Any company or organization should have an appropriate risk management plan in order to properly identify, calculate and prioritize the possible risks faced by the company/organization and thereby to protect the company/organization from unexpected risks and to ensure the continued development of the business. Unexpected risks faced by a company can include; fluctuations in the financial market, legal liabilities, credit risk, project failures, deliberate attacks from a business adversary and natural hazards (such as earth quakes and floods). Let us briefly describe each of the steps used to identify and assess risks.
The first step is the identification of risks. Risk identification may start at the ‘source of the problems’ or at the ‘problem’ itself. The specific approach to risk identification depends on the type of the plan used to estimate the risks and the preference of the company. There are several risk identification methods that can be adopted by the company. This includes Scenario based risk identification, Objective based risk identification, Taxonomy based risk identification, Common risk checking and Risk charting. After the risks have been identified, the risks should be individually assessed. Each individual risk should be checked for the probability of occurrence and the severity of the losses incurred by the business incase the risk occurs. The risks are then prioritized according to the severity of the losses incurred and the probability of occurrence.The prioritization of risks is a very complex process. Up to now, no formula has been invented that is 100% accurate, but several models and formula exist. The most accepted formula for risk prioritization is known as the ‘risk composite index’ and is calculated by the multiplication of the probability of the risk occurring by the estimated impact of the risk (Composite index = probability of the risk occurring x estimated risk impact).
After the risks have been identified and prioritized, the company has several ‘risk treatment’ options. The company may choose to avoid the risk completely (such as withdrawing from a project). This is usually done if the task is calculated to be a high-risk task. The company may choose to ‘share’ the risk, so that possible failure will result in minimal loss to the company itself. Sharing a risk can include insuring the company or outsourcing the task. Another method of risk treatment is ‘risk reduction’. The company optimizes the task so that the probability of the risk occurring and the damage caused by the risk (if the risk occurs) are both reduced. The last option available to the company is ‘Risk retention’. Here the company decides to carry on with the task without any change. Usually risks which cause negligible loss to the company or risks which are in-feasible for other risk treatment methods are retained.
There are both software and professional consultants who provide companies with risk management plans. Software used to calculate and prioritize risks is an expert system or management software. The advantage of using software is that it is able to calculate the risks much more accurately and rapidly than humans. The disadvantage is that the functionality of the software is highly limited compared to a human. Professional consultants on the other hand are able to thoroughly assess each risk and prioritize them individually.
|Download Remote Support|