Tenkush Diana.
RISK MANAGEMENT.
In enterprise risk management, a risk is defined as a possible event or
circumstance that can have negative influences on the
In the more general case, every probable risk can have a preformulated plan to deal with its possible consequences
(to ensure contingency if the risk becomes a liability).
Risk management is a structured approach to managing uncertainty
through, risk assessment, developing strategies to manage it, and mitigation of
risk using managerial resources.
Objective of risk management is to reduce different risks related to a preselected domain to the level accepted by society. It may
refer to numerous types of threats caused by environment, technology, humans,
organizations and politics. On the other hand it involves all means available
for humans, or in particular, for a risk management entity (person, staff,
organization).
In ideal risk management, a prioritization process is followed whereby
the risks with the greatest loss and the greatest probability of occurring are
handled first, and risks with lower probability of occurrence and lower loss
are handled in descending order. In practice the process can be very difficult,
and balancing between risks with a high probability of occurrence but lower
loss versus a risk with high loss but lower probability of occurrence can often
be mishandled.
Steps in the risk management process: identification, potential
risk treatments, risk avoidance, risk
reduction, risk retention, risk
transfer.
Identification. After
establishing the context, the next step in the process of managing risk is to
identify potential risks. Risks are about events that, when triggered, cause
problems. Hence, risk identification can start with the source of problems, or
with the problem itself. Source
analysis Risk sources may be internal or external to the system that is the target
of risk management. Examples of risk sources are: stakeholders of a project,
employees of a company or the weather over an airport.
Potential
risk treatments. Once risks
have been identified and assessed, all techniques to manage the risk fall into
one or more of these four major categories: Avoidance (aka
elimination), Reduction (aka
mitigation), Retention,Transfer
(aka buying insurance).
Risk
avoidance. Includes
not performing an activity that could carry risk. An example would be not
buying a property or business in order to not take on the liability that comes
with it. Another would be not flying in order to not take the risk that the
airplane were to be hijacked. Avoidance may seem the answer to all risks, but
avoiding risks also means losing out on the potential gain that accepting
(retaining) the risk may have allowed. Not entering a business to avoid the
risk of loss also avoids the possibility of earning profits.
Risk
reduction. Involves
methods that reduce the severity of the loss or the risk of the loss from
occurring. Examples include sprinklers designed to put out a fire to reduce the
risk of loss by fire. This method may cause a greater loss by water damage and
therefore may not be suitable. Halon fire suppression
systems may mitigate that risk, but the cost may be prohibitive as a strategy.
Risk
retention. Involves
accepting the loss when it occurs. True self insurance falls in this category.
Risk retention is a viable strategy for small risks where the cost of insuring
against the risk would be greater over time than the total losses sustained.
All risks that are not avoided or transferred are retained by default. This
includes risks that are so large or catastrophic that they either cannot be
insured against or the premiums would be infeasible.
Risk transfer. Means causing
another party to accept the risk, typically by contract or by hedging.
Insurance is one type of risk transfer that uses contracts. Other times it may
involve contract language that transfers a risk to another party without the
payment of an insurance premium. Liability among construction or other
contractors is very often transferred this way. On the other hand, taking
offsetting positions in derivatives is typically how firms use hedging to
financially manage risk.
Create a risk
management plan. Select
appropriate controls or countermeasures to measure each risk. Risk mitigation
needs to be approved by the appropriate level of management. For example, a
risk concerning the image of the organization should have top management
decision behind it whereas IT management would have the authority to decide on
computer virus risks.
Risk management activities as applied to project management. In
project management, risk management includes the following activities: Planning
how risk management will be held in the particular project. Plan should include
risk management tasks, responsibilities, activities and budget.Assigning
a risk officer - a team member other than a project manager who is responsible
for foreseeing potential project problems. Typical characteristic of risk
officer is a healthy skepticism.Maintaining live
project risk database. Each risk should have the following attributes: opening
date, title, short description, probability and importance. Optionally a risk
may have an assigned person responsible for its resolution and a date by which
the risk must be resolved.Creating anonymous risk
reporting channel. Each team member should have possibility to report risk that
he foresees in the project.Preparing mitigation plans
for risks that are chosen to be mitigated. The purpose of the mitigation plan
is to describe how this particular risk will be handled – what, when, by who
and how will it be done to avoid it or minimize consequences if it becomes a
liability. Summarizing
planned and faced risks, effectiveness of mitigation activities, and effort
spent for the risk management.
Retrieved from:
1. Crockford, Neil (1986). An Introduction to Risk
Management (2nd ed.). Woodhead-Faulkner.
2. http://en.wikipedia.org/wiki/Risk_management
3. Toni Raise, Brayan
Kouli. “Financial risk” (1993)