0 évaluation0% ont trouvé ce document utile (0 vote)
212 vues80 pages
Risk management should: 1 create value - resources expended to mitigate risk should be less than the consequence of inaction. Be an integral part of organizational processes 3 be part of decision making 4 explicitly address uncertainty and assumptions. Be systematic, structured and timely 6 be based on the best available information 7 be tailorable 8 take human and cultural factors into account. Be transparent and inclusive 10 be continually or periodically re-assessed.
Risk management should: 1 create value - resources expended to mitigate risk should be less than the consequence of inaction. Be an integral part of organizational processes 3 be part of decision making 4 explicitly address uncertainty and assumptions. Be systematic, structured and timely 6 be based on the best available information 7 be tailorable 8 take human and cultural factors into account. Be transparent and inclusive 10 be continually or periodically re-assessed.
Risk management should: 1 create value - resources expended to mitigate risk should be less than the consequence of inaction. Be an integral part of organizational processes 3 be part of decision making 4 explicitly address uncertainty and assumptions. Be systematic, structured and timely 6 be based on the best available information 7 be tailorable 8 take human and cultural factors into account. Be transparent and inclusive 10 be continually or periodically re-assessed.
Risk Management should: 1 create value resources expended to mitigate risk should be less than the consequence of inaction 2 be an integral part of organizational processes 3 be part of decision making 4 explicitly address uncertainty and assumptions 5 be systematic, structured and timely 6 be based on the best available information 7 be tailorable 8 take human and cultural factors into account 9 be transparent and inclusive 10 be dynamic, iterative and responsive to change 11 facilitates continual improvement and enhancement of the organization 12 be continually or periodically re-assessed Navigation of this tool 1 To Identify Risks Click Here 2 To Evaluate Risks Click Here 3 To Treat (Manage/Action) Risks Click Here 4 To Monitor (Review) Risks Click Here 5 To Report on Risks Click Here 6 To View/Update Validation Rules Click Here Benefits of Risk Management 1 Increase the likelihood of achieving objectives; 2 Encourage proactive management; 3 Be aware of the need to identify and treat risk throughout the organization; 4 Improve the identification of opportunities and threats; 5 Achieve compatible risk management practices between organisations and nations; 6 Comply with relevant legal and regulatory requirements and international norms; 7 Improve governance; 8 Improve stakeholder confidence and trust; 9 Establish a reliable basis for decision making and planning; Author: Sean Chamberlin http://www.linkedin.com/in/seanchamberlin Risk Management Process: create value resources expended to mitigate risk should be less than the consequence of inaction Further Information on Risk Management 10 Improve controls; LinkedIn Group 'ISO 31000 Risk Management Standard' 11 Effectively allocate and use resources for risk treatment; http://www.linkedin.com/groups/ISO-31000-Risk-Management-Standard-1834592?trk=my_groups-b-grp-v 12 Improve operational effectiveness and efficiency; International Organisation for Standardization 13 Enhance health & safety performance and environmental protection; http://www.iso.org/iso/home/standards/iso31000.htm 14 Improve loss prevention and incident management; Standards Australia Risk Management Principles & Guidelines 15 Minimize losses; http://sherq.org/31000.pdf 16 Improve organizational learning; and Concise Guide to Treasury Risk Management 17 Improve organizational resilience. http://www.charteredaccountants.com.au/Industry-Topics/Audit-and-assurance/Current-issues/Audit-Committee-Guides/Audit-Committee-Guides/Treasury-Management-Guide.aspx C o m m u n i c a t i o n
C o n s u l t a t i o n Risk Management Process: Establishing the Context Risk Assessment Risk Identification Risk Analysis Risk Evaluation Risk Treatment Further Information on Risk Management LinkedIn Group 'ISO 31000 Risk Management Standard' http://www.linkedin.com/groups/ISO-31000-Risk-Management-Standard-1834592?trk=my_groups-b-grp-v International Organisation for Standardization http://www.iso.org/iso/home/standards/iso31000.htm Standards Australia Risk Management Principles & Guidelines http://sherq.org/31000.pdf Concise Guide to Treasury Risk Management http://www.charteredaccountants.com.au/Industry-Topics/Audit-and-assurance/Current-issues/Audit-Committee-Guides/Audit-Committee-Guides/Treasury-Management-Guide.aspx M o n i t o r i n g
&
R e v i e w http://www.charteredaccountants.com.au/Industry-Topics/Audit-and-assurance/Current-issues/Audit-Committee-Guides/Audit-Committee-Guides/Treasury-Management-Guide.aspx Risk Assessment & Management Plan # Risk 1 loss of relevance of products to customer base 2 Risk 2 3 Risk 3 4 Risk 4 5 Risk 5 6 Risk 6 7 Risk 7 8 Risk 8 9 Risk 9 10 Risk 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 IDENTIFY Source Business Goals/Objectives impacted by Risk changing market needs & sentiment IDENTIFY Assumptions & key variables used to assess risk Business Process Category Strategic Environmental IDENTIFY Link to Document Document Type Existing Controls Strategic Plan annual review of plans Business Continuity Plan OH&S Policies & Procedures Other IDENTIFY Assessment of Existing Controls Consequence Cost of Consequence (if known) Likelihood Opportunities for Improvement Major Possible Major Almost Certain Moderate Likely Moderate Possible Minor Possible Minor Possible Minor Unlikely Minor Unlikely Negligible Rare Negligible Rare EVALUATION Risk Priority Action Action Type Responsibility High Google Analytics daily review Reduce Likelihood (eg. P&P, Training) Marketing rep V High High Medium Medium Medium Low Low Low Low TREATMENT / ACTION PLAN EVALUATION By When Residual Risk Rating Key Risk Indicators 01-Jan-15 Adequate Google searching for our product description falling TREATMENT / ACTION PLAN Monitoring Reporting/Monitoring Last Reviewed Review Frequency (# Months) Next Review Due Weekly line graph of total searches for our products 01-Mar-14 12 01-Mar-15 ONGOING REVIEWS Monitoring Responsibility Marketing ONGOING REVIEWS Top Risks by Category/Industry Click on appropriate category to get a list of the common risks Board level risks Insurance Industry top 10 risks Manufacturing Industry risks Small Business risks Procurement process risks, consequences & related actions Treasury Project Risks OHS (Health & Safety) Board Legal Responsibilities (and therefore may represent risks) Fiduciary Duty (common law) act in good faith for the benefit of, or in the interests of, the organisation Duty to Act in Good Faith (sect 181 of Corporations Act) A director must exercise their power in