HP94&feature=related

What is a Risk?
A risk is ANYTHING that may affect the achievement
of an organizations objectives.
It is the UNCERTAINTY that surrounds future events
and outcomes.

It is the expression of the likelihood and impact of an

event with the potential to influence the
achievement of an organizations objectives.

Alternatively
Risk is a potential event with negative consequences that
had not happened yet
Could also be an event with positive consequences

A possibility of loss not the loss itself

A source of problem
Find the root cause and not the leaves

Something that makes the project special

In the widest sense, everything is a risk
Helps identify better ways of handling problems
5

Why do we need Risk Management?

The only alternative to risk management is crisis management --- and
crisis management is much more expensive, time consuming and
embarrassing.
JAMES LAM, Enterprise Risk Management, Wiley Finance 2003

Without good risk management practices, government cannot

manage its resources effectively. Risk management means more
than preparing for the worst; it also means taking advantage of

opportunities to improve services or lower costs.

Sheila Fraser, Auditor General of Canada

How does Risk Management help?

Increase risk awareness & understanding

Allows intelligent informed risk-taking.
Focuses efforts helps prioritize.
Is proactive. not reactive Prepare for risks
before they happen.
Improve outcomes achievement of objectives
Enables accountability, transparency and
responsibility
And maybe even mean survival

Key Terms
Risk Exposure to chance of hazard
Risk Level A measure to represent the significance of the risk
Controls Action(s) that could eliminate or reduce the risk level

Residual Risk Risk level after implementing controls

Risk Response An action on the risk, whether to accept, or
not to accept

Exercise - I
Think of a risk in your daily life
Determine the probability of occurrence
Make an assessment of an impact, if it occurs.

Who is involved?
Customer
End user
Project Team
Senior Management
Related Project teams
Vendors and suppliers

10

When?
A continuous process
Starts from proposal stage
Ends on project completion

Review stages
Business case analysis
Project approval
Project planning
Technology, Tools & Vendor selection
Project status reviews
Deployment and Maintenance

11

Risk Management Basics

Risk (uncertainty) may affect the achievement of

objectives.

Effective mitigation strategies/controls can reduce

negative risks or increase opportunities.

Residual risk is the level of risk after evaluating the

effectiveness of controls.

Acceptance and action should be based on residual

risk levels.

INHERENT
12

A Simple Framework
Step 1

Establish
Objectives

Step 2

Identify
Risks &
Controls

Step 3
Assess
Risks &
Controls

Step 4

Evaluate
& Take
Action

Step 5

Monitor
&
Report

Communicate, learn, improve

13

Risk Identification Techniques

Brainstorming
Interviewing

Root cause analysis

Checklists

SWOT

14

Risk Management is critical to ALL levels of

decisions
UNCERTAINTY
Strategic Decisions

Stra

tegic

Decisions transferring
strategy into action

Prog
ramm

tegic
Stra

m
gra
Pr o

me

Decisions required for

implementation

Pr o
ject

&O
per
a

tion
al

ject
Pr o

a
per
&O

al
tion

Decisions can be categorized into three types. The amount of risk (uncertainty)
varies with the type of decisions. Most decisions are concerned with
implementation.
15
The HM Treasurys The Orange Book

Risk Environment
External Risk Environment

re L a
gu ws
la &
tio
ns

ial

Political
Outcomes

nc
Fina

St
r
Po ateg
lic ic
y /

Communication
& Learning

Inf
Te orma
ch
no tion
log
y

Assess
rm

ati

on

Human
Resources

e
Th nom
o
Ec
y

LHINs

Op

n
tio
e ra

al

S
ex tak
pe eh
ct o l d
at e
io r
ns

Leg
Com al/
plian
ce

Ot
h
nis er
trie
s

er- s
rtn on
Pa izati
n
ga
Or

l
na
io
a t ce
iz an
a n rn
rg e
O Gov

Communication
& Learning

Ide
n
tify

t
en
ym
Pa ty &
fer bili e
ns nta
c
Tra ccou rnan
A o ve
G

Inf
o

h
is
bl
ta

tor
i
n
Mo

Es

Mi

Internal
MOHLTC
Risk Environment

Evaluate

Capacity

Communication
& Learning

ic n
bl tio
Pu cep
r
Pe

MOHLTC
Extended
Extended
Enterprise

Corporate Governance
Requirements

16

Categorizing Risk Comprehensive

1.

