{"id":9687,"date":"2025-04-05T17:09:57","date_gmt":"2025-04-05T09:09:57","guid":{"rendered":"https:\/\/tommykwan.com\/blog\/?p=9687"},"modified":"2025-04-05T19:12:22","modified_gmt":"2025-04-05T11:12:22","slug":"summary-of-enterprise-risk-management","status":"publish","type":"post","link":"https:\/\/tommykwan.com\/blog\/my-diaries\/summary-of-enterprise-risk-management\/","title":{"rendered":"Summary of Enterprise Risk Management"},"content":{"rendered":"<p><strong>Session 4: Risk \/ Event Identification<\/strong><\/p>\n<blockquote><p>Incidents (events) affect the implementation of the achievement of objectives and strategies of the company.<\/p><\/blockquote>\n<p>Type of events?<\/p>\n<ul>\n<li>Internal<\/li>\n<li>External<\/li>\n<\/ul>\n<p>Simply, incident can bring to both positive result or negative result &#8211; always risks and opportunities.<\/p>\n<p>&nbsp;<\/p>\n<blockquote><p>What can possibly go wrong?<\/p><\/blockquote>\n<ul>\n<li>Risk identification is the first but most important step in risk management: What can possibly go wrong?!<\/li>\n<li>Risks that are not identified cannot be managed (Opportunities are leaving for those who have well prepared)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>How to ident risk?<\/p>\n<ul>\n<li>Looking backward\n<ul>\n<li>statistical analysis &#8211; look for trend, learn from history<\/li>\n<\/ul>\n<\/li>\n<li>Looking forward\n<ul>\n<li>brainstorming (by small group and\/or large group of individuals)\n<ul>\n<li>Expert Knowledge<\/li>\n<li>Delphi Technique<\/li>\n<li>Scenario analysis<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Now, let look more deeper into the analysis methodologies.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Process Flow Analysis<\/strong><\/p>\n<ul>\n<li>List tasks in the process, and for each task list all the possible events<\/li>\n<li>this method is good for risk identification , and cost assessment<\/li>\n<\/ul>\n<p><strong>Event Tree Analysis<\/strong><\/p>\n<ul>\n<li>there is\/are initial event(s) and sub-events before reaching the outcome(s)<\/li>\n<li>limitation \/ weakness of this method:\n<ul>\n<li>(1) must ident the subject\/topic ;<\/li>\n<li>(2) doesn&#8217;t show the cost of consequence;<\/li>\n<li>(3) rely on historical info to assist the analysis of frequency of the outcome(s)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Bow Tie Analysis<\/strong><\/p>\n<ul>\n<li>Demonstrate an event (incident) as a hazard<\/li>\n<li>Upstream : the potential causes (threats) and preventive control measures<\/li>\n<li>Downstream: the potential outcome (consequences) and the mitigation recovery measures<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/www.manycaps.com\/images\/easyblog_articles\/384\/b2ap3_large_Bow-Tie-Risk-assessment-2.png\" alt=\"8 Steps to using Bow Tie Analysis for Risk Management - Blog\" width=\"652\" height=\"339\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Scenario analysis<\/strong><\/p>\n<ul>\n<li>Base case<\/li>\n<li>Worst case<\/li>\n<li>Best case<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<blockquote><p>Risk identification must take place at all levels of the organization.<\/p><\/blockquote>\n<p>No matter what types of risk identification are used, one must be remember: risk identification must take place at all levels of the organization.<\/p>\n<p>In the lesson, the tutor used the &#8220;Bhopal Disaster&#8221; as an example to emphasize this point.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Pitfalls<\/strong> when conducting risk identification or making decisions<\/p>\n<ul>\n<li>&#8220;Empty-suit problem&#8221; (expert problem)\n<ul>\n<li>someone who is authority but actually he\/she has not much difference from general population, but we need to follow their opinions (or instructions)<\/li>\n<\/ul>\n<\/li>\n<li>&#8220;Black Swan&#8221;\n<ul>\n<li>outlier is &#8220;always&#8221; existing &#8211; unexpected situation<\/li>\n<li>we believe that the future will resemble the past &#8211; misleading to wrong decision<\/li>\n<\/ul>\n<\/li>\n<li>Normalization of deviance\n<ul>\n<li>accustomed to deviation &#8211; &#8220;\u4e0d\u5408\u7406&#8221;\u5408\u7406\u5316<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>How to counter? (<strong>Prevent<\/strong> or reduce<strong> deviance?