Risk Awareness
-
Upload
gobi-kannan-s -
Category
Documents
-
view
109 -
download
1
Transcript of Risk Awareness
EWRM AwarenessEWRM Awareness
TNB EWRM
Outline of Presentation
Introduction GWRA Process Issues discussed at GRMC Q&A
IntroductionIntroduction
Regulatory Requirement
The Malaysian Code on
Corporate Governance
The Revamped Listing Requirements of Bursa Malaysia
Statement on Internal Control Identify principal risks
and ensure the implementation of an appropriate risk management system
Review the adequacy and integrity of internal control systems and management information systems
Establishment & the independence of the internal audit functions
Principles and best practices
TNB EWRM Framework
MitigationPlan
Risk policy and guidelines
Guidance on Risk Treatment Options
Risk control
Risk profiling
Reporting of information
‘Portfolio of key risks’
Management Response
Risk measurement
Terminate
Reduce
Accept
Pass on
Risk identification
Guidance on Group Wide Risk
Assessment
TNB Risk Information
System (TRIS)
(Monitoring system)
Guideline Principal
Enterprise Wide Risk Management Policy 2nd Edition
Enterprise Wide Risk Management Circular No. 1/2008
TNB’S EWRM Policy Summary
support the framework and strategy with an appropriate organisational structure by ensuring responsibilities are clearly defined and communicated at all levels
ensure that risk information is
communicated through a clear and robust reporting
structure
integrate ongoing risk management
activities within the business
identify and assess risks to our business objectives and understand how such risks influence our performance
Roles & Responsibilities - TNB Board of Directors
Responsible for all elements of risk management and internal control as set out under the Malaysian Code of Corporate Governance.
The Board of Directors shall: satisfy itself that significant risks faced are being managed
appropriately; ensure that an appropriate organisation and reporting structure;
and, adequately discuss and provide challenge on issues of risk and
opportunity, their treatment, and the overall risk appetite and risk portfolio of the Group.
The Board of Directors may delegate the above responsibility to any of the Board Committees as deemed appropriate.
Roles & Responsibilities - TNB Board Audit Committee
Responsible to assist the Board of Directors to establish appropriate policies on risk oversight and management.
The Board Audit Committee shall assist the Board of Directors: to identify principal risks and ensure the implementation of
appropriate systems to manage these risks; to oversee the establishment and implementation of the risk
management system, to approve the risk management policies and practices on behalf of
the Board; and review periodic reports on risk management to be informed on risk management matters and present periodic
summarised information on the Group-wide risk assessment process.
Roles & Responsibilities - TNB Board Audit Committee (Con’t..)
The Committee may, as and when necessary, invite other Board members and management personnel to attend the meetings
The Board Audit Committee shall: independently review the adequacy and effectiveness of risk
management at the TNB Group; review the adequacy and integrity of the system of internal control
put in place ; receive summary reports from the External Auditors and Group
Internal Audit
Roles & Responsibilities - TNB Group Risk Management Committee
Responsible for the continuous development of risk management in the Group;
The responsibility is carried out through developing risk management strategy and policy for the Board’s agreement;
The GRMC will form part of the activities of TNB's Group Executive Committee.
Roles & Responsibilities - TNB Group Risk Management Working Committee
The Group Risk Management Working Committee (GRMWC) is responsible to assist the Group Risk Management Committee
The authority delegated from the Group Risk Management Committee for which the GRMWC's roles and responsibilities are: Responsible for the continuous development of risk management in
TNB Group; Reviews and report to the Group Risk Management Committee on a
half yearly basis; Review and approve all guidelines on to risk management; Mandated to decide on the status and matters arising with regard
to the operating divisions' risks; and Identify key issues at the operating level that need to be escalated
for the Group Risk Management Committee attention / decision.
Roles & Responsibilities - TNB Group Chief Risk Officer
Responsible for the leadership, direction and coordination of the Group-wide application of risk management within the Group.
Ensures that the principles and requirements of managing risk are consistently adopted throughout the Group
Responsible for establishing the EWRM framework Produce an annual Group-wide risk assessment report for
the GRMC and BAC through GRMWC.
