Home    Who Is BRM?    Contact Us    Help

 


Course Diary  
Course Outlines  
Booking Information  
In-House Training  

The Challenge  
Facilitation  

£20Billion Industry  
Prevention  
Investigations  

Planning For SME's  
Book Your Session  

Course Programme  

In-House  
Internal Audit  
Fraud  
Risk Management  
Assurance  

< Home > < Risk Management > Risk Management Proposal
Risk Management Proposal

Proposal for the Provision of Risk Management Services

The following describes the approach and methodology that would be used to communicate risk management concepts and principles to key staff and to coordinate the completion of risk assessments throughout the service unit structure in accordance with the brief provided. Throughout the assignment the risk management process will be modelled on and measured against best practice, as per the Basel Committee, The FSA and the Turnbull Committee on Corporate Governance.

The lead consultant in this assignment will be Phil Griffiths, Managing Director of Business Risk Management Ltd, A Chartered Accountant with over 10 years experience in the field of strategic risk management. Phil will be supported by John Eves, Senior Consultant, a CIPFA member who over the past 5 years has been involved in the design and implementation of risk management and corporate governance systems in both the Private and Public sectors

Throughout the assignment the consultants will work alongside the management of xxxx. Our aim is to ensure that we transfer our knowledge of business risk management to ensure that you can successfully manage the process at the end of the assignment. To this end, and to keep costs to a minimum, it is suggested that a member of staff is nominated to work with the consultants on the assignment.


Stage 1. Planning

  • Finalisation of assignment brief with Audit and Risk Director
    (with input from and agreement of Risk Management Steering Group)
  • Preparation of timetable in consultation with Head of Personnel Services
  • Meetings with Chief Executive, Deputy Chief Executive, Director of Finance
    and Chairman of the Risk Management Steering Committee to get their
    perspectives and outline the process
  • Establishment of specific milestone dates
  • Agreement of contacts, specific format of workshops and attendees
  • Establishment of workshop dates etc
  • Determination of reporting mechanisms

Stage 2. Raising management awareness

  • Setting the Context for Risk Management
  • Imagine these newspaper headlines - specifically tailored to xxxxx
  • Financial Services developments and the resultant challenges
  • Key requirements - critical dates
  • Wrong assumptions about risk - why Risk and insurance are not synonymous
  • Definitions and outline of Aus/ NZ Risk management standard
  • The link between risk and culture - Are you primarily risk averse or risk embracing
  • The implications of changes in risk culture
  • The critical link between Strategy and Risk
  • Benefits of a formal approach to risk management
  • Explanation of the Risk workshop process
  • Outline of current procedures and policies relating to Risk management
  • Identification of risk (including interactive session)
  • Categories of Risk
  • Risk Mitigation, Risk exposures and identification of opportunities
  • Risk matrices and Risk registers
  • The need to embed the Risk process

Stage 3a. Strategic Risk assessment workshop

It is assumed that the output will be collated and issued by the Audit and Risk Directors team (or other internal method) as this is generally much more cost effective than having the consultants carry out this task

Risk Identification:  The introduction of a consistent and tailored model for risk identification will be established. A matrix to assist in the assessment of the materiality of likelihood and potential impact will also be produced. These will be tailored to specific limits and exposures relevant to the organisation. Risk categories will be assessed and finalised to ensure consistency of reporting and tracking the Key Risks. The above will all be established through discussions prior to the workshop.

Workshop Outline

  • Brief explanation of the Workshop, its objectives and deliverables
  • Ground Rules
  • Discussion and agreement of Strategic objectives
  • Thought provokers and diagnostic questions - to encourage the participants to consider the critical risks
  • Facilitated risk identification (individually by post-it notes)
  • Explanation of Risk Categories to be used
  • Sifting and clustering the risks by means of the risk categories
  • Measuring the risks (impact and likelihood of occurrence)
  • Discussion and agreement of significance
  • Recording the Risks on a Risk Matrix
  • Discussion of next steps re output
  • Discussion of attendees at Risk Mitigation workshop

It is strongly recommended that a separate workshop be held to examine risk mitigation, as it is unlikely that the top management team will have enough knowledge of the current procedures to make this element of the process practical.
A second half day workshop a week or so after the initial workshop bringing in the next level of management would be the optimum solution

Stage 3b. Strategic Risk mitigation workshop

  • Brief review of output from first workshop - first columns of risk register
  • Explanation of mitigation workshop and output (completed risk register)
  • Small focused teams discuss ad record mitigation for each risk
  • Teams present to full workshop group
  • Discussion and agreement of exposures (and opportunities e.g. over managed risks)
  • Residual risks determined and recorded (via risk matrix)
  • Action plans debated and owners allocated
  • All columns of risk register completed

Risk Register:  The risk register in the format already determined will be produced. The risk appetite should also be determined together with any risk limits in place

Risk Exposures:  After considering the cost effectiveness and availability of the options for mitigating the risks there will still be residual exposures. It is important to recognise such exposures and to specifically accept them - this is proactive risk management. The consultants will assist the risk owners to evaluate any exposures.

