Risks when organizing events. Problems. Insurance and legal issues

17.02.2011

The next conference on risk management will be held in July 2013 - .

More and more energy companies are developing risk management systems. They are driven not only by the requirements of regulatory bodies, the consequences of the crisis, energy accidents, but also by the desire to lay the foundation for business development. Therefore, it is so important to build a system for detecting risks and seizing opportunities, as well as early response to threats.

DTEK Group has been operating in the Ukrainian energy market since 2002. It includes 15 enterprises that form an efficient production chain from coal mining and processing to the production and supply of electricity. Until 2009, risk management in the company was a system in which risks were tied only to functional areas - business areas. In order to make the system more comprehensible, transparent at all levels and effective, its concept was revised in 2009. At that time, the risk management department was subordinate to the CFO for some time - during the crisis, he was removed from the subordination of the CEO for a clearer concentration of efforts. When the management saw that the company was at the pre-crisis level of stability, it was decided to again carry out structural changes. So the risk management function was transferred to executive director... In addition, a group risk committee was established, which included general manager, CFO, director of security, as well as heads of three departments: risk management, audit and compliance. The task of the committee was to transform the existing risk management into effective tool risk management and improving the reliability, transparency and efficiency of company management.

First of all, the purpose of the system was reformulated. We have identified six areas for ourselves:

  • checking tasks and strategic initiatives for relevance;
  • checking goals for achievability in the short and long term;
  • providing reasonable confidence in the achievement of goals (answers to the questions: what can help us or, conversely, hinder us; how can we reduce possible obstacles and potential problems and turn them into opportunities);
  • work on bugs; monitoring events, conclusions and changing the line of behavior in the future to a more effective one; maximum flexibility;
  • development of a risk management culture in daily activities - that is, a kind of foundation for the functioning of the system, not only risk management, but also effective management as such, where responsibility and rationality are present in every area of ​​the enterprise.

The most important thing in a risk management system is to ask key employees the right questions on time, and then collect and analyze the answers and communicate them to everyone else.

In the next step, we clearly structured risks by groups, including two large groups of risks: internal and external. There was no such division before. And only external risks fell into the category of the most significant risks for the company. The internal ones were not scrutinized, which made it sometimes difficult to unleash the company's potential and improve internal processes... In order to balance our efforts to deal with external and internal risks, we have implemented such a division.

Risk groups are tied to groups of goals, and each specific risk is linked to a specific goal and target measurable indicator: short-term (operational), long-term (strategic) and always existing (systemic). Based on this, the structure of DTEK's risks today looks like this:

Systemic risks include:

  • risks associated with personnel management;
  • legal risks;
  • political risks;
  • risks associated with information technology;
  • asset security risks;
  • other risks that threaten the existence of the company.

Risks attributed to strategic areas of activity:

  • reputation risks;
  • investment and liquidity risks in the long term;
  • environmental risks;
  • compliance risks;
  • risks of strategic projects (including M&A);
  • market risks (risks of competition and market environment);
  • other risks directly related to the execution of the strategy.

Among the operational risks are the following:

  • risks that may interfere with the execution of budget targets;
  • risks investment projects within the current period;
  • tax risks;
  • risks of current projects of the business plan.

I would like to note that risks from other groups - strategic and systemic - can also fall into the operational category during the year. We identify them at the stage of the annual assessment for inclusion in the annual action plan.

The structure described is quite flexible and is in a constant process of improvement and updating.

Why was it decided to tie risks to goals? In the company, each line of activity, function, employee has a list of goals for the year. In addition, there are goals for longer term(say, strategic), in the case of long-term projects. Thanks to this transparent communication, everyone understands what should be achieved, by what date and how the result can be reflected in the work of the whole group. This not only improves the clarity of setting goals and keeping records, but also motivates and promotes greater employee involvement in the process.

Process, indicators and appetites

The company has adopted a cycle of management and risk assessment, which is repeated from year to year. In addition, the strategy and strategic risks are updated annually. We are aware that the market does not stand still, many external factors affecting the business are changing. This entails the need to revise the goals and objectives, as well as the associated risks.

The main steps in the risk management process are always the same. They include identification and definition of types and types of risk, causes (factors) of its occurrence, assessment of inherent risk, appetite establishment, development of management measures, assessment of residual risk, as well as monitoring.

To obtain a quantitative statistical assessment, our company uses risk exposure meters, the so-called key risk indicators ( KRI - key risk indicator). This is a quantitative indicator that allows one to judge the level of the company's actual exposure to this risk at one time or another. Dynamics KRI is monitored periodically without fail. Let me give you an example: equipment accident rate (as an operational risk) has indicators in the form of breakdowns, losses from work process downtime and restoration of normal operation, restoration costs, etc.

Of course, not all risks can be quantified. Some of them, such as reputational or environmental risks, are often assessed and qualitatively. In this case, we add alphabetic ciphers to the digital value (for example, the possible occurrence or non-occurrence of various kinds of responsibility, etc.).

Appetites are set for all risks. These are quantitative indicators - the boundaries that determine the maximum acceptable level of risk that the company is ready to accept (before the need for corrective action). At DTEK, they are two-tier.

The first level is those appetites that are formed from indicators. For example, if the indicator of staff turnover is less than 10%, then the situation is within the normal range, and no special measures in the form of an analysis of what is happening and the introduction of additional incentive measures are required.

