07 - Risk Assessment Creating a Risk Matrix.pdf
ssusere173f1
324 views
31 slides
Oct 15, 2022
Slide 1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
About This Presentation
This gives a brief overview of how to create a risk matrix and use it for day-to-day life decision-making.
Slide Content
RMI 1212 : PERSONAL RISK MANAGEMENT
Wayamba University of Sri Lanka
Diploma in Risk Management & Insurance
Resource Person
Dr. Weedige S. Sanjeewa
Senior Lecturer | Director HDRMI | Director DRMI | Chairman FRHDC
Head - Department of Insurance & Valuation
Faculty of Business Studies & Finance
Wayamba University of Sri Lanka
Risk Assessment: Creating a Risk Matrix
© Weedige S. Sanjeewa 1
Wayamba University of Sri Lanka
Diploma in Risk Management & Insurance
Resource Person
Dr. Weedige S. Sanjeewa
Senior Lecturer | Director HDRMI | Director DRMI | Chairman FRHDC
Head - Department of Insurance & Valuation
Faculty of Business Studies & Finance
Wayamba University of Sri Lanka
Risk Assessment: Creating a Risk Matrix
© Weedige S. Sanjeewa 1
Learning Outcomes:
At the end of this lesson students will be able to
understand how to prepare and use Risk Matrix to
identify and manage risk.
© Weedige S. Sanjeewa 2
Risk Assessment: Creating a Risk Matrix
At the end of this lesson students will be able to
understand how to prepare and use Risk Matrix to
identify and manage risk.
© Weedige S. Sanjeewa 2
Risk Assessment: Creating a Risk Matrix
Risk is the new Benchmark
Business are moving at a faster rate
Compliance needs to be maintained – need a
systematic, quantitative measure
Risk is becoming the new benchmark for compliance
Objective, Repeatable
Helps to make better, more informed decisions
© Weedige S. Sanjeewa 3
Business are moving at a faster rate
Compliance needs to be maintained – need a
systematic, quantitative measure
Risk is becoming the new benchmark for compliance
Objective, Repeatable
Helps to make better, more informed decisions
© Weedige S. Sanjeewa 3
Step 1. Defining Risk / Risk Taxonomy
Companies spend time and money building a risk
taxonomy
A risk taxonomy is a comprehensive, common and
stable set of risk categories that is used within an
organization.
By providing a comprehensive set of risk categories, it
encourages those involved in risk identification to
consider all types of risks that could affect the
organization's objectives.
© Weedige S. Sanjeewa 4
Companies spend time and money building a risk
taxonomy
A risk taxonomy is a comprehensive, common and
stable set of risk categories that is used within an
organization.
By providing a comprehensive set of risk categories, it
encourages those involved in risk identification to
consider all types of risks that could affect the
organization's objectives.
© Weedige S. Sanjeewa 4
Risk Taxonomy Examples
© Weedige S. Sanjeewa 5
© Weedige S. Sanjeewa 5
Risk comes from Perils Hazards and
Hazards
Hazards = A situation that poses a level of threat to life, health,
property or environment (an undesired event)
Perils = resulting damages from the Hazard
Risk = The potential that a chosen action or activity will lead to
an undesirable event
Control = A method of evaluating potential losses and taking
action to reduce or eliminate the potential for an undesired event
© Weedige S. Sanjeewa 6
Hazards
Hazards = A situation that poses a level of threat to life, health,
property or environment (an undesired event)
Perils = resulting damages from the Hazard
Risk = The potential that a chosen action or activity will lead to
an undesirable event
Control = A method of evaluating potential losses and taking
action to reduce or eliminate the potential for an undesired event
© Weedige S. Sanjeewa 6
Step 2. Quantifying Perils and Hazards
We need a scale – Severity and Frequency
Define the level of Risk on a pre-defined Scale:
7
Severity Description
Catastrophic Likely to result in death
Critical Potential for severe injury
Moderate Potential for moderate injury
Minor Potential for minor injury
Negligible No significant risk of injury
Frequency Description
Frequent Hazard likely to occur
Probable Hazard will be experienced
Occasional Some manifestations of the hazard are likely to occur
Remote Manifestations of the hazard are possible, but unlikely
Improbable Manifestations of the hazard are very unlikely
We need a scale – Severity and Frequency
Define the level of Risk on a pre-defined Scale:
7
Severity Description
Catastrophic Likely to result in death
Critical Potential for severe injury
Moderate Potential for moderate injury
Minor Potential for minor injury
Negligible No significant risk of injury
Frequency Description
Frequent Hazard likely to occur
Probable Hazard will be experienced
Occasional Some manifestations of the hazard are likely to occur
Remote Manifestations of the hazard are possible, but unlikely
Improbable Manifestations of the hazard are very unlikely
What is a Risk Matrix?
