Risk management seminar
Part 6
• Crisis matrix was designed by Klaus Winterling. The matrix is one of
analytical techniques used in risk management.
• The matrix allows risks categorization by two parameters:
• Probability of a risk occur at a given time - how real and probable is that
the risk will actually occurs - matrix defines three levels of probability
- Low, 1
- Medium, 2
- High, 3
• Risk effects on an SBU - what what would be the impacts of the risk on
an organization or department if the risk occurs - matrix defines three
levels of effect
- Negative, 1
- Threatening 2
- Destructive 3
ISO 27005- Process model of Risk management
SBU definition with using 7S Methods
SBU - Euromedica s.r.o.
Strategy : corporate strategy for 2020 – 2023, integrated with financial strategy
and HR strategy.
Structure :
Managing board, Supervisory board.
Direktor.
IT Servises.
Sales Department.
Ekonomics Department.
Logistik manager.
Systems :
IT Systems – MS Office, MS SQL Server
Account system Money S7
Small company managed by direcktor and head off the departments.
Marketing system integrated in Money S7.
Logistik system integrated in Money S7.
Style: process oriented organization, with process maps and managed dokumentation.
Staff:
Managing board 3 persons.
Supervisory board 3 persons.
Direktor 1 person.
IT department 3 persons.
Logistik manager 1 person.
Sales department : 12 persons.
Economy department : 2 persons.
Skills:
Categorizing date.
Audit skills.
Process modeling.
Process analyzing.
Project management.
Lead auditor for ISO 9001, 14001, 18001, 20001, 27001.
Coordinating.
Risk management.
Shared values:
Strategic thinking.
Interviewing.
Diplomacy.
Advising.
Types of risks
Human factor :
Substance abuse
Stres sitaution
Certifikation
Information and technology risks:
Integrity of application systems
Incorrectly specified requirements for HW and SW and their evaluation
Unauthorized use of information, destruction, damage and its modification
Intentional interference with SW or HW
Operation risks:
Defective feedback system
Complexity of processes, operations
Organizational risk:
Ineffective methodological, control activities and
supervision
Non-optimized circulation of documents, records,
shredding of documents
Financial risk:
Manipulation of income and expenses
State guarantees, financial assistance
Risk factors Efekt on an SBU=Inpact Propabilitty of risk Severity of risks
Ineffective supervision 3 3 9
Non-optimized circulation of documents 2 1 2
Manipulation of income and expenses 3 3 9
State guarantees, financial assistance 3 2 6
Substance abuse 1 1 1
Stres sitaution 2 2 4
Certifikation 3 2 6
Integrity of application systems 3 3 9
Incorrectly specified requirements 3 1 3
Unauthorized use of information 2 1 2
Intentional interference with SW or HW 2 2 4
Defective feedback system 2 2 4
Duplicity of processes, operations 3 2 6
Inpact x Probability
= Severity
Operation to reduce the risk faktors:
Ineffective supervision :
Regular reporting in Project modul on the informations system –
periodicly reporting from project manager to direktor.
Periodicly meetings with project team.
Periodicly meetings BOARD wit project managers.
Manipulation of income and expenses:
Reporting in IS Money S7 just in time. New control reporting for
cash flow.
Every monat creat casch flow from the project.
Controling in Money S7.
Budget:
Definition and implementation of controling reporting – 3000 Eur.
Upgrade of SW – 2 000 EUR.
Seminars – 500 EUR
Subtotal : 5 500 EUR per yars.
Integrity of applications :
Execute integrity test in aplikations .
Data integrity test.
Instalations of new version.
Budget:
Testing procedure - 300 Eur
New instalation - 200 Eur
Subtotal 500 EUR.
Total costs for reducing risk factor is 5 500 EUR, realized in 1 year.
Thank you for your attention!
Definition of risk and its types