Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk control techniques 189 FIgURE 16.2 Bow-tie and types of controls Risk source
|
TAbLE
16.2 Examples of the hierarchy of hazard controls generic control category Hierarchy of controls for health and safety risks Hierarchy of controls for fraud risks Preventive Elimination or removal of the source of the hazard Substitution of the hazard with something less risky Limits of authorization and separation of duties Pre-employment screening of potential staff Corrective Engineering containment using barriers or guards Exposure reduction by job rotation or limitation on hours worked Passwords or other access controls Staff rotation and regular change of supervisors Directive Training and supervision to enforce procedures Personal protective equipment and improved welfare facilities Accessible, detailed, written systems and procedures Training to ensure understanding of procedures Detective Health monitoring to enquire about potential symptoms Health surveillance to find early symptoms Reconciliation, audit and review by internal audit Whistleblowing policy to report (alleged) fraud Risk control techniques 189 FIgURE 16.2 Bow-tie and types of controls Risk source Flood Fire Earthquake Cost containment Loss prevention Break-in Impact Financial Infrastructure Reputational Marketplace Damage limitation Damage to premises Preventive Corrective Directive Detective to the bow-tie presentation of the risk management process is shown in Figure 16.2. For the sake of illustration, this figure uses the same hazard of damage to premises as represented in Figure 11.2. Directive controls are designed to ensure that a particular outcome is achieved. In health and safety terms, directive controls would include instructions/directions given to employees to follow, for example, in the use of personal protective equip- ment. Training in how to respond to a particular risk event and detailed instructions and procedures are directive controls. Directive controls are also associated with actions that must be taken in the event of a loss to limit the damage and contain the costs. Detective controls are designed to identify occasions when an undesirable outcome has occurred. The control is intended to detect when these undesirable events have happened, to ensure that the circumstances do not deteriorate further. An example of detective controls in a project is undertaking a post-incident review. There is a clear hierarchy of effectiveness of controls that is represented by the order preventive, corrective, directive and finally detective. Preventive controls are clearly the most effective, followed by controls that correct adverse circumstances. Providing training and direction to staff is a weaker level of control, and detective controls only confirm that an adverse event has occurred. The importance of DRP and BCP should not be underestimated. They are both methods of cost containment designed to ensure minimum disruption after a hazard risk has materialized, so they are aligned with detective controls. However, DRP and BCP do not conveniently fit into the PCDD classification system for controls, |
