Approaches to Defining Risk DEFINATION Organizations Risk Management

Approaches to Defining Risk

DEFINATION Organizations Risk Management ISO Guide 73 ISO 31000 Effect of uncertainty on objectives. It may be positive, negative or deviation from expected. Also, risk is also often described by an event, a change in circumstances and consequence. Institute of Risk Management (IRM) Risk is a combination of probability of an event and its consequence. Consequence can range from positive to negative “Orange Book” from HM Treasury Uncertainty of outcome, within a range of exposure, arising from a combination of the impact and the probability of potential events Institute of Internal Auditors The uncertainty of an event occurring that could have an impact on the achievement of objectives. Alternative Definition by Author Event with the ability to impact (inhibit, enhance or cause doubt about) mission, strategy, projects, routine operations, objectives, core processes, key dependencies and/or the delivery of stake Holder expectations.

TYPES OF RISKS It divided into 3 categories� Hazard ( or pure) risks � Control (or uncertainty) risks � Opportunity (or speculative) risks

RISK DISCRIPTION � � � Name or title of the risk Statement of risk, including scope of the risk and details of possible events and dependencies. Nature of risk, including details of the classification and timescale of potential impact. Stakeholders in the risk, both internal and external. Risk appetite, attitude, tolerance or limits for the risk. Control standard required or target level risk. Incident or loss experience. Existing control mechanism and activities. Responsibility for developing risk strategy and policy. Potential for risk improvement and level of confidence in existing controls. Risk improvement recommendations and deadlines for implementation.

� � Responsibility for implementing improvements. Responsibility for auditing risk compliance Example. Computer Viruses- In order to understand the distinction between hazard, control and opportunity risks, the use of computers is useful. Virus infection is an operational or hazard risk and there will be no benefit to an organization suffering a virus attack on its software programs. When an organization installs and upgrades a software package, control risk will be associated with the upgrade projects.

The selection of new software is also an opportunity risk, where the intention is achieve better results by installing the new software, but it will be possible that new software will fail to deliver all the functionality that was intended and the opportunity benefits will not be delivered. Inherent Level of Risk. Example- Crossing the road.

IMPACT OF RISK ON ORGANIZATIONS Risk Importance Following the events in the world financial system during 2008, all organizations are taking greater interest in risk and risk management. By taking proactive approach to risk and risk management, organizations will able to achieve the following improvement areas. � Operations will become more efficient. � Process will be more effective. � Strategy will be more efficacious.

Impact of Hazard Risks � It concerned with the issues such as health and safety at work, fire prevention, damage to property, and consequences of defective products. � It cause disruption to normal operations and resulting in increased costs and poor publicity associated with disruptive events. � Computer breakdown, fire in server room, virus infection, deliberate hacking and computer attacks and also theft and fraud.

ATTACHMENT OF RISKS Mission Statement Strategic & Business Plan Corporate Objectives Stake Holders Expectations Core Processes Key Dependencies Significant Risks

RISK AND REWARD � Risk are taken by an organization in order to achieve rewards. � Launching a new product by an organisation puts resources at risk. � The appetite to take risk that level of risk should be confirmed and the capacity of the organization to withstand any foreseeable adverse consequences should be clearly established. � Start-up operations are usually high risk and initial expected return may also be low.

DEVELOPMENT OF RISK MANAGEMENT ORIGIN OF RISK MANAGEMENT � It has variety of origin and is practiced by wide range of professional. � One of he early developments in the risk management was in the US out of the insurance management function. � Insurance buyers becomes more concerned with the quality of property protection, the standards of health and safety and other risk control concerns.

MANAGING THE ORGANIZATIONS � Variable cost and availability of raw materials. � Desire to deliver greater shareholder value. � Greater transparency is required from the organization. � Pace of change in business is ever increases. � Increased reliance on information technology systems (IT). � Reputational damage especially to

CHANGES IN MARKET PLACE Changing commercial and marketplace environment. � Globalization of customers, suppliers and products. � Increased competition in market place. � Greater customer expectations often led by the competitors. � Need to respond more rapidly to stakeholders expectations. � More volatile market with less customer loyalty. � Diversification leads to working in unfamiliar areas. � Product innovation and continuous improvements. � Rapid changes in product technology. �

THE ACTIVITIES ASSOCIATED WITH RISK MANAGEMENT � Recognition of risks � Ranking of risks � Responding to significant risks � Resourcing controls � Reaction (and event) planning � Reporting of risk performance � Reviewing the risk management systems.

Risk Management 1. Recognition of Risk 2. Ranging of Risks Experience Feedback 3. Responding to risks: Tolerate Treat Transfer Terminate 4. Resourcing Control 5. Reaction Planning 6. Reporting on Risk 7. Reviewing & Monitoring. Information feedback

SPECIALIST AREA OF RISK MANAGEMENT � Project risk management � Clinical/medical risk management � Energy risk management � Operational risk management

ENTERPRISE RISK MANAGMENT � More integrated and holistic approach considered in ERM � Rather than a new or different approach � Eg. Pharmaceutical industry.