The second level of appetite is set for aggregated indicators, that is, those indicators that are affected by risk. In our company it is EBITDA. In the process of approving the risk appetite for this indicator, the members of the DTEK board expressed their proposals: they named the amount, the loss of which would be acceptable for the company and discussed it, and following the voting, the risk appetite for EBITDA for the entire group in 2010 was set at 5%. After that, for each enterprise, its appetites in monetary terms were calculated and communicated to it, proportional to its contribution to this indicator. What does this mean? If the deviation of the actual EBITDA of a particular enterprise from the planned business plan within a month is less than the established figure - a special analysis of the reasons for the deviation may not be carried out, or carried out only upon request. In the event that the deviation turns out to be higher than the permissible, our enterprises, together with the provision of reports on the implementation of the plan, give us a description of the reasons for the deviation, the risks and factors that caused them, as well as a list of measures taken and proposals to prevent similar problems in the future. This is a streamlined process that we call budget control. At the same time, in essence, this is an elementary management of risk appetites at the level of the parent company and their standard tracking.

In addition, once a month, all our enterprises provide reports on the implementation of risks. If the corresponding indicator goes beyond the appetite, then they simultaneously send us an analysis of the reasons why this happened, and a list of measures that will be taken to prevent a similar situation in the future. The reports are periodically reviewed by the risk committee and are continually monitored by our department. However, if we see that such and such a risk is constantly at the limit of appetite, but has not yet gone beyond it, we promptly take control of it and develop measures that will allow this risk to be prevented, which will be discussed later.

Transformation into opportunities

In general, the picture of risks by the company and its areas of activity is reviewed once a quarter at a meeting of the risk committee. In addition to the management staff of the corporate center, it is attended by top managers of enterprises belonging to the DTEK group, as well as their key employees. We divide risks into significant (group A) and non-material (group B). A group of the most significant risks that can greatly affect our business is always brought up for discussion at the highest level. They are identified on the basis of interviews with experts, including those from specialized directorates, the strategy directorate of our group, analytical data provided by enterprises, the strategic block and prepared by risk managers, publications in the media, as well as internal statistical information. The materiality of the risk can be determined in relation to the monetary threshold, and such materiality limits have been established for the enterprises of our group. In addition to the materiality threshold, the expert opinion of a member of the risk committee is taken into account. For example, if some risk does not fall into the group of significant monetary value, but we are aware that it is important for the company, the risk committee takes it under control and works with it.

As an example, for DTEK one of the biggest risks today is legislative changes. The energy sector in Ukraine is subject to strict regulation, and each new law, the decree or order could have serious negative consequences for the company.

Each of these high-level risks is analyzed and monitored quarterly at the committee level and monthly at the level of our department - we track the trend, the level of appetite for it at the moment, etc.

It is the constant monitoring that serves as a powerful risk warning tool. For each function of our company, all data are consolidated, a cut is made for the company: statistics in different sections, graphs, forms and analysis. The analysis includes, in particular, comparison with previous periods, with the established risk appetites for each indicator, with the achievement or non-achievement of goals. For example, we have estimated the current "operational" level of accidents, and we annually include in the business plan the amount for recovery based on the results of accidents - we know from statistics that they will still occur in some, albeit minimal amount. Throughout the year, we collect information about breakdowns, look at the dynamics in comparison with previous periods, and compare them with the figure laid down in the business plan. We monitor that their volume does not go beyond the established appetites. The most important part is to analyze the causes of accidents and the measures taken. We look at why certain developed measures do not give a result, and if they were not implemented at all, then what were the reasons, and we insist on their development, etc. After that, all the data received and processed by us is presented in the most convenient way view to interested leaders in the form of charts, trends and analysis. We are currently automating the work with such reports.

In general, during the meetings of the risk committee, we try to present our problems as our opportunities. The group's management initially views risk as an uncertainty that can give the company positive potential, and not as a problem to guard against. An example is situations with changes in regulatory requirements: suppose a specific regulation may negatively affect our generating unit. Before its approval, we are already considering all the available opportunities and trying to understand whether, say, distribution or mining can win, how to balance the work, etc. As a result, we try to use any change wisely anyway.

Of course, our company is not limited to identifying and assessing just a few significant risks, which are mentioned above. We also identify and track dozens of less significant risks. All of them are considered at the level of enterprise management - the corporate center has delegated both the opportunity and responsibility to manage risks within the framework of those appetites that exist within the entire group.

It's all about the reaction

In general, we do not draw up unnecessarily detailed scenarios for responding to risks. At the same time, we have formulated a standard list of our actions in the event of a risk event. On exit, the values KRI abroad, established by the risk appetite, the risk owner initiates one or more actions from the following list:

  • taking emergency measures to reduce / close the risk;
  • revision of the action plan aimed at reducing exposure to risk with obligatory informing of the risk committee;
  • revision of the business plan / targets;
  • revising the risk appetite and informing the risk committee (when revising for significant risks).

Some of the response options described above are often already contained in a worst-case scenario (and a global example of this is the disaster recovery plan that the company is developing today).

Measures can be developed by the risk owner in case of excessive appetite in a clearly limited period, if, for example, the realization of the risk is temporary in nature and is associated with a momentary market situation, a temporary regulation of the regulatory body or a specific accident. This happens most often, and such an action is mandatory, since it means that the previously provided measures are not sufficient to prevent losses from realizing the risk. In other, rare cases, if the realized risks are of a protracted, systemic or catastrophic nature, we can revise the appetites for them or even the company's business plan (that is, new targets). The financial crisis was an example of such a risk being realized.

If the risks that have exceeded the threshold and have been realized repeatedly do not entail significant consequences, a review of the risk appetite may also be initiated. In this case, we understand that we may have set the indicator too tight.

