Enterprise Risk Management - Assignment Example

Risk Management Manual Name: Tutor: Course: Date: table of contents table of contents 2 List of Tables and figures 4 SECTION 1: RISK MANAGEMENT MANUAL 5 1.0 Introduction 5 1.1 Outline and design of ERM framework 5 Figure 1: Components of the ERM framework for managing risk 6 1.1.1 Mandate and commitment 7 1.1.2 Design of framework for managing risk 7 1.2 The organizational internal and external context 8 1.3 Enterprise Risk Management Policy 10 1.4 The Monitoring and Review of the Framework 12 1.5 Continuous Improvement of the Framework 12 1.6 The Risk Management Process 12 Figure 2: Risk management process for MPM Contractors Pty Ltd 13 1.6.2 Risk identification 13 Table 1: Risk category 14 Table 2: Risk management process objectives 14 Table 3: Risk consequence table 15 Table 4: Probability-likelihood matrix 15 Table 5: Risk Assessment Matrix 16 Table 6: Risk evaluation 16 Table 7: Risk level impact 16 1.6.2.7 RISK TREATMENT AND REGISTER 17 1.7 Glossary of terms 17 1.8 Agreement on the framework by board of directors 19 Bibliography 20 Appendix I 21 List of Tables and figures List of Figures table of contents 2 List of Tables and figures 4 SECTION 1: RISK MANAGEMENT MANUAL 6 1.0 Introduction 6 1.1 Outline and design of ERM framework 6 Figure 1: Components of the ERM framework for managing risk 7 1.1.1 Mandate and commitment 8 1.1.2 Design of framework for managing risk 8 1.2 The organizational internal and external context 9 1.3 Enterprise Risk Management Policy 11 1.4 The Monitoring and Review of the Framework 13 1.5 Continuous Improvement of the Framework 13 1.6 The Risk Management Process 13 Figure 2: Risk management process for MPM Contractors Pty Ltd 14 1.6.2 Risk identification 14 Table 1: Risk category 15 Table 2: Risk management process objectives 15 Table 3: Risk consequence table 16 Table 4: Probability-likelihood matrix 16 Table 5: Risk Assessment Matrix 17 Table 6: Risk evaluation 17 Table 7: Risk level impact 17 1.6.2.7 RISK TREATMENT AND REGISTER 18 1.7 Glossary of terms 18 1.8 Agreement on the framework by board of directors 20 Bibliography 21 Appendix I 22 SECTION 1: RISK MANAGEMENT MANUAL 1.0 Introduction MPM Contractors Pty Ltd is a company based in Brisbane, Queensland undertaking electrical engineering contracts for industrial and commercial building works. Some of the activities include controls for pump stations, switchboards and power reticulation. As a family-run business, the company has had to make major changes to its organizational structure and corporate strategies to remain competitive. Apart from selecting and recruiting a new management board, the company has made several changes in the employee structure. More importantly, the company intends to maintain its reputation and operational performance in a diversified work environment. The business has decided to develop risk management manual, risk policy and a risk implementation plan to guide this process. The CEO requires an Enterprise Risk Management (ERM) framework and manual documented for the company. MPM Contractors Pty Ltd is adopting the ERM framework to mitigate risky events throughout its operations and to ensure high efficiency in the operational processes. This manual is a framework that identifies and prioritizes risks which will lead to better stewardship, resource allocation, strategic decision making and governance. 1.1 Outline and design of ERM framework Enterprise Risk Management (ERM) in engineering allows risk management decisions to be made in order to maximize shareholder value, manage risks and uncertainties and connect to the total value. This section takes into consideration how AS/NZS ISO 31000:2009 is applied to the electrical engineering company. The framework that highlights on risks and uncertainties is expected to proactive and prevention oriented. Being comprehensive and robust in focus, AS/NZS ISO 31000:2009 frameworks will be applied within the context of strategy and guidance to the organization. The guiding principles are; Advancing safety and trust in engineering Managing uncertainties Maximizing value creation and protection Encouraging accountability between disciplines Optimizing organizational readiness The specific objectives of ERM are not limited to the following; To promote positive culture within the organization that impacts success and readiness To utilize metrics or data to prioritize risks To align risk strategy and appetite in mitigating and controlling adverse risk events The AS/NZS ISO 31000:2009 framework to be used is as shown in the figure below. Figure 1: Components of the ERM framework for managing risk As shown in the figure 1 above, the framework will assist MPM Contractors Pty Ltd to adequately report information about the management process risks and a basis for accountability and decision making. The components of the framework for managing MPM Contractors Pty Ltd risks are as illustrated below. 1.1.1 Mandate and commitment The management of MPM Contractors Pty Ltd has a strong and sustained commitment towards risk management as well as rigorous and strategic planning. MPM Contractors management team will; Define and endorse the policy of risk management Align organization culture to risk management policy Determine indicators in risk management performance that align with those of the organization Align objective of risk management to organizational strategies and objectives Ensure regulatory and legal compliance Assign roles and accountabilities at all organizational levels Allocate necessary resources towards risk management Communicate risk management benefits to all stakeholders Ensure continuous relevance of risk management framework 1.1.2 Design of framework for managing risk Design and implementation of the ERM framework for MPM Contractors Pty Ltd shall be subject to the evaluation and understanding of its internal and external context. MPM Contractors Pty Ltd shall ensure appropriate competence, authority and accountability when managing risk. This is inclusive of adequacy of controls, implementation and maintenance of the risk management process. The company shall identify the people accountable and responsible for managing the risk process as well as internal reporting and escalation processes. MPM Contractors Pty Ltd shall embed risk management in its processes and practices in a more efficient, effective and relevant manner. The company will embed risk management into policy, change management processes, and business and strategic plans. MPM Contractors Pty Ltd should allocate experienced and competent people to manage risks. Financial and capital resources such as tools, methods and processes are also required to manage risks. This should also include training of electrical engineering expertise, procuring and training on knowledge and information management systems after documenting procedures and processes. MPM Contractors Pty Ltd shall establish reporting mechanisms and internal communication that encourages ownership of risk and accountability. Components and subsequent modifications of internal reporting will be considered. Relevant risk information shall be available at all levels and times keeping into consideration the consultation processes among internal stakeholders. MPM Contractors Pty Ltd shall establish external communication and reporting mechanisms to engage external stakeholders. Any reporting shall be compliant with governance, regulatory and legal requirements. There shall be feedback and reporting communication to build confidence and communicate crises and contingencies among the relevant stakeholders. 1.2 The organizational internal and external context This section explores the internal and external context in which the risk parameter is founded. Essentially, it features the risk management framework and the key stakeholders that will support it. 1.2.1 Scope MPM Contractors Pty Ltd shall utilize the risk management framework to control potential risks and uncertainties occurring within the operational and project lifecycle. The framework shall advise on changes to the stakeholder requirements and the operating environment. It also prescribes ways of managing and controlling risks within the internal and external context. This framework provides a manual that guides appropriate risk management procedures for MPM Contractors Pty Ltd. 1.2.2 Internal context Meanwhile, the internal context shall comprise of accountabilities, roles, organizational structure and governance processes within MPM Contractors Pty Ltd. The risk management objectives can be achieved by putting in place appropriate strategies, objectives and policies. Besides, capabilities shall be construed as risks in terms of knowledge and resources such as; Occupational safety and health of employees Safety and efficiency of reticulation as well as power control processes Capital investment and procurement of engineering technologies including sewage treatment works, switchboards, motors and pumps Risks associated with decision making processes, information flows and information systems The guidelines should involve building values, perceptions and relationships between internal stakeholders. The stakeholders are; Members of management Board of directors Admin assistants Electricians Plumbers Clerks and Other part time workers The risks shall also include organizational culture, models, guidelines and standards as well as any form of contractual relationships. 1.2.3 External context The external context will relate to the political, legal, technological, competitive and natural environment, socio-cultural and the economic aspects within Australia and beyond its borders. The framework shall take into consideration the key trends and drivers that impact on organizational objectives. The framework shall consider a range of risks associated with external stakeholders such as; Negotiation and partnership with suppliers and customers Terms and conditions with regard to procurement and service/product quality provisions Damage control and public relations Legislations regarding sustainability and environmental compliance Handling organizational changes due to external forces Moreover, it shall identify values, perceptions and relationships among external stakeholders. The external stakeholders shall comprise; Government regulators Suppliers Customers Sub-contractors Competitors Local communities in Brisbane, Queensland 1.3 Enterprise Risk Management Policy On risk management policy, MPM Contractors Pty Ltd shall be accountable and responsible for managing risk through a rationale provided. The policy links risk management policy with the objectives and policies of the organization. The policy shall also address conflicts related to resources, measurement and reporting of risk performance and commitment to the improvement of risk framework communicated appropriately. The company acknowledges the imminent presence of inherent risks and managing them is a responsibility of all. Potential risks can be ignored, mitigated through internal risk management strategies or transferred through to third parties using waivers, contracts, insurance or risk sharing. MPM Contractors Pty Ltd shall provide solutions to risks by; Responding intelligently to risks Having confidence to help drive strategic growth Maintaining operational continuity with greater assurance Establishing the ERM policy will guide MPM Contractors Pty Ltd employees to accept, manage and take action. The policy will provide approaches to new opportunities, improve management of existing uncertainties, reduce and accept risks and support risk avoidance. MPM Contractors Pty Ltd will then be able to maximize utilization of available resources and achieve its mission and vision. 1.3.1 Policy statements MPM Contractors Pty Ltd is committed to shared responsibility and increased awareness for risk management throughout the organization. ERM at MPM Contractors Pty Ltd is cyclical and a continuous process that includes, where appropriate, implementation of controls and mitigating strategies, risk analysis and ongoing risk identification. The risk methodology used at MPM Contractors Pty Ltd will be closely linked and supports its strategic plan. It will take into account the residual and inherent risks. A common language will be used for risk assessment, current risk mitigation and documentation, and documenting future risk mitigations. MPM Contractors Pty Ltd will manage and accept risk in support of its strategic priorities, vision, and mission. While employing risk sharing with third parties, MPM Contractors Pty Ltd will protect its employees and assets for a long-term, proactive and sustained ERM strategy. MPM Contractors Pty Ltd management shall; Achieve corporate objectives, operations, plans and strategies by correctly identifying and assessing risks Conduct annual reviews and provide regular updated reports on its enterprise risk management frameworks. Provide assurance that MPM Contractors Pty Ltd proactively manages risks on an ongoing basis. Understand the principal risks that affect the business, ensure prudent risk management systems and a compliance plan on a regular basis. Recommend and review risk management policies from time to time so as to remain prudent and appropriate Furnish the management board with regular reports on the effectiveness and the appropriateness of the ERM process Provide the board with regular reports to understand the significance of risks 1.3.2 Commitment to ERM MPM Contractors Pty Ltd ERM framework shall communicate relevant risk policies to employees during their daily operations The company will ensure significant risks that impact on its objectives are continuously and consistently monitored, managed, assessed, identified and reported on. The best practices in risk management shall inform the framework and the development of ERM processes. MPM Contractors Pty Ltd shall regularly review and monitor progress in the development of suitable risk management culture. As a basis of continuous improvement, the company will keep and implement the current risk management strategies. 1.4 The Monitoring and Review of the Framework MPM Contractors Pty Ltd shall ensure continuous and effective risk management efforts that support its operations and performance. For effective monitoring and review of the ERM framework, the company shall; Measure and periodically review risk management performance for appropriateness against preferred indicators Measure on periodic basis the progress made in conformity or deviation with the risk management plan Review periodically the ERM framework, plan and policy to determine its appropriateness within the internal and external context Report the implementation of ERM policy, risk management plan and the identified/assessed risks Review the risk management framework to determine its effectiveness 1.5 Continuous Improvement of the Framework MPM Contractors Pty Ltd shall make decisions, based on monitoring and review results, on how to improve the plan, policy and the risk management framework. The decisions will influence the risk management culture and improvements in managing risks within the company. 1.6 The Risk Management Process In this section, the risk management process shall be tailored to the organizational business process, culture and practices as well as being the integral part of management. The risk management process of MPM Contractors Pty Ltd will follow the illustration shown in the figure below. Figure 2: Risk management process for MPM Contractors Pty Ltd 1.6.1 Risk management plan Making an effective risk implementation plan is the first step of risk management process at MPM Contractors Pty Ltd. The plan will guide the organization in its risk management activities across its operations. More details of risk implementation plan will be further discussed in next section. 