Risk Management Definition
Risk management is too-often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company. But rules-based risk management will not diminish either the likelihood or the impact of a disaster such as Deepwater Horizon, just as it did not prevent the failure of many financial institutions during the 2007–2008 credit crisis.
In this article, Robert S. Kaplan and Anette Mikes present a categorization of risk that allows executives to understand the qualitative distinctions between the types of risks that organizations face. Preventable risks, arising from within the organization, are controllable and ought to be eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, unethical, or inappropriate actions and the risks from breakdowns in routine operational processes. Strategy risks are those a company voluntarily assumes in order to generate superior returns from its strategy. External risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts. Risk events from any category can be fatal to a company’s strategy and even to its survival.
Risk management is too-often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible. Risk Management―The Revealing Hand by Robert S. Kaplan and Anette Mikes This article explores the role, organization, and limitations of risk identification and risk management, especially in situations that are not amenable to quantitative risk modeling. Risk assessment provides information on potential health or ecological risks, and risk management is the action taken based on consideration of that and other information, as follows: Scientific factors provide the basis for the risk assessment, including information drawn from toxicology, chemistry, epidemiology, ecology, and statistics - to. Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.
Companies should tailor their risk management processes to these different risk categories. A rules-based approach is effective for managing preventable risks, whereas strategy risks require a fundamentally different approach based on open and explicit risk discussions. To anticipate and mitigate the impact of major external risks, companies can call on tools such as war-gaming and scenario analysis.
Literally speaking, risk management is the process of minimizing or mitigating the risk. It starts with the identification and evaluation of risk followed by optimal use of resources to monitor and minimize the same.
Risk generally results from uncertainty. In organizations this risk can come from uncertainty in the market place (demand, supply and Stock market), failure of projects, accidents, natural disasters etc. There are different tools to deal with the same depending upon the kind of risk.
Ideally in risk management, a risk prioritization process is followed in which those risks that pose the threat of great loss and have great probability of occurrence are dealt with first. Refer to table below:
|SIGNIFICANT||Considerable Management Required||Must Manage and Monitor Risks||Extensive Management essential|
|MODERATE||Risk are bearable to certain extent||Management effort worthwhile||Management effort required|
|MINOR||Accept Risks||Accept but monitor Risks||Manage and Monitor Risks|
The above chart can be used to strategize in various situations. The two factors that govern the action required are the probability of occurrence and the impact of the risk. For example a condition where the impact is minor and the probability of occurrence is low, it is better to accept the risk without any interventions. A condition where the likelihood is high and the impact is significant, extensive management is required. This is how a certain priority can be established in dealing with the risk.
Apart from this, typically most of the organizations follow a risk management cycle. Refer diagram below:
According to this cycle there are four steps in the process of risk management. The first step is the assessment of risk, followed by evaluation and management of the same. The last step is measuring the impact.
Risk identification can start at the base or the surface level, in the former case the source of problems is identified. We now have two things to deal with the source and the problem.
Risk Source: The source can be either internal or external to the system. External sources are beyond control whereas internal sources can be controlled to a certain extent. For example, the amount of rainfall, weather over an airport etc!
Problem: A problem at the surface level could be the threat of accident and casualty at the plant, a fire incident etc.
When any or both of the above two are known beforehand, certain steps can be taken to deal with the same.
Free youtube downloader dmgtalkingrenew mp4. After the risk/s has been identified then it/they must be assessed on the potential of criticality. Here we arrive upon risk prioritization. In generic terms ‘likelihood of occurrence × impact’ is equal to risk.
This is followed by development of a risk management plan and implementation of the same. It comprises of the effective security controls and control mechanisms for mitigation of risk.
A more challenging risk to organizational effectiveness is the risk that is present but cannot be identified. For example a perpetual inefficiency in the production process accumulates over a certain period of time and translates into operational risk.
|Next Article ❯|