Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk assessment 148
- 4ts of hazard risk response
|
TAbLE
12.1 Benchmark tests for risk significance FirM risk scorecard Typical benchmark test for significance Financial Impact on balance sheet of 0.25% Profit and loss impact of 2.5% annual profit Infrastructure Disruption to normal operations of ½ day Increased cost of operation exceeds 10% budget Reputational Share price falls by 10% Event is on national TV, radio or newspapers Marketplace Impact on balance sheet of 0.5% turnover Profit and loss impact of 1% annual profit Risk assessment 148 the organization. Undertaking the testing of controls is a key function fulfilled by internal audit and the importance of the testing of controls should also be recognized by risk management practitioners. Management needs to receive assurance of adequate control and this can come from internal audit activities, or measurement of the outputs of activities and projects, as well as from management reports. The responsibility for designing and implementing controls and auditing the effectiveness and efficiency of controls should be allocated within the risk management documentation. 4ts of hazard risk response Figure 4.1 provides a diagram of the risk management process. This diagram set out the stages of the risk management process in relation to the management of hazard risks. The options presented for risk response can be described as the 4Ts of hazard management, which are: tolerate, treat, transfer and terminate. It is possible to illustrate the 4Ts of risk response on a simple risk matrix and this is done in Figure 15.1. This figure suggests that in each of the four quadrants of the risk matrix, one of the 4Ts will be dominant, as follows: ● ● Tolerate will be the dominant response for the low-likelihood/low-impact risks. ● ● Treat will be the dominant response for high-likelihood/low-impact risks. ● ● Transfer will be the dominant response for high-impact/low-likelihood risks. ● ● Terminate will be the dominant response for high-impact/high-likelihood risks. The corresponding responses for control and opportunity risks are considered in Chapter 15. Options for responding to opportunity risks are identified as the 4Es and decision making in respect of opportunities is described in terms of the 5Es. It is important to note that these responses are represented as the dominant or most likely response in each quadrant, but circumstances may dictate that another re- sponse may be required as well, or instead. Different and/or additional responses may be appropriate, depending on the circumstances. For example, if high-impact/high-likelihood risks are embedded within mission-critical activities, they may be unavoidable. In this case, it will not be possible for the organization to terminate those risks. A difficulty in presenting such a simple risk matrix showing the 4Ts of risk re- sponse is that they meet in the centre. Clearly, it cannot be as simple as suggested, because a small change in the likelihood and impact of a risk could take it from the terminate quadrant into the tolerate quadrant. A slightly modified approach that makes this analysis somewhat more realistic is considered in Chapter 16. A practical difficulty for many organizations is that they may be forced to retain a risk that is recognized as being beyond the risk appetite, or even the risk capacity, of the organization. For example, a firefighting authority may have to accept circumstances where firefighters will be facing a critical level of risk that the organ- ization has no choice but to tolerate, even though all possible controls have been implemented. Where organizations have to tolerate risks that are at the critical level, |
