NOKIA最新的.ppt

1、Mikko Routti Director, Risk Management Nokia Corporation,Risk Management,Main Themes of Presentation,scope of presentation: business risk (widely) our philosophy about risk management where we are today on the journey of ERM how to do this in our organisation balance between practical, value-based a

2、nd analytical, fact-based thinking what kind of methods and tools we use (e.g) how do we and others communicate about this, It is one thing to set up a mathematical model that appears to explain everything. But when we face the struggle of daily life, of constant trial and error, the abiguity of the

3、 facts as well as the power of the human heartbeat can obliterate the model in short order.,Peter L. Bernstein: Against the Gods- The Remarkable story of Risk,“We are not just adding all of these risks together. We are creating a probabilistic view of how much capital is actually necessary.” -Rick B

4、uy, Chief Risk Officer, Enron,“We review how good it can get, we review how bad it can get, and every place in between.” - Rick Causey, EVP and Chief Accounting Officer, Enron,What does risk appetite mean in practice?,Are we focusing on opportunity? Is there a clear view of the appetite for risk? Is

5、 there balance in risks and rewards? (i.e. high risks vs low rewards) Where should most of managements effort be directed?,A Generic Business Risk Continuum,Opportunity,Uncertainty,Hazard,Compliance And Prevention,Operating Performance,Strategic Initiatives,Key Questions to Consider.,Environment,Hea

6、lth resources used, most often personnel time; cost of development; product requirements, which can include both functional and other quality characteristics; resource utilization; and technical constraints, such as hardware platforms, operating systems and use of particular software tools.,Goal and

7、 Stakeholder Priorities,Priorities for goals and stakeholders are defined Approximate priorities are adequate,Risk Identification,Risk identification requires an open mind Teamwork and effective meeting techniques are critical There are several checklists available but are they good for you?,Identif

8、ication of potential threats Needs to be done frequently Requires a different mental attitude: not problem solving but free association,Techniques: brainstorming, checklists, questionnaires, history data (lessons learned, data), critical path analysis, goal review,RI: Checklists vs. Brainstorming,Ch

9、ecklists Pros Fast and easy to use Standardize results Cover a broad area May prompt thinking new risks Cons Cause fatigue Do not encourage creativity May be biased due to a different domain Do not encourage finding situation specific risks,Brainstorming Pros Fast and easy to use Leverages local exp

10、ertise and insight Keeps participants active Develops commitment Cons Require facilitation or training Meeting dynamics may bias results Dependent on participants experience,Risk Analysis,Understanding (describing) risks Risk tracking tables Risk information forms Visualization of risk dependencies

11、Ranking of risks Risk exposure (I.e., probability * loss) Risk reduction leverage Urgency,Risk Analysis,Risk clustering group and identify appropriate scenarios Risk scenario development fill in risk information forms, or complete Riskit analysis graphs Risk prioritization Rank risks,Understanding R

12、isks:Risk Tracking Tables,Items in tracking tables may include,ID Area Origin Description Owner/responsible Date of most recent review Probability Loss impact,Priority current previous time on the list Risk status Potential controlling actions Selected controlling actions Action Status,Risk Document

13、ation Guidelines,Templates standardize communications Use an approach that matches your needs Develop a path to refine the information you often start with an abstract description and add details later Do not fill in information that you do not know: empty fields act as flags to others Archive past

14、data useful for learning from experience,Risk Prioritization,Key attributes in prioritization: Probability and loss determine how severe (=big) the risk is Urgency indicates whether you still have time to wait Two main approaches for ranking risks: Expected value of loss = prob(event) * loss(event)

15、Ranking through tables ordinal rank multiplication prearranged ranking tables for ordinal probability and loss estimates risk factor ranking tables Ordinal scale ranking is adequate, when using Riskit Pareto ranking technique,Expected Value,Same as Risk Exposure: probability * loss Risks that have t

16、he highest expected loss are highest risks, e.g., two risks that have potential delays: Risk A: 20% * 5 months = 1 month Risk B: 50% * 3 months = 1.5 months Risk B is a bigger risk A commonly used formula for prioritizing risks,Effect of Non-linear Utility Function,Risk A: 2 month delay with probabi

17、lity of 10% Risk B: 8 month delay with probability of 5% Expected delay: A: 0.2 months B: 0.4 months = control risk B Expected utility loss: A: 5 U B: 3 U = control risk A,Summary,Different risks require different attention Focus on most important or on areas of uncertainty Prioritization is prone t

18、o estimation biases Some prioritization methods have in-built biases Transparency and understandability of prioritization is important: make sure you can explain the results to everybody,Controlling Actions vs. Reactions,Risk controlling actions are actions taken before the risk has occurred, I.e.,

19、it is proactive risk management Reactions are actions that are performed after the risk has occurred Risk management is primarily concerned with risk controlling actions,Defining Risk Controlling Actions,Brainstorming Open or focused Strategies Checklists Risk element review analyze risk elements to

20、 identify what actions could be taken Experience Personal experience and insights,Acceptance Avoidance Protection Reduction Research Reserves Transfer,Risk Control alternatives,No risk reducing action No immediate action is taken, but some may be taken at a later time Contingency planning Recovery p

21、lans are made, but no further action taken Reduce loss Refers to risk controlling actions that are used to mitigate the damage caused by risk Risk avoidance Refers to actions that are aimed at avoiding risks occurring Reduce event probability Influencing risk factors and observing risk monitoring me

22、trics to reduce the event probability,Selecting Risk Controlling Actions,Control high-risk scenarios Effectiveness of risk controlling action Project constraints Stakeholder priority Urgency of risk controlling action,Risk Monitoring in Practice,Define and collect risk metrics when applicable Monito

23、r additionally changes in the situation impact of risk controlling actions potential new threats changes in risk analysis input data Initiate risk identification, risk analysis or risk control planning when necessary,Building up a Risk Management System,People and competencies,Process,Methods,Tools,

24、People and competencies form the foundation of risk management,Process helps ensure their skills are applied consistently,Methods assure that risk management is done well,Tools increase productivity and can sometimes direct people and processes,People and Competence,Motivation Explain why risk manag

25、ement pays off Authorization Give people power to perform risk management Skills + knowledge + practice = competence Support in-house learning,Process,Make sure that the product development process has explicit points where risk management is addressed Provide templates for reports Define the risk m

26、anagement process and its outputs identify analyze control Clarify responsibilities,Methods,Select a portfolio of sound and easy-to-use methods Start simple and improve as you become more experienced Beware of the biases and problems with the methods you are using Use common sense - a method cannot

27、replicate it,Requirements for a Risk Mgmt Method,Consistency of application: there is a defined, repeatable process. Consistency of results: results from independent analyses do not differ. Usability: the method is easy to learn, operate, prepare input for, and the output is understandable. Adaptabi

28、lity: the system can be applied to different projects and situations. Completeness: consideration of all relevant relationships and elements of risk is given. Validity: methods results represents well the real risks and situation. Confidence: methods output is believable and method users believe in

29、it. Traceability: the method documents the assumptions and rationale used to derive conclusions. Communications: the method supports communication about risks between people and organizations. Feasibility: the required data and time for applying the method are available. Efficiency: the method produ

30、ces results with relatively low effort and time. Effectiveness: The methods results influence the project. Experience capture: the method allows capture and analysis of experience.,Tools,Tools can be best leveraged when the organization truly understands risks and is fluent in risk management Tool c

31、annot compensate for lack of analysis or understanding They may hide the real issues They may create false confidence Introduce tools gradually Key issues: Usability Teamwork,Conclusions on Risk Management Infrastructure,Deploy a portfolio of techniques Be aware of assumptions and problems with various