Reasonableness and responsibility

What exactly is the risk management department responsible for? Taking DTEK as an example, I can say that we are responsible for the risk management process (and not for specific areas of the company's activities and risks in them). Our task is to make it as efficient as possible. Our division is in charge of the functions of methodological support, consolidation of all information on risk management and its analysis (in addition to additional related areas of insurance and internal control).

As for me, as the head of the function, I am not responsible for the risks themselves, their implementation or prevention. Moreover, quite often they are associated with production process, finance, etc. My task is to conduct appropriate training for key specialists, collect the necessary information, structure and analyze it, submit it to managers on time, build a system of indicators, etc. But as the head of internal control and insurance, I am responsible for the reasonable and optimal insurance in the group. Here I am also the owner of the process, so not only the development of methods, insurance requirements, determination of the list of counterparties and other related tasks, but also the effectiveness and results of such work are directly within my competence.

In general, the purpose of our function is to ensure awareness for reasonable and responsible decision-making, that is, timely provision of a complete picture of risks, opportunities, history and assumptions to responsible persons - managers. This includes early warning of problems, analysis of how they have been resolved in the past, and much more, the mechanics of which were discussed above.

At the same time, the Risk Management Department does not independently revise its internal processes. I initially insisted not to make our division a department to improve operational efficiency, to optimize business processes. This in the group is dealt with by profile directorates, responsible working groups and managers. We participate in relevant events as methodologists, moderators and, of course, as risk management specialists. We find out what was the reason for the realization of the risk in the past (whether the factors that caused it remain) and today (where there are uncovered areas), and we try, together with our colleagues, to figure out how to prevent problems in the future. This is precisely the competence of our internal control function.

Today risk management in DTEK Group is a function fully integrated into key business processes. It employs 14 people. We have developed and approved at the level of the board and other authorized bodies a risk management policy, relevant methods and regulations in areas, report forms and plans. We review and agree on a list of risks, their assessment and an action plan to prevent and respond to risks, before it is discussed by the risk committee and other relevant committees and authorized persons. All relevant final reports prepared by the managers of the group enterprises for senior management go through our department.

Summing up the above, I can say that over the year and a half of its existence, the updated risk management system at DTEK has made the decision-making process more transparent and simpler for managers. I hope this has helped to improve their quality. Including thanks to the efficiency of our management decisions we maintain a strong position in the fuel and energy market of Ukraine. I have no doubt about that.

Irina Andropova, Head of the Department for internal control and risk management of DTEK

The psychological aspect of the study of risk opens up new possibilities for studying the reasons for existence bad habits, an explanation of some of the features of human behavior.

The mechanism, the desire for risky actions are traits characteristic of a significant part of young people, and often the introduction to alcohol, narcotic or toxic substances is a kind of bravado, etc.

A successfully completed risky act usually evokes feelings of satisfaction from a certain danger. However, for one, such a danger can be the assault on a difficult peak in inclement weather, and for another, in the absence of sufficiently developed moral, psychological so-called "insurance mechanisms", - burglary, for others - entrepreneurial activity, carried out by him in order to obtain more benefits and, accordingly, accompanied by an increased degree of risk. In order to taste the pleasure, enjoy the joy of victory, the results of one's labor, a new and stronger danger is needed. So a person can increase the propensity to take risks and he becomes an end in itself for him.

This implies a natural requirement: the system of measures of influence on people should take into account that their behavior is determined, along with many other circumstances, by motivated or unmotivated risk. Yu.V. Chufarovsky expresses the judgment that it is extremely difficult for a person with a weak will to resist the urge to imitate, especially if it is intensified by danger.

Russian civil law does not subdivide risk into reasonable or unreasonable (excessive, unacceptable), thereby allowing risk in any act and in any legal relationship that is governed by civil law. Moreover, civil law does not provide for liability for unreasonable (excessive, unacceptable) risk. There is not a single norm in civil law that would directly speak of civil liability for unjustified risk. Based on this, it is possible to assume that in civil law any risk is justified.

Criminal legislation takes a slightly different position, believing that the risk must be justified, otherwise criminal prosecution may ensue.

The general part of the criminal law has now expanded the number of circumstances precluding the criminality of an act. Particularly noteworthy is the norm, first introduced into the Criminal Code of the Russian Federation (hereinafter - the Criminal Code of the Russian Federation), dedicated to reasonable risk. According to some estimates, at least 30-40% of the actions of the tax police, firefighters, rescuers, pilots, drivers Vehicle occurs under conditions of risk. And the undeveloped mechanism of action of the corresponding norm creates a threat of unfair prosecution of them.

From the point of view of criminal law, negligence can manifest itself in criminal arrogance or negligence. Here, the actions of the culprit characterize the determination to commit the act he needs (and it is natural that the interests of others in this case are sacrificed out of frivolity, although quite deliberately). And it is not so much a matter of counting on overcoming circumstances, but of confidence in a successful outcome. And guilt is expressed not only in the mental attitude to the result, but, first of all, to the unlawful action.

As for civil law, it usually does not apply the division of negligence into arrogance and negligence. Recklessness here is characterized by the fact that the subject either does not admit or does not foresee the possibility of causing a harmful result by his behavior, although he should and could have admitted or foreseen it.

Including the norms on justified risk in the Criminal Code, the legislator outlined a tendency to develop initiative and independence, scientific and technical, economic, professional courage, to make new, non-standard decisions in any area where this or that citizen works.

Reasonable risk, consisting in the legitimate creation of a possible danger to law-protected interests in order to achieve a socially useful result that could not be obtained by ordinary, non-risky means, is a circumstance that excludes the criminality of an act.

