Document Sample
Ratings Powered By Docstoc
Customise a risk universe map for your organisation, sector or project with this easy sample-template.
Use RiskMapper as an inherent risk mapper and risk register-analysis tool to help you become RiskSmart.
RiskMapper features a unique heat-prioritised rating criteria system based on risk practitioner experience - not theory. Here are some smarter ways it helps to to manage risk:
        1 categorising your inherent risks,
        2 heat-prioritising them, so executives understand priorities
        3 using it as an 'inventory' for risk identification and assessment purposes
        4 reality-checking' the robustness of your residual risk register (by comparing both maps against each other)
        5 starting a risk-based audit plan (if there are no robust risk registers in-place)
        6 building a bridge between business risk management and internal audit

Here's how to get started (assuming you know the basics of using a spreadsheet in .xls format):
   Step 1:   Understand the background. Read the attached worksheet called "Background".
   Step 2:   Research the inherent risks for your sector/business/project. Gather lists from appropriate sources e.g. insurers, desk-top, team workshops, Delphi experts, etc.
   Step 3:   Familiarise with the worksheet "Universe" starting at 40% to get a big picture, read the Notes, remove all colour from boxes and remove the code numbers below them
   Step 4:   Start to customise it to suit your needs by changing risk titles to your preferred set, especially at Level Three. Add Opportunities as well as Threats.
   Step 5:   Understand the Rating Criteria on the "Rating" worksheet. Print this off and use at next step as reference.
   Step 6:   Rate each risk, by adding your own rating codes (e.g. 3,4,8) underneath each Level 3 box, using the Criteria. This leaves an audit trail.
   Step 7:   Colour-paste each box to the correct heat-colour Rating (i.e. red, amber, yellow, green)
   Step 8:   Re-order the boxes within the 'strings' so the boxes appear in colour-order, red at top, then amber, yellow, green and white. NB: Does the pattern suggest risk profile?
   Step 9:   House-keeping: check all externally-sourced risks are in italics , add comment-boxes to clarify, spell-check, format-check.
  Step 10: Update periodically: e.g. check sector publications or competitor annual reports for new risks, etc
  Step 11: Apply it: E.g. Transfer your 4-colour rated residual risk register risks onto the same format and print in A3. Place it over your A3-print of the Universe map and compare the
           pattern. Does it suggest your business managers are missing or wrong-rating the residual risks? Or are you tracking the wrong inherent risks, if the outside real world has
  Step 12: Future: send any improvements or global practice changes to and watch our website: http://

Sources: A Synthesis by Domenic Antonucci including but not limited to:
         1 Personal multi-sector experience in Europe, Africa and Asia-Pacific for the Rating criteria.
         2 Various publications, including "IFRS conversion Who’s managing risks on the road ahead?" 2010 by Deloitte, audit and consulting firm
         3 Marsh Business Risk Inventory by Marsh Risk Consulting, the largest global specialty risk consulting firm
         4 CIA Learning System (Institute of Internal Audit Certified Internal Auditor) guidelines by the Institute of Internal Audit (IIA)
         5 "The Risk IT Practitioner Guide" 2009 by ISACA and RiskIT
                                                                                                                                                                                                             RiskMapper - Risk Universe Map for <Ports>
Level One Category of Risk

                                                                                           Strategic Risks                                                                                                                                                                                                                      Operational Risks                                                                                                 Financial                  Hazard
Level Two

                                                                                    Technology &                                                           Corporate                                                          Environment &                                                            Information                                                         Sales, Marketing &        Compliance,                                                              Hazard &
     Geo-Political                 Economic                  Societal                                       Reputation              Market                                     Business Strategy          Planning                                  Corporate Assets         Human Capital                                  Legal & Contract        Product & Customer                                                    Process & Planning           Finance
                                                                                       Science                                                            Governance                                                           Sustainability                                                           Technology                                                          Communications         Reporting & Risk                                                          Environment

