Enterprise Risk Management
As the newly appointed Risk manager for my organization I will be focusing on a very important aspect that affects the organization on all levels If not addressed with adequately and that Is the Identification of Risk. Lat vital that risks are Identified as early as possible and to capture as many risks as possible. During the risk identification process, all possible risks should be documented. It needs to be noted that not all risks will be acted upon. Once more details are known about each risk, the decision will be made by the risk team as to the handling of each risk.
There are various techniques that can be used for risk Identification. In order to ensure an effective risk management plan It should Include early and aggressive risk identification through the collaboration and involvement of relevant stakeholders. Strong leadership across all relevant stakeholders is needed to establish an environment for the free and open disclosure and discussion of risk. The identification of potential issues, threats, and vulnerabilities that could negatively affect work efforts or plans is the basis for sound and successful risk management.
Risks must be Identified and described In an understandable way before they can be analyzed and
Need essay sample on "Enterprise Risk Management"? We will write a custom essay sample specifically for you for only $ 13.90/page
Use of the categories and parameters developed In the risk management strategy, along with the Identified sources of risk, can provide the discipline and streamlining appropriate to risk Identification. The Identified risks form a baseline to Initiate risk management activities. The list of risks should be reviewed periodically to reexamine possible sources of risk and changing conditions to uncover sources and risks previously overlooked or nonexistent when the risk management strategy was last updated.
Risk Identification activities should focus on the identification of risks, and not placement of blame. A risk assessment method that will be used will focus on the important step and mall bob]active of protecting the organizations workers and assets and crown jewel investments; it also assists the organization by ensuring that it complies with the law and all necessary regulations that the organization has to allow and abide by where finance is granted to certain clients who might have environmental implications.
The main focus of the risk assessment is to deal with all the risks that really matter In the organization Including minor one’s- attention will be given to all risk and treated as risks with the potential to cause real harm. A risk harm to people and the organizations assets, so that we can weigh up whether we have taken enough precautions or should do more to prevent harm. Everyone has the right to be protected from harm caused by a failure to take reasonable control measures. 1. What process would you recommend for Risk Identification, and describe This is detail.
I would recommend two of the following processes/methods which I would use for risk identification. One being Brainstorming and the other which I personally feel should be the most used method is risk identification via lessons learnt, there’s no better way to identify risk and find ways to manage it through experience. Brainstorming Process: When using this method diversity of the group is very important, you need to ensure that there are enough subject matter experts who will be partaking in the brain storming session.
That way you get a better scope of identified risks and different viewpoints. Brainstorming provides a free and open environment that encourages everyone to participate Brain storming is a popular form or method used to identify risk merely because the approach is unstructured, you achieve better results this way as people feel free to participated, with an opportunity to share their opinion openly.
It produces visible results quickly as the flowcharts fill up around the room, it gives people the chance to be creative and “think outside the box”, it encourages team-building and creates a sense of shared wineries of the output. When using brainstorming as a risk identification process it shouldn’t be seen as a method to solve a problem, but only a method to generate new ideas which could lead to a solution for a specific problem. 2.
Risk Identification through lessons learned: A great way to identify risks is through lessons learned. With the organization operating within the financial industry, staff have to be extremely by ensuring that errors are not made, errors that could harm the organization financially or otherwise and if errors are made, it needs to be rectified immediately so that it doesn’t happen gain, as financial risk to any organization is a huge risk, which everyone tries to keep on a tight leash.
Identifying risk through lessons learned is experiential knowledge that can be organized into information that may be relevant to the different areas within the organization; this source of information may guide you in identifying risk in various areas in and around the organization, internally and externally. This would a great way of getting two important departments within the organization to join forces and kill 2 birds with one. This would be the Joint venture of the
Knowledge management department and the Risk management department Joining forces. By using lesson learned sessions you can identify lots risks Just through people experience in their respective field, this can be incorporated into a risk identification session. This way you get people to share knowledge, document it benefiting the knowledge management department and by taking this shared experiential knowledge you will identify possible risk that could harm the organization. 3.
How does this add value to what the organization is currently doing? Currently the organization conducts or identifies risk using the following quenches which vary from one on one interviews, the distribution of surveys and the organization its done electronically, with the environment we operate, you would be lucky if staff read your email if its related to what they’re doing or if it’ll affect them, that Just seems to be the culture in the organization, not all staff are like that but there’s a huge percentage to do this, me being one of them.
The problem with this approach is that Risk identification and management is not in your face, well I would assume it would depend on what grade you’re on, you’re position and your level of authority in the organization. Hence surveys are sent to all but generally it’s primarily targeted to the certain individual. My suggestion for stepping away from this kind of method is merely to involve all stakeholders in the risk identification process.
Expanding it to all and making every feel like they part of the process can only benefit the organization, as what might seem important to a Senior Account manager, might not be deemed as important as to a Specialist or an Administrator and vice, therefore getting an interaction by all across the board is important and this is how my suggestion methods will add value to the risk identification & assessment process. A list of a few ways in which brainstorming and lessons learnt will add value to the way in which we identify risk. It will encourage staff to be creative and be open minded with their thinking ; It’ll generate a large number of ideas It encourages all team members to get involved Sense of ownership in the decision making process ; Break through traditional thinking about a problem. Generate new ways of thinking 4. How are you going to get all stake holders to participate in the process? The organization needs to take a holistic approach to employee’s practicing risk management.
