Introduction to Risk Management
The global economy is today becoming very challenging with both opportunities and risks continuously and constantly changing (Lamble & Morris 2001). This has prompted the urgency and need to be able to identify, assess, manage and monitor the opportunities and risks for many organizations. There is therefore the need for the organizations to come up with clear practical ways to be able to link both the opportunities that the organizations have and the potential risks that come on the way of doing business (Conley 2002).
This involves risk management, which involves an integrated framework where several techniques, internal controls and processes are brought together. There are also practical steps that are involved in implementation that require collaboration among the workforce.
During the planning phase of the risk management and mitigation plan, a risk plan must be documented especially in the very initial stages of the plan. This is because the planning phase is undertaken before the execution. Diligent (and early) planning ensures that any possible risks are identified on time and addressed before the execution stage of the plan is in itself performed. Monitoring and control of the risk likelihood and impact analysis is also required (Conley 2002). After the execution of the plan has been completed, the risk management process is immediately terminated, just before the project is closed.
Fundamentals of Risk Management
For the risk management process to be effectively and efficiently managed, the management needs to bring together all of the players in the process (the stakeholders). Stakeholders are generally people who include directors of the organization, managers, middle-managers and high level employees. The team then comes up with the activities that are seen as key in the running of the business and try to manage potential risks by determining their risk appetite.
Some of the key pillars that form the risk management process include:
- The risk process that flows through an entity
- Finding out what people are impacted and how much
- Strategy-setting applied
- Entity-level view of the risks at hand
- Potential events that would affect the entity within the risk appetite threshold
- Management assurance on plans to mitigate these risks.
The risk management process is therefore able to have continuous improvement in terms of organizational risk management capacities.
Implementation of Risk Management Processes
The overriding objective of the risk management process is to have assurance that the objectives of the organization or any business entity are achieved and that risks that come in the way are mitigated (Conley 2002). The process is aimed at helping the business achieve key objectives by being able to identify and manage the business risks, provide an integrated response that addresses the problem and seize opportunities (Lamble & Morris 2001).
Some of the fundamental aspects of the risk management process are:
- To be able to reduce the unacceptable variability in business by being able to evaluate the likelihood of the risks occurring and the possible impacts that these risks have on the enterprise.
- To be able to integrate and align the views that vary in the risk management cycle by coming up with structures and frameworks that manage risks. There is also a need to link risk management processes and management activities like business planning that are critical.
- Increase the transparency through improvement of qualitative and quantitative risk management performance
- Be able to build and maintain a healthy investment environment for both stakeholders and the investment community as they are important for the risk management process.
- Enhancement of good governance that needs to the linked to the risk management process. The risk management process should strengthen, assess, oversee and classify risks in order to respond to them in the future.
- Be able to respond successfully to all the risks and changes in the continuously changing business environment (Lamble & Morris 2001). One must therefore be better in identifying, planning and prioritizing the risks. The process must also be able to evaluate all the core assumptions.
- To be able to adapt to the ever changing business climate and culture of a globalized economy. Throughout the process of risk management, stakeholders and employees must be ready to face the inevitable changes.
Risk management has been found to be the best way of mitigating threats and minimizing the impact of troublesome events (like bad luck or changing market conditions). One should therefore be diligent when considering the preventative measures that can be applied (Conley 2002). One should, for instance, understand what risk all about, the categories of risk that are particular to the specific type of business, and the importance of risk management and its execution. The chance of disaster, need to manage risk, and the importance of promoting worksplace safety of the people and property is also important. The timing of risk management is also paramount.
The four steps that ought to be undertaken during the risk management process include the following items listed below.
Steps for Implementing a Risk Management Process
There exist several steps that any organization can follow in order to implement any risk management process effectively and systematically. These include the following processes that have to be followed systematically.
- Adopting a risk language that is common to all the players in the organization.
- Conducting a risk assessment process in order to identify the risks and prioritize them accordingly (Lamble & Morris 2001).
- Performing the gap analysis to know the present and the desired future capabilities that arise from the risks that the organization faces and to be able to manage them depending on their critical nature (severity).
- Articulating the risk management objectives, goals, and overall vision while putting into effect the value propositions to provide economic justification.
- Advancing the organizational risk management capabilities with the aim of executing the business strategy successfully (Conley 2002).
The process of implementing the risk management cycle also involves having the management of the organization be able to put into consideration the strategic setting while assessing priorities. This is done in-line with the organization’s size, objectives, company culture, management style and risk profile. The following risk process needs to be considered while implementing the risk management strategy:
- One should be able to identify with clear understanding the organization’s risk profile.
- Be able to define the current framework of the organization’ capabilities on risk management.
- Know the desired future framework and state of the organization’s risk management capabilities.
- Know the size of the gap between the current state of the organization’s risk profile and the future expected position of the organization in as far as risk management is concern.
- Address the risk gap that has been identified in the organization and give the economic justification of improving the risk management infrastructure.
- Have the necessary oversight and facilitation (execution) in order to integrate and coordinate the overall risk management efforts.
Steps for Risk Mitigation
1. Spotting the hazards is also known as risk identification – this involves analyzing the situation and identifying the threats that would pose a danger to the people.
2. Risk quantification/assessment – this involves identification of the probability of the risk happening and knowing the potential effects or impact of the risks in the event that it happens.
3. Fixing the problem – there are several activities that would have to be undertaken in order to either eliminate, substitute or isolate the hazard (Lamble & Morris 2001). The activities involve adaption of resources and establishing controls that that are administrative in nature (Conley 2002).
4. Result evaluation – this step ensures that the problem is actually fixed. Proper evaluation is careful analysis of the results of the risk management plan. This is carried out through the use of internal metrics and reporting. Proper evaluation methods highlight the importance of having the stakeholders be accountable in terms of business outcomes.
Risk Management Oversight Structure
In the risk mitigation process, there is a need for an oversight structure that spells out clearly the guidelines and procedures to be followed. Below are some examples of mitigation steps that need to be followed:
- The business should be able to provide direction for resource allocation in terms of risk management activities.
- An organization’s risk appetite is developed and reaffirmed in conjunction with the management oversight activities.
- Developing an appropriate risk management infrastructure for the company. The infrastructure should include but not be limited to metrics, the risk management policies, monitoring and risk reporting.
- Make sure that there is accountability and oversight when it comes to deadlines and milestones.
- Make sure that the managers and workers in the organization are actively involved in the implementation of the risk management process.
- Consideration for the other important and specific roles and responsibilities that concern the processes of risk taking and risk monitoring procedures.
- Be able to have assurance plans in place that are both feasible and coherent (after training employees).
For these mitigating actions and plans to be fully and exhaustively implemented, there are recommended organizational structures that have been deemed effective when monitoring progress. These specific recommended structures, among many other things, make sure that there is continuous improvement (Conley 2002).
The oversight structures have the following key differentiators from other traditional risk management approaches:
- It clearly states the authority in charge of identifying and assessing risks that are then responded to accordingly.
- Indicates whether the process of identifying and qualifying risks is central or at lower levels of the organization.
- It also shows whether the various units and levels of the organization are involved in the risk management process or just a few.
- A priority order for every risk identified should include the list below which is in itself not limited to:
- The preventive actions that help minimize the likelihood of a risk occurring.
- The contingent actions that are meant to reduce the net impact of the risk in the event that it does occur.
A resource, time and date must be identified for every risk action that has been identified. The resources used for undertaking the project must also be sufficient and the time allocation and date should also be appropriate.
The priority of each risk must be identified and its likelihood must also be established. Its impacts on the project must also be evaluated. The priority score should be calculated in order to quantify whether it’s a good idea to add more resources to avoiding (or even worse, fixing) the potential problem.
Once the objectives of the organization have been established and all the risk management infrastructure elements have been developed, its advancement is then put into consideration. This is possible through having the following three steps serving as the critical aspects of risk management expansion.
Assessment and development of responses is the first that is considered. When this is in place, factors like the risk management process, planning a process of responding to priority risks and risk policy development should happen (Conley 2002). The second is designing and implementation of all the risk management capabilities that are now possible. Finally, expanding risk mitigation capability relies on through and accurate reporting of the results and ultimately, the business outcomes.
Click here to read more about business papers and how Ultius can connect you with a writer.
- Conley, T 2002, ‘The state of globalization and the globalization of the state’ Australian
- Journal of International Affairs, vol. 56 Issue 3, pp. 447-471, viewed 17 November 2003, retrieved from Academic Search Elite database.
- Hoggett, JR, Edwards, L & Medlin, JF 2003, Accounting in Australia, 5th ed, John Wiley,
- Milton, Qld.
- Lamble, J & Morris, S 2001, Online and personal: the reality of internet relationships, Finch Publishing, Lane Cove, NSW.
- Macintyre, S 1985, Winners and losers: the pursuit of social justice in Australian history, Allen & Unwin, Sydney.
- Miner, M. 1991, ‘The adjustment of long-term homeless youth’, Australian Journal of Social Issues, vol. 26, no. 1, pp. 24-34.