STAGE 1: ANALYSE AND ESTABLISH THE CONTEXT We need to get a better understanding of the background as well as the current situation that the organisation is facing – and also the s... STAGE 1: ANALYSE AND ESTABLISH THE CONTEXT We need to get a better understanding of the background as well as the current situation that the organisation is facing – and also the specific business activity, process or project being investigated. The objective of Stage 1 is to understand the organisation business processes and what the current status is – activities such as SWOT analysis and PESTLE analysis or to clarify and establish the organisations objectives in terms of the SMART criteria. STAGE 2: RISK ASSESSMENT Risk assessment can be described as the overall process of risk identification, risk analysis, and risk evaluation which are critical to assess the risk. A. Risk identification – the process of determining what, where, when, how, and why something (an event known as the risk) can happen The objective of risk identification is to identify the risks to the business (which would limit or eliminate the organisation’s ability to achieve its objectives) and the opportunities (which would improve the organisation's performance). A risk register is the main output results of the risk identification stage and is used as a central source or collection for all risks identified by the organisation – stored in the risk register. B. Risk Analysis – a systematic process to understand the nature of the risk and to evaluate the level of risk. Involves assessing the likelihood of the risks and opportunities occuring as well as their impact should they materialise. The objective is to assess the risks and the opportunities to the organisation in terms of their probability and impact. In the process of risk analysis, a probability impact matrix should be created. Key activities: a. 1st Understand and assess the probability of the risk or opportunity arising. b. 2nd Assess the impact of the risk or opportunity in terms of the organisational or project objectives. C. Risk Evaluation – The process of comparing the level of risk against the set performance criteria. Getting understanding of the individual risk and opportunities so that we can see the total impact when they are combined as well as their true net effect happens in risk evaluation. A combination of risks and opportunities to determine their net effect is made. With the objective being to establish to what event the risk or opportunity in total, impacts the business as a whole, or a specific project. STAGE 3: RISK TREATMENT The key link is to use all of the preceding efforts to produce responses and take specific action plans to address the risks and opportunities identified in order to achieve the business or project objectives. The objective is to plan specifc management responses to both the threats and opportunities identified durimg the risk management process. During this stage is critical to do adequate risk research before the final decision is made - allowing for the risk management team to make an informed decision about an appropriate risk response. An appropriate alternative response can then be developed. A risk response should be developed for each risk. Risk Appetite is a risk preference, risk attitude, risk tolerance, or risk capacity – refers to the amount of a risk an organisation is prepared to endure or tolerate (be exposed to) at any point in time. Risk Avoidance also known as risk removal, risk elimination, risk exclusion, or risk termination. A risk may be avoided by not accepting or entering into the event that has hazards or prominent threats, and which could directly result in reputational, legal, or financial risks. Risk Reduction also known as risk treatment or risk mitigation – refers to actions to minimise risk, by means of diversification or by means of proactive actions, such as learning and making changes resulting from previous negative events. Risk transfer also known as risk reassignment or risk deflection. Such as getting insurance. Risk retention also known as risk acceptance, risk absorption, or risk tolerance STAGE 4: MONITOR AND REVIEW The objective is to monitor the performance of the risk response actions to inform the need for proactive risk management intervention 5 Key R’s • React to early warning indicators to warn managers of the need to make risk management interventions • Register changes in the details of the risk and opportunities already captured on the risk register. • Record emerging risks and opportunities, lessons learned, and changes in the internal and external context • Review whether the risks owners are implementing the responses for which they are responsible. • Report on the success or otherwise of the risk and opportunity management actions implemented to date, the need for additional response actions, and the changes in the overall risk exposure profile of the business. STAGE 5: COMMUNICATION AND CONSULTATION This stage refers to the dialogue that takes place across all the risk management stages to support their effective implementation. The objective is to develop plans for communication and consultation at the outset of the risk management process – THIS STAGE TAKES PLACE DURING ALL THE STAGES OF THE RISK MANAGEMENT PROCESS – ensuring that risk information derived from the risk management process is adequately reported and used as a basis for decision making. 1. Internal risk communication – The aim is to support and encourage accountability and ownership of risk and opportunity management AND mechanisms should ensure that: a. The risk framework and updates are communicated throughout the organisation b. The risk policy and updates are communicated throughout the organisation organisation c. Templates are developed to ensure consistency in how risk data is captured as well as how risk management and risk reporting are communicated. d. Risk information is stored in a way that it is readily accessible to the entire organisation. e. There is adequate and appropriate dialogue with key internal stakeholders who will influence the success of embedding risk management as a key organisational element f. There is an open channel to maintain dialogue with key external stakeholders and others to aid in the implementation of risk management. 2. External risk communication – The aim is to deliver open and honest information on the risk that the organisation faces and how it is responding to those risks AND mechanisms should ensure that: a. External reporting complies with legal, regulatory, and government requirements; furthermore, reporting should be timely, accurate, and complete. b. Suitable external stakeholders are engaged, and an effective exchange of suitable risk-related information is ensured. c. Answers to questions on the risk management framework, policy, process, procedures, or reporting are given on time. d. If possible, risk management information is used to provide a positive message to build confindence in the organisation. e. The organisation is equipped to quickly communicate with stakeholders in the event of a crisis with current accurate information, in a consistent way. Read more