15 – Identification, Assessment and Measurement of risk

Back to Index

What is Risk ?

According to ISO 31000, “Risk is effect of uncertainty on the objective”

Risk is directly linked with Objectives, without objectives or goal we don’t have any risk.

The definition of risk do not say that risk will always be Bad, it can have positive effect/upside effect too.

So we can say business should not fear from risk, they should manage the risk.

Positive effect = Upside effect = Opportunity

Negative effect = Downside effect = Threat

In business, if you want to take an advantage , you have to take risk.

Videos

Necessity of risk and risk management

Why Take Risk?

If business do not take risk, business will not going to sustain. Business have to take calculated risk.

It’s not possible to totally avoid risks. Business should try to convert the risk into opportunity.

Everything we learn in life and business is from our risks and experiences.

There are some benefits also of risk which are shown below,

Why Incur Risk
Brief
Examples

Why manage risk

Basically, risk will have direct effect on our objectives. And the bad risks will obviously impact our chance of success.

Risk management is that’s why important because it deals with the Bad risk which can affect our success.

 

Managing the upside of risk:

Historically, the focus of risk management has been on preventing loss. However, recently, organisations are viewing risk management in a different way, so that:

  • Risks are seen as opportunities to be seized (as discussed above)
  • Organisations are accepting some uncertainty in order to benefit from higher rewards associated with higher risk
  • Risk management is being used to identify risks associated with new opportunities to increase the probability of positive outcomes and to maximise returns
Managing the upside of Risk
Brief

Risk management

Risk management is therefore the process of reducing the possibility of adverse consequences either by reducing the likelihood of an event or its impact, or taking advantage of the upside risk.

 

  1. Risk identification
  2. Risk assessment
  3. Risk planning
  4. Risk monitoring

 

Risk Management Process
Brief
Videos

Enterprise Risk Management (ERM)

Some people think that the ERM is manages the risk of enterprise’s overall objectives. Now that is not an ERM. It is an Strategic Risk Management.

ERM is about to manage the risk all around the enterprise across the whole. ERM will not just going to look into top level risks.

ERM is a COSO initiative and depicts the ERM model in the form of a cube. COSO intended the cube to illustrate the links between objectives that are shown on the top and the eight components shown on the front, which represent what is needed to achieve the objectives. The third dimension represents the organisation’s units, which portrays the model’s ability to focus on parts of the organisation as well as the whole.

coso ERM Framework Matrix-ii
Benefits of ERM
Brief
Videos

Risk Identification

Types of Risks:
  1. Strategic risks
  2. Operational risks
  3. Business Risks
  4. Generic
  5. Specific

 

Risk Identification Technique:
  • Past focused Technique

We could look at previous similar projects/operations/strategy and see what risk occurred then and could they happen now also.

We could look at checklist also. It is the list of previous uncertainties faced and now we are asking whether could they happen once again this time, and we can answer them by Yes/No/Can’t say.

 

  • Present Focused Technique:

We could review the contract or details of our plans/project and we should find the uncertainties from those available details.

SWOT analysis, assumption analysis are also present focused technique.

 

  • Future focused technique:

Brainstorming the future possible situations will help us find the future risks, but this will require creativity and imagination.

Scenario planning will also help us in risk identification.

 

Please remember not all the risk can be identified, some risks will be known over a period of time. So the risk identification is not one time process.

Risk Identification
Brief
Examples
Videos

The impact on stakeholders

  • The amount of the effect will depend on how close the stakeholder is to the company.
  • In many situations, the actual impact is to affect the company again; the stakeholders will mitigate the risk by distancing themselves from the company.
Brief
Examples

Assessing Risk

A risk map helps companies identify and prioritize the risks associated with their business.

The entire map can be considered the organization’s risk universe, or the set of all the risks faced by the organization.

The map identifies whether a risk will have a significant impact on the organisation and links that into the likelihood of the risk occurring.

Risks with a significant impact and a high likelihood of occurrence need more urgent attention than risks with a low impact and low likelihood of occurrence.

Brief
Examples

Risk Register

Whole risk assessment process gathers lots of the data, like description of the risk, date on which we identified, probability of occurrence, effects on objectives etc.

And when you plan your risk response once again you will have lots of data regarding that risk like what response or actions are planned, completion of actions, owner of that risk etc.

So basically risk register is the list of data you gathered for each individual risk. Risk register have predefined format so that every risk will be registered in a specific format.

At the end of the project you can learn from that also, like what risks you have identified and what actually happened, whatever actions we planned was actually implemented or not etc.

In the whole organization, there can be different risk registers like, project risk register, operational risk register, strategic risk register etc.

 

Brief
Examples
Videos