Provide assurance to TNB Board Audit Committee on the adequacy and effectiveness of the internal control systems
Offer independent challenge to the divisions to ensure the principles and requirements of managing risks are consistently adopted
As the third line of defence providing an independent assurance to the Board
Provide periodic Internal Audit activity report and follow-up reviews
Roles & Responsibilities - Chief Internal Auditor
Roles & Responsibilities - TNB Group EWRM Department
Responsible for the ongoing development and co-ordination of the EWRM system as well as the consolidation and reporting of all EWRM information;
Responsible for the co-ordination, negotiation and purchase of all TNB Group insurance covers and self-insurance arrangements ;
The principal reporting responsibility of the EWRM Department is to submit bi-annual risk assessment reports on key risks as identified by the Group-wide risk assessment process.
Roles & Responsibilities - TNB’s Operating Division
Responsible for the identification, measurement, control, monitoring and reporting risk ;
Responsible for implementing the requirements of this policy ;
Specifically, the responsibilities are to: enhance its own organisation structure to include an
appropriate risk management structure to sustain the EWRM framework;
identify and assess risks to business objectives through the Group-wide risk assessment process;
ensure that appropriate controls are in place to manage identified risks ;
Roles & Responsibilities - TNB’s Operating Division (Con’t..)
Specifically, the responsibilities are to: ensure that continuous review and monitoring of identified risks are
carried out periodically; Incorporate the risk assessments and mitigation plans into the
annual business/operating plan; provide ongoing assurance on the status of key risks and actions
taken to manage them; ensure that full consideration and commentary on risks are
provided to support business strategy and the planning cycle; appoint divisional Risk Managers and departmental Risk
Coordinators; communicate risk management policy and strategy together with
defined responsibilities to all management and staff.
Roles & Responsibilities - Other Support Functions
Other Corporate Support Functions provide assistance and expert advice to the Operating Divisions;
The principal reporting responsibility of the Corporate Support Functions is their submission of risk assessment reports in conformance to the EWRM reporting requirement.
Roles & Responsibilities - Risk Managers & Risk Coordinators
Each operating division, subsidiary and corporate support function is also responsible for the appointment of Risk Manager and Risk Coordinator who will be responsible for: Risk Reporting and Monitoring
Coordinating the bi-annual risk reporting and monitoring processes at operating division;
Identifying and assessing risks to business objectives ; Identifying and reporting on the critical risks and its current status
as well as actions taken to manage them; Monitoring and reporting the implementation of approved
mitigation plans for key operating risks; and Ensuring that appropriate controls are in place to manage
identified risks.
Roles & Responsibilities - Risk Managers & Risk Coordinators
Risk Advisory To represent the department at the TNB EWRM forum and TNB
Group risk management committee meetings (if required); To keep abreast with new developments in EWRM and Acting as a focal point for all EWRM support and advice within their
respective departments.
Roles & Responsibilities - Risk Managers & Risk Coordinators
Risk Communication Communicating the enterprise wide risk management strategies,
policies and processes to all management and staff within the operating division; and
Engaging in dialogue and discussion with management and staff within the operating Division.
The Management has a front line responsibility for the identifying and evaluating risks within their area of responsibility, implementing agreed actions to manage risk;
Primarily, all managers must ensure that their area of responsibility does not expose the TNB Group to unnecessary risk.
Roles & Responsibilities - TNB Management
All employees have a general duty of care and are responsible for this policy.
All TNB employees to be conscious of the risks related to their actions and decisions.
Through appropriate preventative action, all reasonable care should be taken to prevent loss and to maximise opportunity.
Roles & Responsibilities - TNB Employees
Group Wide Risk Group Wide Risk Assessment ProcessAssessment Process
Group Wide Risk Assessment Process (GWRA)
Continual & consistent identification and assessment of key risks is critical to realise business objectives
Changing business conditions and the decisions made in the course of running the business will continuously alter the status of the key risks identified and introduce new key risks over time. It is important to have frequent and explicit discussions about risk in order to maintain continual awareness of which risks are significant.
The Group-Wide Risk Assessment Process requires that Group operating divisions, subsidiaries and corporate functions undertake the annual identification and assessment, and periodic update of all risks to the Group and operating division/subsidiary business objectives in conformance to the reporting requirements.