Level Three
                                                                                                                                                          Reputation /                                                                                                                                                                                                                             Effectiveness &
                                Under-invested                                       Equipment              Stevedore         Transport Vertical                                                        Budgeting &                                                                                   Contracting &                                   Differentiate /                                                                             Counterparty via         People Health &
  Regulatory Trends                                    Risk Averse Culture                                                                                Stakeholder           Business Model                               Extreme Weather       Corporate Resilience    Corporate Culture                              Contract Management                              Reputation & Brand        Efficiency of       Operational Planning
                                 Infrastructure                                      Resilience            Performance           Integration                                                            Forecasting                                                                                    Outsourcing                                   Migrate or Divest                                                                                Banks                    Safety
                                                                                                                                                           Relations                                                                                                                                                                                                                                 Operations
               1,4,5,7                   1,4,6,7                 4,6                        3,9                   9                     1,2,4,9                 4,5,8,9,10              1,2,4,5,6,             1,4,6,7,8,              1,2,4                  4,5,9                  4,5,6,9,10               4,5,9,10               2,3,4,5,6,8,              3,5,7,8,9            1,2,4,5,6,              1,2,3,4,9,             4,6,7,8,10              2,4,9,10                 1,2,4,10

                                                                                     Technology                                New Entrants &         Board/CEO Structure        Organisation                                    Drought &                                                         Disaster Recovery &                                                          Crisis           Controls, Monitoring        Program
   Operational Risk           Financial Markets        Pandemic & Disease                                   Cargo Care                                                                                 Capital Planning                               Maintenance            Blame Culture                                  Contract Liability      Customers & Service                                                                            Equity & Debt         Business Interruption
                                                                                     Innovation                                 Competition              & Leadership             Structure                                    Desertification                                                          Continuity                                                          Communications              & KPIs              Management
               2,6                       1,2,4,8                 2,4                        1,2,4,5               9                     1,2,3,4,5,               9                      1,3,5,6,7,             4,6,7,8,9               1,2,4                  4,5,7,9                4,8,9                    1,2,3,4,7              4,6,7                     4,7,8,9              1,2,4,9,10              1,7                    2,3,4,5,6,              4,7,8,10                 1,2,4,5,6,

                                                                                                                                                                                                        Performance            NatCat: Inland                                                           Contract          Counter Party Credit                               Communication                                   Alignment &
        Sanctions                Globalisation             Labor Skills          Technology Trends         Vessel Delays      Demand & Growth         Board Accountability         Alliances                                                        Asset Utilitisation   Competencies & Skills                                                           Pricing                                 Risk Management                                     Hedging              Fire & Explosion
                                                                                                                                                                                                     Management & KPI's          Flooding                                                             Commitment           Risk - Contractual                                   & Media                                        Interface
               1,4,8                     2,4,5,8                 4,5                        1,2,5                 1,9                   7,9                      6                      4,6,8                  4,6,7,8,9               1,2,4                  4, 7                   4,5,6,7                  7                      4,9,10                    4,7,8                1,2,4,5,6,              1,6                    6,9,10                  3,4,7,10                 1,4,6
                                 Investment                                                                Operational                                    Board/CEO                                                          Corporate & Social                                                        Physical &                                                           Investor/Owner                                    Strategy              Budgeting &
       Terrorism                                        Liability Regimes            Cyber Crime                                 Competitors                                     Acquisitions/        Scenario Planning                               Balance Sheet        Change Readiness                               Port Land Ownership           Production                                      Fraud                                                                  Security
                                 Restrictions                                                              Performance                                   Effectiveness                                                         Responsibility                                                        Environmental                                                          Communications                                 Implementation           Forecasting
               2,4                       1,4,6                   1,4                        4                     10                    2,4,7,8                  6,7                    4,7,9                  2,6,7                   4,5                    1,4,8                  4,5,6,7                  6                      10                        8                    1,4,5,6,7,              4,7                    5,6,7,8,9,              4,5,7                    1,7
                                                                                                                                                                                                                               Pollution - Air,
                                  Accounting             Racial/Culture              Equipment                                    Industry                                                            Increasing Size of                                                                                                                                Real Estate                                                           Change               Price: Foreign           Environmental
              War                                                                                         Cargo Deliveries                             Conflict of Interest   Business Portfolio                               Water, Noise,         Asset Utilisation         Leadership           Data fraud / Loss      Contingent Liability                            Marketing Programs          Culture
                                  Standards                 Conflict                 Automation                                 Consolidation                                                               Ships                                                                                                                                      Development                                                          Management               Exchange                   Impact
               2,4,5                     1,2,3                   4                          1,2                   9                     5,10                     3                      1,4,5,6,7              7,9                     1,2                    4,8                    4,5,6,9                  1,2,3,4                8                         4,6                  1,2,3,4,5,              4                      6,9,10                  3,4,8                    1,5,7

