“To try eliminate risk in business enterprise is futile. Risk is inherent in the commitment of present resources to future expectations.”
Peter F. Drucker
Risk Management is a field of management focusing on risk reduction and analysis, using different methods and techniques of risk prevention that eliminate existing or future factors which may increase risks. Risks are an ubiquitous and characteristic side-effect of the functioning of organizations in today’s turbulent environment.
Risk management is a systematic, repetitive set of interconnected activities whose aim is to manage potential risks, i.e. reduce the likelihood of their occurrence or reduce their impact. The purpose of risk management is to avoid problems and negative phenomena, avoid the need for crisis management and to avoid problems. Risk management consists of four interrelated phases, namely risk identification, risk assessment, risk handling (or reduction), and risk monitoring.
There are many types of risks in different areas:
- Economic and financial risk
- Credit risk
- Investment risk - an estimate of the profitability and reliability of investment
- Insurance and reinsurance risk – en estimate of a size of the risk and likelihood of claims
- Project Risks
- Market Risks
- Technical risks
- Social Risks
- Operational Risks
- Safety risks
- and others
For risk management, risk analysis is essential. Using risk analysis exposes the degree of danger (threat), which the organization isfacing; to what extent its assets are vulnerable to these threats, how high the probability of the threat occuring is and what impact it can have on the organization. The basic principles of risk management can be summarized in the following statements:
- Every human activity brings some risk
- Zero risk does not exist
The Responsibility for risk management in organizations is distributed throughout the management. The highest responsibility is naturally with owner, the executives and top management of the company.
In small organizations the responsibility for risk management is concentrated at the level of the executives, because it is inefficient to employ a dedicated full-time risk manager. In medium and large organizations the responsibility is spread among individual managers. Large organizations and organizations operating in high-risk environments (such as banks, insurance companies, petrochemical and energy industries, aerospace industry, transportation) have a designated specialist (risk manager). Almost always, risk management is associated with the role of CFO (Chief Financial Officer), as the impact of risks (damage) as well as countermeasures, can be financially expressed and have an impact on financial planning.
Among the best known methods and methodologies in risk management are:
- BASEL I, BASEL II, BASEL III - capital adequacy rules for banks’ operational risk
- CCA (Cause-Consequence Analysis) - FTA and ETA Combination
- CLA (Checklist analysis)
- Cognitive modeling structures in the identification and risk assessment
- CorIA (Core Impact Assessment)
- CPQRA (Chemical Process Quantitative Risk Analysis
- CRAMM (CCTA Risk Analysis and Management Method)
- CRI (Continuous Risk Improvement)
- ETA (Event Tree Analysis)
- EWRM (Enterprise-Wide Risk Management)
- FMEA (Failure Modes and Effects Analysis)
- FMECA (Failure Mode, Effects and Critically Analysis)
- Forecasting
- FTA (Fault Tree Analysis)
- HAZID (Hazard Identification Study
- HAZOP (Hazard and Operability Study)
- HRA (Human Reliability Analysis)
- PHA (Preliminary Hazard Analysis)
- PPAP (Production Part Approval Process)
- Probabilistic Methods
- RIPRAN (RIsk PRoject ANalysis)
- RR (Relative ranking)
- SA (Safety Audit)
- SR (Safety Review)
- VaR (Value at Risk)
- W-I (What-if Analysis)
- Winterling Crisis Matrix
Frameworks in the field of risk management:
- RMF (Risk Management Framework) - National Institute of Standard and Technology
- M_o_R ® (Management of Risk)
- Risk IT (Risk IT Framework)
Among the analytical techniques applied to identify potential risks are:
- Five Forces Analysis 5F (Five Forces Model)
- Brainstorming
- Brainwriting
- Forecasting
- Pareto Principle
- PESTLE Analysis
- Scenario technique
- SMART – objectives suggestion
- SWOT Analysis
- VRIO Analysis
- Winterling Crisis Matrix
Standards in the field of risk management:
- ISO 14971 (Medical devices) - Global Harmonization Task Force (GHTF)
- ISO 16085:2006 - Systems and software engineering - Life cycle processes - Risk management
- ISO 31000 Risk management – Principles and guidelines
- IEC/ISO 31010 Risk management – Risk assessment techniques
- ISO Guide 73:2009 Risk management – Vocabulary
- ISO/IEC TR 13335-1:1999
- ISO/EIC Guide 73:2002
- OHSAS 18001 Occupational Health and Safety Assessment Series
- AS/NZS 4360:2004 - Risk Management
- SOX (Sarbanes-Oxley Act)
Comments
You cannot contribute to the discussion because it is locked