All employees’ not Just senior management should be fully committed to understanding the organizations overall risk as it would related to the organization policies and procedures. If there is a high level of commitment from employee’s where risk is concerned, it will assist in the reduction of the organization exposure to risk. If employees fully understand the organizations risk goals and objectives, the more prepared they will be to meet the organizations short term and long term primacies with regard to Risk management. A crucial step to getting employee’s engaged in your risk management process is to involve them in every step.
Engaged employees feel part of a team when they share in the decision-making. As a result, they can positively impact your firm’s culture by: ;Moving too proactive, rather than reactive focus Reinforcing decision making Enhancing accountability and trust Making better use of time and resources Improving teamwork Demonstrating confidence in the firm’s processes Developing solutions and metrics to better manage risks ; Shifting the thought process from “blame,” to “identify and manage” ; Moving from the perspective of “how does this affect my area? To “how does this affect the firm? 5. How are you going to make sure that we don’t exclude any risk from being identified? When safe. In order to ensure that that the organization is protected from any possible harm, one has to ensure that you know your business and what threats if exposed to the organization can cause harm to , has been listed and proper precautionary measures are put in to place to prevent any risk from being left vulnerable and exposed.
To make all risks are identified we have to look at both external and internal factors. During the risk identification process, it’s vital that all risks are listed and comments even the ones that might not seem as threat at present. Identify all threats and how they could impact the organization, how likely they are to occur, when they may happen and how long the damage would last. Then work out the seriousness of each threat. A SOOT can be used to analysis and assist in putting things together into a clear, actionable process.
We need to look at the organization from a holistic approach from top level management filtering right down to Junior staff, by assessing big risks then zoom in on specifics to ensure you’re covering all threats from outside and inside. The SOOT approach can keep you abreast of matters within the company if it is conducted on a bi annual basis. Hiring of external risk consultants can also assist in the identification of all risks to the organization is listed.
Sometimes to be on the safe side it’s always a good idea to the views of an outsider , not familiar with the organizations operations. Questionnaires and surveys could also be issued to clients and customers; they might identify something that we might have deemed as not important, 6. What process are you going to follow for Risk assessment, what are the inputs and outputs? Identify and discuss the tools and techniques that you will be using as well as the factors that will constrain the process.
In order to perform a risk assessment one needs to consider and follow a process before even attempting the risk assessment, it’s also very important that the risk process is over complicated, too many steps can be confusing for those who are not familiar with what risk management and a risk assessment is. So it’s vital to keep it as simple as possible, but depending on the complexity of the organizational operational a more complex process can be followed. I have however chosen a impel process for the risk assessment which the organization needs to follow as its simple and easy to understand.
Risk Assessment process steps: 1. Identify the risk 2. Determine who will be affected 3. Analyzing the risk 4. Record findings and put control measures in place 5. Implement action plan 6. Communicate findings Figure 1. A few of the tools and techniques I will implement and have the organization use for risk assessment as follows, some will be the same as the techniques used in the risk identification phase one of it being brainstorming; Using a cross-functional team of Isis and objectives are correlated and how they can impact business units differently.
Even though brainstorming will be used during both phases it does not mean that it will not be successful, brainstorm can be even more effective during the risk assessment phase as it will allow members to go into detail with each risk and see the value and importance of each risk and not Just take it at face value. Brainstorming during this phase, will open lots debates and hence the team needs to be open minded and allowed to speak freely as possible and not be Judged.
Another quinine I will use is Risk questionnaire and survey, questionnaires need to be structured in such a way that includes a series of questions on both internal and external events can also be used effectively to identify risks. For the external area, questions might be directed at political and social risk, regulatory risk, industry risk, economic risk, environmental risk, competition risk, and so forth. Questions on the internal perspective might address risk relating to customers, creditors/investors, suppliers, operations, products, production processes, facilities, information systems, ND so on.
Questionnaires are valuable because they can help a company think through its own risks by providing a list of questions around certain risks. The survey questionnaire will be best used before the brain storming, as it will give the subject matter experts an idea of the concerns risk related are for the organization based on the employee’s and clients perspective, these risk can be broken down and see if its applicable.
SOOT analysis will be the third a technique used in the formulation of strategy. This will be if not the most important industry and environment the organization operates in, this techniques used to assess risk would be more successful. Considering the organization strengths and weaknesses are internal to the company and include the company’s culture, structure, and financial and human resources.
The major strengths of the organization combine to form the core competencies that provide the basis for the company to achieve a competitive advantage. The opportunities and threats consist of variables outside the company and typically are not under the control of senior management in the short run, such as the broad spectrum of political, societal, environmental, and industry risks. We need ensure that adequate time and effort is spent on thinking seriously about the organization’s weaknesses and threats.
The tendency is to devote more time to strengths and opportunities and give the discussion of weaknesses and threats short shrift has seem to become the norm in organization , as many organization feel that if they focus on the strong points of the organization and the opportunities it will out weight the threats and weakness, and usually with this being the case, it’s the treats and weakness that comes back to bite , its creeps up slowly and attacks when you least expect it and when your vulnerable.