1 / 89

(Four Case) Risk Management Analysis

(Four Case) Risk Management Analysis. James August, CQA august@abitape.com ASQ South Jersey Section Jan. 21, 2009. (Four Case) Risk Management Analysis.

fausto
Download Presentation

(Four Case) Risk Management Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. (Four Case) Risk Management Analysis James August, CQA august@abitape.com ASQ South Jersey Section Jan. 21, 2009

  2. (Four Case) Risk Management Analysis • Value-at-risk (VaR) is a category of risk metrics that describe probabilistically the market risk of a trading portfolio. Value-at-risk is widely used by banks, securities firms, commodity merchants, energy merchants, and other trading organizations. • from the Risk Glossary at http://www.riskglossary.com/link/value_at_risk.htm

  3. (Four Case) Risk Management Analysis Example: A one-day 90% USD VaR is illustrated for a hypothetical portfolio. Shown is the probability density function for the portfolio's value 1P one trading day from now. The portfolio's current value 0p is known. Value-at-risk equals the amount of money such that there is a 90% probability of the portfolio losing less than that amount over the next trading day.

  4. COSO and SOx • According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), internal financial control consists of: • (1) the control environment that sets the tone of the organization, • (2) risk assessment, or the identification and analysis of relevant risks, • (3) the policies and procedures or control activities that help ensure management directives are carried out, • (4) the identification and communication of pertinent information, and • (5) a monitoring process that assesses the quality of the internal control system’s performance.

  5. (Four Case) Risk Management Analysis • But the location and management of risk are not restricted to stock portfolios or business fortunes. Risks appear in operating functions every day. The management of these risks is the responsibility of every entrepreneur, CEO, department head, project leader and change agent.

  6. (Four Case) Risk Management Analysis • Risk definition - what constitutes a business risk? • Risk identification - where are my risks hiding? • Risk evaluation - how important is each risk? • Risk mitigation - what do I do about it? • Effectiveness evaluation - how do I know that my actions were effective?

  7. (Four Case) Risk Management Analysis • Risk management is a process • The process has parallels with DMAIC and PDCA

  8. Definition

  9. Risk definition • “Exposure to a chance of loss or damage…” • “The difference between your current level of protection and the level of protection you should be at.” • “An assumption that you cannot verify is a risk.” Adolfo Ferreira

  10. Risk definition • A comparator accruing from the likelihood of specific endeavor outcomes, its magnitude being a function of the possible consequences of the endeavor and the probabilities associated with those consequences.

  11. Risk definition • Risk = f(magnitude) x f(likelihood) = severity x frequency of occurrence • high risk outcome = fruits of opportunity or devastating result • compare with FMEA: RPN = severity x occurrence x detectability

  12. Risk definition • Two occasions for which risk should be calculated: RTP and ITP • RTP (run the process): core processes which must be maintained to keep the current business performance level • ITP (improve the process): processes which may be improved increasing the performance level

  13. Risk definition • Risk appetite: the amount of risk that you are willing to accept • Risk tolerance: the limits of outcomes that you are willing to accept

  14. Risk definition • There are two sides to every risk calculation - the positive potential and the negative potential. • Both must be calculated. • Costs can be small or large

  15. Risk definition • process improvement (ITP) risk factors: • cost of improvement = $ • value of improved output = $ • value of reduced output = $

  16. Risk definition • process maintenance (RTP) risk factors: • cost of doing nothing = 0 • or cost of doing nearly nothing = $ • value of continued output • value of lost output

  17. Risk definition • These are the four cases that should be considered as part of a risk management methodology.

  18. Risk definition

  19. Risk definition examples • Buy a 50-50 ticket: high chance of winning (only a few dozen sold) at a low cost of entry but low return. • Buy a lottery ticket: low chance of winning but if you hit … it’s millions of dollars! • Buy a second house for investment: high chance of eventually getting a good return but with a high cost of entry.

