Risk Management Knowledge


Section I: Foundation of RAMA Risk Management


          Mahidol University (MU) founds “Risk Management center” simultaneously the announcement of 2014-2016 MU strategic plan.Under MU strategic plan, the eighth of key performance index (KPI) is related to “sustainability management” in which it incorporates and measures the  readiness  of Enterprise Risk Management (ERM). Hence, MU enacts and enforces every faculty to have ERM system  in policy level in 2015. 


          Faculty of Ramathibodi Hospital (RAMA), where is operated under MU, seted up risk management department in order to support such mentioned MU strategic plan. Additionally, RAMA risk management department is now operated under Dean Officer, in charge of  (Clinical Professor  Doctor Pornchai  Mulpruek)


1. Advocated the Role of Risk Management Committee (RMC)

2. Supported and Encouraged Risk Management Culture

3. Developed and embedded the knowledge of risk management throughout organization 

4. Facilitated with related parties in the aspect of risk management



Section II: Risk Management Concept, Knowledge and Standard


What is risk and risk management?

          Risk defines as the possibility of adverse future events or even repeated events in which it has the probability to occur again. More specially,if such events occur, it will directly affect to organizational goals (Committee of Sponsoring Organisations of The Treadway  Commission : COSO)


          Enterprise risk management (ERM) accounts for the process in which it relates to all levels of organization driven by board of director (BOD.)aligned with cross functions. ERM composes of identifying, assessment and mitigating risks, respectively. Additionally, the level of acceptant risk  would be various in relation to the risk appetite. 


          Many organizations confronts with the dilemma of defining risks or problems. By this it means that in actually, they are both different; yet,organizations identify them as the same things. Hence, RAMA risk management unit remedies such conflict and proposes the way to redefine them as the following flow.


Enterprise Risk Management (ERM) Standard

Source: COSO (Committee of Sponsoring Organizations of the Treadway Commission).

          RAMA Risk management system employs risk management framework from The  Committee of Sponsoring Organizations of  the  Treadway Commission - Enterprise risk  management (COS-ERM ).This standard is very well-known by its  scientific proven;accordingly, many large organizations adapt it in the implementation phase. 


          RAMA Risk management system employs risk management framework from The Committee of Sponsoring Organizations of the Treadway Commission - Enterprise risk management (COSO-ERM ). This standard is very well-known by its scientific proven; accordingly, many large organizations adapt it in the implementation phase. According to the figure above, there are three aspects of COSO ERM framework.


Aspect I: Types of considered Risks

Types of  Risks

What is about?

Strategic Risks

A possible source of loss that might arise from the pursuit of an unsuccessful business Strategy or even it is about the risk of unrealistic goals. 

Operational Risks

Operational risk is a form of risk that summarizes the risks a company or firm undertakes when it attempts to operate within a given field or industry. Operational Risks mostly are caused by human, IT, system or even manual process.

Financial Risks 

The probability of loss inherent in financing methods which may impair the ability to provide adequate return.

Compliance Risks

It can be defined as an uncertainty of an events that are not aligned with laws, regulatory and even standard. 


Aspect II: Process of Risk Management

Risk management process 

What is about?

Internal Environment 

Risk management process will be greater good implementation when internal environment supports it. The good internal environment is about to have risk management committee (Risk Management Committee) 

Objective Setting

As already mentioned in aspect I, the objective of risk management should cover with four types of risk. Also, such objective should advance determine before conducting risk management process. 

Event Identification

It is about the process of specifying real risk by no means of identifying the existing problems. In the first step, we need to lists all possible event and in the end, risk manager will then cross out some problems out of risk register. 

Risk Assessment

Risk is assessed through the likelihood and impact. The product of them is defined as the rate of risk in which it priorities. 

Risk Response

Normally, there are four types of response: avoidance, sharing, reducing and acceptance, respectively. Normally, most organizations select to reduce the risks.

Control Activities


Information and Communication

Information and communication are the indispensable support process. Risk should communicate to risk owners or even BOD. By periodic time. 


Risk management, generally, should dynamic. To be precise, monitoring is a compulsory process in order to perceive the current level of risk after some treatments.  


Aspect III: Levels of Assessed Risks

         As the importance of across function risk management process, it should initially starts with entity level, division, business unit and subsidiary. 



Section III: Business Continuity Management (BCM)

          In case of the inclined number of natural and man-made disaster, it could lead somehow of the shutting down business. By this it means that organizations should aware on the continuity of business during the crisis time. Good business continuity plan (BCM) should put-in-place in order to minimize the hazard risks and currently BCM therefore will be an important tools for organizations in the era of inclined hazard uncertainty event.  

          Business Continuity Management (BCM) accounts for “the approach of determining policy, procedure, process during the crisis and disaster time in order to ensure that the critical business processes can continue and hence return to the normal process as soon as possible”. 


Under BS 25999 standards, BCP can conduct through the following below process.