Risk Management

“To try eliminate risk in business enterprise is futile. Risk is inherent in the commitment of present resources to future expectations.”

Peter F. Drucker

Risk Management is a field of management focusing on risk reduction and analysis, using different methods and techniques of risk prevention that eliminate existing or future revealing factors increasing the risk. Risk is ubiquitous and characteristic side-effect of the functioning of organizations in today’s turbulent environment.

Risk management is a systematic, repetitive set of interconnected activities whose aim is to manage the potential risks, i.e. reduce the likelihood of their occurrence or reduce their impact. The purpose of risk management is to avoid problems and negative phenomena, avoid crisis management and to avoid creating problems. Risk management consists of four interrelated phases, namely risk identification, risk assessment, risk handling (or reduction), and risk monitoring.

There are many types of risks in different areas:

Economic and financial risk
- Credit risk
- Investment risk - an estimate of the profitability and reliability of investment
- Insurance and reinsurance risk – en estimate of a size of the risk and likelihood of claims
Project Risks
Market risks
Technical risks
Social risks
Operational risks
Safety risks
and other

Essential for risk management is risk analysis. Using risk analysis the surveyed degree of danger (threat), which the organization is exposed, how much its assets are vulnerable to these threats, how high is the probability that the threat occurs (vulnerability) and what impact it can have on the organization. Basic principles of risk management can be summarized in the following statements:

Every human activity brings some risk
Zero risk does not exist

Responsibility for risk management in organizations is distributed throughout the management. The highest responsibility has naturally the owner, executive and top management of the company.

In small organizations the responsibility for risk management is concentrated at the level of executive, because it is inefficient to employ a dedicated risk manager on a full time job. In medium and large organizations the responsibility is spread between individual managers. Large organizations and organizations operating in hazardous environment (such as banks, insurance companies, petrochemical and energy industries, aerospace industry, transportation) have a designated specialist (risk manager). Almost always the risk management is associated with the role of CFO (Chief Financial Officer), as the impact of risks (damage) as well as countermeasures, are possible to be financially expressed and they have an impact on financial planning.

Among the best known methods and methodologies in risk management belong:

BASEl I, BASEL II, BASEL III - capital adequacy rules for banks’ operational risk
CCA (Cause-Consequence Analysis) - FTA and ETA Combination
CLA (Checklist analysis)
Cognitive modeling structures in the identification and risk assessment
CorIA (Core Impact Assessment)
CPQRA (Chemical Process Quantitative Risk Analysis
CRAMM (CCTA Risk Analysis and Management Method)
CRI (Continuous Risk Improvement)
ETA (Event tree analysis)
EWRM (Enterprise-Wide Risk Management)
FMEA (Failure Modes and Effects Analysis)
FMECA (Failure Mode, Effects and Critically Analysis)
Forecasting
FTA (Fault Tree Analysis)
HAZID (Hazard Identification Study
HAZOP (Hazard and Operability Study)
HRA (Human Reliability Analysis)
PHA (Preliminary Hazard Analysis)
PPAP (Production Part Approval Process)
Probabilistic Methods
RIPRAN (RIsk PRoject ANalysis)
RR (Relative ranking)
SA (Safety Audit)
SR (Safety Review)
VaR (Value at Risk)
W-I (What-if Analysis)
Winterling Crisis Matrix

Frameworks in a field of risk management:

RMF (Risk Management Framework) - National Institute of Standard and Technology
M_o_R (Management of Risk)
RiskIT (Risk IT Framework, ISACA)

Among the analytical techniques applied to identify potential risks belong:

Five Forces Analysis
Brainstorming
Brainwriting
Forecasting
Pareto Principle
PESTLE Analysis
Scenario technique
SMART – objectives suggestion
SWOT Analysis
VRIO Analysis
Winterling Crisis Matrix

Standards in a field of risk management:

ISO 14971 (Medical devices) - Global Harmonization Task Force (GHTF)
ISO 16085:2006 - Systems and software engineering - Life cycle processes - Risk management
ISO 31000 Risk management – Principles and guidelines
IEC/ISO 31010 Risk management – Risk assessment techniques
ISO Guide 73:2009 Risk management – Vocabulary
ISO/IEC TR 13335-1:1999
ISO/EIC Guide 73:2002
OHSAS 18001 Occupation Health and Safety Assessment Series
AS/NZS 4360:2004 - Risk Management
SOX (Sarbanes-Oxley Act)

Key terms in risk management:

Assets
Breach
Countermeasures
Exposure
Insurance
OHSAS Occupational Health and Safety Assessment Series
Prevention
Probability
Risk
Risk Catalog
Risk classification
Risk identification
Risk level
Threat
Types of risk
Vulnerability

Related professions:

CFO (Chief Financial Officer)
Risk manager

Related managament fields:

Quality management
Risk prevention methods
Safety management

Related industry:

