Why is risk management important?

Risk management is the process of identifying, assessing and controlling

financial, legal, strategic and security risks to an organization’s capital and
earnings. These threats, or risks, could stem from a wide variety of sources,
including financial uncertainty, legal liabilities, strategic management errors,
accidents and natural disasters.

If an unforeseen event catches your organization unaware, the impact could be

minor, such as a small impact on your overhead costs. In a worst-case scenario,
though, it could be catastrophic and have serious ramifications, such as a
significant financial burden or even the closure of your business.

To reduce risk, an organization needs to apply resources to minimize, monitor

and control the impact of negative events while maximizing positive events. A
consistent, systemic and integrated approach to risk management can help
determine how best to identify, manage and mitigate significant risks.
The risk management process

At the broadest level, risk management is a system of people, processes and

technology that enables an organization to establish objectives in line with
values and risks.

A successful risk assessment program must meet legal, contractual, internal,

social and ethical goals, as well as monitor new technology-related regulations.
By focusing attention on risk and committing the necessary resources to control
and mitigate risk, a business will protect itself from uncertainty, reduce costs
and increase the likelihood of business continuity and success.

Three important steps of the risk management process are risk identification,
risk analysis and assessment, and risk mitigation and monitoring.
Identifying risks.
Risk identification is the process of identifying and assessing threats to an
organization, its operations and its workforce. For example, risk identification
may include assessing IT security threats such as malware and ransomware,
accidents, natural disasters and other potentially harmful events that could
disrupt business operations.

1
COMPONENTS OF RISK MANAGEMENT

Risk analysis and assessment

Risk analysis involves establishing the probability that a risk event might occur
and the potential outcome of each event. Risk evaluation compares the
magnitude of each risk and ranks them according to prominence and
consequence.

Risk mitigation and monitoring

Risk mitigation refers to the process of planning and developing methods and
options to reduce threats to project objectives. A project team might implement
risk mitigation strategies to identify, monitor and evaluate risks and
consequences inherent to completing a specific project, such as new product
creation. Risk mitigation also includes the actions put into place to deal with
issues and effects of those issues regarding a project.

Risk management is a nonstop process that adapts and changes over time.
Repeating and continually monitoring the processes can help assure maximum
coverage of known and unknown risks.

Risk response strategies and treatment

There are five commonly accepted strategies for addressing risk. The process
begins with an initial consideration of risk avoidance then proceeds to three
additional avenues of addressing risk (transfer, spreading and reduction).
Ideally, these three avenues are employed in concert with one another as part of
a comprehensive strategy. Some residual risk may remain.

What are the most common responses to risk?

Risk avoidance

Avoidance is a method for mitigating risk by not participating in activities that

may negatively affect the organization. Not making an investment or starting a
product line are examples of such activities as they avoid the risk of loss.

2
Risk reduction

This method of risk management attempts to minimize the loss, rather than
completely eliminate it. While accepting the risk, it stays focused on keeping
the loss contained and preventing it from spreading. An example of this in
health insurance is preventative care.

Risk sharing

When risks are shared, the possibility of loss is transferred from the individual
to the group. A corporation is a good example of risk sharing — a number of
investors pool their capital and each only bears a portion of the risk that the
enterprise may fail.

Transferring risk

Contractually transferring a risk to a third-party, such as, insurance to cover

possible property damage or injury shifts the risks associated with the property
from the owner to the insurance company.

Risk acceptance and retention

After all risk sharing, risk transfer and risk reduction measures have been
implemented, some risk will remain since it is virtually impossible to eliminate
all risk (except through risk avoidance). This is called residual risk.
Limitations and risk management standards

Risk management standards set out a specific set of strategic processes that start
with the objectives of an organization and intend to identify risks and promote
the mitigation of risks through best practice. Standards are often designed by
agencies who are working together to promote common goals, to help to ensure
high-quality risk management processes. For example, the ISO 31 000 standard
on risk management is an international standard that provides principles and
guidelines for effective risk management.

While adopting a risk management standard has its advantages, it is not without
challenges. The new standard might not easily fit into what you are doing
already, so you could have to introduce new ways of working. And the
standards might need customizing to your industry or business.

3
Potential benefits of risk management
Although a well designed and well executed risk management process can
significantly reduce the risk of failure, the benefit of performing a
comprehensive risk analysis may be costly and burdensome for smaller projects
with limited complexity. As noted earlier in this paper, risk management
processes should be scalable to the size and complexity of an organisations
programme or project. To achieve this, an organisation should consider defining
a baseline set of procedures to apply to all projects along with more rigorous set
of procedures for high-value, complex projects. The value of risk management
has traditionally been a difficult concept to quantify. Many organisations and
project teams understand the risks as they impact their respective roles on the
project. However, without a risk management diminished. The two case studies
below help demonstrate the value and benefit of a comprehensive risk
management process.