A risk matrix is a matrix that is used during risk
assessment to define the level of risk by considering the
category of probability or likelihood against the category
of consequence severity.
This is a simple mechanism to increase visibility of risks
and assist management decision making.
© Weedige S. Sanjeewa 8
A risk matrix is a matrix that is used during risk
assessment to define the level of risk by considering the
category of probability or likelihood against the category
of consequence severity.
This is a simple mechanism to increase visibility of risks
and assist management decision making.
© Weedige S. Sanjeewa 8
Step 3. Build it all into a Risk Matrix
The Risk Matrix: tool used in the Risk Assessment
process, it allows the severity of the risk of an event
occurring to be determined.
Graphically displays the total of each of the Perils &
Hazards that contribute to the risk
© Weedige S. Sanjeewa 9
The Risk Matrix: tool used in the Risk Assessment
process, it allows the severity of the risk of an event
occurring to be determined.
Graphically displays the total of each of the Perils &
Hazards that contribute to the risk
© Weedige S. Sanjeewa 9
There are some “gray areas”
Risks are not always “black and white”
When defining risk management, some organizations
find it convenient to categorize risks into the following
three regions:
The broadly acceptable region (Generally Acceptable - GA)
The ALARP (As Low As Reasonably Practicable) region; and
The intolerable region (Generally Unacceptable - GU)
© Weedige S. Sanjeewa 10
Risks are not always “black and white”
When defining risk management, some organizations
find it convenient to categorize risks into the following
three regions:
The broadly acceptable region (Generally Acceptable - GA)
The ALARP (As Low As Reasonably Practicable) region; and
The intolerable region (Generally Unacceptable - GU)
© Weedige S. Sanjeewa 10
Step 4. Test your Risk Matrix
You must vet the matrix
Risk score is a mathematical measure
Use “real world” examples to ensure validity of the
matrix
© Weedige S. Sanjeewa 11
You must vet the matrix
Risk score is a mathematical measure
Use “real world” examples to ensure validity of the
matrix
© Weedige S. Sanjeewa 11
A Vetted Risk Matrix is just a Tool
Risk Matrix is designed as a tool, not a solution
Risk is only quantifying the result
Individuals / Organizations need to work on interpreting the
decision
Risk Teams review events to make decisions, using the
Risk Matrix as a tool for the decision-making process
© Weedige S. Sanjeewa 12
Risk Matrix is designed as a tool, not a solution
Risk is only quantifying the result
Individuals / Organizations need to work on interpreting the
decision
Risk Teams review events to make decisions, using the
Risk Matrix as a tool for the decision-making process
© Weedige S. Sanjeewa 12
A better example of a risk matrix
© Weedige S. Sanjeewa 13
© Weedige S. Sanjeewa 13
Covid 19 compares with other infectious diseases
14
Source : Risk matrix from the NY Times article on How Bad Will the Coronavirus Outbreak Get?
Note: Average case-fatality rates and transmission numbers are shown. Estimates of case-fatality rates can vary, and numbers for the new
coronavirus are preliminary estimates.
14
Source : Risk matrix from the NY Times article on How Bad Will the Coronavirus Outbreak Get?
Note: Average case-fatality rates and transmission numbers are shown. Estimates of case-fatality rates can vary, and numbers for the new
coronavirus are preliminary estimates.
How to Apply The Risk Matrix
Use Risk Assessment to filter adverse events
What is the risk of the event, versus when it came into the system
Prioritize events by their RISK not their due date
Resolve low-priority events at the source where they
are found
Minor Complaints/Non-conformances/Audit findings
Events with little impact can be immediately resolved
Risk Mitigation: Applies risk assessment to
verification and effectiveness in Corrective Action
Are we reducing the risk to the right level?
Are we truly mitigating risk of recurrence?
© Weedige S. Sanjeewa 15
Use Risk Assessment to filter adverse events
What is the risk of the event, versus when it came into the system
Prioritize events by their RISK not their due date
Resolve low-priority events at the source where they
are found
Minor Complaints/Non-conformances/Audit findings
Events with little impact can be immediately resolved
Risk Mitigation: Applies risk assessment to
verification and effectiveness in Corrective Action
Are we reducing the risk to the right level?