Revised Group-Wide Risk Assessment Process
Business Business OverviewOverview
Risk Risk IdentificationIdentification
WeakSome WeaknessesSatisfactory
Rare Almost CertainLikely UnlikelyModerate
Low SignificantModerate High
Insignificant MajorMinor CatastrophicModerate
Define Entity LevelBusiness Model
Prepare Business Process Analysis
Identify Risk Determine Causes
Identify Controls
Determine Residual Likelihood & Impact
Determine Gross Likelihood & Impact
Determine Residual & Gross Risk Rating
Controls Controls IdentificationIdentification
Risk Risk RatingRating
Risk Risk TreatmentTreatment Determine Risk
Treatment
Pre
Ris
kA
sses
smen
tR
isk
Ass
essm
ent
Po
st R
isk
Ass
essm
ent
1Determine Risk
Parameters
Determine Impact
Determine ControlEffectiveness
Generate Risk Profile
ExistingProposed
Risk Risk Reporting & Reporting & MonitoringMonitoring
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
5
6
Review Risk Profile
Revised Group-Wide Risk Assessment Process
Business Business OverviewOverview
Risk Risk IdentificationIdentification
WeakSome WeaknessesSatisfactory
Rare Almost CertainLikely UnlikelyModerate
Low SignificantModerate High
Insignificant MajorMinor CatastrophicModerate
Define Entity LevelBusiness Model
Prepare Business Process Analysis
Identify Risk Determine Causes
Identify Controls
Determine Residual Likelihood & Impact
Determine Gross Likelihood & Impact
Determine Residual & Gross Risk Rating
Controls Controls IdentificationIdentification
Risk Risk RatingRating
Risk Risk TreatmentTreatment Determine Risk
Treatment
Pre
Ris
kA
sses
smen
tR
isk
Ass
essm
ent
Po
st R
isk
Ass
essm
ent
1Determine Risk
Parameters
Determine Impact
Determine ControlEffectiveness
Generate Risk Profile
ExistingProposed
Risk Risk Reporting & Reporting & MonitoringMonitoring
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
5
6
Review Risk Profile
Core Business Processes
Strategic Management ProcessesCorporate GovernanceBusiness Planning & Strategy Development
Domestic:- TNB
- IPP
- Oil & Gas
Overseas:- Generation
- Oil & Gas
Alstom Repair & Maintenance
Domestic:
TNB
Overseas:
Resource Management Processes
Regulatory and Legal
Human Resources
Safety & Environmental Management
Information Systems
Financial Management
Procurement
Business DevelopmentMarketing
Markets Business Processes
Alliances / Suppliers
Core Products/Services
Customers
EXTERNAL BUSINESS DRIVERS AND STAKEHOLDERS
Legislation Political Environment Technology Environmental FactorsCustomers Economic Trends Stakeholders Suppliers Regulators
Define Entity Level Business Model (ELBM)
Prepare Business Process Analysis - Template
Business Process Analysis – Template (cont’d)
Business Process Analysis – Template (cont’d)
Revised Group-Wide Risk Assessment Process
Business Business OverviewOverview
Risk Risk IdentificationIdentification
WeakSome WeaknessesSatisfactory
Rare Almost CertainLikely UnlikelyModerate
Low SignificantModerate High
Insignificant MajorMinor CatastrophicModerate
Define Entity LevelBusiness Model
Prepare Business Process Analysis
Identify Risk Determine Causes
Identify Controls
Determine Residual Likelihood & Impact
Determine Gross Likelihood & Impact
Determine Residual & Gross Risk Rating
Controls Controls IdentificationIdentification
Risk Risk RatingRating
Risk Risk TreatmentTreatment Determine Risk
Treatment
Pre
Ris
kA
sses
smen
tR
isk
Ass
essm
ent
Po
st R
isk
Ass
essm
ent
1Determine Risk
Parameters
Determine Impact
Determine ControlEffectiveness
Generate Risk Profile
ExistingProposed
Risk Risk Reporting & Reporting & MonitoringMonitoring
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
5
6
Review Risk Profile
Risk Categories
Strategic
Operating Divisions
High-level risks that may hinder the company from achieving its
strategic objectives
Management may also escalate risks that are beyond their control
to the strategic level for the attention of the Board
Risks that may prevent the divisions from achieving their
business objectives/ goals.
Normally these risks are within the control of the respective
operating divisions.