  20. Risk definition • Your tolerable loss limit (risk tolerance) is an estimate of the maximum you can afford to lose in the worst case scenario • It is a number (generally expressed in dollars) and could be based on an organization's expected profits or revenues

  21. Risk definition small cost, big gains “no brainer” “not a good idea” tolerable loss limit

  22. Risk management definition A formal process used for identifying hazards associated with a product/service, estimating and evaluating the associated risks, controlling those risks, and monitoring the effectiveness of the control. RM provides a rational foundation for decisions concerning risk. ANSI/AAMI/ISO 14971:2000, definition 2.18

  23. Risk management definition • Risk assessment, as defined by the IIA Standards for the Professional Practice of Internal Auditing, is a systematic process, for assessing and integrating professional judgments about probable adverse conditions or events. Risk impacts an organization’s ability to compete and to maintain its financial strength and the quality of its products and services. It’s the internal auditor’s job to identify all auditable activities and relevant risk factors and to assess their significance.

  24. Risk management system • Risk management is another management system to be fused into your organization. It has structure: • Objectives and goals • Policies • Procedures

  25. Risk management policy • Risk mitigation (intervention) is deciding what to do about each of the risks assessed as important to your (management or project) objectives, implementing the changes and documenting the planned response.

  26. Risk management • Procedures • Risk definition and identification • Risk evaluation and assessment • application of valuation and diagnostic tools • Risk mitigation or reduction • treatment selection • application of remedy tools • Risk control at the new level

  27. Identification

  28. Risk identification • Where are my risks? • Which are “run the process” risks and which are “improve the process” risks? • RTP risks tend to have little upside but huge downside. • ITP risks tend to have large upside and measurable downside.

  29. Risk identification What is at risk?

  30. Risk identification What is at risk? Achieving your objectives!

  31. Risk identification • Areas of business risk • Strategic • (Economy, Technology, Politics, Competition, ...) • Organizational • (Financial, Legal, Disaster, Personnel, ...) • Operational • (Labor, Materials, Quality, …) • Compliance • (Environmental, Safety, Security, …) from “Risk Management - Essential in Today’s Economy”, Sandford Liebesman, PhD, NEQC 57th Conference, Marlborough, MA, Oct. 14 2008

  32. Risk identification • core business op’ns & processes • acquire new customers • take orders • procure materials • create products, manage inventories • deliver products • collect payments

  33. Risk identification • core sales sub-processes • market research • pricing • promotion and advertising • order taking (order entry) • warranty management

  34. Risk identification • core R&D sub-processes • new product introduction • product cost modeling • patent protection

  35. Risk identification • core operations sub-processes • materials sourcing (availability) • quality control (product & process) • plant & workplace safety • environmental concerns • inventory • logistics and transport

  36. Risk identification • core finance sub-processes • budgeting • accounts receivable and payable • banking • currency exchange • MIS and IT processes

  37. Risk identification • support business processes • strategic planning, • brand management • facilities and infrastructure management • process Engineering • capital investment • asset management

  38. Risk identification • support business sub-processes • communications • knowledge management: training and education • materials management and logistics • legal/ regulatory reporting (FDA, Sox, ...) • supplier evaluation, management

  39. Risk identification • support business sub-processes • quality assurance • predictive/ preventive maintenance • recruitment, compensation • employee relations (work stoppages) • employee performance mgt • payroll, benefits, ...

  40. Risk identification • other business areas • outplacement • employee well-being • insurance • mergers & acquisitions • construction / expansion

  41. Risk identification • SWOT analysis is a sorting method for identifying and prioritizing risks. • Strengths • Weaknesses • Opportunities • Threats

  42. Risk identification • other techniques for risk identification • Working groups and brainstorming • Surveys and interviews • Experiential or documented knowledge • Outputs from "what if" scenario analyses • Historical information - lessons learned • Templates: critical path, engineering, ...

  43. Evaluation

  44. Risk evaluation • How risky is my risk? • Does "risk" = "cost"?

  45. Frequency Severity Negligible Minor Major Severe Frequent L I H H Probable L I H H Occasional T I I H Remote T L I I Risk evaluation

  46. Risk evaluation

  47. Risk evaluation

  48. Risk evaluation • Non-financial measures • Risk matrices • Failure Mode and Effects Analysis • FMEA • Criteria: RPN < > 100 where • RPN = Severity x Frequency x Detectability

  49. Risk evaluation • Typical approaches for quantification • Weighted probabilities • Extended cost • Future Value or Net Present Value • Capability analysis • Value stream mapping • Cost of poor quality • Discounted Cash Flow • Internal Rate of Return

  50. Risk evaluation • Project justification • Develop meaningful (financial?) performance measures • common in Engineering and R&D projects • usually a statement of expected payoff from time and material invested • may be based on estimates of increased sales or improved process efficiency

More Related