Interviewing stakeholders:▪Typically two categories: short-answer surveys and open-ended interviews. ▪The former is most appropriate for gathering aggregate data during workshops. The latter can provide a fuller and more contextualized discussion of risk issues. Polling a large group of personnel requires a standardized question/answer template while the detailed input of senior executives and board members is best captured by open-ended questions▪As part of setting the context, a communication strategy, interview tools (questionnaires, polling methods, and Risk Assessment Templates) should be established.2. Gather available data (internal and external):▪Business plans, strategic plans, corporate KPIs, stakeholder reporting▪Industry surveys/views, benchmarking, event histories, 10K reports▪SWOT and similar economic and environmental analysis▪Early warning reporting and monitoring reporting of risks▪Stress and scenario testing (internal and regulatory required)▪Research and government outlook reports (eg. BIS Annual report)
MONASHBUSINESSSCHOOL37Example:- Lockheed Martin, Engaging Management in Risk Identification▪3 methods of internal data gathering :–One-on-one Free Form Interviews–Electronic surveys (similar questions, wider spread)–Workshops and feedback sessions▪Organise information using a risk taxonomy (58 categories)–Easier to collate, analyse and report–Self identification–Consistent ▪New risk identification–Emerging risks and monitoring–Benchmarking with external surveys–Feedback into interviews
MONASHBUSINESSSCHOOL38The Risk Taxonomy▪An essential part of the communication strategy supporting the risk identification step, is to adopt, at the outset, a common language of risk that is tailored to the business practice of the organisation that can be applied across all activities. This is necessary to avoid confusion when it comes to identifying risks.▪The taxonomy describes what risks and how they are defined.▪In general, there are two methods:- Root Cause MethodImpact MethodRisks are classified by root causeRisks are classified by impact on the business / financial statementsPro: Assists management identify and treat the riskPro: May be required for regulatory reporting and capital measurement (eg. Basel II)Con: Competing root causes Con: Does not assist root cause identification
MONASHBUSINESSSCHOOL39The Risk Universe – An Illustrative Taxonomy of Risks from EYNote: organisations will create their own taxonomies
MONASHBUSINESSSCHOOL40The Risk Register▪A risk register is a central inventory that catalogues various risks and, for each one, its type, origin, prevention tactics, mitigation options and potential countermeasures. It contains the identification, assessment and mitigation outcomes.
You've reached the end of your free preview.
Want to read all 111 pages?
- Three '16
- risk principles