Any citizen has the right to risk, regardless of the extreme situations in which he risks (when exercising professional activity or when overcoming difficulties arising in the sphere of everyday life, leisure, entrepreneurial activity etc.). With a legitimate risk, the goal cannot be achieved by ordinary, non-risky means, not related to risk actions. If such an opportunity existed, and the person did not take advantage of it, but chose to take risks and, as a result, caused harm to the interests protected by law, it is subject to liability on a general basis.

The risk should not translate into knowingly causing harm. The riskier perceives the possibility of causing harmful consequences only as an incidental and only possible (and not inevitable) variant of his actions (inaction). Thus, the actions performed by professionals in conditions of legitimate risk must comply with modern scientific and technical knowledge and experience, etc.

However, it is necessary to start from the position of the so-called average person, who, under conditions of risk, often proceeds from the objectively prevailing specific conditions and the possibilities at his disposal, relies on the experience and knowledge that he himself possesses. In this case, the person who took the risk must take, in his opinion, sufficient measures to prevent harm to law-protected interests (to foresee the size of possible harmful consequences and, taking into account the available opportunities, to correctly choose those measures that can, if not eliminate, then at least minimize them the size).

In such cases, when the person was mistaken and, despite Taken measures and contrary to his calculations, the resulting harm turned out to be very large than it could have been if other measures not related to risk were taken, the limits of justified risk are exceeded and criminal liability may arise. Exceeding the limits of reasonable risk is considered by criminal law as a circumstance mitigating liability.

A person has the right to choose various options for his behavior, and if he chooses an option that is harmful to society and the state, responsibility, the application of sanctions, condemnation of this particular behavior as illegal behavior will follow.

In the literature, there is another point of view, linking wrongfulness with an action that violates a legal obligation - to refrain from committing this action. So, V.P. Shakhmatov argues that since the responsibility cannot be assigned to incapacitated persons, their behavior should not be considered as illegal. The first part of this point of view does not raise any objections if we take into account that there is no fundamental difference between understanding wrongfulness as a violation of a legal norm and as a violation of an obligation. However, it is impossible to agree that the legal norm applies only to capable persons. Legal regulation- this is general rule behavior for all, but an incapacitated person is not capable of creating rights for himself and acquiring responsibilities by his actions. But this does not mean at all that the prohibition of certain behavior applies only to persons who have reached the age of 18. Based on various points of view, it can be concluded that actions that violate the norms of law are recognized as illegal.

In the Civil Code Russian Federation the legislator avoided listing the cases that would exempt from liability. So, in Art. 416 "Impossibility of performance of an obligation" indicates that "The obligation is terminated by the impossibility of performance if it is caused by a circumstance for which none of the parties is responsible." Part 1 of Art. 401 of the Civil Code of the Russian Federation "Grounds for liability for violation of an obligation" reads: "A person who has not fulfilled an obligation, or who has performed it improperly, is liable in the presence of guilt (intent or negligence)" discretion, which was required of him by the nature of the obligation and the terms of the turnover, it took all measures for the proper performance of the obligation. " Part 3 of the same article reads: “Unless otherwise provided by law or contract, a person who has not fulfilled or improperly fulfilled an obligation in the course of entrepreneurial activity is liable if he does not prove that proper performance was impossible due to force majeure, that is, extraordinary and circumstances unavoidable under the given conditions. Such circumstances do not include, in particular, the violation of obligations by the debtor's counterparties, the lack of the necessary goods on the market, the absence of the necessary funds from the debtor. "

Thus, the legislator delegates, at the discretion of the parties or the court, the possibility of determining a specific list of extraordinary and unavoidable circumstances that entailed failure to comply or improper performance obligations.

In the practice of civil circulation, the question of what obstacles to the execution of the contract the parties took into account when concluding it is usually decided directly or indirectly by the parties themselves. Of course, such an expression as "force majeure" appears to a greater extent in contracts. But in professionally drafted contracts there are specific conditions that provide for the grounds and consequences of release from liability when certain circumstances occur. Such conditions are recognized as valid, although in their content they may differ from those provided for by the rules of law.

The general formula for exemption from liability can be illustrated by examples from practice, which indicates such traditional events as natural disasters (earthquakes, floods, hurricanes, etc.), as well as circumstances especially characteristic of the sphere international trade and consisting in the ever-expanding interference of government bodies in this area, blockades, military operations, etc. Events such as a strike, an accident, etc. can also have similar consequences. However, it should be remembered that always the legal consequences of an event must be qualified in each specific case in terms of the applicable criteria. And therefore, it may turn out that the same circumstances in different situations will affect the responsibility for default in different ways.

Thus, on the basis of the above reasoning, the impossibility of performance can be defined as an objectively existing situation in which the parties (party) find themselves due to circumstances precluding the actual performance of actions in relation to the subject (s) of the obligation. The impossibility of execution can be divided, first of all, into the impossibility of the guilty and the impossibility of the innocent, as the legislator does. The culpable impossibility entails liability in the form of sanctions and damages. Conversely, an innocent impossibility terminates the obligation.

All of the above allows us to conclude that when the impossibility of performance arises both objectively by chance and subjectively by accident, we are faced with the issue of risk as a basis for responsibility.

Organization of events is difficult and sometimes unpredictable. At almost all events, situations arise when something does not go according to plan and gets out of control. There are many risks associated with organizing events, and we will talk about them in this article.

  1. Staff

People are always a source of risk. Even if you work with professionals, you shouldn't exclude the human factor. The presenter may get sick, the speakers at the event may not come, the waiters may not be able to cope with the work. You should always have the phones of people who can quickly come and save the situation. Hosting, emergency and food delivery numbers will never be superfluous, and in some cases will help save the whole event from failure.