Are we truly mitigating risk of recurrence?
© Weedige S. Sanjeewa 15
© Weedige S. Sanjeewa 16
How to Apply The Risk Matrix Cont.…
How to Apply The Risk Matrix Cont.…
Practical Working Example
© Weedige S. Sanjeewa 17
© Weedige S. Sanjeewa 17
Risk Assessment Templates – Practical
Example
Step 1: Identify Hazards
Relating to your scope, brainstorm potential hazards.
The list should be long and comprehensive and
may include anything from falls and burns, to theft and
fraud, to pollution and societal damage.
© Weedige S. Sanjeewa 18
Example
Step 1: Identify Hazards
Relating to your scope, brainstorm potential hazards.
The list should be long and comprehensive and
may include anything from falls and burns, to theft and
fraud, to pollution and societal damage.
© Weedige S. Sanjeewa 18
Step 2: Calculate Likelihood
For each hazard, determine the likelihood it will occur. This
can be measured as a probability (a 90 per cent chance) or as
a frequency (twice a year). Then, based on the likelihood,
choose which bracket accurately describes the probability:
© Weedige S. Sanjeewa 19
1. Unlikely - An unlikely hazard is extremely rare, there is a less than 10 per cent chance that it will happen.
2. Seldom - Seldom hazards are those that happen about 10 to 35 per cent of the time.
3. Occasional - An occasional hazard will happen between 35 and 65 per cent of the time.
4. Likely - A likely hazard has a 65 to 90 per cent probability of occurring.
5. Definite - These hazards will occur 90 to 100 per cent of the time. You can be nearly certain it will manifest.
For each hazard, determine the likelihood it will occur. This
can be measured as a probability (a 90 per cent chance) or as
a frequency (twice a year). Then, based on the likelihood,
choose which bracket accurately describes the probability:
© Weedige S. Sanjeewa 19
1. Unlikely - An unlikely hazard is extremely rare, there is a less than 10 per cent chance that it will happen.
2. Seldom - Seldom hazards are those that happen about 10 to 35 per cent of the time.
3. Occasional - An occasional hazard will happen between 35 and 65 per cent of the time.
4. Likely - A likely hazard has a 65 to 90 per cent probability of occurring.
5. Definite - These hazards will occur 90 to 100 per cent of the time. You can be nearly certain it will manifest.
Step 3: Calculate Consequences
Following the same pattern, calculate potential loss using
either quantitative measurements (Rupee), qualitative
measurements (descriptive scale) or a mix of both. Then, based on
the magnitude of the consequences, choose which
bracket accurately describes the losses:
A. Insignificant
The consequences are insignificant and may cause a near negligible amount of damage. This
hazard poses no real threat. Examples: loss of Rs 10,000, no media coverage and/or no bodily
harm.
B. Marginal
The consequences are marginal and may cause only minor damage. This hazard is unlikely to
have a huge impact. Examples: loss of Rs. 100,000, local media coverage and/or minor bodily
harm.
C. Moderate
The consequences are moderate and may cause a sizeable amount of damage. This hazard
cannot be overlooked. Examples: loss of 1,000,000, regional media coverage and/or minor
bodily harm.
20
Following the same pattern, calculate potential loss using
either quantitative measurements (Rupee), qualitative
measurements (descriptive scale) or a mix of both. Then, based on
the magnitude of the consequences, choose which
bracket accurately describes the losses:
A. Insignificant
The consequences are insignificant and may cause a near negligible amount of damage. This
hazard poses no real threat. Examples: loss of Rs 10,000, no media coverage and/or no bodily
harm.
B. Marginal
The consequences are marginal and may cause only minor damage. This hazard is unlikely to
have a huge impact. Examples: loss of Rs. 100,000, local media coverage and/or minor bodily
harm.
C. Moderate
The consequences are moderate and may cause a sizeable amount of damage. This hazard
cannot be overlooked. Examples: loss of 1,000,000, regional media coverage and/or minor
bodily harm.
20
© Weedige S. Sanjeewa 21
Step 3: Calculate Consequences
D. Critical
The consequences are critical and may cause a great deal of damage.
This hazard must be addressed quickly. Examples: loss of Rs.
10,000,000, national media coverage, major bodily harm and/or police
involvement.
E. Catastrophic
The consequences are catastrophic and may cause an unbearable
amount of damage. This hazard is a top priority. Examples: loss of Rs.
100,000,000 , international media coverage, extreme bodily harm
and/or police involvement.
Step 3: Calculate Consequences
D. Critical
The consequences are critical and may cause a great deal of damage.