Political or Reputational Risk

2.

Financial Risk

3.

Service Delivery or Operational Risk

4.

People / HR Risk

5.

Information/Knowledge Risk

6.

Strategic / Policy Risk

7.

Stakeholder Satisfaction / Public Perception Risk

8.

Legal / Compliance Risk

9.

Technology Risk

10.

Governance / Organizational Risk

11.

Privacy Risk

12.

Security Risk

13.

Equity Risk
Slide 17

17

Risk Prioritization likelihood and impact

Risk Impact: Level of damage that can
occur when a risk event occurs

Likelihood of a risk event occurring

Very High: Is almost certain to occur

Very High: Threatens the success of the

project

High: Substantial impact on time, cost or

quality

Medium: Notable impact on time, cost or

quality

Low: Minor impact on time, cost or quality

Very Low: Negligible impact

High: Is likely to occur

Medium: Is as likely as not to occur

Low: May occur occasionally

Very Low: Unlikely to occur

Slide 18

18

Third dimension for rating risks - proximity

Immediate now
Less than 6 months
Between 6-12 months
Between 12 24 months
Between 24 36 months
More than 36 months

19

Risk rating
Combining impact and likelihood
RISK PRIORITIZATION MATRIX
5

RISK
IxL

IMPACT

RISK
IxL

RISK
IxL

1
1

LIKELIHOOD
Slide 20

20

Risk reporting and communications

Risk Level
Critical Risk

High Risk

Moderate Risk

Low Risk

Action and Level of Involvement Required

Inform Chief Executive Officer and Board of Directors
Immediate action required
Inform Chief Executive Officer
Strategy Team involvement/attention is essential to manage risks
provide report to Board as appropriate
Management mitigation and ongoing monitoring required
Inform relevant Strategy Team members
Accept, but monitor risks
Manage by routine procedures within the program and site

21

22

Measure and report RM implementation progress

Advanced capabilities to identify, measure, manage all risk exposures within
tolerances

Excellent

Strong

Advanced implementation, development and execution of ERM parameters

Consistently optimizes risk adjusted returns throughout the organization

Adequate

Weak

Clear vision of risk tolerance and overall risk profile

Risk control exceeds adequate for most major risks
Has robust processes to identify and prepare for emerging risks
Incorporates risk management and decision making to optimize risk adjusted
returns
Has fully functioning control systems in place for all of their major risks
May lack a robust process for identifying and preparing for emerging risks
Performing good classical silo based risk management
Not fully developed process to optimize risk adjusted returns

Incomplete control process for one or more major risks

Inconsistent or limited capabilities to identify, measure or manage major risk
exposures

Source: Standard & Poor

23

The Cyclist and the Risk Manager

24

Exercise II 15 minutes
Identify risks that the cyclists faces in cycling to work.
Report back.

25

Risks
Threats:

Opportunities:

Death

Exercise

Head Injury

Sunlight

Injury

Reputation

Reputation

Financial

Financial

Role model

Damage to the bike

Environment

Sunburn/frost bite

26

Mitigation Strategies for threats

Death, head injury, other injury helmet, bright clothes,
lights, bell, CANbike course, obeying traffic laws, positive
attitude, anger management course
Reputation great outfit, change of wrinkle-free clothes,
shower, time management
Financial high quality locks, beater, stopping at stop
signs
Damage to the bike regular maintenance, avoiding pot
holes

Sunburn/frost bite sunscreen, mittens, hats, token/change

Dehydration- filled water bottle
27

Acknowledgements
Practical approach to Risk Management - by Finance Management Institute,
Toronto Chapter.
Introduction to Risk Management for Outsourcing projects - by Peter Kolb

28

Questions?

29