Risk Management process- Comparison with Individuals and Corporate Entities:Literally speaking, risk management is the process of minimizing or mitigating the risk. It starts with the identification and evaluation of risk followed by optimal use of resources to monitor and minimize the same.Risk generally results from uncertainty. In organizations this risk can come from uncertainty in the market place (demand, supply and Stock market), failure of projects, accidents, natural disasters etc. There are different tools to deal with the same depending upon the kind of risk.Ideally in risk management, a risk prioritization process is followed in which those risks that pose the threat of great ...view middle of the document...
The last step is measuring the impact.Risk identification can start at the base or the surface level, in the former case the source of problems is identified. We now have two things to deal with the source and the problem.Risk Source: The source can be either internal or external to the system. External sources are beyond control whereas internal sources can be controlled to a certain extent. For example, the amount of rainfall, weather over an airport etc!Problem: A problem at the surface level could be the threat of accident and casualty at the plant, a fire incident etc.When any or both of the above two are known beforehand, certain steps can be taken to deal with the same.After the risk/s has been identified then it/they must be assessed on the potential of criticality. Here we arrive upon risk prioritization. In generic terms ‘likelihood of occurrence × impact’ is equal to risk.This is followed by development of a risk management plan and implementation of the same. It comprises of the effective security controls and control mechanisms for mitigation of risk.A more challenging risk to organizational effectiveness is the risk that is present but cannot be identified. For example a perpetual inefficiency in the production process accumulates over a certain period of time and translates into operational risk.There are several bodies that lay down the principles and guidelines for the process of risk management. The steps involved remain the same more or less. There are small variations involved in the cycle in different kinds of risk.The risks involved, for example, in project management are different in comparison to the risks involved finance. This accounts for certain changes in the entire risk management process. However the ISO has laid down certain steps for the process and it is almost universally applicable to all kinds of risk. The guidelines can be applied throughout the life of any organization and a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.As per ISO 31000 (Risk Management - Principles and Guidelines on Implementation), risk management process consists of the following steps and sub-steps: * Establishing the Context * Identification * Assessment |
1. Establishing the Context: Establishing the context means all the possible risks are identified and the possible ramifications are analyzed thoroughly. Various strategies are discussed and decisions are made for dealing with the risk. The break-up of various activities in this stage is as follows:
* Identification of a risk in one particular domain.
* Planning out the entire management process.
* Mapping the manifestations of the risk, identification of objectives of risk etc.
* Outlining a framework.
* Designing an analysis of risks involved at each stage.
* Deciding upon the risk solution/s.
2. Identification: Once the context...