This hazard must be addressed quickly. Examples: loss of Rs.
10,000,000, national media coverage, major bodily harm and/or police
involvement.
E. Catastrophic
The consequences are catastrophic and may cause an unbearable
amount of damage. This hazard is a top priority. Examples: loss of Rs.
100,000,000 , international media coverage, extreme bodily harm
and/or police involvement.
Step 4: Calculate Risk Rating
Assign each hazard with a corresponding risk rating, based on the
likelihood and impact you’ve already calculated.
For example, a hazard that is very likely to happen and will have major
losses will receive a higher risk rating than a hazard that’s unlikely and will
cause little harm.
Risk ratings are based on your own opinion and divided into four brackets.
They are:
22
1. Low
Low risks can be ignored or overlooked as they usually are not a significant
threat. A definite hazard with insignificant consequences, such as stubbing
your toe, may be low risk.
2. Medium
Medium risks require reasonable steps for prevention but they’re not a
priority. A likely hazard with marginal consequences, such as a small fall,
may be medium risk.
Assign each hazard with a corresponding risk rating, based on the
likelihood and impact you’ve already calculated.
For example, a hazard that is very likely to happen and will have major
losses will receive a higher risk rating than a hazard that’s unlikely and will
cause little harm.
Risk ratings are based on your own opinion and divided into four brackets.
They are:
22
1. Low
Low risks can be ignored or overlooked as they usually are not a significant
threat. A definite hazard with insignificant consequences, such as stubbing
your toe, may be low risk.
2. Medium
Medium risks require reasonable steps for prevention but they’re not a
priority. A likely hazard with marginal consequences, such as a small fall,
may be medium risk.
3. High
High risks call for immediate action. An occasional hazard with critical
consequences, such as a major car accident, may be high risk.
4. Extreme
Extreme risks may cause significant damage, will definitely occur, or a
mix of both. They’re a high priority. An unlikely hazard with
catastrophic consequences, such as an aircraft crash, is an extreme
risk.
© Weedige S. Sanjeewa 23
Step 4: Calculate Risk Rating Cont.…
High risks call for immediate action. An occasional hazard with critical
consequences, such as a major car accident, may be high risk.
4. Extreme
Extreme risks may cause significant damage, will definitely occur, or a
mix of both. They’re a high priority. An unlikely hazard with
catastrophic consequences, such as an aircraft crash, is an extreme
risk.
© Weedige S. Sanjeewa 23
Step 4: Calculate Risk Rating Cont.…
Step 5: Create an Action Plan
Your risk action plan will outline steps to address a hazard, reduce
its likelihood, reduce its impact and how to respond if it occurs.
Depending on the severity of the hazard, you may wish to include
notes about key team members (i.e., project manager, PR or
Communications Director, subject matter expert), preventative
measures, and a response plan for media and stakeholders.
© Weedige S. Sanjeewa 24
Your risk action plan will outline steps to address a hazard, reduce
its likelihood, reduce its impact and how to respond if it occurs.
Depending on the severity of the hazard, you may wish to include
notes about key team members (i.e., project manager, PR or
Communications Director, subject matter expert), preventative
measures, and a response plan for media and stakeholders.
© Weedige S. Sanjeewa 24
Step 6: Plug Data into Matrix
A risk assessment matrix simplifies the information from the risk
assessment form, making it easier to pinpoint major threats in a
single glance.
This convenience makes it a key tool in the risk management
process.
© Weedige S. Sanjeewa 25
A risk assessment matrix simplifies the information from the risk
assessment form, making it easier to pinpoint major threats in a
single glance.
This convenience makes it a key tool in the risk management
process.
© Weedige S. Sanjeewa 25
More Risk Matrix Sample
© Weedige S. Sanjeewa 26
© Weedige S. Sanjeewa 26
Fraud Risk Matrix Sample
Anticipating fraud and theft is a crucial component of a
company’s antifraud efforts.
Developing a risk assessment helps to identify hazards
proactively so management can take precautionary
measures or, if required, a risk response
Examples of hazards that may need to be addressed in an
organization risk assessment include:
Asset misappropriation (check fraud, billing schemes, theft of cash)
Fraudulent statements (misstatement of assets, holding books open)
Corruption (kickbacks, bribery, extortion)
Conflicts of interest
© Weedige S. Sanjeewa 27
Anticipating fraud and theft is a crucial component of a
company’s antifraud efforts.