<\/strong>)<\/p>\n<ul>\n<li>Never use past success to redefine acceptable performance<\/li>\n<li>Prevent group-thinking<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Session 5: Risk Assessment<\/strong><\/p>\n<blockquote><p>Risk Assessment = Risk Analysis -&gt; Risk Evaluation<\/p><\/blockquote>\n<ul>\n<li>Risk Analysis : likelihood x potential impact<\/li>\n<li>Risk Evaluation : prioritize for the risk response and the allocation of resources<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Pitfall<\/strong> of risk perception and decisions<\/p>\n<ol>\n<li>problem of induction\n<ul>\n<li>belief that the future will resemble the past &#8211; do not consider &#8220;black swan effect&#8221;<\/li>\n<\/ul>\n<\/li>\n<li>confirmation bias\n<ul>\n<li>choose to believe \/ prefer evidence that supports your beliefs\n<ul>\n<li>search for what you want<\/li>\n<li>recall information that support you<\/li>\n<li>use &#8220;all means&#8221; to test and demonstrate that your thinking is correct<\/li>\n<li>disregard the &#8220;real, useful&#8221; information<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>cognitive dissonance\n<ul>\n<li>when two contradictory information come, the mental stress make people to change their action slightly, but usually their belief will change also well, until they find a new balance (comfort zone)<\/li>\n<\/ul>\n<\/li>\n<li>illusion of control\n<ul>\n<li>someone believes that they have the &#8220;ability&#8221; to control the result<\/li>\n<\/ul>\n<\/li>\n<li>self-attribution bias\n<ul>\n<li>someone belief that the positive outcomes are because of their contribution, but for the negative outcomes, they will blame for others<\/li>\n<\/ul>\n<\/li>\n<li>impact of steroid levels on risk behavior (e.g testosterone, cortisol)<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<div class=\"embed-container\"><iframe loading=\"lazy\" title=\"Confirmation Bias | Ethics Defined\" width=\"1170\" height=\"658\" src=\"https:\/\/www.youtube.com\/embed\/7zoWTb3KP-k?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<div class=\"embed-container\"><iframe loading=\"lazy\" title=\"Cognitive Dissonance | Ethics Defined\" width=\"1170\" height=\"658\" src=\"https:\/\/www.youtube.com\/embed\/PhFKKGEfk78?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<div class=\"embed-container\"><iframe loading=\"lazy\" title=\"What is Illusion of Control | Explained in 2 min\" width=\"1170\" height=\"658\" src=\"https:\/\/www.youtube.com\/embed\/lArqJp8S3UU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Session 4: Risk \/ Event Identification Incidents (events) affect the implementation of the achievement of objectives and strategies of the company. Type of events? Internal External Simply, incident can bring to both positive result or negative result &#8211; always risks and opportunities. &nbsp; What can possibly go wrong? Risk identification is the first but most<a class=\"read-more \" href=\"https:\/\/tommykwan.com\/blog\/my-diaries\/summary-of-enterprise-risk-management\/\" title=\"Read More\"> <span class=\"button default\">Read More<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58,5],"tags":[],"class_list":["post-9687","post","type-post","status-publish","format-standard","hentry","category-erm-enterprise-risk-management","category-my-diaries"],"_links":{"self":[{"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/posts\/9687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/comments?post=9687"}],"version-history":[{"count":24,"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/posts\/9687\/revisions"}],"predecessor-version":[{"id":9711,"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/posts\/9687\/revisions\/9711"}],"wp:attachment":[{"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/media?parent=9687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/categories?post=9687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tommykwan.com\/blog\/wp-json\/wp\/v2\/tags?post=9687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}