Transnational Crime                                                                                                                                                                                  Business Continuity                                                                                                    Projects Material        Piloting, Tugs &           Business
                               Asset Price Crisis        Demographics                                     Brand Strength             Crisis              Risk Oversight          Outsourcing                                  Biodiversity Loss     Physical Security        Key Managers          Information Security                                                                             Internal Fraud            Cycle Time         Price: Commodities             Piracy
   & Corruption                                                                                                                                                                                         Management                                                                                                               Pricing            Marine Operations      Development/Sales
               1,2,4                     2,4                     4,5                                              3,4,8                 8,9,10                   1,3,4                  2,4,6,7,8,             1,2,4,5,6,              1                      1,2,4                  5,6,7                    3,4                    4,7                       1,4,6                5,8                     4,5                    10                      4,5,8                    4,8

 Kidnap, Ransom, &                                       Social/Cultural                                                                                                         Migration &                                                           Facilities &       Performance Mgt for                                                                                                                              Key Relationship
                                Interest Rates                                                           Adverse Publicity      Market Forces                 Ethics                                     Port Design          Climate Change                                                             Back Up           Claims & Litigation       Share Operations       Market Research       Unauthorised Acts                             Financial Instruments       Liability Claims
     Extortion                                               Trends                                                                                                              Relocation                                                            Equipment               Individuals                                                                                                                                  Management
               4                         2,4                     5                                                7                     2,5,7,10                 1,4                    1,4,5,7,8              5,6                     1,2                    1,5                    5,6                      4,5                    3,4                       1,4,6                4,5,7                   1,4                    5,9                     4,5,8                    1,3,4

                                                                                                                                 Operational                                                                                  NatCat: Coastal                                Recruitment &                                     Government                                       Utilities                                                            Liquidity:                Assets &
    Political Trends          Currency Exchange        Work/Life priorities                                 Corruption                                Board Compensation      Resource Allocation       Methodology                                 Intangible Assets                                  Change Mgt                                      Utility Supply                            Financial Disclosures   Project Management
                                                                                                                                 Experience                                                                                      Flooding                                      Retention                                      Investigations                                  Development                                                         Opportunity Cost          Superstructure
               2,4                       2,4,5                   2,5                                              3,4                   4,6,7                                           4,6                    4,5                     1,2                    2,4                    4,5,6                    4,5                    1,3                       2,4                  1,2,4                   1,3,4                  4,8                     4,5,8                    1,2,4

                                                                                                           Government           Industry Future                                                                                NatCat: Storm,                               Compensation &                                                           Major Equipment                                                          Customer                                      Vessels & Port
    Ownership Risk           Business Restrictions      Affirmative Action                                                                                                       Subsidiaries                                                                                                           Reliability          Confidentiality                                                      Reporting Quality                                   Finance
                                                                                                           Regulations              Trends                                                                                      Storm Surge                                    Benefits                                                                  Delivery                                                            Satisfaction                                    Equipment
               1,2,5                     1,2,4,5                 1,2,3,4                                          1,2                   4,5,7                                           2,3,4,5,6                                      1,2                                           6                        3                      4,5                       4                                            1,3                    1,4,5,6                 1,2,4,5                  1,2,4

                              Hazard Mitigation                                                            Accidents and                                                                                                       Energy Mgt &                                                                                                             Lifecycle                                     Policies &
     Enforcement                                         Public Disorder                                                      Industry Maturity                               Change Readiness                                                                               Accountability            Availability            Bankruptcy                                                                                      Capacity          Capital Availability      Port Approaches
                                    Costs                                                                    Incidents                                                                                                      Alternative Sourcing                                                                                                       Management                                    Procedures
               1,4,5                     5                       1,2                                              1                     1,3,7                                           5,7                                            1                                             3,4,5,7                  5                      1,3                       2,3                                          1                      5,8                     2,4,5                    1,2,4

