Enhancing Enterprise Risk Management Program for Strategic Goals
Explore how [Insert utility name] is improving its Enterprise Risk Management program through risk assessment workshops to identify top risks impacting strategic goals. Discover the process, objectives, and key activities involved in the risk assessment.
Uploaded on | 0 Views
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Attachment 2: Risk Assessment Workshop PowerPoint Template November 2024 | Version 1.0 #PublicPower www.PublicPower.org
Table of Contents and Objectives Topic Page reference Objective Review of ERM Process [Insert utility name] is enhancing its Enterprise Risk Management (ERM) program that promotes effective identification, analysis, reporting and monitoring of risks. [Insert utility name] is conducting an enterprise risk assessment session with [insert audience] (i.e., senior management) to identify top risks that can impact [Insert utility name] s strategic goals. Risk Assessment Introduction Risk Assessment - Our ask of you Comprehensive Summary and References 1. Risk Assessment Approach References Value to [Insert utility name] Appendix Stakeholder Actions Assess identified risks impacting [insert utility name] s strategic goals and enhance the senior leadership s role in risk management. Be familiar with the material included in the pre-read ahead materials of the (virtual/in- person) risk assessment workshop. Preliminarily fill in the risk assessment form attached scoring risk assigned to specific participants. Enable future evolution of good practice risk management program elements, such as risk reporting, audit response planning and reporting. #PublicPower www.PublicPower.org
Review of the ERM Process Identify and agree on risks and/or opportunities to the achievement of strategic goals and objectives STATUS: COMPLETED Business priorities, vision and mission, performance and objectives Identify Assess risks against standard risk rating criteria to support qualitative risk prioritization for impact, likelihood, and management preparedness STATUS: IN PROGRESS Provide a holistic risk portfolio report focused on achieving performance objectives and designed to enable management decision-making STATUS: TO DO Enterprise Risk Management Process Monitoring Assess Communication Response Monitor risk mitigation effectiveness using leading, not lagging, metrics; leverage defined acceptable risk tolerance and/or KRIs to inform risk escalations STATUS: TO DO Identify risk responses and adjust strategy to achieve or exceed performance objectives balanced to risk appetite STATUS: TO DO
Recap of Risk Identification [insert recap of risk identification summary and results here]
Introduction to Risk Assessment Risk assessment is the process of evaluating identified risks to determine their likelihood of occurring and potential impact on the utility. This step helps prioritize risks and develop appropriate mitigation strategies. Key activities involved in this process Developing scoring criteria for evaluating likelihood and impact, in collaboration with senior leadership. Documenting existing controls and mitigation strategies, and designating risk owners. Prioritizing risks by comparing residual risk scores against the utility s risk tolerance and limits. Updating the risk register to reflect the prioritized risks and the utility s risk assessment results. Assigning numerical values to each identified risk based on the likelihood and impact assessments. Calculating residual risk scores to determine the remaining risk after controls are applied. Creating heat maps to visualize risk prioritization and facilitate decision- making.
Our Asks of You Ahead of the Risk Assessment Following risk identification, review the read ahead materials of the session to rate top enterprise risks to [Insert utility name]. 1 For each of the risks identified, please assign an impact and likelihood rating based on the rating scales on the next slide. Also consider controls and mitigation by reflecting on existing strategies that address your identified risks. 2 Review the risk scoring criteria and be prepared to apply them to your identified risks, sharing your rationale and assessments during the workshop. 3 After assigning initial likelihood and impact scores, assess the effectiveness of existing controls and mitigation strategies to determine the residual risk for each identified risk. Document your findings and be prepared to discuss how these controls influence the remaining risk levels during the workshop. 4
[Utilitys Name] Likelihood and Impact Criteria [Insert the utility s Likelihood criteria here] [Insert the utility s Impact criteria here] Level Impact Criteria Description Level Impact Criteria Description Rare: Unlikely to occur, <5% chance Insignificant: No significant impact 1 1 Unlikely: Could occur occasionally, 5% - 20% chance Minor: Limited impact, easily manageable 2 2 Possible: Might occur, 21% - 50% chance Moderate: Noticeable impact, manageable 3 3 Likely: Will probably occur, 51% - 80% chance Major: Significant impact, requires attention 4 4 Almost Certain: Expected to occur, > 80% chance Catastrophic: Severe impact, critical 5 5 1 #PublicPower www.PublicPower.org
Risk Assessment Form Risk Identification Pre-Assessment Risk Assessment Pre-Mitigation Post-Mitigation Residual Risk Score Risk Description Category Controls/Mitigation Strategies Likelihood Level Impact Level Proposed Risk Owner Likelihood Level Impact Level Risk ID Risk Score [insert assigned risk here] XX [insert assigned risk here] XX [insert assigned risk here] XX #PublicPower www.PublicPower.org
Appendix A: Example of Simple Risk Register with Risk Scoring Risk Identification Pre-Assessment Risk Assessment Pre-Mitigation Post-Mitigation Risk ID Residual Risk Score Risk Description Category Controls/Mitigation Strategies Likelihood Level Risk Score Proposed Risk Owner Likelihoo d Level Impact Level Impact Level Critical equipment malfunction leading to operational disruptions Data Breach compromising sensitive data (PII) Regular maintenance schedule Spare parts inventory Equipment monitoring system 4 Operations Manager 2 4 R001 Operational 3 (Possible) 12 8 (Major) (Unlikely) (Major) Network security protocols Regular security audits Employee cybersecurity training Safety training programs Personal protective equipment Incident reporting Long-term power purchase agreements Diversified energy sources Regular market analysis 3 4 2 R002 Cybersecurity 3 (Possible) 12 IT Specialist 6 (Moderat e) (Major) (Unlikely) Employee safety incidents (minor) Safety/ Compliance 4 2 Safety Officer 3 2 R003 8 6 (Likely) (Minor) (Possible) (Minor) 3 Increased energy procurement costs 4 3 Procurement Manager 3 R004 Financial 12 9 (Moderat e) (Likely) (Moderate) (Possible) #PublicPower www.PublicPower.org
