2 Risk Management Process Reporting Planning Risk management Supporting process Internal process ADDED VALUE Strengthen planning Facilitate reporting Enable monitoring 3 EUI Risk Management Framework ID: 1029875
Download Presentation The PPT/PDF document "Risk M anagement Training" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. Risk Management Training
2. 2Risk Management ProcessReportingPlanningRisk management Supporting processInternal processADDED VALUEStrengthen planningFacilitate reportingEnable monitoring
3. 3EUI Risk Management FrameworkBased on ISO 31000:2018PDCA approachRMF - single document:Risk Management PolicyRisk Management Process3 Annexes* President Decision No. 12/21 regarding the administrative organisation of the EUI ResponsibilityPresidentCRO – SG*Risk owner/ contact points (optional)All members and non-membersManagement Team ToolsCentral Risk RegisterAt corporate levelAt unit levelSubmission templateCloud-based solution Use Excel
4. 4EUI Risk Management FrameworkTimingCorporate: once per year with annual planningUnit: continuous, CRR update once per monthEvaluation of Risk Management ProcessCorporate: once per year with annual reportingUnit: once per year with annual reportingRole of CROAdditional exercise Superpower
5. 5Central Risk Register (CRR)
6. 6Risk ownership/ID riskRisk: The effect of uncertainty on the achievement of objectives* Risk owner: Head of Unit responsible for the risk.Abbreviations 18+1Unique numberIdentification year Choose your unitEvery risk must have an ownerUnique identification of every risk example: IAO/1/2019* Risk management - Guidelines ISO 31000:2018
7. 7Central Risk Register (CRR)
8. 8Unit’s objectivesRisk: The effect of uncertainty on the achievement of objectives.
9. 9Central Risk Register (CRR)
10. 10Risk definitionRISK = EVENT + THREAT + IMPACT
11. 11Risk definition“Failure to take-off correctly (EVENT) because of adverse weather conditions (THREAT)resulting in potential death (IMPACT)”.RISK = EVENT + THREAT + IMPACTRisk: Plane crash
12. 12Risk definitionExample 1: Risk: Lack of human resourcesNo human resourcesFrequent changes in faculty members and gaps in teaching continuity EVENTFrequent changes in faculty members and gaps in teaching continuity due to long recruitment processes THREATFrequent changes in faculty members and gaps in teaching continuity due to long recruitment processes causing limited variety and quality of the doctoral programme IMPACT.RISK = EVENT + THREAT + IMPACT
13. 13Forward looking exercise risk ≠ issueLinked to objectivesEVENT – THREAT – IMPACT event ≠ threatUseful phrases:… due to … … caused by… because of… (THREAT)… following … causing … resulting in … (IMPACT)Starting point: your activities - EVENTUse of bold font for description of EVENTBe preciseRisk definitionUseful hints
14. 14Central Risk Register (CRR)
15. 15UntreatedAssess Impact (I) and Likelihood (L) 1 to 5Risk assessment calculated automatically (I x L)Risk analysis - Inherent risk Don’t touch grey columnsWithout controls
16. 16Risk analysis – Inherent riskRisk ratingLikelihood1-5Impact1-5
17. 17Central Risk Register (CRR)
18. 18Control: measure that maintains and/or modifies risk*include, but are not limited to, any process, policy, device, practice, or other conditions and/or actions which maintain and/or modify riskTypical examples:Financial controls, segregation of duties, delegation of authoritiesGuidelines, procedures, manuals, standard forms4 EYE principleWindow, door, lock,Academic Programme, Approval (signature), authorisationRisk analysis - Existing controls Existing controlsUse “Alt” + “Enter”* Risk management - Guidelines ISO 31000:2018
19. 19Central Risk Register (CRR)
20. 20Risk analysis - Residual riskAssess impact and likelihood 1 to 5 – apply criteriaRisk assessment calculated automatically Don’t touch grey columnsResidual risk assessment column – reference point With controls
21. 21Inherent risk > Residual riskIdealInherent risk = Residual riskCheck (quality of) controlsInherent risk < Residual risk?Stop damaging (reputation of the) EUIRisk analysisUseful hints
22. 22Central Risk Register (CRR)
23. 23Act: MitigateAvoidShare Planned actionsTransferExploit/EnhanceAccept Justify and Monitor Risk evaluation/treatmentAccept or Act?
24. 24Analysis of trend – risk vs costRisk evaluation/treatmentCommon traps – high cost
25. 25Analysis of trend – risks over time Risk evaluation/treatmentCommon traps – unrealistic picture
26. 26Zero risk not possibleWhen “Act”, weigh future benefits against costsCosts > future benefits, choose “Accept” the riskNot all Planned Actions have to be successful When “Act”, Be SMARTWhatever you chose, justify your decisionRisk evaluation/treatmentUseful hints
27. 27SMARTSpecific ≠ “strengthen our efforts”Measurable ≠ “excellent, exceptional”Assignable ≠ “EUI will”Relevant ≠ “N/A”Time-bound ≠ “in future”Risk evaluation/treatmentUseful hints
28. 28Risk ManagementGood practices:Keep it simpleBe able to justify your assessmentsInternal process – not externalYou are risk owner / an expert but not your risks – Share them (register)Input from everybody
29. Thank you29