Scribd
Upload
18 views2 pages

Risk Management and Control

The document discusses risk management and outlines the process. It involves identifying potential risks from a variety of sources, assessing their likelihood and potential impact, prioritizing major risks, and developing strategies to minimize risk through risk avoidance, reduction, sharing or retention. The core goals of risk management are to reduce the probability or impact of risks in order to maximize opportunities and protect resources.

Uploaded by

nattycmasango
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views2 pages

Risk Management and Control

The document discusses risk management and outlines the process. It involves identifying potential risks from a variety of sources, assessing their likelihood and potential impact, prioritizing major risks, and developing strategies to minimize risk through risk avoidance, reduction, sharing or retention. The core goals of risk management are to reduce the probability or impact of risks in order to maximize opportunities and protect resources.

Uploaded by

nattycmasango
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

RISK MANAGEMENT AND CONTROL

-risk is defined in the ISO 31000 simply as the effect of uncertainty on objectives. In every human
enterprise risk is always present. Therefore risk has to be planned for, or at least considered. This is
especially so in business where a lot of resources are committed.

-in business, risks can come from a variety of angles ranging from uncertainty in financial markets,
project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as
deliberate attacks from an adversary.

-risk management is a process. It involves the identification, assessment and prioritization of risks,
followed by coordinated and economical application of resources so as to minimize, monitor and
control the probability or impact in an effort to maximize the realization of opportunities.

-at the core of risk management is a prioritization process whereby identified risks with the greatest
loss and with highest probability are handled first.

-challenges in risk management start in identification, balancing and prioritizing. Perhaps the most
common risk attendant to businesses is the intangible risk. This has 100% probability of occurring
but is often ignored by businesses due to lack of identification ability. This in turn breeds knowledge
risk, relationship risk and process engagement risk, which all reduce productivity, decrease cost
effectiveness and hence profitability, reputation, brand value etc

-the major dilemma in risk management lies in opportunity costs. Should business spent money on
issues of probabilities rather than on perceived more profitable activities?

Method of Risk Management

For the most part, these methods consist of the following elements, performed, more or less, in the
following order.

1. identify, characterize, and assess threats


2. assess the vulnerability of critical assets to specific threats
3. determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
4. identify ways to reduce those risks
5. prioritize risk reduction measures based on a strategy

Process of Risk Management

-ISO 31000 outlines standard guide to the risk management process. It has the following steps:

● establishing the context-identification, planning, mapping, defining framework, developing an


analysis, mitigation/solution
● Identification-risk sources, both internal and external, problem analysis. Common methods of
identifying risk are:
✔ objective-based risk identification
✔ scenario-based
✔ taxonomy-based
✔ common risk-checking
✔ risk-charting

● Assessment- identified risks must be assessed as to their potential severity of loss and
probability of occurrence. This is difficult but the most commonly used tools are the available
statistics and best educated guesses
● potential risk treatments-these fall into one of these major categories:
✔ Avoidance (eliminate, withdraw)- not performing an activity that might carry a risk. Also
hazard prevention where possible
✔ reduction (optimize, mitigate)- reducing the severity of the risk
✔ Sharing (transfer, outsource or insure)- sharing with another party the burden of loss or
the benefit of gain. This may be done through insurance or out sourcing. Some popular
methods of transferring includes partnerships and joint ventures, BOOT (build, own,
operate and transfer) CONTRACT, ROT (refurbish, operate and transfer) and PPP (public
private partnership). Insurance- a 3rd party accepts the risk for a period, upon payment
of an acceptable premium
✔ Retention (accept and budget)- may involve spreading the risk as sparsely as possible to
other members or sections of the business. Insurance is also a risk retention strategy. It
involves the acceptance of loss or benefit of gain associated with a risk cover
● risk management plan

You might also like