Risk management

Kiến thức về quản lý rủi ro, công cụ và phương pháp quản lý rủi ro, phù hợp ngành nghề quản lý, quản trị sự biến động. đo lường các biến đổi, kiểm soát sự thay đổi. phương pháp quản lý agile

RISK

MANAGEMENT

BASIC PRINCIPLES, FRAMEWORK, STRATEGY AND TOOL

q  INTRODUCTION

q  RISK MANAGEMENT PRINCIPLES

q  RISK MANAGEMNT FRAMEWORK

q  RISK MANAGEMENT TOOLS

q  POLICY AND GUIDELINES

q  RISK MANAGEMENT ARCHITECTURE

q  RISK MANAGEMENT STRATEGY

q  RISK MANAGEMENT PROTOCOLS

q  RISK REGISTER

q  CONCLUSION

INTRODUCTION

Imagine a discipline without its own common set of assumptions, concepts, principles, standards and practices that are unique among its practitioners

Does this sound familiar? Of course it’s child rearing You got it!

Children reared in different parts of the world are taught different things - assumptions, concepts, principles, standards, practices, culture, beliefs, identity, race relation, gender, social conditioning – all very different

INTRODUCTION

Every discipline has its own common set of assumptions, concepts, principles, standards and practices that are unique among its practitioners

Risk management is without exception It has its own common set of assumptions, concepts, principles, standards, practices and tools that together form the risk management discipline

It is imperative for organizations and risk management practitioners to understand and use these fundamental

INTRODUCTION

The practice of risk management will be incomplete without these tenets which provide the foundation upon which risk management is designed and implemented There may be differences in the language used and applications of these canons due to organizational differences

However, the objective remains the same: to manage risks that threaten objectives

INTRODUCTION

A risk management system is a series of coordinated organizational arrangements, structures, relationships, processes and procedures that are designed and embedded into the organization’s strategic and operational policies and practices

The principles of risk management provide a sound basis (intention and purpose) for establishing and implementing an effective risk management system

PRINCIPLES OF RISK MANAGEMENT The principles are as follows:

management should contribute to the demonstrable achievement of objectives and improvement of performance in, for example, tax compliance, human health and safety, security, legal and regulatory compliance, public acceptance, environmental protection, product quality, project management; efficiency in operations, corporate governance and reputation

PRINCIPLES OF RISK MANAGEMENT The principles are as follows:

organizational processes – risk management should not be a stand-alone activity that is separate from the main activities and processes of the organization Risk management is part of the responsibilities of management and an integral part of all organizational processes, including strategic planning, project management and change management processes

PRINCIPLES OF RISK MANAGEMENT The principles are as follows:

management should help decision makers make informed choices, prioritize actions and distinguish among alternative courses of actions

risk management should explicitly take account of uncertainty, the nature of that uncertainty and how it can be addressed

PRINCIPLES OF RISK MANAGEMENT The principles are as follows:

– risk management should be a systematic, structured and timely approach to dealing with internal and external threats and vulnerabilities to the organization’s objectives and should contribute to efficiency, and to consistent, comparable and reliable results

PRINCIPLES OF RISK MANAGEMENT The principles are as follows:

information – the inputs to the risk management process are based on information sources such as historical data, experience, stakeholders’ feedback, observations, forecasts and expert judgement However, decision makers should inform themselves of and take into account any limitations of the data or modelling used or the possibility of divergence among experts

PRINCIPLES OF RISK MANAGEMENT The principles are as follows:

appropriate, full and timely involvement of all stakeholders and in particular, decision makers at all levels within and outside of the organization is required to ensure that risk management remains relevant and up-to-date Involvement also allows stakeholders to be properly represented, informed and to have their views taken into account in determining risk criteria and risk treatments

PRINCIPLES OF RISK MANAGEMENT The principles are as follows:

should be aligned with the organization’s internal and external contexts and risk profile

responsive to change – risk management should continually sense and respond to change As external and internal events occur, context and knowledge change, monitoring and review of risk take place, new risks emerge, some change and others disappear

PRINCIPLES OF RISK MANAGEMENT The principles are as follows:

of the organization – organizations should develop and implement strategies to improve their risk management maturity alongside all other aspects of their organizations

RISK MANAGEMENT FRAMEWORK

The risk management principles and framework are closely related

While the principles provide the bases for establishing and implementing effective risk management system, the framework provides the system and structure that are integrated into the organization’s policies, processes and procedures

The framework consists of risk architecture, strategy and protocols

RISK MANAGEMENT FRAMEWORK

The architecture is the schematic structure that establishes roles and responsibilities:

RISK MANAGEMENT FRAMEWORK

The strategy provides a broad course of actions to achieve the risk management objectives:

RISK MANAGEMENT FRAMEWORK

The protocols provide the ground rules and procedures to be carried out :

RISK MANAGEMENT FRAMEWORK

Risk management framework has four inter-related stages:

Plan:

initiatives and gain board support;

develop common language of risk; and

RISK MANAGEMENT FRAMEWORK Implement:

risk classification system;

risk assessment; and

evaluate the existing controls

RISK MANAGEMENT FRAMEWORK Measure:

introduce improvements; and

management with other activities in the organization Learn:

measure risk management contribution; and

monitor improvement

RISK MANAGEMENT TOOLS

The most fundamental tool to risk management is the human capacity with the competences, expertise and risk-awareness culture

Every risk management tool is useful in so far there is accompanying knowledge, skills, awareness and competences to adopt and use those tools

RISK MANAGEMENT TOOLS

A large proportion of risk is identified, analyzed and treated through human interactions

Organizations therefore need personnel with the right knowledge, skills and attitude to effectively manage risk

The lack of such knowledge, skills and attitude poses potential risk to the organization

RISK MANAGEMENT TOOLS

Risk management is based on information science (data, information and intelligence) and the creation and use of information is an essential tool for risk management

Another fundamental tool for risk management is a database – a data warehouse and data extraction and analysis tools and techniques to analyze, translate and use such database

RISK MANAGEMENT TOOLS

There are many bespoke and off-the-shelf data extraction and analysis software available for use in risk management

Organizations need to build data warehouse that seamlessly interfaces all data across the organization to enable data mining, matching and logical manipulations

RISK MANAGEMENT POLICY AND GUIDELINES

An organization needs to develop a common risk management language that is consistent across the entire entity

The role of risk management policy is to lay the foundation for such common language

A risk management policy is a statement of overall intentions, direction and scope of an organization’s risk management initiatives

RISK MANAGEMENT POLICY AND GUIDELINES

A risk management guideline specifies the step-by-step procedure for the interpretation and implementation of policy

Guidelines define the implementation modalities of policy and a logical classification and proposition that are actionable within the context of the organization

RISK MANAGEMENT ARCHITECTURE

Risk management architecture consists of the following elements:

structured risk governing bodies at the board and executive management levels to provide oversight, direction and supervision over risk management

roles and responsibilities for all responsible parties in the risk management process

RISK MANAGEMENT ARCHITECTURE

board should establish clear reporting requirement and responsibility for individuals to provide accountability of their actions and use of resources

controls in place for dissimilating information to outside parties subject to confidentiality and data privacy policies

RISK MANAGEMENT ARCHITECTURE

and executive management should establish a system that provides independent check and assurance on the adequacy and effectiveness of the risk management process

RISK MANAGEMENT STRATEGY

Risk management strategy consists of the following elements:

executive management should form a system of shared beliefs and attitudes that characterize how risks and risk management are viewed in the organization

management should be embedded into organizational processes, procedures, activities and responsibilities

RISK MANAGEMENT STRATEGY

executive management should set and communicate the organization’s risk appetite (the level of risk) that the organization is willing to accept and risk attitude ( behavior) toward risk

management policy and strategy should have thresholds for determining the significance and severity of risks

RISK MANAGEMENT STRATEGY

management framework should have rules for specific risk categories

framework should have established methodologies for risk identification, analysis and evaluation

executive management should set and communicate risk management priorities for each year

RISK MANAGEMENT PROTOCOLS

Risk management protocols consist of the following elements:

appropriate risk management tools, for example, computer software applications, data mining tools and common techniques

establish common risk classification system based on the nature and severity of risks

establish common risk assessment procedures such

RISK MANAGEMENT PROTOCOLS

polices should establish control rules and procedures for carrying out risk treatments

should be clear to-do-list of activities to perform in case of emergencies, etc

establish the nature and form of documents and records to be maintained, electronic or manual

RISK MANAGEMENT PROTOCOLS

entity should have periodic risk management training Important risk management tips and massages should be communicated to all staff within the organization on a regular basis

management system should have clear documented audit trail and procedures for audit and assurance should be established

RISK MANAGEMENT PROTOCOLS

should have documented reporting and disclosure policies Risk management certification at the entity and individual levels is important

RISK REGISTER – Sample Compliance Risk Register

102 April 5,

2017 Incomplete tax returns from many start-ups High High Severe Taxpayer Services Conduct tax clinics 146 Aug 27,

2018 Tax returns are not thoroughly analyzed by analysts

Conduct data analytics training for analysts 76 July 20,

2018 Multiple TINs for taxpayers on the tax register

project

CONCLUSION

q  R e v e n u e a u t h o r i t i e s m u s t e s t a b l i s h r i s k management system which provides reasonable assurance that objectives are being achieved

policies, processes and procedures

necessary for effective risk management

organization’s objectives and treatment strategies

CASE STUDY

A revenue authority has set up a team to develop a risk management compendium The team needs to identify and define elements of the components of the risk management system: