Scribd
Upload
22 views

Module 4

The document outlines the Risk Management Process, detailing its management elements, including scope, context, and criteria for risk assessment. It emphasizes the importance of risk identification, analysis, evaluation, treatment, and the need for communication and consultation throughout the process. Additionally, it discusses monitoring and review practices to ensure the effectiveness of risk management strategies.

Uploaded by

MouStafa Mahmoud
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views

Module 4

The document outlines the Risk Management Process, detailing its management elements, including scope, context, and criteria for risk assessment. It emphasizes the importance of risk identification, analysis, evaluation, treatment, and the need for communication and consultation throughout the process. Additionally, it discusses monitoring and review practices to ensure the effectiveness of risk management strategies.

Uploaded by

MouStafa Mahmoud
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Module 4

Risk Management Process

1
Risk Management Process

2
Risk Management Process Management Elements
SCOPE
• program to achieve Organisational
Objectives
• Governance, policy and processes
CONTEXT
• Organisational operating environment
• Organizational operations and
management
• Impact on stakeholders Scope, Context, Criteria
CRITERIA
• Determination of risk acceptance and
tolerance
Risk Assessment

Communication & Consultation


Communication &

Monitoring & Review


Consultation Risk Identification
• Communications Strategy Monitoring & Review
• Client and Stakeholder • Accountability
requirements • Responsibility
• Privacy • Consistency
• Confidentiality Risk Analysis • Probity
• Sources of validation • Audit
• Process guidance • Assurance
• Roles • Policy and process
• Information access and Risk Evaluation review
use

Risk Treatment
Recording & Reporting
• Records Policy
• Records management system Recording & Reporting
• Access to documentation
• Reporting Channels
Risk Management Assessment and Treatment Process Elements

Scope, Context, Criteria


RISK ASSESSMENT
Risk Identification
• Value and Criticality of Assets Risk Assessment

Communication & Consultation


• Proposed level of access and authority
• Current Vulnerability and Sources of Threat

Monitoring & Review


Risk Analysis Risk Identification
• Impact analysis of loss or damage
• Level of certainty
• Volatility – rate of changes in variables
Risk Identification
• Potential for Risk Analysis
• loss or damage of assets
• Product quality loss
• Damage to reputation
• Impact on clients/customers
• Los of competitiveness Risk Identification

RISK TREATMENT
Specific selection criteria
• Physical Controls Risk Treatment
• Personal Controls
• Information Management Controls
• Work History and performance Recording and Reporting
• Cyber Controls
• Review and Improvement Processes
Identify Sources of Risk
▪ Personnel/human behavior.
▪ Management activities and controls.
▪ Economic circumstances.
▪ Natural events.
▪ Political circumstances.
▪ Technology/technical issues.
▪ Commercial and legal relationships.
▪ The activity itself.

6
Risk Identification

▪ Process of finding recognizing and describing risks

▪ Comprehensive list of risks based on events that might create, enhance,

prevent, degrade, accelerate or delay achievement of objectives

▪ A risk that is not identified at this stage will not be included in further

analysis

▪ Identification should include risks whether or not their source is under

the control of the organization

7
Example

8
Risk Analysis

▪ It involves consideration of the causes and sources of


risk, their positive and negative consequences, and the
likelihood that those consequences can occur

9
Risk Evaluation

▪ The purpose of risk evaluation is to assist in making


decisions, based on the outcomes of risk analysis, about
which risks need treatment and the priority for treatment
implementation

10
Risk Criteria

▪ Risk criteria are used to evaluate the significance of risk


based on organizational objectives, and external and
internal context i.e. the risk level.

▪ It can be derived from standards, laws, policies and other


requirements

11
Example :Level of Risk
▪ Magnitude of a risk or combination of risks, expressed in terms of
the combination of consequences and their likelihood

▪ Risk levels with relation to the project objectives are evaluated using
the risk matrices

▪ Example: Risk level of events that may have a negative impact on


the project cost or time schedule is evaluated using the "Cost
increase" or "Delay" risk matrices, respectively. And ;

▪ Risk level of events that may have a positive impact on the project's
cost or time schedule is evaluated using the "Cost decrease" or
"Advance" risk matrices, respectively.

12
Example : Risk Matrices

13
Risk Assessment Matrix

14
Example :Risk Matrices

▪ Definition of likelihood classes in the Risk Matrices:

Possible : Event is possible, but not expected to happen in


the project period.

Probable : Event may happen in the project period.

Likely : Event is expected to happen in the project period.

15
Example: Definition of Consequence
classes in the Risk Matrices
▪ you should modify a appropriate for your project scale, and maybe
add some arguments to why the values are chosen as they are:
Negligible : Event will have negligible impact on the objective.
Project cost: about ±$10k, or less
Time schedule: about ±1 week, or less
Serious : Event will have a sizeable impact on the objective.
Project cost: about ±$100k
Time schedule: about ±1 month
Major : Event will have a large impact on the objective.
Project cost: about ±$1m, or more
Time schedule: about ±6 months, or more

16
The colors of the Matrix fields indicate
Risk level:

High risk

Medium risk

Low risk

17
Example: Evaluation of Risk levels

The criteria for evaluation of risk levels are:


▪ If the risk level is high, risk treatment is required and implementation
of risk controls is a high priority, to reduce the risk level to medium
or low risk.

▪ If the risk level is medium, risk treatment is recommended, but not


required. If risk controls are not implemented, it should be justified
why this is acceptable.

▪ If the risk level is low, risk treatment is not required. Risk may be
accepted without further justification.

18
Risk Treatment

▪ Selecting the most appropriate risk treatment option


involves balancing the costs and efforts of
implementation against the benefits derived, with regard
to legal, regulatory, and other requirements such as
social responsibility and the protection of the natural
environment

19
Risk Treatment

▪ A signification risk can be the failure on ineffectiveness


the risk treatment measures

20
Monitor & Review
▪ Monitoring
▪ Continual checking, supervising, critically observing or determining
the status in order to identify change from the performance level
requires or expected
▪ Can be applied to a risk management framework, risk management
process, risk or control
▪ Reviewing
▪ Activity undertaken to determine suitability, adequacy and
effectiveness of subject matter to achieve established objectives
▪ Can be applied to a risk management framework, risk management
process, risk or control

21

You might also like