Broad Risk Areas
Compliance
Information
FinancialHuman
Resource
Operational
Integrity
Governance
RISKS
No. Broad Risk Sub Broad Risk
1. GovernanceAuthority, Leadership, Performance, Corporate Direction & Strategy, Incentives, Limits, Internal audit, Board of Directors
2.Human Resources
HR management, Competencies, Recruitment, Recognition, Retention, Compensation, Performance measurement, Leadership development, Succession planning, Employee benefits
3. Finance
Funding, Financial instruments, Accounting information, Foreign exchange/ currency, Cash flow, Investment evaluation, Financial reporting, Tax, Pension fund, Treasury, Payroll, Cash management, Insurance, Debtor/ creditor management, Interest rates, Budgeting and planning, Securities
4. TechnologyExternal IT, Dependence of IT, Reliability, Management information systems, Access/availability, IT security, Relevance
Broad Risk Categories
No.
Broad Risk Sub Broad Risk
5. IntegrityManagement fraud, Employee fraud, Illegal acts, Unauthorised use
6. Compliance
Copyright and trademarks/ Contractual liability, Taxation, Consumer protection, Health and safety, Environment, Pension fund, Regulatory, Legal, Data protection
7. ReputationBrand, Reputation, Intellectual property, Stakeholder perception
8. Environment
Seasonality, Globalisation, Competition, E-commerce, Share price, Economic, Political, Catastrophic loss, Social, Strategic uncertainty
Broad Risk Categories (cont’)
No. Broad Risk Sub Broad Risk
9. Operational
Quality, Customer service, Cycle time, Pricing, Obsolescence, Shrinkage, Efficiency, Capacity planning, Sourcing, Product development, Product failure, Business interruption, Performance management, HR competencies, Motivation, Training, Repair & maintenance, Project management, Security systems, Marketing, Security procedures, Contingency planning, Channel, Supplier selection & mgmt, Supply chain mgmt, key suppliers, Speed to market, Capital projects, Physical plant, Buildings, Logistics, Mergers & acquisitions, Joint ventures & alliance
10. Mgmt InformationCompleteness/ assurance, Market intelligence, Mgmt information reporting, Integrity of information
11. Preparedness
Morale, Workplace environment, Confidentiality, Communication flow, Communication infrastructure, Change acceptance, Change readiness, Challenge, Ethics, Empowerment
Broad Risk Categories (cont’)
Causes may include :
Uncompetitive remuneration
Poaching by competitors
Poor training and development
Perceived end of career opportunities
Example : Loss of key personnel
Identify risks and determine causes
Example : Loss of key personnel
Business interruption
Increased cost of recruitment and training
Loss of morale
Damage to reputation
Determine impact
Revised Group-Wide Risk Assessment Process
Business Business OverviewOverview
Risk Risk IdentificationIdentification
WeakSome WeaknessesSatisfactory
Rare Almost CertainLikely UnlikelyModerate
Low SignificantModerate High
Insignificant MajorMinor CatastrophicModerate
Define Entity LevelBusiness Model
Prepare Business Process Analysis
Identify Risk Determine Causes
Identify Controls
Determine Residual Likelihood & Impact
Determine Gross Likelihood & Impact
Determine Residual & Gross Risk Rating
Controls Controls IdentificationIdentification
Risk Risk RatingRating
Risk Risk TreatmentTreatment Determine Risk
Treatment
Pre
Ris
kA
sses
smen
tR
isk
Ass
essm
ent
Po
st R
isk
Ass
essm
ent
1Determine Risk
Parameters
Determine Impact
Determine ControlEffectiveness
Generate Risk Profile
ExistingProposed
Risk Risk Reporting & Reporting & MonitoringMonitoring
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
5
6
Review Risk Profile
Identify controls
Existing controls:
Awareness of market remuneration levels
Regular remuneration reviews
Well-developed training programme
Proposed controls:
To further enhance existing succession planning
To establish career development programme
Example : Loss of key personnel
Satisfactory
Controls are strong and operating properly, providing a reasonable level of assurance that objectives are being achieved.
Some weakness
Some control weaknesses/ inefficiencies have been identified. Although these are not considered to present serious risk exposure, improvements are required to provide reasonable assurance that objectives will be achieved.