1.6.2 Risk identification 1.6.2.1 Risk category MPM Contractors Pty Ltd in the face of risks and uncertainties may fail to achieve its corporate and strategic goals. The classification and categorization of risks are based on the internal and external context. In MPM Contractors Pty Ltd ERM framework, the risk categories shall be obtained through brainstorming sessions, engineering inspections, drills, team discussion, market survey and case studies. The risk category table is listed below: Table 1: Risk category Risk Category Description Engineering Risk MPM Contractors Pty Ltd will identify and assess precision errors, quality risks and machine errors and delays Financial Risk Risks associated with finance application change, currency rate fluctuations, inflation, and bank interest change etc. Operational Risk The risk relating to daily operations at MPM Contractors Pty Ltd including employee go-slow, absenteeism, equipment failure or power outage Hazard Risk The adverse impact on the people working at MPM Contractors Pty Ltd including cuts, falls, chemical poisoning and spills. Strategic Risk Risk associated with corporate expansion, market and product development, business strategies, and corporate acquisitions Social Risk Risks associated with externalities and relationship between the company and the local communities. 1.6.2.2 Risk criteria tables Risk criteria are provided for further analysis and risk assessment of MPM Contractors Pty Ltd risks. After developing the risk criteria, a risk treatment plan and evaluation is set up. The risk criteria have four components segmented as; objectives, consequences scale table, likelihood table and level of a risk matrix. 1.6.2.3 Objectives MPM Contractors Pty Ltd shall adopt five major objectives and their outcomes are listed in the table below: Table 2: Risk management process objectives Sn. No. Objectives Outcome 1 To develop highly effective and efficient industrial processes High efficiency operational process 2 To create sustainable work environment with minimal work interruptions and challenges High employee productivity 3 To reduce process losses and work inefficiencies High quality and dependability 4 To improve quality of products and services Higher market share and competitiveness 5 Increase productivity and accountability among internal and external stakeholders Better relationship among stakeholders 1.6.2.4 Consequence Scale One of the critical components of the risk criteria is the consequence scale and the details are as shown in the table below. Table 3: Risk consequence table Consequences level Financial loss Employees/management Community Reputation Legal Extreme >AU$3M Massive deaths Massive displacement of populations National media report Severe legal consequences Major AU$2M-AU$3M Severe burns or broken limbs Ill-health over lethal gas or chemical exposure State media report Major legal issues Moderate AU$1M-AU$2M Follow up required at healthcare units Few health issues raised Regional media report Moderate legal issues Minor AU50k-AU$1M Just minor injuries or illness Minimal hospitalization reported Local media report Minor legal issues Negligible 60% cost increase 30%-60% cost increase 20%-30% cost increase 10-20% cost increase 25% time 15%-25% time 5%-15% time Less than 5% time Few days delay Scope Failure to achieve projected scope Outcome unacceptable as majority of scope is influenced Areas outside scope are few Scope management minimal Operations adhere to scope management Quality All clients complain of poor products/services Majority of clients complain of poor quality Only some minor complaints by clients Rare quality products reported Few quality issues reported Technical Performance Projects rejected by clients Clients request for revision Clients are somewhat satisfied Clients are satisfied with projects Clients are delighted over projects 1.6.2.7 RISK TREATMENT AND REGISTER A specific solution to a risk treatment process is a response to a specific risk event. The risk treatment strategies available for MPM Contractors Pty Ltd are; Avoidance, Reduction, Transfer and Acceptance. The risk register provides detailed treatment, classification and description in which case the risk treatment offers mitigation methods to the identified risk events. The risk events and treatment plan affect the project life cycle of MPM Contractors Pty Ltd. The detailed risk register is attached in Appendix I. 1.7 Glossary of terms Risk: Effect that uncertainty will have on organizational objectives such as environmental, health and safety and financial goals. Risk management: Activities coordinated so as to control and direct an organization regarding management of risks. Enterprise Risk Management Framework: A process effected by personnel, management and board of directors and applied across the enterprise in strategic setting to manage risks. Risk management framework: Set of components that provide organizational arrangements and foundations for monitoring, implementing, designing, continually improving and reviewing risk management across the organization. Risk management policy: Statement that show the overall direction and intentions of an organization regarding risk management. Risk owner: Entity or person with authority or accountability to manage risks. Risk management process: Applying management policies systematically alongside practices and procedures to the activities of monitoring, treating, evaluating, analysing, identifying, reviewing, consulting, communicating and establishing the context of risks. External context: The internal and external parameters considered when managing risk, setting risk criteria and the scope for the risk management policy. Involve socio-cultural, politico-legal, technological, natural and the competitive environment as well as key drivers and trends likely to impact on organizational objectives. Internal context: Internal environment for achieving organizational objectives such as structure, governances, policies, strategies, information systems, culture, standards and guidelines. Stakeholder: Organization or person affected or perceived to be affected by activities