  1. Equipment may break

Please be aware that your camera or photo camera may run out of battery, your computer or projector may stop working, or power may go out altogether. Such situations should always be foreseen. Carefully monitor the work of your contractors, check all equipment in advance, always have a few cables and extension cords in stock. You never know at what moment you may need them, but in the event of force majeure, they will help you a lot.

Before the event itself, check with the owners of the site if there is a spare generator on it. If not, then you need to find out about the availability of people who can quickly troubleshoot.

  1. Speakers at conferences

Check in advance the invited speakers for the presence of public speaking experience, otherwise you may find yourself in a situation where the speech becomes a failure due to the speaker's lack of experience. In this case, rehearsals before the event will save you, which will help prepare an inexperienced speaker for the stage and save you from unforeseen situations.

  1. Abrupt change of weather

There is always the possibility that at the most unexpected moment it will rain or a thunderstorm. And you must be ready for this. Think in advance what you will do in this case, where the guests of the event will have to go. If the start of the event depends on the weather, then you need to think about how long the beginning can be postponed, what at this time you can occupy the people who have gathered for the beginning of the holiday.

  1. Guests may not behave as planned

In the event manager's plan, everything that should happen at the event is clearly spelled out: when the next speaker comes out at the conference or when the time comes for a “surprise” for the guests of the holiday. Sometimes guests may not pay attention to the request to go somewhere, because they are too keen on the conversation, accidentally spoil the key decoration, and so on. Therefore, you need to remember that this plan is only in front of you and the guests do not think about the timing and how complex the event is.

Material prepared:

Last week Minsk hosted the 70 Years of Peaceful Sky air sports festival. The show turned out to be bright. But the organizers made several serious mistakes, which caused many spectators to spoil their impressions. This case was analyzed by our project management expert Maxim Yakubovich.



Once they failed to meet the expectations of a client who came to an event, the next time they try to invite him to a similar event, the organizers are likely to hear something like: “Last year we waited an hour and never got any spectacle. We won't do it anymore. " It will be too expensive and difficult to regain customer interest.


For any event project, you can learn a lesson from this mistake and formulate the risk:

“The owners of the place where the event is planned to be held may refuse the organizers to hold the event. This will lead to the need for short term find and prepare a new place that meets certain requirements. "

I wrote earlier about what strategies for dealing with risks exist:

Let's pump the risk through 4 possible strategies:

1. Evasion from this risk is hardly possible.

2. Broadcast This risk would have been possible if a decision had been made to transfer the entire organization of the event on a turnkey basis to an agency specializing in such events.

3. Decrease risk has several options:

To reduce the likelihood of the condition under which the risk materializes, it is possible to conclude an agreement with the organizers, which from a financial point of view will be unprofitable for the owner of the place (for example, to prescribe a large fine).

It is possible to reduce the impact of the consequences. It is necessary to first find a spare place for the event and agree on the possibility of holding a holiday there on the planned dates.

4 . Active risk taking would consist in creating a reserve of money to prepare a spare place in a short time and a plan for quickly preparing this place for an event in case of refusal to hold in the main place.

Of the four strategies for dealing with this risk, the most appropriate, in my opinion, are reduction and active acceptance.

Error 2

Quoting from the article: “We decided that only the first balloon launch will take place in Minsk-1. According to the organizers, it was supposed to happen at 18.00 on Friday, but that evening it started to rain in the capital ”.

This puncture surprised me a little. One should know that it often rains in Belarus in summer, and forecasts for a month have a probability of no more than 70%.


Let's formulate the risk:

"In case of rain at the start of the holiday, the start will have to be postponed."

Strategy evasion: you can only evade by hiring planes that will disperse the clouds (more -). But it is obviously expensive and not every event organizer can afford it.

Broadcast: this risk, in fact, there is no one to transfer. If only to return to the idea of ​​transferring the entire event on a turnkey basis to a specialized event-agency.

Decrease: we cannot influence the probability of rain, but is it possible to reduce the consequences? Obviously, it is possible to reduce dissatisfaction with the postponement of the start of the event by thinking in advance how many hours it is possible to delay the start, how to occupy people who have gathered before the start of the holiday and how to organize their passage if there are a lot of people willing.

Well Adoption- this, again, is the creation of a reserve of money for entertainment events that must be launched in order to keep the audience occupied until the moment it rains.

Interestingly, rain caused a third risk:

“When the rain stopped, law enforcement officers started to let the crowded people into the airport territory. But by that time there were so many people who wanted to admire balloons that the police simply could not cope with their flow. "

The strategy for avoiding this risk is described in the article itself: organize a sufficient number of checkpoints. I would also use a mitigation strategy for this risk: inform viewers in advance(also in advertisements or articles) that for the passage to the event will be organized checkpoints and you will have to queue up for a while. And so that it was not boring to stand in lines, I would have come up with some kind of entertainment or activity.

Error 3

Quoting from the article: “Because of the strong wind, they decided to postpone the start completely.”

Let's formulate the risk: "Strong wind at the time of the planned start of the event will not allow balloons to be launched into the sky."

It is impossible to evade this risk, there is no one to pass it on, which means it is necessary to reduce its consequences. And in the article, the organizers of the event themselves offered to reduce the risk: to have a backup version of entertainment for the spectators who came to the holiday. For example, hiring a presenter, arranging some kind of contests on a topic related to the event, and a prize drawing - you need to make amends for those whose expectations were not met.


As you can see, in risk mitigation activities for the three risks, the same thing appears: the preparation of an entertainment program that must be launched in order to keep the audience occupied until the rain passes, the wind stops, and while they stand in line. Of course, such a program needs to be carefully thought out, tk. if it does not rain, it will be short, and if it does, it will be long.

