NOKIA最新風險管理(英文版)ppt課件

1、Mikko RouttiDirector, Risk ManagementNokia CorporationRisk ManagementMain Themes of Presentationscope of presentation: business risk (widely)our philosophy about risk managementwhere we are today on the journey of ERMhow to do this in our organisationbalance between practical, value-based and analyt

2、ical, fact-based thinkingwhat kind of methods and tools we use (e.g)how do we and others communicate about this It is one thing to set up a mathematical model that appears to explain everything. But when we face the struggle of daily life, of constant trial and error, the abiguity of the facts as we

3、ll as the power of the human heartbeat can obliterate the model in short order.Peter L. Bernstein: Against the Gods- The Remarkable story of Risk“We are not just adding all of these risks together. We are creating a probabilistic view of how much capital is actually necessary. -Rick Buy, Chief Risk

4、Officer, Enron“We review how good it can get, we review how bad it can get, and every place in between. - Rick Causey, EVP and Chief Accounting Officer, Enron What does risk appetite mean in practice?Are we focusing on opportunity?Is there a clear view of the appetite for risk?Is there balance in ri

5、sks and rewards? (i.e. high risks vs low rewards)Where should most of managements effort be directed?A Generic Business Risk ContinuumOpportunityUncertaintyHazardCompliance And PreventionOperating PerformanceStrategic InitiativesKey Questions to Consider.EnvironmentHealth & safetySupply chainSoftwar

6、eProduct creationRISK UNIVERSEHow does risk manifest itself? Fortune 1000 Group AnalysisOne hundred (10%) of the Fortune 1000 companies suffered a loss of over 25% of shareholder value within one monthCost OverrunsAccounting irregularitiesManagement ineffective-nessSupply Chain IssuesCompetitive Pre

7、ssureM&A Integration ProblemsMis-aligned ProductsCustomer Pricing PressureLoss of Key CustomerSupplier ProblemsR&D DelaysCustomer Demand Shortfall% of top 100Regulatory ProblemsStrategicOperationalFinancialHazardForeign Macro-Economic IssuesInterest Rate Fluct-uationHigh Input Comm-odity PriceLaw-su

8、itsNatural Disasters58%31%6%0%Primary Cause of Stock Drop (# of Companies)Source: Compustat, Mercer Management Consulting analysisNote: There were also 5 stock drops for which the primary cause could not reliably be determined. These 5 stock drops are not depicted. Mercer Management ConsultingRisk M

9、anagement Visionto take such risks that will enable company to profitably grow the business have a thorough understanding of those risks and responses required for successaim is to systematically capitalise on, control and manage risk in business rather than eliminate it. Ensure risks are properly a

10、nalysed, prioritised and managed when taking major business decisions.Ensure that key risks have a responsible ownerTo manage events that may affect customers, employees, the financial position of Nokia and its brand.Comply with regulatory and legal requirementsDrivers for increased risk awareness b

11、usiness needs stakeholder awareness recent crisis (Worldcom, Enron, Tyco etc) compliance issues Turnbull/UK KontraG/Germany Netherlands Sarbanes-Oxley: USAfood for thought: do investors appreciate systematic risk management they penalize you if you miss !Building up a Risk Management SystemPeople an

12、d competenciesProcessMethodsToolsPeople and competencies form the foundation of risk managementProcess helps ensure their skills are applied consistently Methods assure that risk management is done well Tools increase productivity and can sometimes direct people and processesObjectives of Risk Manag

13、ementControlAll projects have risks and some risks will occurRM is an investment into the future: It is often cheaper to avoid a potential problem than fix an occurred oneIf you only fix problems as they surface, the flow of future problems will continue to keep you busy RM improves predictability a

14、nd control of projectsUnderstandingKnow where the risks are and focus on essential risk areasConsistent understanding of risks throughout the organizationLearn from the risks that occurredWhat is Risk?Risk is a many-faceted Conceptslippery driving conditions (rain, snow)a car accidentuntreated perso

15、nal injuries, damaged vehiclestreatment of injuries, purchase of a new carmedical costs, permanent injury effects, higher insurance premiumsThe net effect of pain, lost time and expenses as felt by individuals Risk factor: something that influences risksRisk event: occurrence of the riskRisk outcome

16、: immediate impact of risk eventRisk Reaction: reaction to the riskRisk effects: effects of riskUtility loss: perceived value of effects by stakeholdersWhat is RiskAre these risks?Frequent, but uncertain small problems (e.g., some days will be lost to sick leave)Almost certain events (e.g., some req

17、uirements will change)Risks that do not effect your project (e.g., HW budget is exceeded)Technically yes, but.Too minor to receive special focus, to be managed by “normal managementconsider them problemsdelegate them to someone elseProject view: falling short of goalsScope of Risk ManagementFinancia

