Genesis Management Services Pty Ltd
CUSTOMER TYPES
Business
Government
Property
Education
OPPORTUNITY & RISK
ANALYSIS
Organisation Strategy
Objectives, vision and KRA defined outcomes underpin the organisation strategy. The organisation strategy forms the basis for Capital Expenditure (CAPEX) initiatives. KRA’s arise from vision and additionally KRA’s describe the outcomes that must be achieved to meet vision.
State the Strategy and resulting KRA’s.
Determine The organisation Needs that the organisation needs to satisfy in undertaking any businesses eg. maximise income or maximise economic development etc. These are the key drivers of the CAPEX portfolio and are determined considering the organisation’s objectives, vision, values and KRA defined outcomes.
Business Assessment
An opportunity assessment involves the preparation of a high-level the organisation case and will need to address the following:
(1) Introduction
Detail the current position ie. the activity as it currently operates and details of the strengths and weaknesses and the short and long term opportunities and threats. | |
Define the business objective and expand on what the organisation want’s to achieve in undertaking the business. | |
Align the proposed business to the organisations KRA’s and underlying the organisation strategy. Consideration will also need to be given to the strategy for monitoring/managing the outcomes of the business. | |
Identify any associated businesses and their affect (if any) on the proposed business. |
(2) Outline/definition/objective
A brief outline of the business
including objectives, scope and key deliverable’s. It should also
set out the business activities and describe its association with
the strategy of a capital program to meet the KRA defined outcomes
and the organisation
needs.
Develop goals that the organisation is seeking to achieve in undertaking the business ie. what do they want to achieve by selling the land (there may be more than one).
How the business will help the organisation to achieve its strategy/goals.
(3) Identify Options
Identify alternative development
proposals for Domain that will satisfy achievement of goals. The relationship of the proposed
alternatives with the organisation’s overall objectives. Summarise criteria for selection of
alternatives (also include those options not considered appropriate
and why they are considered so). Once alternatives have been identified
the following analysis must be undertaken for each: Risk Analysis,
Financial Analysis, Qualitative Analysis, Implementation Plan,
Conclusion and
Recommendation.
(4) Risk Analysis
A risk analysis will contain a consensus
assessment of the potential risks for the appropriate
methodology. See Attachment 1 on risk assessment
below.
(5) Financial Analysis
A net present value (‘NPV’) model of the
costs of business implementation and ongoing maintenance versus the
benefits associated with its implementation and the costs incurred
if the business is not undertaken should underpin this analysis. Comparison of values of alternative
options. (Consideration should be given to the affect of
‘once-off/implementation’ vs ‘ongoing’ costs/revenue and their
impact the valuation of the business). Refer Attachment 2 on financial
analysis.
(6) Qualitative Analysis
Determine other influences on
business. Brief documentation for future
development and program
progression.
(7) Implementation Plan
An indicative time-line will provide a
basis of the business implementation and an expectation of when the
business will deliver its associated
benefits.
(8) Conclusion
The conclusion will consist of a summary
of all the above points and their relative weights in the decision
process.
(9) Recommendation
This section will be the final
recommendation as to the course of action with respect to
undertaking the
business
Attachment 1
Risk Analysis
Management identifies risk, determines the related impacts, develops strategies to mitigate and takes steps to remedy problems arising from these risk events through a process of risk analysis. Management should also consider that risk management is about identifying opportunities as well as avoiding or mitigating losses.
Risk and uncertainty are different. Understanding this distinction is important. When objective information is available on the probability of an event, then we are involved with decision making under conditions of risk. When we lack objective data, we are involved with decision making in conditions of uncertainty.
Risk can be categorised as per the following table:
The organisation Category Risk |
Types of Risk Category |
Circumstances in Which Risk Arises |
Environment |
Stakeholder Analysis: eg. relationships with/to stakeholders of proposed business. Sensitivity Analysis: eg. the volatility of environment to change, recent occurrences and trends impacting the stability of the environment etc. Capital Availability Risk: eg. availability of funds for the organisation, effect of short term loans. Political Risk: eg. the stability of the government, impact of whole of government initiatives, etc. Legal & Regulatory Risk: eg. the likelihood of new legislation/regulations which could impair the organisation etc. Industry Risk: eg. the volatility of the specific market, the level of competition, its phase of development (emerging, growth, mature), etc. Market Risk: eg. the trend of the organisation in general, is it in an upward or downward cycle, what are the likely impacts on the organisation, etc. |
There are environment forces that may either put a the organisation out the organisation or significantly change the fundamentals that drive its overall objectives and strategies |
Process |
Operational Risk :
|
| Customer satisfaction
|
| People quality
|
| Product/service development
|
| Capacity
|
| Performance gap
|
| Sourcing of resources
|
| Compliance
|
| The organisation interruption (eg. fire, flood, labour etc.)