good faith in the best interests of the corporation & for a proper purpose Do Not Misuse Information or Position of Director - The law prohibits Board members from using their position to gain an advantage for themselves or another, or to cause detriment to the entity they are governing Do Not Abuse an Opportunity if you become aware of an opportunity as a result of your position on a board then you should not take up tht opportunity for personal benefit at the expense of the organisation Duty to Act with Care & Diligence - Board members must exercise their powers and discharge their duties with the care and diligence of a "reasonable person" in their position. Board members with a high level of expertise will attract a higher standard of care than other members. Avoid Conflict of Interest Avoid Insolvent Trading Avoid Fraud Avoid Negligence Tax tax legislation including any obligations required for charitable income tax exempt status and/or deductible gift recipient status (if applicable). Conditions of funding contractual obligations that exist to any funding bodies. Occupational health and safety must provide a safe workplace for employees, subcontractors, volunteers and a range of others. For example training on fire evacuation procedures, electrical safety, first aid, no smoking in workplace, etc. Industry-specific for example child care and safety in schools. Organisation Constitutional compliance for example rights of members, appointments to the board & their tenure, etc. Privacy important to understand what data is considered to be private as this is subject to tight regulatory controls as to its use, accesibility, accuracy & storage Information Security Environmental Sustainability such as EPA compliance HR for example pay rates, superannuation contribution amounts & frequency, Sick Leave, Overtime, Hiring & Firing procedures Trade Practices Act for example misleading & deceptive conduct, Third Line Forcing, etc Anti-Discrimination Contracts Law Defamation Fund Raising Manufacturing Industry Are substances used in particular tasks suitable for the tasks? Is there a register of hazardous substances, and an inventory of chemicals purchased or produced and material safety data sheet (MSDS) for each substance? Are hazardous substance containers adequately labelled? Are hazardous substances stored according to respective MSDS? Is plant and equipment suitable for the required tasks? Are all moving parts of plant and equipment guarded to prevent contact with people and property to minimise the risk of injuries and damage, such as crushing, stabbing, cutting, puncturing, shearing, and tearing? Are there systems in place to prevent injury from fragmentation of or flying particles from plant and equipment? Are there systems in place to prevent injury from falling plant and equipment? Are there systems in place to prevent injury from performing a task with plant and equipment in a confined space? Are there systems in place to prevent injury from inadvertent movement of plant and equipment? Are there systems in place to prevent injury from stored energy' in plant and equipment, for example compressed air or hydraulic pressure after turning off plant? Are there systems in place to prevent injury resulting from failure of plant and equipment due to the loss of contents, loss of load, unintended ejection of product, explosion, fragmentation or collapse of parts? Does plant and equipment have adequate power isolation, noise insulation, ventilation and fume extraction? Is the noise level of plant, equipment and the surrounding environment within the legislated noise level set down for your particular workplace? For people using vibrating hand-held equipment or operating vibrating controls (chain saws, sewing machines, grinders, pneumatic drills, and so on) are exposure levels within values recommended by Australian Standard AS2763 ? For drivers of vehicles and tractors, and helicopter and airplane pilots, are the vibration exposure levels within values recommended by Australian Standard AS2670 ? For operators of vibrating platforms on manufacturing/construction sites, are exposure levels within values as per Australian Standard AS2670 ? Are occupational exposures to Ionising radiation, such as X-rays, and gamma-rays equipment, within limits set by WorkSafe Australia Network Health and Medical Research Council (National Standard Recommendations for limiting exposure to ionising radiation) ? Is plant and equipment that generates UV radiation, such as photocopiers, lasers, UV cured inks in the printing industry, and welding emissions enclosed? Are radio frequency exposure levels from TV/FM radios transmitters, radio, microwaves, plastic moulders, induction heaters and so on kept as low as practically possible? Are outdoor workers provided with personal protective equipment and work systems as per WorkSafe Australia - guidance note on the protection of workers from UV radiation in sunlight ? Are tasks performed at temperatures between 16C and 24C for sedentary work, 4C and 24C for light work and 7C and 24C for moderately heavy work? Are tasks performed for more than 2 hours done so at humidity levels between 40% to 60%? Is electrical wiring installed according to Australian Standard AS 3900 ? Are electrical fixtures provided with adequate earthing or other residual current devices? Are any signs of damage to either cable isolation or other electrical fixtures rectified? Are there identified colour coded cable labelled isolators to all switchboards? Are employees prevented from performing tasks in metal enclosures or damp places using electrical tools? Is there a regular inspection of portable cords and extension leads? Are Danger' tags used by electricians when working on plant? Does electrical equipment comply with Australian Standard AS3100 - General Requirements For Electrical Equipment ? Is adequate lighting provided according to Australian Standard AS1680 lighting levels for different types of work ? Is employees' eyesight assessed every two years to determine their ability to continue performing their tasks? Are hazardous conditions that are likely to arise during the use of plant and equipment as a result of friction, fire, explosion, moisture, vapour, gases, dust and ice controlled? Are access and egress arrangements for doorways, passageways, stairs, gangways and so on clear of obstructions, well lit, free of slip hazards and secure? Has lifting, carrying, pushing, and pulling been eliminated from all tasks? Has frequent bending, twisting and stretching been eliminated from all tasks? Has lifting of awkward loads been eliminated from all tasks? Has repetitive work using awkward or constrained postures been eliminated from all tasks? Have slip, trip and fall hazards been eliminated? Are all walkways free of obstructions? Are floors undamaged? Are ladders checked regularly for any damage? Are stairways well lit and properly maintained? Are work stations and benches adjusted to suit the