Developing a risk assessment helps to identify hazards
proactively so management can take precautionary
measures or, if required, a risk response
Examples of hazards that may need to be addressed in an
organization risk assessment include:
Asset misappropriation (check fraud, billing schemes, theft of cash)
Fraudulent statements (misstatement of assets, holding books open)
Corruption (kickbacks, bribery, extortion)
Conflicts of interest
© Weedige S. Sanjeewa 27
Health and Safety Risk Matrix Sample
A health and safety risk assessment is important for industries like
construction, manufacturing or science labs where work takes place
in potentially dangerous environments.
In a warehouse, for example, workers are at risk of many hazards
such as:
Severe or fatal injury from falling
Repetitive strain injuries from manual handling
Sprains and fractures from slips and trips
Being crushed by falling objects
Being hit by (or falling out of) lift trucks
Crush injuries or cuts from large machinery
Moving parts of a conveyor belt resulting in injury
Exposure to hazardous substances
Health and safety risk assessments must also include things like
workplace violence and other dangerous employee misconduct.
28
A health and safety risk assessment is important for industries like
construction, manufacturing or science labs where work takes place
in potentially dangerous environments.
In a warehouse, for example, workers are at risk of many hazards
such as:
Severe or fatal injury from falling
Repetitive strain injuries from manual handling
Sprains and fractures from slips and trips
Being crushed by falling objects
Being hit by (or falling out of) lift trucks
Crush injuries or cuts from large machinery
Moving parts of a conveyor belt resulting in injury
Exposure to hazardous substances
Health and safety risk assessments must also include things like
workplace violence and other dangerous employee misconduct.
28
Project Risk Matrix Sample
Any project, event or activity must undergo a thorough risk
assessment to identify and assess potential hazards. Once these
risks are better understood, the team can make a prevention and
mitigation plan to arm themselves against the hazard.
Brainstorm hazards in several categories such as:
Technical (data breach)
Cost (funding falls through)
Contractual (modified requirements)
Weather (natural disaster)
Environmental (oil spill)
People (illness, resignation)
© Weedige S. Sanjeewa 29
Any project, event or activity must undergo a thorough risk
assessment to identify and assess potential hazards. Once these
risks are better understood, the team can make a prevention and
mitigation plan to arm themselves against the hazard.
Brainstorm hazards in several categories such as:
Technical (data breach)
Cost (funding falls through)
Contractual (modified requirements)
Weather (natural disaster)
Environmental (oil spill)
People (illness, resignation)
© Weedige S. Sanjeewa 29
Next Steps & Responding to Risks
Once you have finished your plan, determine how action steps. You
can choose to “accept” the risk if the cost of countermeasures will
exceed the estimated loss.
Harm reduction is a second option. To reduce the consequences of
risk, develop a mitigation plan to minimize the potential for harm.
The third option is to avoid the risk. For catastrophic disasters,
preventing the risk from occurring at all is the best (and often only)
course of action.
However you plan to deal with the risks, your assessment is an
ongoing evaluation and must be reviewed regularly. Experts
recommend updating your risk assessment at least once a year, and
perhaps more often depending on your unique situation.
30
Once you have finished your plan, determine how action steps. You
can choose to “accept” the risk if the cost of countermeasures will
exceed the estimated loss.
Harm reduction is a second option. To reduce the consequences of
risk, develop a mitigation plan to minimize the potential for harm.
The third option is to avoid the risk. For catastrophic disasters,
preventing the risk from occurring at all is the best (and often only)
course of action.
However you plan to deal with the risks, your assessment is an
ongoing evaluation and must be reviewed regularly. Experts
recommend updating your risk assessment at least once a year, and
perhaps more often depending on your unique situation.
30
Summary
Risk Assessment is great tool for making informed decisions
Understand your Hazards and Harms within the organization
Build a scale that makes sense to your organization
Plot the scale on a graph to form a Risk Matrix
Determine where the acceptable and unacceptable risk lie
Then, vet that matrix with real-world historical examples
Use the Risk Matrix as a tool within a Risk team to filter adverse
events by their Risk
© Weedige S. Sanjeewa 31
Risk Assessment is great tool for making informed decisions
Understand your Hazards and Harms within the organization
Build a scale that makes sense to your organization
Plot the scale on a graph to form a Risk Matrix
Determine where the acceptable and unacceptable risk lie
Then, vet that matrix with real-world historical examples
Use the Risk Matrix as a tool within a Risk team to filter adverse
events by their Risk
© Weedige S. Sanjeewa 31
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 324
- Slides 31
- Age 1144 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
31 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views