Weak
Controls do not meet an acceptable standard, as many weaknesses/ inefficiencies exist. Controls do not provide reasonable assurance that objectives will be achieved
Determine Control Effectiveness
Revised Group-Wide Risk Assessment Process
Business Business OverviewOverview
Risk Risk IdentificationIdentification
WeakSome WeaknessesSatisfactory
Rare Almost CertainLikely UnlikelyModerate
Low SignificantModerate High
Insignificant MajorMinor CatastrophicModerate
Define Entity LevelBusiness Model
Prepare Business Process Analysis
Identify Risk Determine Causes
Identify Controls
Determine Residual Likelihood & Impact
Determine Gross Likelihood & Impact
Determine Residual & Gross Risk Rating
Controls Controls IdentificationIdentification
Risk Risk RatingRating
Risk Risk TreatmentTreatment Determine Risk
Treatment
Pre
Ris
kA
sses
smen
tR
isk
Ass
essm
ent
Po
st R
isk
Ass
essm
ent
1Determine Risk
Parameters
Determine Impact
Determine ControlEffectiveness
Generate Risk Profile
ExistingProposed
Risk Risk Reporting & Reporting & MonitoringMonitoring
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
5
6
Review Risk Profile
Determine Likelihood
Description Risk Likelihood Description
Rare Event may occur only in exceptional circumstances, e.g. approximately below 5% chance of occurring in the next 12 months
Unlikely The event could occur at some time, e.g. approximately below 25% but above 5% chance of occurring in the next 12 months
Moderate The event might occur at some time, e.g. approximately below 50% but above 25% chance of occurring in the next 12 months
Likely The event will probably occur in most circumstances, e.g. approximately below 95% but above 50% chance of occurring in the next 12 months
Almost Certain The event is expected to occur in most circumstances, e.g. approximately above 95% chance of occurring in the next 12 months
SSMLL
HSMLL
HHSML
HHSSM
HHHSS
Likely
Moderate
Likelihood ofOccurrence
Unlikely
Rare
Insignificant Minor Moderate Major Catastrophic
Magnitude of Impact
Almostcertain
Determine Gross and Residual Risk Ratings
Insignificant
Likely
Rare
Catastrophic
Magnitude of Impact
Moderate
Unlikely High
Significant
Moderate
Low
Illustrative residual risk profile
Almostcertain
Lik
eli
hood
Moderate
Minor Major
Creditrisk
Shortage of skilled
planners
Tenaga Nasional Berhad
Lack of performance-based culture
Failure of business ventures
Market risks (FX,interest
rates and fuel cost)
Dependence on gas-fired
plants
Ability to cost-effectively
finance and re-finance
Unsatisfied customers
Increase intheft of
electricity
Loss of assets
Safety, health & environment
Changes in regulatory
requirements
Competition from IPPs
Loss of key personnel
Ineffective manpower planning
Generate Risk Profile
Revised Group-Wide Risk Assessment Process
Business Business OverviewOverview
Risk Risk IdentificationIdentification
WeakSome WeaknessesSatisfactory
Rare Almost CertainLikely UnlikelyModerate
Low SignificantModerate High
Insignificant MajorMinor CatastrophicModerate
Define Entity LevelBusiness Model
Prepare Business Process Analysis
Identify Risk Determine Causes
Identify Controls
Determine Residual Likelihood & Impact
Determine Gross Likelihood & Impact
Determine Residual & Gross Risk Rating
Controls Controls IdentificationIdentification
Risk Risk RatingRating
Risk Risk TreatmentTreatment Determine Risk
Treatment
Pre
Ris
kA
sses
smen
tR
isk
Ass
essm
ent
Po
st R
isk
Ass
essm
ent
1Determine Risk
Parameters
Determine Impact
Determine ControlEffectiveness
Generate Risk Profile
ExistingProposed
Risk Risk Reporting & Reporting & MonitoringMonitoring
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
5
6
Review Risk Profile
TNB Risk Treatment Strategy
To focus on key risks viewed as critical to the business, rated as high and/or significant
The residual risk ratings to be continuously monitored
Key risks can be categorised as:
i. Strategic risks
ii. Operating risks
Strategy
Management action
Reduce
Accept
Pass-on
Riskappetite
Terminate
Risk profile
Risk Treatment Options
Determine Risk Treatment Decision
Risk treatment option – “Terminate”
Eliminating the business area or significantly altering it Option selected typically for risks that could have
catastrophic or major impact on the business and when the costs of pursuing other choices significantly outweigh the potential benefits
Example, if an investment is found to be consistently non-performing and it is determined that the resources consumed to improve performance far outweigh the return on investment, the decision may be to divest or dispose of the investment
Risk treatment option – “Reduce”
Management can choose to reduce the risks by taking specific actions aimed at: Reducing the likelihood that a risk will occur in the first
place; and Reducing the impact of that a risk might have on
Deadline the business should it actually occur.