Error 4

Quote from the article: " One of the tasks was for the city to see the balloons, and if we all launched them from Borova, then with that wind they would fly towards Minsk-2. At about five in the evening, we decided to launch most of them from the airport so that the balloons would fly over Minsk and land in Borovaya. The flaw, says Anton, was that the audience was not immediately informed about it. "

We formulate the risk as follows: “On the day of the holiday, the wind will change its direction and the balloons will fly to another, not planned by the organizers, side”.

Again, the risk cannot be avoided and there is no one to pass it on. We are thinking how to reduce the consequences. For example: we have a spare site, we transfer the start there and inform all spectators 2 hours before the start of the transfer of the start to another site.

Error 5

Quoting from the article: “Much in this sport also depends on the time of day. For example, few people know that it is forbidden to fly in a balloon over the city at night. Therefore, the audience was disappointed whenon the show"Night glow of balloons" not a single balloon rose into the air. "


We formulate the risk: “Viewers may not know that it is forbidden to fly in a balloon over the city at night and they won’t understand why the balloons don’t take off at night ”.

For other event projects, this risk can be generalized:

"Viewers are not always aware of the technical limitations for some show numbers and will not understand why they were not there when some events happened."

Obviously, for this risk, the consequences can be reduced by informing in advertising articles about the event that balloons will fly only during the day. Therefore, hurry up to see them at this time. And at night there will be other numbers and shows.

I hope this case will spur the organizers of such major events to take project risk management more seriously.

I wish you success in your event projects!

Project management expert, consultant and business coach of the consulting group "Here and Now".

More than 10 years of experience in project management.
20 completed projects as Project Manager and Project Program Manager.
Teaching experience - 10 years. About 2,200 students trained at his seminars.

Lecturer in the module "Project Management" at the Russian School of Management.
Visiting Lecturer on Project Management at the British High school design.

YOU WILL LEARN:

  • why you need to manage risks;
  • what five steps are needed to manage risk;
  • how to learn to manage risks.

Risk management is necessary when we need to make complex decisions: at the stages of product development, when studying the feasibility of making changes, investigating deviations, organizing a workspace or deciding on the possibility of combining production schemes for different drugs, etc., - in fact, where there is a problem of choosing from several options, and where there are no clear, unambiguous requirements. Risk management technology is necessary in a situation where there is uncertainty and uncertainty.

In no case should risk management be opposed to current regulatory requirements. It is impossible to justify the non-binding nature of the implementation of legislative norms through risk assessment. The risk management process is the source of requirements. History knows many examples when it would be possible to avoid dangerous situations if we were better with them. ruled... There are also many developments in pharmaceutical practice from which lessons have been learned.

This is how GMP 1 rules came into being. These rules are only a program to minimize the known risks associated with the production of medicines. Preventing cross-contamination, confusion or substitution, hygiene and self-clearance, choosing a quality control strategy, and maintaining a quality system are just a few of the classic examples from the field of risk management.

Many managers believe that they can see the full picture of their processes even without additional technologies and intuitively feel the risks to the quality of their products. Indeed, professional, talented managers have tremendous intuition. Only it is unlikely that it is congenital. It can be developed using a risk management methodology. After all, intuition is a subconscious analysis of various options for the development of certain events. Including dangerous ones. This is the answer to three key questions: what can happen; if this happens, what will be the consequences and because of what can this happen? Good intuition is a “spontaneous” assessment of risks by an individual person. And the conscious application of the risk management process is an objective corporate culture, weakly dependent on subjective factors. Moreover, it is a replicable and easily disseminated technology.

Identifying and assessing quality risks does not work by itself. The result of risk management is the selection and implementation of a strategy for controlling significant risks. The task is not to endlessly play various scenarios, not to avoid responsibility, but to make correct, balanced, sometimes even risky, but consciously risky decisions.

Product quality risks are consumer risks. The manufacturer of the medicinal product, the holder of the marketing authorization and government bodies regulating the circulation of medicines are responsible to the patient for the efficacy and safety of products placed on the market.

Security is based on modern approaches to risk management. Risk management is the line of defense. It turns out that the only way to ensure patient safety is to implement an effective quality risk management system. This is an element of our responsibility to society. The patient needs guarantees of the effectiveness and safety of the products he takes.

Security does not mean there is no danger. A safe state is when we know what, from our point of view, hazardous events can occur and what impact they will have on the quality of our work and products and, as a result, on our consumer. Safety should be ensured without resorting to prohibitions, but by developing effective procedures. Even if we do not have the opportunity to prevent the occurrence of a dangerous situation, we, at least, will be able to prepare for it, we will think over measures to prevent and overcome the consequences in advance, we will warn everyone about the presence of a serious danger, for example, by describing it in the instructions.

Hazard is measured by risks, which vary in importance. In order to understand what risks require our special attention, they need to be adequately assessed. If you don't study nature possible risks and hide behind the slogan: "NO risk will be tolerated!" - we will not be able to understand why this or that risk can be realized, and, accordingly, we are unlikely to be able to reduce the likelihood of its occurrence. All that remains is to say: "Sorry, it happened!" Risks need to be managed systematically and professionally. This is an integral and necessary competence of any manager of any level at any enterprise.

Sometimes one hears the opinion that risk management is just a catchy name and incredibly harmful technology, applicable only to armchair people. It's not like that at all. The personnel of any department can be conditionally divided into two categories: managers and performers.