physical dimensions of workers? Are safety devices and emergency back-up arrangements of plant equipment and systems suitable for the tasks being performed? Are plant, equipment, building areas and fixtures maintained and repaired? Are environmental conditions and terrain suitable for the plant and substances that are used? Are hazardous elements, such as electricity, water and incompatible chemicals, segregated? Are systems in place to address conflict between staff? Are systems in place to address poor job satisfaction? Are systems in place to address low job security? Have poor work conditions, such as noise, dust, lack of ventilation and so on been eliminated? Are visitors to the workplace provided with relevant safety information and are they supervised? Are the current work systems appropriate, for example, whether more or fewer people should be involved and whether work procedures need to be revised? Do workers hold the required competency requirements, such as licensing, certification and apprenticeships? Is training and supervision provided to meet the needs of each individual worker? Insurance Industry Climate change Demographic shifts in core markets Catastrophic events Emerging markets Regulatory intervention Channel distribution Integration of technology with operations and strategy Securities markets Legal risk Geopolitical or macroeconomic shocks Small Business Financial includes cash flow, budgetary requirements, tax obligations, creditor and debtor management, remuneration and other general account management concerns. Equipment extends to equipment used to conduct the business and includes everyday use, maintenance, depreciation, theft, safety and upgrades. Organisational relates to the internal requirements of a business, extending to the cultural, structural and human resources of the business. Security includes the business premises, assets and people. Also extends to security of company information, intellectual property, and technology. Legal & regulatory compliance includes legislation, regulations, standards, codes of practice and contractual requirements. Also extends to compliance with additional rules such as policies, procedures or expectations, which may be set by contracts, customers or the social environment. Reputation entails the threat to the reputation of the business due to the conduct of the entity as a whole, the viability of products/services, or the conduct of employees or others associated with the business. Operational covers the planning, daily operational activities, resources (including people) and support required within the a business that results in the successful development and delivery of products/services. Contractual meeting obligations required in a contract including delivery, product/service quality, guarantees/warranties, insurance and other statuatory requirements, non-performance. Service delivery relates to the delivery of services, including the quality of service provided, or the manner in which a product is delivered. Includes customer interaction and after-sales service. Commercial includes risks associated with market placement, business growth, product development, diversification and commercial success. Also to the commercial viability of products/services, extending through establishment, retention, growth of a customer base and return. Project includes the management of equipment, finances, resources, technology, timeframes and people involved in the management of projects. Extends to internal operational projects, business development and external projects such as those undertaken for clients. Safety including everyone associated with the business: individual, workplace and public safety. Also applies to the safety of products/services delivered by the business. Stakeholder management includes identifying, establishing and maintaining the right relationships with both internal and external stakeholders. Client-customer relationship potential loss of clients due to internal and external factors. Strategic includes the planning, scoping, resourcing and growth of the business. Technology includes the implementation, management, maintenance and upgrades associated with technology. Extends to recognising critical IT infrastructure and loss of a particular service/function for an extended period of time. It further takes into account the need and cost benefit associated with technology as part of a business development strategy. Treasury Market Risk (the movement in value due to a change in price, creating a positive or negative value for the organisation) Credit Risk (the risk that your counter party defaults before or on settlement date) Liquidity Risk (risk of not being able to deal in a market due to lack of liquidity, and funding risk, which is not having adequate funds in place when they are needed) Operational Risk (loss due to failure of people, processes and systems, or an external event such as fire, fraud, flood, earthquake or other natural phenomenom) Project Risks Communication Resources & Team Operational Risk (loss due to failure of people, processes and systems, or an external event such as fire, fraud, flood, earthquake or other natural phenomenom) Executive Support Cost Management Change Management Stakeholders Integration Requirements Decisions & Issue Resolution Procurement Architecture Design Technical Procurement - common risks & management approaches Risk Category Commercial Approvals & Red Tape Organizational External Project Management User Acceptance Procurement Authority Planning Selecting the purchasing method Purchasing documentation Developing the specification Planning Inviting, clarifying and closing offers Evaluating offers Contract management Negotiations Selecting the successful tenderer OH&S (Health & Safety) Evaluating the procurement process Disposals Contract management Risk Category Mechanical hazards Chemical and biological hazards Sources of energy Body stressing or impact hazards Gravity Psychological Are risks identified as early as possible to ensure adequate steps are taken to handle the exposure in a timely manner? Do risk measurement methodologies measure the risks adequately and in a timely manner? Are potential stress tests and what if analyses undertaken monthly (eg.measuring sensitivity of exposure to market risk (VAR) and scenario analysis? Is there a suitable mix of floating and fixed interest rates? What is the foreign exchange risk hedging policy? What percentage of foreign exchange is hedged? Is the audit committee informed of any breaches of market risk policy or limits? Is there adequate capacity to measure credit exposure? Does the organisation have a process for handling and valuing collateral received or paid? Does the organisation have settlement limits? What reliance is placed on credit ratings provided by a credit rating agency? Is credit risk appropriately managed? Is the audit committee informed of any breaches of credit or settlement limits immediately? What processes are in place to determine credit limits? What processes are in place to measure liquidity risk? What impact do financial instruments have on cash flow? Are appropriate cash limits in place? Are secured funding lines in place? What level of security do these funding lines have? Is close contact kept with funders, shareholders and bankers? Are there diversified sources of funds? Is there a spread of products and maturities so that maturities do not build up? Is there liquidity in all the various financial instruments eg. any exotic or structure products? What stress scenarios are run and are they stressful enough? Is the audit committee informed of liquidity stress issues in a timely manner? Are all staff who are responsible for monitoring derivative transactions well trained and qualified? What is the culture of staff and management toward risk and controls? Have staff adequate expertise for the roles that they perform? Are bonuses paid based on the results of any risk management or treasury activities? Is there an independent system for calculating and reporting to calculate and report results? Are treasury operations handled by internal staff with the appropriate treasury skills? Are front and back office systems adequate and appropriately segregated to ensure the completeness and accuracy of processing, settlement and verification of the value of outstanding transactions? Are valuation and spreadsheet models independently reviewed? Are all back office staff adequately trained and do they understand the products used? Are the organisations systems capable of producing adequate disclosure information for users of the financial statements? Are accounting results routinely calculated and regularly reported? Do the external auditors have a clear understanding of their role in verifying the financial transactions? Are the policies and procedures reviewed at least annually? 1. Executives fail to support project 2. Executives become disengaged with project 3. Conflict between executive stakeholders disrupts project 4. Executive turnover disrupts project 5. Scope is ill defined 6. Scope creep inflates scope 7. Gold plating inflates scope 8. Estimates are inaccurate 9. Dependencies are inaccurate 10. Activities are missing from scope 11. Cost forecasts are inaccurate 12. Exchange rate variability 13. Change management overload 14. Stakeholder conflict over proposed changes 15. Perceptions that a project failed because of changes 16. Lack of a change management system 17. Lack of a change management process 18. Lack of a change control board 19. Inaccurate change priorities 20. Low quality of change requests 21. Change request conflicts with requirements 22. Stakeholders become disengaged 23. Stakeholders have inaccurate expectations 24. Stakeholder turnover 25. Stakeholders fail to support project 26. Stakeholder conflict 27. Process inputs are low quality 28. Project team misunderstand requirements 29. Communication overhead 30. Under communication 31. Users have inaccurate expectations 32. Impacted individuals aren't kept informed 33. Resource shortfalls 34. Learning curves lead to delays and cost overrun 35. Training isn't available 36. Training is inadequate 37. Resources are inexperienced 38. Resource performance issues 39. Team members with negative attitudes towards the project 40. Resource turnover 41. Low team motivation 42. Lack of commitment from functional managers 43. Architecture fails to pass governance processes 44. Architecture lacks flexibility 45. Architecture is not fit for purpose 46. Architecture is infeasible 47. Design is infeasible 48. Design lacks flexibility 49. Design is not fit for purpose 50. Design fails peer review 51. Technology components aren't fit for purpose 52. Technology components aren't scalable 53. Technology components aren't interoperable 54. Technology components aren't compliant with standards and best practices 55. Technology components have security vulnerabilities 56. Technology components are over-engineered 57. Technology components lack stability 58. Technology components aren't extensible 59. Technology components aren't reliable 60. Information security incidents 61. System outages 62. Legacy components lack documentation 63. Legacy components are out of support 64. Components or products aren't maintainable 65. Components or products can't be operationalized 66. Project management tool problems & issues 67. Delays to required infrastructure 68. Failure to integrate with business processes 69. Failure to integrate with systems 70. Integration testing environments aren't available 71. Failure to integration with the organization 72. Failure to integrate components 73. Project disrupts operations 74. Project disrupts sales 75. Project disrupts compliance 76. Requirements fail to align with strategy 77. Requirements fail to align with business processes 78. Requirements fail to align with systems 79. Requirements have compliance issues 80. Requirements are ambiguous 81. Requirements are low quality 82. Requirements are incomplete 83. Decision delays impact project 84. Decisions are ambiguous 85. Decisions are low quality 86. Decisions are incomplete 87. No response to RFP 88. Low quality responses to RFP 89. Failure to negotiation a reasonable price for contracts 90. Unacceptable contract terms 91. Conflict with vendor leads to project issues 92. Conflict between vendors leads to project issues 93. Vendors start late 94. Vendor components fail to meet requirements 95. Vendor components are low quality 96. Infrastructure is low quality 97. Service quality is low 98. Vendor components introduce third party liability 99. Loss of intellectual property 100. Project team lack authority to complete work 101. Authority is unclear 102. Delays to stakeholder approvals impact the project 103. Delays to financial approvals impact the project 104. Delays to procurement processes impact the project 105. Delays to recruiting processes impact the project 106. Delays to training impact the project 107. The project fails to match the organization's culture 108. An organizational restructuring throws the project into chaos 109. A merger or acquisition disrupts the project 110. Legal & regulatory change impacts project 111. Force Majeure (e.g. act of nature) impacts project 112. Market forces impact project 113. Technical change impacts project 114. Business change impacts project 115. Failure to follow methodology 116. Lack of management or control 117. Errors in key project management processes 119. Users reject the prototype 120. User interface doesn't allow users to complete tasks 121. User interface is low quality 122. User interface isn't accessible 123. Project reduces business productivity 124. Project reduces innovation 125. Product disrupts business metrics (measurements of objectives) 126. Users reject the product 127. Product doesn't sell 128. Product incurs legal liability 129. Product negatively affects brand 130. Product