Examples of risk reduction techniques
Management can choose to reduce the likelihood by actions including: Physical measures – improving building security can
reduce the risk of losing assets Policies – employee training (formal or OJT) and
reasonable health and safety procedures can reduce the workplace accidents
Diversification – product, market, or supplier diversification, etc. For example, Entering other markets or selling other energy related
products could reduce exposure to a decline in one market or product
Using alternative suppliers Controls – compliance with policies and procedures;
proactively calculate and monitor KPIs
Examples of risk reduction techniques (cont’d.)
Management can choose to reduce the impact by actions including: Contingency planning – business continuity planning
for events that may affect TNB’s ability to provide core services
Maintaining resilience having access to back-up production resources having liquid assets or the ability to borrow and
raise new capital developing and maintaining spare capacity having good relations with the government,
suppliers, customers and employees,
Other examples of risk reduction techniques
Clarify accountabilities
Update performance
contracts
Business plan review
Education and training
programme
Establish minimum controls
Seek expert advice
Project evaluation
Improve processes
Establish performance reporting
requirements
Determine policy
Risk reduction
techniques
Risk treatment option – “Accept”
Management may decide that the level of residual risk is acceptable after considering factors such as: Adequacy of current controls; The quality and quantity of information about the
controls; The likelihood and consequences of the risk occurring The cost of additional controls
This options means management chooses not to act and to consciously accept a certain risk. For example, a risk ranked as “low” may be accepted because the level of the risk of acceptable in relation to TNB’s risk appetite
Risk treatment option – “Pass-On”
Transferring an entire business process to another party as is the case with sub-contracting and outsourcing arrangements
Sharing the business process with another party as is the case with partnership and joint venture arrangements
Retaining the process and transferring the legal or financial risks as is the case with insurance arrangements and the use of certain treasury products
Develop Risk Mitigation Plan
Task Focus
Owners Identify the personnel to undertake the mitigation plans
Mitigation plan Determine the plan to undertake to manage the risk based on the risk treatment decision
Mitigation cost Ascertain the estimated cost for the risk treatment
Commencement & Completion date
Develop the timeline and identify the commencement and completion dates of mitigation plans
Mitigation status Determine the status of the action plans i.e. implemented, work in progress (with percentage of completion) or not implemented
Revised Group-Wide Risk Assessment Process
Business Business OverviewOverview
Risk Risk IdentificationIdentification
WeakSome WeaknessesSatisfactory
Rare Almost CertainLikely UnlikelyModerate
Low SignificantModerate High
Insignificant MajorMinor CatastrophicModerate
Define Entity LevelBusiness Model
Prepare Business Process Analysis
Identify Risk Determine Causes
Identify Controls
Determine Residual Likelihood & Impact
Determine Gross Likelihood & Impact
Determine Residual & Gross Risk Rating
Controls Controls IdentificationIdentification
Risk Risk RatingRating
Risk Risk TreatmentTreatment Determine Risk
Treatment
Pre
Ris
kA
sses
smen
tR
isk
Ass
essm
ent
Po
st R
isk
Ass
essm
ent
1Determine Risk
Parameters
Determine Impact
Determine ControlEffectiveness
Generate Risk Profile
ExistingProposed
Risk Risk Reporting & Reporting & MonitoringMonitoring
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
Monitor Risk Profile
Develop MitigationPlan
Prepare RiskAssessment Report
2
3
4
5
6
Review Risk Profile
Risk Monitoring & Review
Risk monitoring and review involves the following: a re-examination of all risks identified to ensure that
the current assessments remain valid; and reviewing the progress of risk treatment actions and
the relevant fallback plans, if required. Risk monitoring and review should form part of the
normal management reviews. The risk register is updated after every review and assessment.
Q & AQ & A
Thank You
Powering The Nation’s Progress www.tnb.com.my