18、l view: varianceRiskManagementPain(Risk)Gain(Opportunity)UncertaintyImpactDefinitions of ProbabilityClassic probabilityFuture outcomes are decomposed into atomic, equally probable componentsFrequency-based probabilityRatio of a certain event in an infinite series of identical trialsSubjective probab

19、ilityA persons subjective belief of the likelihood of an event occurrenceTimeframe and RiskTimeframe (or urgency)actually an attribute of risk and controlling actionPeople have strong biases for near-term risksWaiting may buy information and new solutionsDefinition of RiskRisk is a fuzzy concept: be

20、 clear on what you meanRisk is not the same as a problem: probability = 1problem solving too late Risk is relative to stakeholders and their expectationsThe right-level of abstraction is critical and it depends on the situationVOCABULARY:exampleG-Goal and stakeholder review A process step in risk ma

21、nagement. The stated goals of the working entity (Business Unit, Product program, Business Group, Function etc.) are reviewed and refined. Stakeholders associations with the goals are analyzedM- Mitigation Strategy A strategy that is used to lower the probability and/or utility loss of risk scenario

22、sO- Objective - A goal that has an achievable, well-defined target level of achievement.R- Risk Any uncertainty that affects the objectives and achievement of optimum result. A possibility (probability of less than 1) of loss, the loss itself, or any characteristic, object or action that is associat

23、ed with that possibility.Risk ManagementRisk management refers to a systematic and explicit approach used for identifying, analyzing and controlling risk. The risk management process produces two main outputs: Understanding about risksControlling actionsRisk mgmt processUnderstanding of risksControl

24、ling actionsInformation aboutthe situationRisk mgmtmethodsProject context, goals, and plansRisk Management ProcessRisk ManagementMandateGoal & Stakeholder ReviewRisk IdentificationRisk Control&control planningRisk MonitoringRisk Analysisgoals andstake-holdersresponsibilities and scopefor risk mgmtli

25、st ofpotentialrisksdocumented, prioritized risksselectedcontrollingactionsNeed for new riskmgmt cycleRisk Mgmt Process - outputsRisk Management MandateDefine the scope, detail, authority and frequency of risk management in a specific projectScope and detail: what risks must be managed and at what le

26、vel of detailAuthority: who is responsible, who participates, what resources are availableFrequency: how often should it be doneStakeholders: whose risks will be managedCommunicating Risk InformationTopManagementBusiness UnitsProjectsMANDATERISKSSummaryMandate is used to clarify the roles and respon

27、sibilities in risk managementMandate is given by the project owners to the project managerWhen the risk management infrastructure is in place, many aspects of the risk management mandate are easy to defineGoal Review: Definition of RiskUncertainty associated with reaching the objectives. Risk has tw

28、o main attributes: Impact: some damage (“pain)uncertainty: there is uncertainty about whether the loss will occurRiskUncertaintyImpactDefinition of RiskUncertainty associated with reaching the objectives. ProbabilityImpactgoals or expectations: without them the definition of loss is vague or does no

29、t existstakeholder: goals and expectations are associated to some interested party, a person or an organizationRiskUncertaintyImpactGoalStakeholderStakeholders and GoalsStakeholder is any individual, group, or organization who can affect, or be affected by, the process or its resultsStakeholders can

30、 be, e.g.,Line managementCustomer(s)Partners, suppliers and vendorsOther programs or unitsPersonnelSocietyIt is important to know the main stakeholders and their interestsGoals can be found usually in the following areas:schedule;resources used, most often personnel time;cost of development;product

31、requirements, which can include both functional and other quality characteristics;resource utilization; and technical constraints, such as hardware platforms, operating systems and use of particular software tools.Goal and Stakeholder PrioritiesPriorities for goals and stakeholders are definedApprox

32、imate priorities are adequateRisk IdentificationRisk identification requires an open mindTeamwork and effective meeting techniques are criticalThere are several checklists available but are they good for you?Identification of potential threatsNeeds to be done frequentlyRequires a different mental at

33、titude:not problem solving but free associationTechniques: brainstorming, checklists, questionnaires, history data (lessons learned, data), critical path analysis, goal reviewRI: Checklists vs. BrainstormingChecklistsProsFast and easy to useStandardize resultsCover a broad areaMay prompt thinking ne

34、w risksConsCause fatigueDo not encourage creativityMay be biased due to a different domainDo not encourage finding situation specific risksBrainstormingProsFast and easy to useLeverages local expertise and insightKeeps participants activeDevelops commitmentConsRequire facilitation or training Meetin

35、g dynamics may bias resultsDependent on participants experienceRisk AnalysisUnderstanding (describing) risksRisk tracking tablesRisk information formsVisualization of risk dependenciesRanking of risksRisk exposure (I.e., probability * loss)Risk reduction leverageUrgencyRisk AnalysisRisk clusteringgr

36、oup and identify appropriate scenariosRisk scenario developmentfill in risk information forms, orcomplete Riskit analysis graphsRisk prioritizationRank risksUnderstanding Risks:Risk Tracking TablesItems in tracking tables may includeIDAreaOriginDescriptionOwner/responsibleDate of most recent reviewP

37、robabilityLoss impactPrioritycurrentprevioustime on the listRisk statusPotential controlling actionsSelected controlling actionsAction StatusRisk Documentation GuidelinesTemplates standardize communicationsUse an approach that matches your needsDevelop a path to refine the informationyou often start

38、 with an abstract description and add details laterDo not fill in information that you do not know: empty fields act as flags to othersArchive past datauseful for learning from experienceRisk PrioritizationKey attributes in prioritization:Probability and loss determine how severe (=big) the risk isU

39、rgency indicates whether you still have time to waitTwo main approaches for ranking risks:Expected value of loss = prob(event) * loss(event) Ranking through tablesordinal rank multiplicationprearranged ranking tables for ordinal probability and loss estimatesrisk factor ranking tablesOrdinal scale r

40、anking is adequate, when using Riskit Pareto ranking techniqueExpected ValueSame as Risk Exposure: probability * lossRisks that have the highest expected loss are highest risks, e.g., two risks that have potential delays:Risk A: 20% * 5 months = 1 monthRisk B: 50% * 3 months = 1.5 monthsRisk B is a

41、bigger riskA commonly used formula for prioritizing risksEffect of Non-linear Utility FunctionRisk A: 2 month delay with probability of 10%Risk B: 8 month delay with probability of 5%Expected delay:A: 0.2 monthsB: 0.4 months= control risk BExpected utility loss:A: 5 UB: 3 U= control risk A0102030405

42、06070012345678DelayUtility lossversion 0.02SummaryDifferent risks require different attentionFocus on most important or on areas of uncertaintyPrioritization is prone to estimation biases Some prioritization methods have in-built biasesTransparency and understandability of prioritization is importan

43、t: make sure you can explain the results to everybodyControlling Actions vs. ReactionsRisk controlling actions are actions taken before the risk has occurred, I.e., it is proactive risk managementReactions are actions that are performed after the risk has occurredRisk management is primarily concern

44、ed with risk controlling actionsDefining Risk Controlling ActionsBrainstormingOpen or focusedStrategies Checklists Risk element review analyze risk elements to identify what actions could be takenExperiencePersonal experience and insightsAcceptanceAvoidanceProtectionReductionResearchReservesTransfer

45、Risk Control alternativesNo risk reducing actionNo immediate action is taken, but some may be taken at a later timeContingency planningRecovery plans are made, but no further action takenReduce lossRefers to risk controlling actions that are used to mitigate the damage caused by riskRisk avoidanceRe

46、fers to actions that are aimed at avoiding risks occurringReduce event probabilityInfluencing risk factors and observing risk monitoring metrics to reduce the event probabilitySelecting Risk Controlling ActionsControl high-risk scenariosEffectiveness of risk controlling action Project constraintsSta

47、keholder priorityUrgency of risk controlling actionRisk Monitoring in PracticeDefine and collect risk metrics when applicableMonitor additionallychanges in the situationimpact of risk controlling actionspotential new threatschanges in risk analysis input dataInitiate risk identification, risk analys

48、is or risk control planning when necessaryBuilding up a Risk Management SystemPeople and competenciesProcessMethodsToolsPeople and competencies form the foundation of risk managementProcess helps ensure their skills are applied consistently Methods assure that risk management is done well Tools incr

49、ease productivity and can sometimes direct people and processesPeople and CompetenceMotivationExplain why risk management pays offAuthorizationGive people power to perform risk managementSkills + knowledge + practice = competenceSupport in-house learningProcessMake sure that the product development

50、process has explicit points where risk management is addressed Provide templates for reportsDefine the risk management process and its outputsidentifyanalyzecontrolClarify responsibilitiesMethodsSelect a portfolio of sound and easy-to-use methodsStart simple and improve as you become more experience

51、dBeware of the biases and problems with the methods you are usingUse common sense - a method cannot replicate itRequirements for a Risk Mgmt MethodConsistency of application: there is a defined, repeatable process.Consistency of results: results from independent analyses do not differ.Usability: the

52、 method is easy to learn, operate, prepare input for, and the output is understandable.Adaptability: the system can be applied to different projects and situations.Completeness: consideration of all relevant relationships and elements of risk is given. Validity: methods results represents well the real risks and situation. Confidence: methods output is believable and method users believe in it. Traceability: the method documents the assumptions and rationale used to derive conclusions.Communications: the method supports