negatively affects reputation Risk Understatement of the need Overstatement of the need Misinterpretation of user needs Insufficient funding Failure to identify potential sources Selecting inappropriate method Terms and conditions unacceptable to tenderers Providing inadequate information Narrow definition or commercial specification (eg. use of brand name) Definition of inappropriate product or service Biased specification Inadequate statement of requirements Impractical timeframe Probity issues Failure to identify a clear winner Failure to adequately address enquiries from tenderers Actual or perceived favouritism in providing information Actual or perceived breach of confidentiality Insufficient number of responses No response from known quality suppliers Failure to follow effective evaluation procedures Breaches of security Offers fail to meet needs Decision made on subjective grounds Variations in price and foreign exchange Unwillingness of the supplier to accept the contract Failure of either party to fulfil the conditions of the contract Not matching the expectations of buyer and tenderer Deadlock on details of agreement Failure to secure mandatory conditions Unfair or onerous requirements on the tenderer in the contract conditions Failure to reflect the terms offered and agreed in the contract Inadvertently creating a contract without the delegate's prior approval Selecting an inappropriate supplier Selecting inappropriate product Failure to evaluate procurement and management processes Fraud Key personnel not available Failure to identify and address problems Collusive bidding at auction Inadequate tender management Failure of either party to fulfil the conditions of the contract Inadequately administering the contract Commencement of work by the supplier before contract is exchanged or letter of acceptance issued Unauthorised increase in scope of work Loss of intellectual property Failure to meet liabilities of third parties (eg. royalties or third party property insurance) Loss or damage to goods in transit Risk Plant, equipment and items (and parts of them) that have the potential to cut, rip, tear, abrade, crush, penetrate, produce projectiles or cause sudden impact. Chemicals, compounds, materials, powders, dusts and vapours that have the potential to impair health, have adverse effects on human reproduction, cause disease or have explosive, ammable, toxic or corrosive properties. A range of sources of energy that have the potential to cause harm, including electricity, heat, cold, noise, high powered light and damaging radioactive sources. Activities that cause stress to the muscles and/or skeleton, including manual handling of people, animals, goods or materials and things or circumstances that can cause a person to slip, trip or fall at the same level. Activities that are carried out where a person can fall or an object can fall onto people. Hazards Events, systems of work or other circumstances that have the potential to lead to psychological and associated illness, including work-related stress, bullying, workplace violence and work-related fatigue. Are risks identified as early as possible to ensure adequate steps are taken to handle the exposure in a timely manner? Do risk measurement methodologies measure the risks adequately and in a timely manner? Are potential stress tests and what if analyses undertaken monthly (eg.measuring sensitivity of exposure to market risk (VAR) and scenario analysis? Is there a suitable mix of floating and fixed interest rates? What is the foreign exchange risk hedging policy? What percentage of foreign exchange is hedged? Is the audit committee informed of any breaches of market risk policy or limits? Is there adequate capacity to measure credit exposure? Does the organisation have a process for handling and valuing collateral received or paid? Does the organisation have settlement limits? What reliance is placed on credit ratings provided by a credit rating agency? Is the audit committee informed of any breaches of credit or settlement limits immediately? What processes are in place to determine credit limits? What processes are in place to measure liquidity risk? What impact do financial instruments have on cash flow? What level of security do these funding lines have? Is close contact kept with funders, shareholders and bankers? Is there a spread of products and maturities so that maturities do not build up? Is there liquidity in all the various financial instruments eg. any exotic or structure products? What stress scenarios are run and are they stressful enough? Is the audit committee informed of liquidity stress issues in a timely manner? Are all staff who are responsible for monitoring derivative transactions well trained and qualified? What is the culture of staff and management toward risk and controls? Have staff adequate expertise for the roles that they perform? Are bonuses paid based on the results of any risk management or treasury activities? Is there an independent system for calculating and reporting to calculate and report results? Are treasury operations handled by internal staff with the appropriate treasury skills? Are front and back office systems adequate and appropriately segregated to ensure the completeness and accuracy of processing, settlement and verification of the value of outstanding transactions? Are valuation and spreadsheet models independently reviewed? Are all back office staff adequately trained and do they understand the products used? Are the organisations systems capable of producing adequate disclosure information for users of the financial statements? Are accounting results routinely calculated and regularly reported? Do the external auditors have a clear understanding of their role in verifying the financial transactions? Are the policies and procedures reviewed at least annually? 2. Executives become disengaged with project 3. Conflict between executive stakeholders disrupts project 14. Stakeholder conflict over proposed changes 15. Perceptions that a project failed because of changes 16. Lack of a change management system 17. Lack of a change management process 21. Change request conflicts with requirements 23. Stakeholders have inaccurate expectations 28. Project team misunderstand requirements 32. Impacted individuals aren't kept informed 34. Learning curves lead to delays and cost overrun 39. Team members with negative attitudes towards the project 42. Lack of commitment from functional managers 43. Architecture fails to pass governance processes 51. Technology components aren't fit for purpose 52. Technology components aren't scalable 53. Technology components aren't interoperable 54. Technology components aren't compliant with standards and best practices 55. Technology components have security vulnerabilities 56. Technology components are over-engineered 57. Technology components lack stability 58. Technology components aren't extensible 59. Technology components aren't reliable 