Risk Management: Overview & Processes
Risk is the chance that an undesirable event will occur and the consequences of all its possible outcomes.
Risk Management aims at identifying as many risks as possible, minimizing their impacts, providing contingency planning to prepare for risk events that actually materialize.
Planning for risks in any decision making environment formally addresses identification, analysis & assessment of potential trouble spots before decision making.
It prepares the decision maker to take risk when a time, cost and technical advantage is possible.
Risk Management Process
Major Components of the Risk Management Process:
- Identifying Sources of Risk: Analyze the environment to identify sources of risk
- Analyzing and Assessing Risk: Assess risks in terms of severity of impact, and controllability.
- Risk Response Development: Develop strategy to reduce occurrence likelihood.
- Contingency Planning: Develop contingency plans.
- Risk Response Control & Implementation: Implement risk strategy, monitor and adjust plans for new risks.
1. Identifying Sources of Risk
Risk identification begins with a list of all areas that may have negative undesirable effects.
Information to be developed for each identified risk:
-
- The undesirable event
- All the outcomes of the event’s occurrence
- The magnitude or severity of the event’s impact
- Chances/probability of the event happening
- When the event might occur
- Interaction with undesirable events
2. Analyzing and Assessing Risk
Semi-Quantitative Approaches
-
- Risk Assessment Charts
- FN Curves
- P-I Tables
- Risk Assessment Forms & Matrices
- Failure Modes and Effect Analysis (FMEA)
- Risk Scoring
Quantitative Modeling and Analysis
-
- Decision Trees uses expected values to assess different courses of action and different chance realization
- Statistical Evaluations, Regression and Correlation Analysis;
Scenario Analysis
What might go wrong, the magnitude & chance of the event occurring are subjectively identified. Then, an assessment is made of the alternatives of accepting, reducing, sharing or transferring risk using a subjective cost-benefit thought process.
3. Risk Response Development
The more effort given to risk response planning before an incident or crisis occurs, the lesser are the surprises. Stress and confusion when the risk event occurs is reduced.
Reducing Risk: Reducing likelihood and/or impact of an hazard.
Transferring Risk: Passing risk to another party, without changing it; usually results in paying a premium for this exemption.
Sharing Risk: Allocates proportions of risk to different parties
Retaining Risk: It may not be feasible to transfer or reduce risk; so, a conscious decision is made to retain the risk of an hazard.
4. Contingency Planning
Planning for an organization’s reaction to potential hazards to ensure the protection of life, safety, health and the environment, to limit and contain damage to facilities and equipment, to stabilize operational service and public image impacts and to manage communications about the event.
Contingency Plans should include cost estimates, as well as identifying and establishing the availability of the necessary funding, equipment and materials.
5. Risk Response Control & Implementation
Detecting the approach or even the occurrence of a disaster and effectively and speedily informing the parties to be affected.
Prediction is of little use without the ability to actually trigger an alarm immediately prior to or at the onset of the event occurring.
Related: Types of Risk – Systematic & Unsystematic Risk