and decisions. Risk assessment: Overall process of risk evaluation, risk analysis and risk identification. Risk identification: The process of describing, recognizing and finding risks. Identifying risks can be from events or sources or historical data and theoretical analysis. Event: Change or occurrence of a given set of circumstances Consequence: Event outcome that affects objectives. Likelihood: The chance of something happening and can be determined or measured quantitatively or qualitatively. Risk profile: Any set of risks being described. Risk analysis: A process to determine the level of risk and comprehend the nature of risk. Includes risk estimation, basis of risk evaluation and risk treatment decisions. Risk criteria: Terms of reference to evaluate against significant risks. It is derived from policies, laws and standards and based on the external and internal context as well as organizational objectives. Risk level: Combination of risks or magnitude of a risk expressed as a combination of risk likelihood and consequences. Risk evaluation: The process of comparing the risk criteria with the risk analysis results to find out if the magnitude is tolerable or acceptable. Assist in risk treatment decisions. Risk treatment: The process of modifying risks to change the consequence, change likelihood and remove the risk source. Risks can be shared with other parties or retained for informed decision making. Control: Measures to modify risks risk through policies, devices, processes and practice although it may not assume or exert the intended modifying effect. Residual risk: Comprises risks that remain after treatment and it could be retained risks or unidentified risks. Review: Activities to determine effectiveness, adequacy and suitability of subject matter so as to attain the objectives established. Monitoring: Continually supervising, and critically determining or observing the risk status to identify change from the performance level expected or required. 1.8 Agreement on the framework by board of directors This agreement is a confirmation and acceptance by the board of directors to correctly identify, and to assess and manage risks. Designation Sign Date Risk officer Department head Director to the Board Bibliography ASHRM (2012). Enterprise Risk Management. American Hospital Association. Bediako, T. (2014). Enterprise risk management-Integrated Framework. Information Security & Risk Insights Africa. Rollason, V., Fisk, G. & Haines, P. (2010). Applying the ISO 31000 Risk Assessment Framework to coastal zone management. BMT WBM New South Wales and Queensland. Standards Australia/Standards New Zealand (2010). Risk management-Principles and guidelines. Australian/New Zealand Standard™. Wiseman, T. (2016). ERM: A project plan for implementation. East Carolina University. Appendix I No. Risk Category Description Cause Consequence Risk Owner Cons. level Likelihood Risk level Treatment Res. cons. Res. Lik. Residual Risk level Accountability 1 Strategic Risk Changes in the reticulation market New HV technology Loss of market share and revenue Board of directors Major Possible High Make a change plan immediately Moderate Possible Medium Board of Director 2 Financial Directors fail to approve financing Conflict of interest Failure to implement projects on time Board of directors Extreme Possible High Make a detailed application as soon as possible Moderate Unlikely Medium CEO 3 Financial Delays in funding construction Late development of business plans Delay in completion of projects Business Development Manager Major Possible High Consult with the CEO Moderate Possible Medium BDM 4 Operation Malfunction of motors, pumps and switchboards Failure to inspect equipment Delays in construction and commissioning Switchboards and MCCs Manager Major Possible High Check equipment performance Moderate Possible Medium Engineering Group GM 5 Hazard Electrocution of local community Naked wires from underground reticulation Litigation in court Loss of revenue Harm to reputation HV Installation and maintenance manager Extreme Unlikely High Undertake weekly inspections of transmission lines Moderate Possible High Construction and commissioning Group GM 6 Hazard Risk Fire explosion from HV reticulation Strong winds and hurricane Loss of power and complaints from consumers CEO Minor Unlikely Low Recover the damage immediately Insure premises and equipment Minor Rare High Board of Directors 7 Social Risk Reluctance to grant Way leaves Disagreement on compensation with the local people need Delay in commissioning the project Residential Development Manager Extreme Rare High Arrange an immediate meeting community representatives Moderate Rare Moderate COO 8 Operation Loss of experienced electricians and other personnel Poor working atmosphere or revenue Loss of quality Business development slow down HR Manager Major Possible Medium Hire and recruit experienced workers Minor Unlikely Low COO /Risk officer 9 Engineering Pumps and motors not supported by current kV Procurement of items not prescribed Loss of reputation and delay in installing pumps and motors Pumps and motor manager Moderate Most likely High Redo listing of requirements Minor Likely Moderate Engineering Group GM 10 Engineering Cranked developments not suitable for installations The engineering team will find difficulties managing installations Poor workmanships Residential Development Manager Major Likely High Modify Estate developments Negligible Possible Moderate Engineering Group GM Read More