SMRK5103_PART 3_I

TOPIC 13_RISK ASSESSMENT CONSIDERATIONS

TOPIC 14_RISK CLASSIFICATION SYSTEMS
TOPIC 13_RISK ASSESSMENT
CONSIDERATIONS
Risk Perception: the way in which risk is regarded, understood, or
interpreted.
Establishing the context defines the scope for the risk management process and sets the criteria against which the risks will be
assessed. The scope should be determined within the context of the firm's organisational objectives.

The external context is the environment in which the firm operates and seeks to achieve its objectives. Consideration should be
given to the following inputs as they relate to the business, social, regulatory, legislative, cultural, competitive, financial, and
political environment, including:
● Strengths, weaknesses, opportunities and threats
● Relationships with, perceptions and values of, external stakeholders such as clients.

The internal context is the internal environment in which the firm functions and seeks to achieve its objectives. Consideration
should be given to factors such as:
● Objectives and strategies in place to achieve objectives
● Governance, structure, roles and accountabilities
● Capability of people, systems and processes
● Changes to processes or compliance obligations
● The risk tolerance and appetite of the firm.
RISK ASSESSMENT TECHNIQUES

RISK
ASSESSMENT
TOOLS &
TECHNIQUES
RISK IDENTIFICATION

The identification of key risks to the firm is a critical step in

effective risk management and needs to be comprehensive.
If a potential risk is not identified at this stage it is omitted from
further analysis, which means a material risk may be given
insufficient attention.
The risks that relate to the firm's context and business
objectives must be identified, whether or not they are under the
influence of the firm.
RISK IDENTIFICATION

The following questions can be used to assist in identifying risks:

● What could go wrong?

● How could we fail?
● What must go right for us to succeed?
● Where are we vulnerable?
● What assets do we need to protect?
● Do we have liquid assets or assets with alternative uses?
● How could someone steal from the firm?
● How could someone disrupt our operations?
● How do we know whether we are achieving our objectives?
● On what information do we most rely?
● On what do we spend the most money?
● How do we bill and collect our revenue?
● What decisions require the most judgment?
● What activities are most complex?
RISK IDENTIFICATION
 RISK ANALYSIS

Risk Analysis involves developing an understanding of the risk. Risk Analysis provides an
input to Risk Evaluation, to decisions on whether risks need to be treated, and on the most
appropriate risk treatment strategies and methods.
Risk Analysis can also provide an input into making decisions where choices must be made,
and the options may involve different types and levels of risk.
AS/NZS ISO 31000:2009

Risk analysis generally involves the assignment of an overall risk rating to each of the risk
events identified by following these steps:
● Analyse inherent risk - What is the likelihood and consequence of a risk event if it
were to occur in an uncontrolled environment?
● Identify and evaluate controls - What existing controls are in place to address the
identified risk and how effective are these controls in design and operation?
● Analyse residual risk - What is the likelihood and consequence of a risk event if it were
to occur in the current control environment?
RISK ANALYSIS
RISK MATRIX
RISK EVALUATION

Risk Evaluation is the process used to compare the estimated risk

against the given risk criteria so as to determine the significance of
the risk.

Risk evaluation may be used to assist in the decision to risk

treatment.

Low probability, Low impact – Accept

High probability, Low impact – Manage
High probability, High impact – Reduce
Low probability, High impact – Plan
 RISK ATTITUDE

Risk attitude is “chosen response to uncertainty that matters, influenced by

perception”

The most significant Critical Success Factor for effective risk management is the one
most often lacking: an appropriate and mature risk culture (Hillson, 2002a). Research
and experience both indicate that the attitude of individuals and organisations has a
significant influence on whether risk management delivers what it promises (Hillson &
Murray-Webster, 2005).
RISK ATTITUDE

To start the process of understanding and managing risk attitude,

FOUR simple questions can be asked:

1. How do I/we feel in this uncertain situation?

2. Why do I/we feel that?
3. Is my/our response appropriate to help me/us achieve
objectives?
4. If not, what am I/we going to do about it?
Risk
Averse
VS
Risk
Seeking

The same uncertain situation will elicit different preferred attitudes from different individuals or
groups, depending on how they perceive the uncertainty. And since attitude drives behaviour, different
people will exhibit different responses to the same situation, as a result of their differing underlying
risk attitudes (sometimes called “perceptual dissonance”) – a situation regarded as too risky by
one person will be seen as acceptable by another.
TOPIC 14_RISK
CLASSIFICATION SYSTEMS
WHAT IS RISK CLASSIFICATION SYSTEMS?

Risk classification relates to how an organisation defines the risks it

faces.

To utilize risk classification a method must be established for deciding

how to assign each risk to a risk class.

A system that accomplishes this goal by specifying a set of risk

classes, together with a procedure that is used to assign each
covered risk to one of the risk classes, is called a risk classification
system.
SWOT ANALYSIS

SWOT stands for Strengths, Weaknesses, Opportunities, and Threats.

Strengths and weaknesses are internal to the organisation—things that you have
some control over and can change. Examples include who is on your team, your
patents and intellectual property, and your location.

