Fundamentals of Risk Management
Risk analysis and evaluation
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk significance
|
Risk analysis and evaluation
149 it is usual for enhanced monitoring of the risks to be put in place. This will enable the organization to ensure that it takes the earliest opportunity of introducing any enhanced controls as soon as they become available. Risk significance When undertaking a risk assessment, it is quite common to identify a hundred or more risks that could impact the objective, core process or key dependency that is being considered. This is an unmanageable number of risks and so a method is required to reduce the number that will be considered to be priority issues for management. In order for an organization to concentrate on significant risks, a test for risk significance is required. Table 12.1 provides suggestions on the nature of the bench- mark tests that could be used to decide whether a risk is significant. For risks that will have a financial or commercial impact, the benchmark test is likely to be based on monetary value. For risks that could disrupt the infrastructure or routine operations of the organization, a benchmark test based on the impact, cost and duration of disruption is appropriate. For reputational risks, the most likely benchmark will be based on the adverse publicity that would result if the risk materializes. This may vary according to the nature of the risk and whether it is a financial or non-financial one. For large organizations, identifying a financial test for significance can be undertaken in a number of ways. Many organizations will have authorization procedures for spending money, and so the test for risk significance should be com- patible with the authorization levels, which are often set out in a formal document referred to as a ‘delegation of authority’. For a large organization, it may be the case that full board approval is required for expenditure in excess of a particular financial threshold. This is an indication of the sum of money that is considered significant by the organization. Other tests include a percentage of the budgeted profit for the year or a percentage of the value of the balance sheet (or reserves) of the organization. Typically, 5 per cent of the annual profit or 0.25 per cent of balance sheet or 0.5 per cent of annual turnover are appropriate tests for significance. For an organization with a £2 billion balance sheet, £1 billion annual turnover and £100 million planned annual profit, the signi- ficant financial threshold would be £5 million. Financial limits can be used to test whether a risk is significant in relation to financial and marketplace risk segments of the FIRM risk scorecard. For infrastructure and reputational segments, identifying a benchmark test for significance may be more difficult. One test of significance for infrastructure risks is to ask whether the risk would disrupt normal operations for more than (say) half a day. For reputational risks, the test for significance may be to determine how the event would be reported. A report on the front page of the local newspaper or in the national press may be an indication that a risk should be considered to be significant. For an organization, it is possible that the external auditors might indicate that a sum of £1 million would be considered to be a material sum when compiling the accounts of the organization. This would offer guidance to the management of the company to use that amount as the benchmark test of significance, although it |
