Be Able to Understand the Basics of Risk Management

Be Able to Understand the Basics of Risk Management. In this article I will help you to be able to understand the concept of risk, roles and responsibilities for risk management, and risk management tools and models.

The meaning of risk management to an organisation

What is a risk?

The definition of a risk as found in the literature:

• “A risk is an uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives.”(Office of Government Commerce, 2009)
• “Uncertainty of outcome, whether positive opportunity or negative threat, of actions and events. It is the combination-nation of likelihood and impact, including perceived importance.”(HM Treasury, 2004)
• “A risk is the likelihood of a threat agent taking advantage of vulnerability and the corresponding business impact.”(Hintzbergen, Hintzbergen, Smulders, & Baars, 2010)
• “The Software Engineering Institute (SEI) defines risk as the possibility of suffering loss.”
• (Williams, Pandelios, & Behrens, 1999)
• “Risk can be defined as the combination of the probability of an event and its consequences” (ISO/IEC Guide 73). (The Institute of Risk Management, 2002)
• “Risk: effect of uncertainty on objectives”(International Organization for Standardization, 2009)
• “Risk: combination of the probability of occurrence of harm and the severity of that harm”(International Organization for Standardization, 2007)

The common definition for a risk based on the literature is:
A risk is something that might happen. It has a probability (or likelihood) of happening and if it does there will be a certain impact (may be positive or negative).

What is risk management?

Risk taking is inevitable for an organization when it wants to achieve her objectives. Effective risk management can improve performance against strategic objectives.

Risk management is a systematic approach to manage risk. The aim is to get a good understanding of individual risks and the overall exposure of the risks.

Risks are not only threats (problems) but also potential opportunities that give a company with a good risk management a competitive advantage.

The increased focus given to corporate governance and internal control, due to high-profile collapses of major organizations, is a major factor towards a more formalized approach of risk management.

The principle of risk management is defined in the UK Corporate Governance Code (The Financial Reporting Council Limited, 2010) as:

“The board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives. The board should maintain sound risk management and internal control systems.”

Effective risk management contains the following principles:

• Aligns with objectives from the strategic perspective (enabler)
• Fits the external (like sector, markets, locations, technologies, regulatory) and internal (like culture, formal and informal structures, relationships between stakeholders) context (enabler)
• Engages stakeholders (enabler)
• Provides clear guidance (enabler)
• Informs decision making (enabler)
• Facilitates continual improvement (enabler)
• Create a supportive culture (enabler)
• Achieves measurable value (result):

            · reduce waste/rework
· increase client/user confidence
· improve regulator performance

The roles and responsibilities for risk management at senior management level   

Role	Responsibilities
Senior team (the board, executive team, steering group)	Write, own and assures the risk management policy Defines the overall risk appetite Reviews risk management strategy Approves funding Monitors risk profile Monitors and acts on escalated risks
Senior Responsible Owner (SRO)	Ensures that appropriate governance and internal controls are in place Ensures risk management strategy exist Defines/monitors risk tolerances Ensures that risk management policy is implemented Owns and manages escalated risks
Manager (project, operations, line)	Ensures that risk register, risk review process and escalation process are in place Validates risk assessments Identifies the need for investment to fund risks Own individual risks Escalates or delegates risk Ensures participation
Assurances (quality)	Assures that risk accountability exist Assures compliance with guidance and internal control Review progress, plans and results
Team (employees)	Participates in the identification, assessment, planning and management of threats and opportunities Understand the risk management policy and how it affects them Implements the risk management policy within their areas of responsibility Escalates risks as necessary

 

Some risk management models

A risk model is a simplified representation of a real business situation and involves a process where outcomes are explained based on a range of inputs.

Commonly used risk models are: