Khodova A.A., Yerysh L.A.

Donetsk national university of economics and trade

named after M. Tugan-Baranovsky

PRINCIPLES AND STEPS OF RISK-MANAGEMENT

 

A substantial body of knowledge has developed around risk management. In general, risk management includes development of a risk management approach and plan, identification of components of the risk management process, and guidance on activities, effective practices, and tools for executing each component.

Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, threats from project failures (at any phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attack from an adversary, or events of uncertain or unpredictable root-cause.

The International Organization for Standardization  identifies the following principles of risk management:

Risk management should:

·                     create value – resources expended to mitigate risk should be less than the consequence of inaction, or (as in value engineering), the gain should exceed the pain

·                     be an integral part of organizational processes

·                     be part of decision making process

·                     explicitly address uncertainty and assumptions

·                     be systematic and structured process

·                     be based on the best available information

·                     be tailorable

·                     take human factors into account

·                     be transparent and inclusive

·                     be dynamic, iterative and responsive to change

·                     be capable of continual improvement and enhancement

·                     be continually or periodically re-assessed

Figure 1. Fundamental Steps of Risk Management

Step 1. Risk Identification. Risk identification is the critical first step of the risk management process. Its objective is the early and continuous identification of risks, including those within and external to the engineering system project.

Step 2. Risk Impact or Consequence Assessment. In this step, an assessment is made of the impact each risk event could have on the engineering system project. Typically, this includes how the event could impact cost, schedule, or technical performance objectives. Impacts are not limited to only these criteria. Additional criteria such as political or economic consequences may also require consideration. In addition, an assessment is made of the probability (chance) each risk event will occur.

Step 3. Risk Prioritization. At this step, the overall set of identified risk events, their impact assessments, and their occurrence probabilities are "processed" to derive a most critical to least critical rank-order of identified risks. A major purpose for prioritizing risks is to form a basis for allocating critical resources.

Step 4. Risk Mitigation Planning. This step involves the development of mitigation plans designed to manage, eliminate, or reduce risk to an acceptable level. Once a plan is implemented, it is continually monitored to assess its efficacy with the intent to revise the course-of-action, if needed.

Literature

1.                 International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC), ISO/IEC Guide 73, Risk Management VocabularyGuidelines.http://www.iso.org/iso/catalogue_detail.htm?csnumber=44651

2.                 Risk-management http://en.wikipedia.org/wiki/Risk_management #cite_note-iso3100-5

3.                 Risk-management http://www.mitre.org/publications/systems-engineering-guide/acquisition-systems-engineering/risk-management