|
| Product/service failure
|
| Health and safety |
Empowerment Risk :
Leadership
Authority
Monetary limits
Performance incentives
Communications
Integrity Risk :
Management fraud
Employee fraud
Illegal acts
Unauthorised use
Reputational
Financial Risk :
Interest rate
Liquidity
Credit
Information and Data Integrity Risk: eg. the integrity of the systems to store information and data, the adequacy of the processes to support them, the experience of the people accessing them, etc.
Information and Data Security Risk: eg. the nature of the communications network, the ability to restrict access to authorised people only, etc.
The organisation processes may not be clearly defined, be poorly aligned with the organisation strategy, not be performing effectively and efficiently, or may expose significant assets to unacceptable losses, risk taking, misappropriation or misuse.
Information Technology
Applications Systems Risk: eg. the integrity of specific programs, the adequacy of processes to maintain them, the experience of the people that manage them, etc.
The information technologies used in the organisation are not operating as intended or are compromising the integrity and reliability of information and other assets.
Information Integrity
Operational Risk :
Pricing
Contract commitment
Measurement
Alignment with the organisation strategy
Completeness and accuracy
Regulatory reporting
Financial Risk :
Effective budgeting and planning
Completeness and accuracy
Financial reporting
Regulatory reporting
Investment evaluation
Strategic Risk :
The organisation focus
Valuation
Performance measurement
Organisational structures
Resource allocations
Planning process
Information used to support important the organisation decisions is incomplete, out-of-date, inaccurate, or irrelevant to the decision.
Once the appropriate risks have been identified, management will need to:
(1) Identify the consequences of risk
This process will require an understanding of the nature of the risk, the severity, whether it is internal or external and then proceed to define the consequences of the risk, ie. the effect that it will have on the organisation.
Internal risks are able to be much
easier controlled and include : Competencies of staff Quality of equipment Resources for support operations Information systems External risks include : The organisation environment Regulation Natural
disasters
(2) Measure the risk
Measurement will tell management whether
something is wrong and requires action. Generically the risk assessment process
involves: Risk Identification Risk Impact Analysis Risk Response Planning Risk Response Control Of the risk categories identified, they
can be broadly categorised as follows : Economic/The organisation risk – risks
associated with conduct of the organisation (key components include
financial risk and market risk). Insurable (or Pure) risk – a general
category of risk or loss (eg. vehicle accidents, schedule slippage,
natural catastrophe, etc). Operational risk – risks associated with
the carrying out of operations. Technical risk – risk that technical
risks will hamper the development of a deliverable. Socio/Political risk – risk that
governments may interfere in conduct of the organisation and the
effect of public concerns/opinions on deliverable’s.
Risk Matrix
A Risk Matrix determines the level of importance and level of impact of identified risks throughout the stages of business development. The purpose of identifying extreme, high, medium and low risks is to provide risk response planning.
In the cases of both High and Extreme risk assessed at the Opportunity Assessment stage the following strategies should be put into place:
Transferring risk by means of insurance,
warranties, etc. Avoiding risk by not undertaking certain
businesses (stages).