Opportunities and threats are external—things that are going on outside your
company, in the larger market. You can take advantage of opportunities and protect
against threats, but you can’t change them. Examples include competitors, prices of
raw materials, and customer shopping trends.
SWOT ANALYSIS

SWOT analysis will force you to look at your business in new

ways and from new directions. You’ll look at your strengths and
weaknesses, and how you can leverage those to take advantage of
the opportunities and threats that exist in your market.
STRENGTHS

Strengths are internal, positive attributes of your company. These are things that
are within your control.

● What business processes are successful?

● What assets do you have in your team, such as knowledge, education,
network, skills, and reputation?
● What physical assets do you have, such as customers, equipment,
technology, cash, and patents?
● What competitive advantages do you have over your competition?
WEAKNESS

Weaknesses are negative factors that detract from your strengths. These
are things that you might need to improve on to be competitive.

● Are there things that your business needs to be competitive?

● What business processes need improvement?
● Are there tangible assets that your company needs, such as money or
equipment?
● Are there gaps on your team?
● Is your location ideal for your success?
OPPORTUNITIES

Opportunities are external factors in your business environment that are likely to
contribute to your success.

● Is your market growing and are there trends that will encourage people to
buy more of what you are selling?
● Are there upcoming events that your company may be able to take
advantage of to grow the business?
● Are there upcoming changes to regulations that might impact your company
positively?
● If your business is up and running, do customers think highly of you?
THREATS

Threats are external factors that you have no control over. You may want to
consider putting in place contingency plans for dealing them if they occur.

● Do you have potential competitors who may enter your market?

● Will suppliers always be able to supply the raw materials you need at the
prices you need?
● Could future developments in technology change how you do business?
● Is consumer behavior changing in a way that could negatively impact your
business?
● Are there market trends that could become a threat?
PESTEL ANALYSIS

A PESTEL analysis or PESTLE analysis (formerly known as PEST analysis)

is a framework or tool used to analyse and monitor the
macro-environmental factors that may have a profound impact on an
organisation’s performance.

This tool is especially useful when starting a new business or entering a

foreign market.

PESTLE is a mnemonic which in its expanded form denotes P for Political,

E for Economic, S for Social, T for Technological, L for Legal and E for
Environmental.
POLITICAL

These factors are all about how and to what degree a government
intervenes in the economy or a certain industry.

This can include government policy, political stability or instability,

corruption, foreign trade policy, tax policy, labour law, environmental law and
trade restrictions.

Furthermore, the government may have a profound impact on a nation’s

education system, infrastructure and health regulations. These are all
factors that need to be taken into account when assessing the
attractiveness of a potential market.
ECONOMIC FACTORS

Economic factors are determinants of a certain economy’s performance.

Factors include economic growth, exchange rates, inflation rates, interest

rates, disposable income of consumers and unemployment rates.

These factors may have a direct or indirect long term impact on a

company, since it affects the purchasing power of consumers and could
possibly change demand/supply models in the economy.

Consequently it also affects the way companies price their products and
services.
SOCIAL FACTORS

This dimension of the general environment represents the demographic

characteristics, norms, customs and values of the population within
which the organization operates.

This includes population trends such as the population growth rate, age
distribution, income distribution, career attitudes, safety emphasis,
health consciousness, lifestyle attitudes and cultural barriers.

These factors are especially important for marketers when targeting

certain customers. In addition, it also says something about the local
workforce and its willingness to work under certain conditions.
TECHNOLOGICAL FACTORS

These factors pertain to innovations in technology that may affect the

operations of the industry and the market favorably or unfavorably.

This refers to technology incentives, the level of innovation, automation,

research and development (R&D) activity, technological change and the
amount of technological awareness that a market possesses.

These factors may influence decisions to enter or not enter certain industries, to
launch or not launch certain products or to outsource production activities abroad.

By knowing what is going on technology-wise, you may be able to prevent your

company from spending a lot of money on developing a technology that would
become obsolete very soon due to disruptive technological changes elsewhere.
ENVIRONMENTAL FACTORS

Environmental factors have come to the forefront only relatively recently.

They have become important due to the increasing scarcity of raw materials,
pollution targets and carbon footprint targets set by governments.

These factors include ecological and environmental aspects such as weather,

climate, environmental offsets and climate change which may especially
affect industries such as tourism, farming, agriculture and insurance.
Furthermore, growing awareness of the potential impacts of climate change is
affecting how companies operate and the products they offer. This has led to
many companies getting more and more involved in practices such as corporate
social responsibility (CSR) and sustainability.
LEGAL FACTORS
Although these factors may have some overlap with the political factors, they
include more specific laws such as discrimination laws, antitrust laws,
employment laws, consumer protection laws, copyright and patent laws, and
health and safety laws.

It is clear that companies need to know what is and what is not legal in order to
trade successfully and ethically.

If an organisation trades globally this becomes especially tricky since each

country has its own set of rules and regulations.

In addition, you want to be aware of any potential changes in legislation and the
impact it may have on your business in the future. Recommended is to have a
legal advisor or attorney to help you with these kind of things.
PESTEL
FIRM RISK SCORECARD

Every organisation should be concerned about its finances, infrastructure,

reputation and marketplace success.

Financial and infrastructure risks are considered to be internal to the organisation,

while reputational and marketplace risks are external.

Financial and marketplace risks can be easily quantified in financial terms, whereas
infrastructure and reputational risks are more difficult to quantify.
THANK YOU.