     Privatisation/             Trade Zones &                                                                                    Government                                       Business                                                                                                                                                                                                          Regulation &
                                                                                                         Trademark Erosion                                                                                                    Carbon Footprint                            Succession planning         e-Commerce                 Licenses                Liabilities                                                      Supply Chain Mgt          Audit Quality          Natural Hazards
    Nationalisation              Restrictions                                                                                     Relations                                     concentration                                                                                                                                                                                                        Reporting
               1,2,4                     1,2                                                                                            1,2,4,6                                         7,8                                            1,2                                           4,5,6                    1,5                    1                         4                                            1                      5,7                     3                        2,4

                                                                                                                                                                              Product Portfolio &                                                                              Training &                                                              Technology                                Communications &           Infrastructure
Nuclear Proliferation             Fiscal Crisis                                                                                Customer Needs                                                                                  Water Scarcity                                                          Architecture        Intellectual Property                                                                                                Credit Risk - Internal      Theft & Crime
                                                                                                                                                                                   Lifecycle                                                                                  Development                                                              Obsolesence                                  Training                Development
               2                         2                                                                                              6,7                                             4,3,5                                                                                        1,4,5,6                  2                                                5                                            1,2                    1,2,7                   4                        2,4

                                                                                                                                                                                                                                                                                                                                                                                                                           Procurement &
   Pressure Groups                Seasonality                                                                                Channels & Network                                                                             NatCat: Earthquake                                Ethics - Staff           Operations               Asset Mgt            Innovation, R&D                                Tax Reporting                                Price: Interest Rate       Public Liability
               2                         2                                                                                              4,5                                                                                                                                          4,7                      1,2                                              1,2                                          1                      4,5                     4,5                      1,4

   International                                                                                                                                                                                                                Community                                   Port & Maritime                                                                                                          Accounting
                                      Tax                                                                                    Industry-specific Risk                                                                                                                                                      Access                  Capacity              Product Recall                                                     Quality Assurance     Liquidity: Cash Flow     Navigational Safety
Maritime Regulation                                                                                                                                                                                                             Investment                                   Specific Skills                                                                                                         Standards
               1,2                       1,2                                                                                            3,4,5                                                                                                                                        6                        1,2                                                                                           1                      1,3                     4,5                      1,3,4

                                                                                                                                                                                                                                 Fair Trade                                   "Blackberry                                                                                                                                    Knowledge                                      Water Depths
   Regulator Inertia               Royalties                                                                                    Rate of Change                                                                                                                                                                              Mandate Change              Substitution                                                                              Warranty Issues
                                                                                                                                                                                                                                Certification                               Decision-making"                                                                                                                                Management                                       (Dredging)
               1,2                      1,2                                                                                             2,4,5                                                                                                                                        6,8                                                                                                                                           2                       1,3                      1,5
                             Refer Financial                                                                                                                                                                                 Natural Resource
 Global Governance                                                                                                                                                                                                                                                                                                           Standard Terms                                                                                                                               Dangerous Goods
                                                                                                                                 Credit Rating                                                                                 Utilisation &                                  HR Planning                                                              New Product                                                          Measurement              Accounting
        Gaps                                                                                                                                                                                                                                                                                                                  Incorporated                                                                                                                                   Handling
               1,2                                                                                                                      1,2                                                                                                                                          5,6                                                                                                                                           1,2                     1                        1,3
                                                                                                                                                                                                                            Refer Hazard
                                                                                                                                  Innovation                                                                                                                                    Advisers                                                                                                                                                              Insurance                 Waste
                                                                                                                                                                                                                                                                                     4,5                                                                                                                                                                   1                        1
                                                                                                                             Refer Financial
                                                                                                                                                                                                                                                                                                                                                                                                                                                                             Standards &
                                                                                                                                                                                                                                                                            Industrial Action                                                                                                                                                    Price: Asset Value
                                                                                                                                                                                                                                                                                     1,4                                                                                                                                                                   2                        1

                                                                                                                                                                                                                                                                                                                                                                                                                                                    Inflation &
                                                                                                                                                                                                                                                                                 Payroll                                                                                                                                                                                 Disease & Disability
                                                                                                                                                                                                                                                                                                                                                                                                                                                 Purchasing Power
                                                                                                                                                                                                                                                                                     1                                                                                                                                                                     1                        2

                                                                                                                                                                                                                                                                          Social/Cultural Trends                                                                                                                                                      Pensions           Charting & Surveying

                                                                                                                                                                                                                                                                                                                                                                                                                                                           1                        1
                                                                                                                                                                                                                                                                                                                                                                                                                                                Refer Economic &
                                                                                                                                                                                                                                                                           Work/Life Priorities                                                                                                                                                 Market                    Aids to Navigation


                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Assets &
                                                                                                                                                                                                                                                                             Work Practices
                                                                                                                                                                                                                                                                                                                                                                                                                                                                         Refer Environment &

        Very High
The above universe categorises inherent risks (not residual risks) for a port, prioritised to criteria
All risks listed here are inherent risks, not residual risks
All risks currently represent Threats, not Opportunities, but these can be added as appropriate
Italics = Externally driven typical sources of risk
Overlaps and inter-connections do occur
Blank/white boxes are not applicable at this time, but possible in future

Printed on 12/8/2011                         f57a4dfa-52d3-41fe-a475-3434f9a1d01b.xlsx
                                                            RiskSmart Universe of Risk for ADPC
  #      Type of         Rationale - The nature of the business activity means this type of                         Rating                  Notes:
       Uncertainty       uncertainty is inherently sourced from or characterized by:
   10 Complexity.        Complexity of task, process, design, interface, function, controls, geography,                        often hides risks
                         footprint, etc. Also, pervasive risk or systemic risk.
      9 Inter-face.      Failures at the point of key interfaces between plan/execution, plan/capability,                      often hides risks
                         parties, processes, people, technology, etc
      8 Volatility.  Exposure to unexpected crisis, factors e.g. volatile business assumptions, &
                     factors financials e.g. FX, forecasts, demand, supply, stats, measuring the
      7 Assumptions. wrong things, unexpected crisis
                     Exposure to inappropriate assumptions or failure to adapt to changing                                     often hides risks
                     assumptions e.g. changed measures, KPI's, market demand.
      6 Alignment.       Business activity uncertainty from lack of strategic alignment or fit between
                         activities, functions, processes, technology, etc
      5 Change.          Transition, subject to change, or key planned or recent changes in people,
                         organisation, process, design, etc.
      4 History.         External history of sector events, losses, near misses, track record, reputation
      3 Assurance.       Internal history or current Audit or review attention or remedial controls.

      2 NINA.            Source of risk is Non-Insurable &/or Non-Avoidable (i.e. source being outside
                         control of entity).
      1 Compliance.      Exposure to compliance, regulation, approvals, etc.                                                   often routine controls

All ratings are based on the criteria below, except where indicated (e.g. Booz ratings used for Interface risks)
                                                Scoring Method                                                      Rating                   Action
Any 1 in the Red band, or combination of 2 from Orange band + any other                                            Very High   Expect as high residual register
1 or 2 in the Orange range, or combination of 3+ from Orange+Yellow+ Green                                           High      Expect as high residual register
1 or 2 in the Yellow range, or combination of 3+ from Yellow+Green                                                 Medium      Assurance
1 or 2 in the Green range                                                                                            Low       Monitor
These notes are not comprehensive, just informative.
            Hate it when your CEO's and business executives say "So what ..." when faced with a typical 'white' risk universe map?
            Now you can attract their attention with real risk priorities
         1 Your CEO and business executives do not understand their inherent business risks AND their priorities
         2 You have no risk registers and want to kick-start the process with an inventory tool
         3 You have risk registers and want to test how robust they are
         4 You want to kick-start your risk-based audit plan, even when you cannot access any residual risk registers
         5 You want a working bridge between business risk managers and audit functions
         6 You must comply and provide one as a requirement from regulators, auditors, insurers and other external stakeholders

           The scoping, boundaries or collection of all assumed inherent uncertainties (risks) and opportunities that may affect the achievement of objectives, OR
           All potential risks and risk event descriptors as applicable to the sector/organization/etc, regardless of actual likelihood or impact
           "Risk" being any uncertainty impeding achievement of objectives/goals
           To scope inherent risk potential across a given entity within the context of its sector experience and operational/geographic footprint
           To scope inherent risk potential BEFORE OR INDEPENDENT of the business manager perspective and a corporate risk register
           Does NOT represent actual or residual risk
           Can be used to create or compare against and vet any residual risk assessment results / actual risk register to test their robustness and completeness
           Can be used as an input to a risk-based audit plan and for clarity with an Auditor or regulator or sector authority
           The most popular type of Risk Universe map scopes out inherent risk in the form of a risk-categorised hierarchical bush. Typically this is un-prioritised, or inventory-looking.
           RiskMapper represents a new version of the above format, which heat-colour prioritises the old 'white' map and leaves an audit-trail .
           Alternative Risk Universe maps may scope inherent risks in different forms. For example, a functional matrix of Y Axis (Stakeholders) & X Axis (Objectives, Interfaces, Processes, Assets, P
           The four-colour ratings criteria are explained on Worksheet Rating. These have been derived from the RiskMapper creator's past business experience and tested by peer risk practitioner
           These criteria and methodology can be adapted and changed to suit any new user.
           Risk Universe Maps represent potential areas of risk exposure. These vary in size and significance for each business and its sector footprint.
           This big-picture risk universe can help to test and map out a risk register and scan for inter-dependencies, assumptions and links between risks.
           A risk universe describes the overall risk environment (i.e. defines the boundaries of risk management activities) and provides a structure for managing all risk.
           The risk universe is Enterprise-Risk Management (ERM) sympathetic:
           * Considers the overall business objectives, business processes, and their dependencies and interfaces throughout the enterprise.
                         Risk needs to be seen from an end-to-end business activity perspective, crossing functional silos (e.g. IT operations, project management,
                         application development, disaster recovery, security, etc.).
           * Considers the full value chain of the enterprise - not only the enterprise and its subsidiaries/business units but also its clients, suppliers and service providers (the ‘extended’ enterprise
          * Considers a full life-cycle view of business activities - most relevant to the entity - including transformation programmes, investments, projects and operations
          * It includes a logical and workable segmentation of the overall risk environment (e.g., across organisational entities, geographic locations, technologies, applications).
                        This is not easy —the hierarchical organisation of the enterprise, business processes, and supporting Risk infrastructure and
                        services often are not aligned, and it is highly probable that different views along different dimensions exist for the overall environment. It is
                        up to different users within the enterprise to determine which view will be the most meaningful to support the business objectives
                        of the enterprise while considering the potential overlaps or omissions.
          * Needs to be updated and reviewed on a regular basis due to the constantly changing internal and external environment
          Are unlimited. The most popular macro-categories (Level One) are :
                      1 Strategic
                      2 Operational
                      3 Financial
                      4 Hazard
          Level Two and others can include:
                        1. Asset Management - loss, damage, destruction, loss of use of own or other party's
                        buildings, plant, equipment, stock.
                        2. Compliance - failure to comply with regulatory requirements, internal or external.
                        3. General Management - consequences of poor corporate governance and/or general
                        management practices.
                        4. People - injury to staff and other people; failure of duties of care to other parties.
                        5. Environment - damage to the environment.
                        6. Business Model / Change Management - impact on the business of poorly managed
                        strategic development and change processes.
                        7. Financial - reduced revenue and/or increased expense flows.
                        8. Products and Services - liability arising from product or service, quality or delivery.
                        9. Technology and IT - impact relating to failure of technology.
          Level Three sub-set categories may vary the most widely by sector and business, and are subject to change over time.
          Whichever categories are chosen, ensure that they are aligned to the residual risk register's categorisation so they can be compared consistently.
          Customise. Some sectors like Finance, would extend the Level Two and Three categories under "Finance" for instance.
or inventory-looking.

es, Interfaces, Processes, Assets, Project LifeCycle)

nd tested by peer risk practitioners.

oviders (the ‘extended’ enterprise).
s, applications).

Shared By: