Risk management seminar Part 6 •Crisis matrix was designed by Klaus Winterling. The matrix is one of analytical techniques used in risk management. • •The matrix allows risks categorization by two parameters: • •Probability of a risk occur at a given time - how real and probable is that the risk will actually occurs - matrix defines three levels of probability -Low, 1 -Medium, 2 - High, 3 • •Risk effects on an SBU - what what would be the impacts of the risk on an organization or department if the risk occurs - matrix defines three levels of effect -Negative, 1 -Threatening 2 -Destructive 3 • ISO 27005- Process model of Risk management SBU definition with using 7S Methods SBU - Euromedica s.r.o. Strategy : corporate strategy for 2020 – 2023, integrated with financial strategy and HR strategy. Structure : Managing board, Supervisory board. Direktor. IT Servises. Sales Department. Ekonomics Department. Logistik manager. Systems : IT Systems – MS Office, MS SQL Server Account system Money S7 Small company managed by direcktor and head off the departments. Marketing system integrated in Money S7. Logistik system integrated in Money S7. Style: process oriented organization, with process maps and managed dokumentation. Staff: Managing board 3 persons. Supervisory board 3 persons. Direktor 1 person. IT department 3 persons. Logistik manager 1 person. Sales department : 12 persons. Economy department : 2 persons. Skills: Categorizing date. Audit skills. Process modeling. Process analyzing. Project management. Lead auditor for ISO 9001, 14001, 18001, 20001, 27001. Coordinating. Risk management. Shared values: Strategic thinking. Interviewing. Diplomacy. Advising. Types of risks Human factor : Substance abuse Stres sitaution Certifikation Information and technology risks: Integrity of application systems Incorrectly specified requirements for HW and SW and their evaluation Unauthorized use of information, destruction, damage and its modification Intentional interference with SW or HW Operation risks: Defective feedback system Complexity of processes, operations Organizational risk: Ineffective methodological, control activities and supervision Non-optimized circulation of documents, records, shredding of documents Financial risk: Manipulation of income and expenses State guarantees, financial assistance Risk factors Efekt on an SBU=Inpact Propabilitty of risk Severity of risks Ineffective supervision 3 3 9 Non-optimized circulation of documents 2 1 2 Manipulation of income and expenses 3 3 9 State guarantees, financial assistance 3 2 6 Substance abuse 1 1 1 Stres sitaution 2 2 4 Certifikation 3 2 6 Integrity of application systems 3 3 9 Incorrectly specified requirements 3 1 3 Unauthorized use of information 2 1 2 Intentional interference with SW or HW 2 2 4 Defective feedback system 2 2 4 Duplicity of processes, operations 3 2 6 Inpact x Probability = Severity Operation to reduce the risk faktors: Ineffective supervision : Regular reporting in Project modul on the informations system – periodicly reporting from project manager to direktor. Periodicly meetings with project team. Periodicly meetings BOARD wit project managers. Manipulation of income and expenses: Reporting in IS Money S7 just in time. New control reporting for cash flow. Every monat creat casch flow from the project. Controling in Money S7. Budget: Definition and implementation of controling reporting – 3000 Eur. Upgrade of SW – 2 000 EUR. Seminars – 500 EUR Subtotal : 5 500 EUR per yars. Integrity of applications : Execute integrity test in aplikations . Data integrity test. Instalations of new version. Budget: Testing procedure - 300 Eur New instalation - 200 Eur Subtotal 500 EUR. Total costs for reducing risk factor is 5 500 EUR, realized in 1 year. Thank you for your attention! Definition of risk and its types