Stage 3c. Risk tracking


Risk Tracking:  Having identified the key risks it is important, that the process becomes embedded in the organisation. A mechanism therefore is needed to track movements in those risks. To this end a set of Key Risk Indicators will be identified. For each KRI a standard level of performance will also be agreed, through discussion, against which actual performance can be measured. Wherever possible this data will be drawn from existing management information. The analysis of this data, together with other risk information that might be identified, will enable regular reports to be designed to show how the risks are changing. The generation of this information will promote an awareness of changes in risks, provides risk management information and, by focusing management attention, prioritise and support the risk management process.

Stage 4. Operational Risk workshops

     5 half day workshops x 2

     (5 for identification and 5 for mitigation)

     The workshops can be run back to back

Suggested workshop allocation (all are just as important as each other, so sequence is not critical) What is critical is not to share the output with other departments until all workshops have been completed.


Risk Identification Workshop Outline

  • Overview of process and outputs (including input to key organisational risks)
  • Ground Rules
  • Discussion and agreement of objectives
  • Thought provokers to encourage the participants to consider the key issues
  • Facilitated risk identification (individually by post-it notes) Wider risks will be separated collated from each workshop and reported upwards
  • Explanation of Risk Categories
  • Sifting and clustering the risks by means of the risk categories
  • Measuring the risks (impact and likelihood of occurrence)
  • Discussion and agreement of significance
  • Recording the Risks on a Risk Matrix
  • Discussion of next steps re output and risk mitigation

Risk Mitigation Workshop Outline

  • Brief review of output from first workshop - first columns of risk register
  • Explanation of mitigation workshop and expected output (completed risk register)
  • Small teams discuss and record mitigation for each risk
  • Teams present to full workshop group
  • Discussion and agreement of exposures (and opportunities)
  • Residual risks determined and recorded (via risk matrix)
  • Action plans debated and owners

These risks would be grouped together under the generic categories, developed as part of the model in stage 3, to help ensure that the reporting of risks and their movement is consistent across all activities. From the results achieved it will be possible for managers and specialist staff to assess and consider the actions that they can take to mitigate their business risks at this lower level. The results of the specific reviews can then be escalated into a corporate analysis to identify their potential impact on the organisations Key Risks.

By being aware of changes in the risk profile within their parts of the organisation, managers will be able to respond by adopting and adapting their risk management activities. Positive and pro-active risk management will be evidenced by improving or deleting redundant or overly costly, controls, enhancing the value gained from insurance spending and other contracts or partnerships and through a clearer understanding of the exposures faced.

This consideration of risk forms the basis of Risk Management Self Assessment. This technique will provide an organisation wide view of risk management that can then be collated and reported. RMSA provides valuable on-going re-enforcement to the independent reviews undertaken by Internal Audit, which inevitably have to be snapshots at a given period of time. Only RMSA can provide a commentary on how risks were actually managed and how thoroughly internal controls operated throughout the whole of the period of account. Such a system would provide an invaluable aid to the continued development of the overall corporate governance and risk management processes.

RMSA does, however, require those with such responsibilities to view these activities positively and to have received sufficient training and support. Careful communication of the benefits is therefore required and could be provided within the assistance given during the assignment.

Stage 5. Consolidation and Reporting

  • Collation of output
  • Identification of organisation wide risks not already captured
  • Evaluation of such Risks and mitigation
  • Preparation of summary reports for Management Team and Risk Management Steering Group
  • Preparation of key risk matrix
  • Evaluation of benefits and preparation of success measures
  • Determination of optimum approach for sharing output and publicising benefits - including responsibility for action plan follow up
  • Development of approach for risk based decision making using the risk Matrices

Benefits

  • Amongst the benefits that xxxx should gain from a formalised risk management process are:
  • Better understanding of risks and exposures faced by the organisation.
  • Greater ownership by managers of risk management and their systems of internal control;
  • Understanding how risks are moving and the ability to model how they are accumulating;
  • Integration of risk management into systems and project based development, contracting and partnership arrangements;
  • Efficient and effective integration of recovery and contingency plans;
  • More focused use of insurance as a method of transferring risk;
  • The implementation of a more cost effective control environment;
  • More effective working practices between managers, auditors and other specialists;
  • Better management information when considering the corporate governance of the organisation
  • Improved cost effectiveness.
  • Readiness for external FSA reviews

Launch Memo

Risk Management Benefits


Facilitation