- Slides: 16
RISK MANAGEMENT Engin Ali ARTAN 2010503007 Industrial Engineering
What is Risk Management? Risk is defined as “the chance of something happening that will have an impact upon objectives. It is measured in terms of likelihood and consequence". Risk Management is defined as "the culture, processes and structures that are directed towards effective management of potential opportunities and adverse effects".
�Risk Management is an integral part of good management. The application of sound risk management allows for continual improvement in decision making and processes. Effective risk management involves the systematic application of management policies, procedures and practices and should include a clear understanding of roles and responsibilities.
The Risk Management Process Simple Process Risk analysis is best done in a group with each member of the group having a good understanding of the tasks and objectives of the area being analysed.
1. Identify the Risks: As a group, list the things that might inhibit your ability to meet your objectives. You can even look at the things that would actually enhance your ability to meet those objectives eg. a fund-raising commercial opportunity. These are the risks that you face.
2. Identify the Causes: Try to identify what might cause these things to occur eg. the key team member might be disillusioned with his/her position, might be head hunted to go elsewhere; the person upon whom you are relying for information might be very busy, going on leave or notoriously slow in supplying such data etc.
3. Identify the Controls: Identify all the things (Controls) that you have in place that are aimed at reducing the Likelihood of your risks from happening in the first place and, if they do happen, what you have in place to reduce their impact (Consequence) eg. providing a friendly work environment for your team; multi-skill across the team to reduce the reliance on one person etc.
4. Establish your Likelihood and Consequence Descriptors Remembering that these depend upon the context of your analysis. if your analysis relates to your work unit, any financial loss or loss of a key staff member, for example, will have a greater impact on that work unit than it will have on the University as a whole. So those descriptors used for the whole-of-University (strategic) context will generally not be appropriate for the Faculty, other work unit or the individual.
5. Establish your Risk Rating Descriptors: What is meant by a Low, Moderate, High or Extreme Risk needs to be decided upon ahead of time.
6. Add other Controls: Generally speaking, any risk that is rated as High or Extreme should have additional controls applied to it in order to reduce it to an acceptable level. What the appropriate additional controls might be, whether they can be afforded, what priority might be placed on them , is something for the group to determine in consultation with the Head of the work unit who, ideally, should be a member of the group doing the analysis in the first place etc.
7. Make a Decision: Once the above process is complete, if there are still some risks that are rated as High or Extreme, a decision has to be made as to whether the activity will go ahead. There will be occasions when the risks are higher than preferred but there may be nothing more that can be done to mitigate that risk ie. they are out of the control of the work unit but the activity must still be carried out. In such situations, monitoring the circumstances and regular review is essential.
8. Monitor and Review: The monitoring of all risks and regular review of the unit's risk profile is an essential element for a successful risk management program.
Risk Management Flow Chart
Risk Treatment �Risk treatment involves identifying the range of options for treating risk, assessing those options, preparing risk treatment plans and implementing them. The options available for the treatment of risks include: �Retain/accept the risk - if, after controls are put in place, the remaining risk is deemed acceptable to the organisation, the risk can be retained. However, plans should be put in place to manage/fund the consequences of the risk should it occur. Reduce the Likelihood of the risk occurring - by preventative maintenance, supervision, contract conditions, policies & procedures, testing, investment management, training of staff etc.
�Reduce the Consequences of the risk occurring - through contingency planning, contract conditions, disaster recovery & business continuity plans, offsite back-up, public relations, emergency procedures and staff training.
THANKS FOR LISTENING