62. Legacy components lack documentation 63. Legacy components are out of support 64. Components or products aren't maintainable 65. Components or products can't be operationalized 66. Project management tool problems & issues 68. Failure to integrate with business processes 70. Integration testing environments aren't available 71. Failure to integration with the organization 76. Requirements fail to align with strategy 77. Requirements fail to align with business processes 78. Requirements fail to align with systems 79. Requirements have compliance issues 89. Failure to negotiation a reasonable price for contracts 91. Conflict with vendor leads to project issues 92. Conflict between vendors leads to project issues 94. Vendor components fail to meet requirements 98. Vendor components introduce third party liability 100. Project team lack authority to complete work 102. Delays to stakeholder approvals impact the project 103. Delays to financial approvals impact the project 104. Delays to procurement processes impact the project 105. Delays to recruiting processes impact the project 107. The project fails to match the organization's culture 108. An organizational restructuring throws the project into chaos 109. A merger or acquisition disrupts the project 110. Legal & regulatory change impacts project 111. Force Majeure (e.g. act of nature) impacts project 117. Errors in key project management processes 120. User interface doesn't allow users to complete tasks 123. Project reduces business productivity 125. Product disrupts business metrics (measurements of objectives) 130. Product negatively affects reputation Likely consequences Purchase of unsuitable product or service Money wasted Need not satisfied Greater expense Poor competition Totally unacceptable purchase or not most suitable product or service Time lost Increased costs Possible downtime Delay in making the purchase Additional costs for re-tender Inadequate responses from tenderers Reduced competition Delivery schedule not met Increased procurement costs Misuse of resources Most suitable product not obtained Fewer alternatives Most suitable product or service may not be obtained Increased costs Need not satisfied Time lost Increased costs Possible downtime Inadequate responses from tenderers Claims of unfair dealings Variety of offers Insufficient responses Products offered not meeting needs Difficult to evaluate Lack of offers from suitable tenderers Need to seek offers again Possible cost variations Failure to obtain value for money Loading of costs in offers Having to modify tender terms and conditions Disruption Low response Loading of costs in offers Variations in offers Having to provide clarifying information, causing delays in tender closing Additional costs Unethical conduct Claims of unfair practices Offers with qualifications by tenderers Withdrawal of offers Complaints from tenderers Withdrawal of offers Complaints from tenderers Mistrust by tenderers Need to undertake process again Increased costs Delayed delivery to the client Poor value for money due to limited competition Reduced competition Increased costs of products or services Inconsistent evaluations Possible complaints from tenderers Subjective not objective evaluation of offers Claims of unethical or unfair practices Loss of faith with tenderers Need to call tenders again Additional costs Delay in delivery Claims of unethical and unfair behaviour Complaints from tenderers Failure to fulfil the contract Failure to meet the client's need Contract disputes Delivery delays Cost variations Reduction in value for money Purchase of less suitable product Inefficient use of resources Delays in delivery Need to restart procurement Possible cost of legal action Inability to finalise contract Delays in delivery Variations in cost Inefficient use of resources Contract disputes Invalidity of contract Legal action Poor supplier/customer relationship Contract disputes Legal action Poor supplier/customer relationship Expense of negotiating out of the contract and paying damages Committing to other associated work prior to main contract existing Cost overruns Delays in delivery Need to restart procurement Contract disputes Failure to satisfy needs Delays in delivery Downtime Legal action Cost increases Failure of contract Full benefits not achieved Delivery of unsatisfactory product Contract/supply disputes Potential liability to pay for unauthorised work Possibility of legal action for perceived breach of contract Unanticipated cost increases Contract disputes Loss of commercial opportunity Unwarranted reliance on supplier for product support Legal action Damage to the agency's professional reputation Delays in delivery Downtime Liability disputes Misuse of resources Legal action Disruption to procurement activities Progress on project disrupted Less expertise Failure to improve procurement and management processes Procurement objectives not achieved Possible failure in the future Not achieving best return Claims of unethical and unfair practices Claims of bias and favouritism to organisations or individuals Reduction in value for money Plant, equipment and items (and parts of them) that have the potential to cut, rip, tear, abrade, crush, penetrate, produce projectiles or cause sudden impact. Chemicals, compounds, materials, powders, dusts and vapours that have the potential to impair health, have adverse effects on human reproduction, cause disease or have explosive, ammable, toxic or corrosive properties. A range of sources of energy that have the potential to cause harm, including electricity, heat, cold, noise, high powered light and damaging radioactive sources. Activities that cause stress to the muscles and/or skeleton, including manual handling of people, animals, goods or materials and things or circumstances that can cause a person to slip, trip or fall at the same level. Activities that are carried out where a person can fall or an object can fall onto people. Hazards Events, systems of work or other circumstances that have the potential to lead to psychological and associated illness, including work-related stress, bullying, workplace violence and work-related fatigue. Are potential stress tests and what if analyses undertaken monthly (eg.measuring sensitivity of exposure to market risk (VAR) and scenario analysis? Are front and back office systems adequate and appropriately segregated to ensure the completeness and accuracy of processing, settlement and verification of the value of outstanding transactions? Action Analyse need accurately Analyse need accurately Use functional and performance requirements Improve consultation with users Obtain clear statement of work and definition of need Obtain appropriate approvals before undertaking process Improve planning Improve forecasting, planning and consultation with users Improve communication with potential tenderers Implement best practice policies, guidelines and practices Maintain ethical environment Improve training of personnel Put suitable controls and reviews in place Consider using a probity adviser Improve communication with potential tenderers Define the specification in terms of required outputs Use functional and performance specifications Ensure specification is consistent with needs analysis Improve market knowledge Use functional and performance specifications Use functional and performance specifications Implement a control mechanism to review specification before release Be familiar with requirements Use functional and performance specifications Use an Expression of Interest or Request for Information to clarify requirements (be careful not to infringe intellectual property rights or copyright) Improve procurement planning processes Improve market knowledge Seek industry participation Use the Industry Capability Network (ICN) Improve implementation of procurement policies, guidelines and practices Improve tender documentation and clearly identify the evaluation criteria in Request for Tenders Provide staff with appropriate training and experience Use standard documentation prepared by Crown Law Select appropriate documentation for purchase type (ie. goods, services, goods and services, or information technology related) Improve tender planning Assess and allocate risks appropriately Consult with Crown Law Use commercially acceptable terms Provide staff with appropriate tender planning and procurement skills Ensure staff have appropriate tender planning and documentation training and experience Improve tender planning and preparation Review tender documents before issuing them and ensure evaluation criteria contain the critical factors on which assessment of tenders will be based Implement standardised procedures for responding to enquiries Provide staff with appropriate tender management training and experience Respond in a timely manner to enquiries Allow adequate time for tenderers to respond As above Answer queries in writing and provide copies to all potential tenderers Ensure that all potential tenderers are provided with any addenda Establish formal security procedures Train staff in their obligations Perform regular audits and reviews of security processes Advise tenderers of security measures Use appropriate tender advertisement strategy to increase competition (eg. consider advertising tenders in other publications as well as the local paper) Consult with the ICN to identify potential tenderers Provide potential tenderers with advance notice of tender requests Improve tender documentation and specifications Allow sufficient time for tenderers to respond Actions as above for insufficient number of responses Improve your market knowledge Review specifications or conditions Seek feedback from known suppliers on their non- response Provide staff with appropriate tender assessment and evaluation training and experience Improve tender assessment and evaluation processes Maintain, audit and review evaluation procedures Ensure that Evaluation Committee members declare any conflicts of interest Maintain, audit and review security procedures Provide staff with appropriate training and experience and monitor performance Ensure that Evaluation Committee members understand and sign Confidentiality Agreements Improve market knowledge Improve tender documentation Conduct market research Develop functional and performance specifications Ensure evaluation criteria contain the critical factors on which the assessment of tenders will be based and that they are clearly identifiable to tenderers in tender documents Ensure evaluation criteria are appropriate and measurable Ensure that Evaluation Committee members sign Declaration of Conflict and Confidentiality Agreements Provide staff with appropriate tender evaluation, financial and technical skills training and commercial expertise Improve evaluation procedures Improve evaluation criteria and clearly identify them to tenderers in tender documents Reject unacceptable offers Perform financial, technical and company evaluations before awarding contract Procurement Review Committee to review tender and selection process prior to awarding contract Ensure users are involved in the evaluation/selection process Improve technical evaluation procedures and train staff as appropriate Procurement Review Committee to review tender and selection process prior to awarding contract Improve communication, including ensuring that Conditions of Contract form part of the Request for Tender Provide staff with training in contract planning and management Define terms carefully Record each party's obligations Clarify all ambiguities before signing the contract Look at alternatives to share risk Distinguish between essential and non-essential goals and requirements Establish baseline before negotiations Distinguish essential goals from others Consider variations to contract Provide negotiators with adequate training Provide negotiators with adequate training and support Negotiate commercial terms Terms should be fair and reasonable Check final draft of contract with successful tenderer Keep records of all negotiations and agreements Procedure in place to ensure delegate's approval obtained first Provide negotiators with adequate training Agree on prices and the basis of prices Agree on a formula for calculating variations Seek legal redress if non-acceptance causes loss Negotiate but retain integrity of the contract Ensure good contract administration and performance management Hold regular inspections / meetings and ensure progress reports Ensure all staff know responsibilities and conditions Ensure good record keeping and documentation Maintain up-to-date agency procedures and practices Ensure all staff are suitably trained and experienced in contract planning and management Confirm verbal acceptance of contract with written advice Accept all contracts in writing Ensure approvals are received before allowing work to start Ensure all contract amendments are issued in writing Record all discussions and negotiations Confirm instructions in writing Ensure suitable clauses are included in the contract Check that all obligations are covered in the contract Agree on responsibilities Implement appropriate safety standards and programs Include appropriate packaging instructions in specification Agree on insurance cover for supplier to provide Accept delivery only after inspection Know when title of goods is transferred to buyer Maintain an ethical environment Follow and maintain fraud control procedures Include requirement in specification and ensure compliance in post-tender negotiation Know the market Accept risk and manage possible delay Develop systematic evaluation methods, techniques and evaluation criteria Agree on performance criteria (with supplier and customer) Develop good relationships with suppliers Include evaluation clause in the contract Implement performance management strategies Set reserve prices Deal with reputable firms Include disposal clause in initial contract Maintain ethical environment Sell by open tender Document reasons for decision Provide staff with appropriate training Plant, equipment and items (and parts of them) that have the potential to cut, rip, tear, abrade, crush, penetrate, produce projectiles or cause sudden impact. Chemicals, compounds, materials, powders, dusts and vapours that have the potential to impair health, have adverse effects on human reproduction, cause disease or have explosive, ammable, toxic or corrosive properties. A range of sources of energy that have the potential to cause harm, including electricity, heat, cold, noise, high powered light and damaging radioactive sources. Activities that cause stress to the muscles and/or skeleton, including manual handling of people, animals, goods or materials and things or circumstances that can cause a person to slip, trip or fall at the same level. Hazards Events, systems of work or other circumstances that have the potential to lead to psychological and associated illness, including work-related stress, bullying, workplace violence and work-related fatigue. Are front and back office systems adequate and appropriately segregated to ensure the completeness and accuracy of processing, settlement and verification of the value of outstanding transactions? Chemicals, compounds, materials, powders, dusts and vapours that have the potential to impair health, have adverse effects on human reproduction, cause disease or have explosive, ammable, toxic or corrosive properties. Activities that cause stress to the muscles and/or skeleton, including manual handling of people, animals, goods or materials and things or circumstances that can cause a person to slip, trip or fall at the same level. Hazards Events, systems of work or other circumstances that have the potential to lead to psychological and associated illness, including work-related stress, bullying, workplace violence and work-related fatigue. Risk Reporting AS AT 01-Jul-14 Adequate Opportunities for Improvement Inadequate No Assessment Totals V High 0 0 0 1 1 High 0 1 0 1 2 Medium 0 0 0 3 3 Low 0 0 0 4 4 Totals 0 1 0 9 10 Catastrophic Major Moderate Minor Negligible Totals Almost Certain 0 1 0 0 0 1 Likely 0 0 1 0 0 1 Possible 0 1 1 2 0 4 Unlikely 0 0 0 2 0 2 Rare 0 0 0 0 2 2 Totals 0 2 2 4 2 10 Colour Code V High High Medium Low R i s k
P r i o r i t y Assessment of Existing Controls L i k e l i h o o d Consequence 0 1 2 3 4 5 V High High Medium Low Risks - # by Priority Preference Order Treatment 1 Avoid 2 Accept 3 Avoid 4 Mitigate 5 Transfer 6 Accept Risk Management Option Avoidance by not starting or continuing the activity that led to the risk Accepting or increasing the risk in order to pursue an opportunity Removing the risk source Changing likelihood and/or Consequences Sharing risk with another party Retaining risk by informed decision Term Risk Control Residual Risk Hazard Issue Risk Identification Risk Analysis Risk Evaluation Risk Treatment Residual Risk Distinction between a Hazard and a Risk Hazard Risk Type Estimation Description Indicators High (probable) Likely to occur each year or more than 25% chance of occuring Potential of it occuring several times ithin the time period (eg. 10 years). Hac occurred recently. Medium (possible) likely to occur in a 10 year time period or less than 25% chance oc occurrence Could occur more than once within time period (eg. 10 years). Could be difficult to control due to some external influences. Is there a history of occurrence? Low (remote) Not likely to occur in a 10 year period or less than 2% chance of occurrence Has not occurred. Unlikely to occur. High (probable) Favourable outcome is likely to be achieved in 1 year or better than 75% chance of occurrence Clear opportunity which can be relied on with reasonable certainty, to be achieved in the short term based on current management processes Medium (possible) Reasonable prospects of favourable results in 1 year of 25% to 75% chance of occurrence Opportunities which may be achievable but which require careful management. Opportunities which may arise over and above the plan. Low (remote) Some chance of favourable outcome in the medium term or less than 25% chance of occurrence Possible opportunity which has yet to be fully investigated by management. Opportunity for which the likelihood of success is low on the basis of management resources currently being applied. Threats Opportunities Risk Likelihood/Probability of Occurrence Definition Effect of uncertainty on objectives (either positive or negative deviation from what is expected). Often expressed as a combination of the consequences of an event & associated likelihood of occurrence Any measure or action that modifies risk. Includes any policy, procedure, practice, process, technology, technique, method or device that modifies or managed risk. Risk treatments become Controls or modify existing Controls once they have been implemented. Risk with probability of 100%. Ie. it has eventualised into an existing issue. Potential to cause uncertainty. Risk includes the likelihood of it happening. Risk left over after youve implemented a risk treatment option. Present condition, event, object, or circumstance that could lead to or contribute to an unplanned or undesired event such as an accident. It is a source of danger Future impact of a hazard that is not controlled or eliminated. It can be viewed as future uncertainty created by the hazard Process of finding, recognising and describing risks involving identification of risk sources, events, causes and potential consequences Process to comprehend the nature of risk and to determine the level of risk Risk with probability of 100%. Ie. it has eventualised into an existing issue. Process to modify risk that can involve: - avoidance, taking or increasing a risk, removing the risk source, changing the likelihood, changing the consequences, sharing the risk (eg. Contracts), retaining the risk by informed decision, Risk remaining after risk treatment Business Category Risk Category Controls Asset Management Business Continuity Adequate Infrastructure Management Liability Opportunities for Improvement Finance Environmental Inadequate Clinical Governance Financial Regulatory Compliance Political Service Delivery OH&S Corporate Governance Infrastructure, Assets & Systems Operational Reputation Market / Environmental Strategic Document Type Action Type Consequence Strategic Plan Avoided (eg. don't do risky activity) Likelihood Negligible Business Continuity Plan Accepted Almost Certain Medium OH&S Policies & Procedures Removed (risk source removed) Likely Medium Other Reduce Likelihood (eg. P&P, Training) Possible Low Reduce Consequences Unlikely Low Shared/Transferred (eg. Insurance) Rare Low Retained (by informed decision) Consequence Minor Moderate Major Catastrophic Medium High V High V High Medium High High V High Medium Medium High High Low Medium Medium High Low Medium Medium High