Risk
Type Likelihood (refer definition below) Impact (refer definition below) Relative Importance (refer definitions
below) Comment on method of managing/mitigating
risk (must be completed of E or H
risk) Economic/The organisation Risks
(including financial & market risk) Insurable
Risks Operational
Risks Technical
Risks Socio/Political
Risks
Risk Likelihood
Level |
Descriptor |
Description |
A |
Almost Certain |
Expected to occur in most circumstances |
B |
Likely |
Will probably occur in most circumstances |
C |
Moderate |
Should occur in some time |
D |
Unlikely |
Could occur at some time |
E |
Rare |
May occur only in exceptional circumstances |
Risk Impact
Level |
Descriptor |
Description |
1 |
Insignificant |
No injuries and/or low financial loss |
2 |
Minor |
First aid treatment and/or medium financial loss |
3 |
Moderate |
Medical treatment and/or high financial loss |
4 |
Major |
Extensive injuries and/or loss of production capability and/or major financial loss |
5 |
Catastrophic |
Death and/or toxic release offsite and/or huge financial loss |
Risk Importance
Level |
Descriptor |
Description |
E |
Extreme |
Requires specific research and management planning at senior levels |
H |
High |
Needs senior management attention |
M |
Medium |
Nominates specific management responsibility |
L |
Low |
Fits within managing routine procedures |
Risk Matrix
Level |
1 |
2 |
3 |
4 |
5 |
A |
H |
H |
E |
E |
E |
B |
M |
H |
H |
E |
E |
C |
L |
M |
H |
E |
E |
D |
L |
L |
M |
H |
E |
E |
L |
L |
M |
H |
H |
Risks of capital businesses are normally evaluated against achieving required outcomes in terms of cost, time and quality (or business objectives)
Risk Type |
Likelihood (refer to definitions below) |
Impact (refer to definitions below) |
Relative Importance (refer to definitions below) |
Strategies for managing/mitigating risk |
Planning and Approvals |
|
|
|
|
Technical |
|
|
|
|
Financial |
|
|
|
|
Contractual |
|
|
|
|
Risk Likelihood
Level |
Descriptor |
Description |
A |
Almost certain |
Expected to occur in most circumstances |
B |
Likely |
Will probably occur in most circumstances |
C |
Moderate |
Should occur at some time |
D |
Unlikely |
Could occur at some time |
E |
Rare |
May occur only in exceptional circumstances |
Risk Impact
Level |
Descriptor |
Description |
1 |
Insignificant |
Business on time and on budget |
2 |
Minor |
Minor cost or time over runs |
3 |
Moderate |
Business exceeds budget (>5%) and/or runs late (>1 month) |
4 |
Major |
Business objectives are not met and/or major financial loss |
5 |
Catastrophic |
Business unable to be completed and/or huge financial loss |
Risk Importance
Level |
Descriptor |
Description |
E |
Extreme |
Detailed research and management planning required at high levels |
H |
High |
Senior management attention needed |
M |
Medium |
Management responsibility must be specified |
L |
Low |
Manage by routine procedures |
Risk Matrix
Level |
1 |
2 |
3 |
4 |
5 |
A |
H |
H |
E |
E |
E |
B |
M |
H |
H |
E |
E |
C |
L |
M |
H |
E |
E |
D |
L |
L |
M |
H |
E |
E |
L |
L |
M |
H |
H |
Summary of Risk Assessment
The risks sourced from the analysis will need to be further considered in subsequent phases, the following control development steps are appropriate:
Identify,
measure and source the root causes of the organisation risk
associated with the activity. Use
processes, objectives and risks to establish context for controls;
this step is not a “one size fits all” control checklist and
technique approach. Focus
controls design on preventing root causes of the organisation
risk. The controls
evaluation approach should be flexible enough to accommodate
controls design. Develop
organisational competence in designing the organisation risk
controls. Implement the
organisation self-assessment processes and programs. Partner with
suppliers to continuously improve the organisation processes and
controls.
Attachment 2
Financial Analysis
Present Value
The following components are critical to the net present value (NPV) calculation
(1) Estimated Cashflows (In/Out)
The cashflows
which must be estimated can be determined quite objectively whilst
some require subjective estimates. Management
may want to perform sensitivity analysis on the estimates made. Costs are
identified for NPV purposes according to their impact on the
business, eg. implementation and
on-going
(2) Determine appropriate Discount rate
The discount
rate represents the opportunity cost of funds and takes into account
the cost of borrowing’s and internal
funding. The discount
rate could also be adjusted for inflation if it were considered
appropriate, however this would require that all cashflows be
adjusted for
inflation.
(3) Apply discount factors to cashflows
The discount
factors for each period are calculated as
1
(1 + r) ^n
where: r = discount rate
n = number of periods from present to the cashflow
^ = the power of
These factors
are then multiplied by the cashflow in each respective period and
summed to arrive at the cumulative net present value of outsourcing
the activity.
(4) Net Present Value (NPV)
The NPV
represents the value of proceeding with the business or one of the
alternatives and becomes an input into the decision process.
Business Considerations
Activity
Cost/Revenue Profile The first
step in determining costs for input into the analysis model is to
understand the activity’s current cost profile as illustrated
below The process
involves determining the short-term avoidable costs of the activity
(ie. those which will cease within 12 months of the activity being
undertaken), long term avoidable costs and unavoidable costs. The
classification of costs as avoidable or unavoidable will often be a
contentious issue and may ultimately be a subjective decision – the
decision must be made and assumption(s) documented.