Contractors perform work based on the established requirements. Managers, however, establish requirements for the performance of such work, taking into account legislative norms, prescribe algorithms and create conditions, and then control the quality of their performance. In most cases, the contractor does not need a risk assessment. Leaders need it. It is needed when they are forced to make important and difficult decisions in conditions of uncertainty. For example, there are no legal requirements or these requirements are stated without specific algorithms for their implementation, or there are several implementation options, but there is no certainty which option to choose. Managers are responsible for the results not only of their own work, but also of the work of the performer. And the higher the uncertainty caused by uncertainty, the greater the responsibility for the consequences of the implementation of the decision. Based on how the leader manages risks, one can draw a conclusion about his professionalism. If a leader skillfully applies this methodology, he comes across as an astute person with clear logic and remarkable intuition.

These are the qualities that risk management technology develops. In addition, such a leader understands that the executor's mistake is often caused by the negligence of his leader, which manifests itself in the fact that he did not fully assess all possible threats. And those who believe that all risks are equally dangerous or unacceptable, that is, impossible, are simply not able to make decisions.

As a result, they do it at random, using their favorite "poke" method, or shift the responsibility for the decision onto another, for example, the same performer. It's easier. The practice of doing only what is required and only as understood is inherently flawed. Agree, we often find ourselves in situations where it is difficult and sometimes scary to make a decision and there is a feeling of uncertainty and unpredictability as to how it will affect the quality of the product, and therefore the safety of the patient. And then it may seem that the risks are something that does not depend on us. Or, conversely, we will become presumptuous of believing that we have completely eliminated risk.

However, in reality this is not the case. Any deviation, failure in the operation of the engineering system or equipment, a claim received or a signal of a side effect of the drug is a realized risk. Of course, you can simply not register deviations and emerging problems, thereby confirming the reliability of your processes. This is a bluff! There are and always will be risks. The main thing is to see the threats in time and calculate the "unforeseen circumstances" in which these threats can materialize, understand what we can do to prevent this from happening and how to act if it does happen. Do everything that depends on us and be ready for any development of events.

Is it worth spending a lot of effort where you can get by with little money? If your decision is based on a regulatory requirement and you are confident in it - no, you should not. No risk assessment is needed here. However, if you are in a difficult situation, you need to understand the possible threats and their consequences, calculate in advance how to act in this or that course of events, and be prepared for anything.

Risk management improves predictability and certainty, which gives us a sense of confidence. Of course, this is an approach that provides sufficient consumer protection, which, in turn, does not interfere with profit and does not slow down the development of the enterprise.

The basic principles of quality risk management in the pharmaceutical industry are set out in the ICH Q9 guidelines, the text of which has been included in the European GMP framework since 2008: first in Appendix 20, and then in Part 3 of the GMP. The need for risk management is documented in various guidelines issued by regulatory agencies, professional communities (e.g. ISPE, PDA, IEST) and medical organizations around the world. This methodology is based on the knowledge and experience accumulated in different countries... However, in Russia there are still debates about how correct this methodology is. Its erroneous perception has already led to the exclusion of the text of ICH Q9 from GOST R 52249-2009 with a “criminal” wording: “ This text is stated vaguely and is not suitable for practical application ". Why is it not suitable? The risk management process model presented in ICH Q9 (Figure 1) is simple and, most importantly, implementation-oriented (Figure 2).

Figure 1. Traditional quality risk management process (in accordance with ICH Q10 guidelines) of the model presented in ICH Q9

Of course, in risk management, as in any technology, there are enough nuances and details. In order to use this technology correctly, it is necessary create internal standards and procedures, to train leaders and experts involved, exercise constant supervision for the quality of the assessment.

Attempts to exclude risk management technology from the effective decision-making process are absurd. It is unacceptable to simply remove the risk management process from the standards just because the author of the national standard does not understand its methodology. Do not go to extremes and blame the technology of risk management for redundancy, incorrectness or subjectivity.

The decision of any person is subjective in nature. You need to fight not with subjectivity, but with carelessness when making decisions. Risk assessment should not be based on guesswork, but on modern scientific achievements, known facts, while taking into account the experimental base, etc. All gaps in knowledge and data should also be attributed to a separate risk category, the so-called missing information.

Likewise, the risk management methodology cannot be elevated to the status of a “regulatory requirement”. Decision making techniques, by definition, cannot be. This is the same as forcing everyone to think and act according to the same template, which is simply unacceptable and, moreover, dangerous! Risk Management is Not Aimed at Bypassing Regulatory Requirements and not a direct regulatory requirement(see Section 1 Part 1 GMP). The GMP rules declare the need for risk management only to emphasize their paramount importance and relationship with the quality system and the rules of proper production and quality control of medicines.

Scheme 2. Algorithm for risk management for quality. Based on ICH Q9 model

GMP regulations require a risk assessment when there is uncertainty. Analysis of the European version of GMP confirms that the need for a risk assessment is prescribed only in the following situations:

  • if during the investigation of the deviation it is impossible to establish the true cause of its occurrence (part 1, clause 1.4 (XIV)). Then it is necessary to select the most probable cause using deductive or inductive methods of risk management;
  • at the stage of making a decision on the possibility of combining the production of different drugs at a single production facility (part 1, clause 5.9);
  • to create a cross-contamination prevention program (part 1, clauses 5.18, 5.19);
  • when organizing packaging processes (part 1, clause 5.44);
  • when making decisions on the possibility of processing or re-processing substandard products (part 1, clauses 5.62, 5.63);
  • when deciding on the possibility of resuming the commodity circulation of all or part of the returned products (part 1, clause 5.65);
  • when justifying the scope of validation work (Appendix 15).

In other words, when the need arises to make difficult decisions. And, mind you, solutions that do not conflict with regulatory requirements.

Both the successful functioning and the survival of the enterprise depend on the effectiveness of the managerial decisions taken by the manager. It is also necessary to take into account the fact that in addition to obvious advantages the risk management process has serious shortcomings (Table 1).