Insurance industry - see Insurance Company


Management Fields Economy & Finance Management Facility Management Informatics & IT Management Human Resources Management Logistics & Transportation Organizational Management Marketing & Sales Production Management Quality Management Crisis Management Innovation Management Process Management Service Management Project Management Risk Management Change Management Knowledge Management Strategic Management Mangement Functions Planning Organizing Leadership & Communicating Decision Making Control Management Market Sectors Natural Resources Industrial Sector Service Sector Public Sector Knowlege sector Disciplines Economics Psychology Social Psychology Sociology Pedagogy	cs \| en Risk Management Article Discussion User articles Article in PDF “To try eliminate risk in business enterprise is futile. Risk is inherent in the commitment of present resources to future expectations.” Peter F. Drucker Risk Management is a field of management focusing on risk reduction and analysis, using different methods and techniques of risk prevention that eliminate existing or future revealing factors increasing the risk. Risk is ubiquitous and characteristic side-effect of the functioning of organizations in today’s turbulent environment. Risk management is a systematic, repetitive set of interconnected activities whose aim is to manage the potential risks, i.e. reduce the likelihood of their occurrence or reduce their impact. The purpose of risk management is to avoid problems and negative phenomena, avoid crisis management and to avoid creating problems. Risk management consists of four interrelated phases, namely risk identification, risk assessment, risk handling (or reduction), and risk monitoring. There are many types of risks in different areas: Economic and financial risk Credit risk Investment risk - an estimate of the profitability and reliability of investment Insurance and reinsurance risk – en estimate of a size of the risk and likelihood of claims Project Risks Market risks Technical risks Social risks Operational risks Safety risks and other Essential for risk management is risk analysis. Using risk analysis the surveyed degree of danger (threat), which the organization is exposed, how much its assets are vulnerable to these threats, how high is the probability that the threat occurs (vulnerability) and what impact it can have on the organization. Basic principles of risk management can be summarized in the following statements: Every human activity brings some risk Zero risk does not exist Responsibility for risk management in organizations is distributed throughout the management. The highest responsibility has naturally the owner, executive and top management of the company. In small organizations the responsibility for risk management is concentrated at the level of executive, because it is inefficient to employ a dedicated risk manager on a full time job. In medium and large organizations the responsibility is spread between individual managers. Large organizations and organizations operating in hazardous environment (such as banks, insurance companies, petrochemical and energy industries, aerospace industry, transportation) have a designated specialist (risk manager). Almost always the risk management is associated with the role of CFO (Chief Financial Officer), as the impact of risks (damage) as well as countermeasures, are possible to be financially expressed and they have an impact on financial planning. Among the best known methods and methodologies in risk management belong: BASEl I, BASEL II, BASEL III - capital adequacy rules for banks’ operational risk CCA (Cause-Consequence Analysis) - FTA and ETA Combination CLA (Checklist analysis) Cognitive modeling structures in the identification and risk assessment CorIA (Core Impact Assessment) CPQRA (Chemical Process Quantitative Risk Analysis CRAMM (CCTA Risk Analysis and Management Method) CRI (Continuous Risk Improvement) ETA (Event tree analysis) EWRM (Enterprise-Wide Risk Management) FMEA (Failure Modes and Effects Analysis) FMECA (Failure Mode, Effects and Critically Analysis) Forecasting FTA (Fault Tree Analysis) HAZID (Hazard Identification Study HAZOP (Hazard and Operability Study) HRA (Human Reliability Analysis) PHA (Preliminary Hazard Analysis) PPAP (Production Part Approval Process) Probabilistic Methods RIPRAN (RIsk PRoject ANalysis) RR (Relative ranking) SA (Safety Audit) SR (Safety Review) VaR (Value at Risk) W-I (What-if Analysis) Winterling Crisis Matrix Frameworks in a field of risk management: RMF (Risk Management Framework) - National Institute of Standard and Technology M_o_R (Management of Risk) RiskIT (Risk IT Framework, ISACA) Among the analytical techniques applied to identify potential risks belong: Five Forces Analysis Brainstorming Brainwriting Forecasting Pareto Principle PESTLE Analysis Scenario technique SMART – objectives suggestion SWOT Analysis VRIO Analysis Winterling Crisis Matrix Standards in a field of risk management: ISO 14971 (Medical devices) - Global Harmonization Task Force (GHTF) ISO 16085:2006 - Systems and software engineering - Life cycle processes - Risk management ISO 31000 Risk management – Principles and guidelines IEC/ISO 31010 Risk management – Risk assessment techniques ISO Guide 73:2009 Risk management – Vocabulary ISO/IEC TR 13335-1:1999 ISO/EIC Guide 73:2002 OHSAS 18001 Occupation Health and Safety Assessment Series AS/NZS 4360:2004 - Risk Management SOX (Sarbanes-Oxley Act) Key terms in risk management: Assets Breach Countermeasures Exposure Insurance OHSAS Occupational Health and Safety Assessment Series Prevention Probability Risk Risk Catalog Risk classification Risk identification Risk level Threat Types of risk Vulnerability Related professions: CFO (Chief Financial Officer) Risk manager Related managament fields: Quality management Risk prevention methods Safety management Related industry: Insurance industry - see Insurance Company Rating: Only registered users can rate the article. Sign in Close 0 0 Last update: 18.04.2012 Tweet Save this on Delicious Other information and sources (International) BIS (Bank for International Settlements) Basel III Cabinet Office Cabinet Office M_o_R (Management of Risk) COSO (The Committee of Sponsoring Organizations of the Treadway Commission) Enterprise Risk Management Integrated Framework - Executive Summary Guidance on Enterprise Risk Management FERMA (Federation of European Risk Management Associations) GARP (Global Association of Risk Professionals) Global Harmonization Task Force IRM (The Institute of Risk Management) A Risk Management Standard ISO ISO 31000:2009 Risk management - Principles and guidelines ISO 73:2009 - Risk management - Vocabulary NIST (National Institute of Standards and Technology) RFM (Risk management Framework) Wikipedia EN Wikipedia - Risk management	Ad