Embedding risk management into day-to-day activities

Effective risk management is typically achieved when an organisation
undertakes an active commitment to integrating risk management into their
project protocols and controls. Primary considerations for an organisation to
establish an effective plan include:
 Allotting appropriate resources to perform risk management activities
 Creating an environment that embraces and promotes risk management
and actively encourages and pursues risk management at all levels of the
organisation and
 Clearly defining and training personnel on risk management controls.

4
 WHAT ARE 5 RISK MANAGEMENT TOOLS?

Here are the five main risk management tools:

 SWOT – Strengths, Weaknesses, Opportunities, and Threats or SWOT

helps identify risks by assessing each area of the company.
 Root Cause Analysis – It is a method of identifying the main source of a
problem or risk and finding a solution to resolve it.
 Risk Register – A risk register is useful for identifying potential risks in a
project (e.g., construction projects) or organization – which can come in
handy for avoiding any potential issues that could throw a wrench in your
intended outcomes.
 Probability and Impact Matrix – A probability and impact matrix is a
way to prioritize risks. It’s important to prioritize risk because you don’t
want to waste time chasing a small risk and exhaust your resources.
 Brainstorming – This tool allows you to assess any insights that can help
resolve any issues that occur inside the company.

WHAT IS HEDGING?

Hedging in risk management is a strategy used to mitigate the potential losses

from adverse price movements in financial instruments or commodities. It
involves taking a position in a related security or asset to offset the risk
associated with another asset or investment.
HOW HEDGING WORKS:

1. Purpose: Hedging is primarily used to reduce or limit the exposure to

price fluctuations. For example, a business might hedge against currency
fluctuations, interest rate changes, or commodity price variations.

2. TYPES OF HEDGING

 Financial Instruments: Using derivatives like futures, options, or swaps

to offset the risk of price movements.

5
  Natural Hedges: Offsetting one risk with another inherent in the
business operations. For instance, a company that earns in foreign
currency might have expenses in the same currency, reducing the
currency risk.
Example: A company expecting to receive payment in a foreign currency
in the future might hedge against potential currency devaluation by
entering into a currency forward contract. This locks in a specific
exchange rate, protecting the company from potential losses if the
currency weakens.

3. Risk Reduction vs. Speculation: Hedging is distinct from speculation.

While both involve taking positions in markets, hedging is done to reduce
or eliminate risk, whereas speculation is taking positions to profit from
price movements.

ADVANTAGES OF HEDGING

 Risk Mitigation: Helps minimize potential losses from adverse market

movements.
 Predictability: Provides a level of certainty regarding future prices,
allowing businesses to plan more effectively.
 Reduced Volatility: Helps stabilize returns, especially for portfolios or
businesses exposed to multiple risk factors.

DISADVANTAGES OF HEDGING

 Costs: Hedging often involves transaction costs and premiums for

derivative instruments.
 Complexity: It can be challenging to accurately hedge all risks, and
improper hedging strategies might lead to unexpected losses.
 Potential Opportunity Loss: In some cases, hedging can prevent the full
benefit from favorable market movements.

Hedging is a crucial tool in risk management, allowing businesses and investors

to manage their exposure to various risks, ensuring more stability and
predictability in their financial positions.

CASE STUDY 1

6
New medical office building- $30 million:

Risk description: In order to commission the building at the completion of

construction, the utilities needed to be connected to the utility system (gas and
electric). Throughout the project, the team could not get a commitment from the
utility company for when they would complete the connection. This risk was
never communicated beyond the project team and there was no analysis of the
impact for a delay or an alternative plan developed to address the risk.
Impact: The risk ultimately did occur and resulted in the need for temporary
generators, an increase in the contractor’s general conditions and several months
delay to the project completion.

CASE STUDY 2
New bridge construction - $600 million

Risk description: During the design and planning stages of the project, a
decision was made to rely on a geotechnical report that was 30+ years old and
in a different location than the planned bridge foundations. The engineers
designing the bridge understood this as a risk; however there was no process in
place to capture this risk and quantify or communicate the risk to project
leadership or to the team responsible for managing the construction phase of the
project.
Impact: The bedrock in the actual location of the bridge foundations was
substantially different than the geotechnical report indicated. This resulted in a
complete redesign of the foundations and several months delay on the project.
The financial impacts were greater than $30 million.
In both case studies, the risks were well known by the project teams and could
have been avoided or mitigated if a risk management process would have been
in place. Having a risk management process would have allowed the
organisations to track, quantify, plan and communicate the risks to individuals
with the capability to help mitigate or avoid the risk.

7
8