Table 1

Advantages and Disadvantages of a Quality Risk Management Process

In essence, the statement of the task is also incorrect - to exclude only the risks that are indicated in the regulatory documents. I repeat: regulations is a kind of average perception of known risks. Each production has its own specifics, and regulatory requirements do not take into account it.

You also do not need to strive for total control. It is important for us to be able to identify the most dangerous risks and develop adequate and timely measures to manage them. Even not in the most ambitious assessment, dozens, even hundreds of different risks can be identified. This can be confusing for any specialist, since it is not clear what to do with them and what to tackle in the first place. Of course, it would be nice to eliminate all the risks, but most often it is impossible to do this. Our resources, like cash are always limited, so we have to prioritize.

It is intuitively clear that some risks require priority solutions, and some are generally not interesting to us. To determine priority actions, it is just necessary to establish the elements of risk - the level of its impact and the likelihood of implementation. If a hazard is realized, it can have a different impact, which largely determines the severity of the risk, just as an assessment of the likelihood of a particular negative event can tell us a lot and predetermine our perception of security.

A-priory, risk- This is a combination of the likelihood of a particular hazard and the severity of the harm it causes. There is no methodological error here. Indeed, values ​​different in meaning are multiplied and a conclusion is drawn from the result. When using two criteria for assessing the risk, we are not talking about its averaging.

The probability is taken into account in order to cut off incredible, unreal events. Another question is that we still prioritize based on the level of their impact.

The methodological error lies in the fact that some Russian critics do not take into account the main axiom of risk management: the severity of harm has a higher priority over probability.

Therefore, if, for example, we consider the example with an airplane that has set the teeth on edge, an error can be considered an incorrect gradation of risk when using quantify... Consider two events using a five-point scale (1 to 5).

First. Nonhazardous event - late arrival of the aircraft (severity of harm equal to 1), but often repeated (probability equal to 5).

Second. A dangerous event is a plane crash (the severity of harm is 5), but extremely rare (the probability is 1).

Indeed, multiplying the weight coefficients gives the same figure 5, but does not equalize their significance.

The first event is an insignificant risk, but the second event can be ranked as a significant risk (due to the fact that the severity of harm coefficient exceeds a certain predetermined threshold, for example, 2), which means it will require our close attention and the development of a program to control such risk, ensuring constant monitoring of its effectiveness. The risk control program can be different - from one action to a separate comprehensive plan.

Embedding the risk management process into daily life the enterprise does not require investment and does not imply the implementation of any complex systems and models. It is enough to take just five steps.

First step is to learn to see and clearly identify hazards (threats). We often do this empirically, dare I say, unconsciously. This is not enough. To fully identify the risks means to take into account all their parameters.

Second step- you need to learn how to create risk profiles, that is, to systematically determine all the risks inherent in the object of our assessment (draw up a risk assessment protocol). This is important because it is useful to manage risks “on the spot”, but not enough.

Task third step is to learn how to determine which risks should be dealt with in the first place. To do this, you need to be able to analyze risks, prioritize.

For successful implementation fourth step it is necessary to select and implement strategies for managing significant risks. Here it is important to understand what specific actions we need to take in order to gain more and / or lose less.

And finally fifth step- to learn how to create an optimal "safety cushion", that is, to develop an action plan in case a particular risk is realized. The purpose of this step is to prepare for any development of events and always have a "B" plan. These are basic steps that apply in any situation, in any business, and at any level of the enterprise hierarchy. The model shown in ICH Q9 is used in most countries in the world. A similar model is presented in the basic ISO 31000 2 standard. Today, to implement the risk management process into practice pharmaceutical companies there is a serious methodological base, which has been actively developing since the 60s of the last century. More than 100 risk assessment methods are known. In the ICH Q9 guidelines, only six of the most common tools are declared (Table 2), in ISO 31000 31 methods are described, there are even more in life. However, this does not mean that everyone should be used. You need to choose for yourself those risk assessment tools that you can work with and which you will trust. The main thing is that they are clear to you.

table 2

Summary of ICH Q9 Risk Assessment Methods

Risk Assessment Tool

Specialization

Detail of the assessment

Complexity

disadvantages

PHA - Preliminary Risk Analysis

You must be able to predict threats. Prevents relationships between different threats

HAZOP - Risk and Operational Opportunity Analysis

Requires a lot of information about the subject of assessment. Evaluates threats by components / elements without linking with other components / elements

HACCP - Hazard Analysis and Critical Control Points

Various

Not suitable for assessing the relationship between failures and their causes. Does not allow assessing the risks associated with objects / systems

FMEA - Failure Modes and Effects Analysis

Not very useful for retrospective risk assessment. Does not establish a relationship between failures / threats and their causes

FTA - Fault Tree Analysis

May be monotonous and lengthy

RRF - classification and screening of risks

Not suitable for retrospective risk assessment. Of little use for a small number of identified threats

Thus, learning to manage risk professionally requires practice and experience. Naturally, this takes effort and time. First to a greater extent, then to a lesser extent. The main thing is to start gradually introducing risk management technology into your work. To do this, you do not need to allocate any special day, wait for some event or mood. By managing risks, we ensure the quality of our work and, conversely, by ensuring quality, we manage risks. The result of risk management is a guarantee of the quality of your products, compliance with regulatory requirements, a stable profit, and therefore a guarantee of our stability. Modern life it insistently demands!

Per. from English VIALEK Group of Companies

1 GMP (Good Manufacturing Practice) - proper Internship(standard for a production management system). - Approx. ed.

 

It might be helpful to read: