Risk Management



Risk Management

  1. Risk Management Association
  2. Risk Management Process
  3. Risk Management Magazine
  4. Risk Management Definition
  5. Risk Management Process
  6. Risk Management In Healthcare

Reprint: R1206B

Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities. And the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. This guide provides a foundation for the development of an effective risk management program, containing both the definitions and the. Risk Management Use these resources to identify, assess and prioritize possible risks and minimize potential losses. Make a plan to minimizing the impact of disasters using Hazard Mitigation resources. Risk Management is the process of identifying, analyzing and responding to risk factors throughout the life of a project and in the best interests of its objectives. Proper risk management implies control of possible future events and is proactive rather than reactive.

Risk management is too-often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company. But rules-based risk management will not diminish either the likelihood or the impact of a disaster such as Deepwater Horizon, just as it did not prevent the failure of many financial institutions during the 2007–2008 credit crisis.

In this article, Robert S. Kaplan and Anette Mikes present a categorization of risk that allows executives to understand the qualitative distinctions between the types of risks that organizations face. Preventable risks, arising from within the organization, are controllable and ought to be eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, unethical, or inappropriate actions and the risks from breakdowns in routine operational processes. Strategy risks are those a company voluntarily assumes in order to generate superior returns from its strategy. External risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts. Risk events from any category can be fatal to a company’s strategy and even to its survival.

Companies should tailor their risk management processes to these different risk categories. A rules-based approach is effective for managing preventable risks, whereas strategy risks require a fundamentally different approach based on open and explicit risk discussions. To anticipate and mitigate the impact of major external risks, companies can call on tools such as war-gaming and scenario analysis.

The process of evaluating and selecting alternative regulatory and non-regulatory responses to risk.

The selection process necessarily requires the consideration of legal, economic, and behavioral factors.

Risk management is the decision-making process involving considerations of political, social, economic and engineering factors with relevant risk assessments relating to a potential hazard so as to develop, analyze and compare regulatory options and to select the optimal regulatory response for safety from that hazard.

Essentially risk management is the combination of 3 steps:

  1. risk evaluation,
  2. emission and exposure control,
  3. risk monitoring.

A systematic approach used to identify, evaluate, and reduce or eliminate the possibility of an unfavorable deviation from the expected outcome of medical treatment and thus prevent the injury of patients as a result of negligence and the loss of financial assets resulting from such injury.’

Risk Management Association

Risk Management Definitions

  • “Risk management is an integrated process of delineating specific areas of risk, developing a comprehensive plan, integrating the plan, and conducting the ongoing evaluation.”-Dr. P.K. Gupta
  • “Risk Management is the process of measuring, or assessing risk and then developing strategies to manage the risk.”-Wikipedia
  • ‘Managing the risk can involve taking out insurance against a loss, hedging a loan against interest-rate rises, and protecting an investment against a fall in interest rates.”
  • -Oxford Business Dictionary
  • ‘Decisions to accept exposure or to reduce vulnerabilities by either mitigating the risks or replying cost-effective controls’- Anonymous

The future is largely unknown. Most business decision-making takes place on the basis of expectations about the future.

Making a decision on the basis of assumptions, expectations, estimates, and forecasts of future events involves taking risks.

Risk has been described as the “sugar and salt of life”.

Risk

This implies that risk can have an upside as well as the downside.

People take a risk in order to achieve some goal they would otherwise not have reached without taking that risk.

Risk Management Process

On the other hand;

Risk can mean that some danger or loss may be involved in carrying out an activity and therefore, care has to be taken to avoid that loss.

This is where risk management is important, in that it can be used to protect against loss or danger arising from a risky activity.

For proper control and management of risks, as insurers, we should always keep the following in mind with regard to any project or subject-matter of insurance:

  • What are the possible sources of loss?
  • What is the probable impact of a loss should it at all occur?
  • What should be done when a loss takes place? Should the loss be allowed to enhance or something should be done to minimize it? The question of protection of salvage in the best possible way and also the question of checking the future possibility of such events should be considered.
  • The probable expenditure or the economy of loss prevention, (it should be remembered that any extra expenditure for loss prevention would be economically justified so long the expenditure made is smaller than or at best equal to the savings made by way of loss reduction.

As already mentioned, in insurance the risk is isolated from the whole business venture and the pure risk portion of it is assumed entirely by a different group of people of an organization (insurer) in a most technical, expert and economic way.

This is possible only through the proper diagnosis of the risk in matters of finding out the possible sources of loss and the impact of loss should it at all occur.

The question of minimizing a loss and preventing future causation of a loss should not also lose sight of.

Keeping these factors in view would come up with the question of properly rating a risk, as this would be the basis of charging a premium or price for running a risk.

In this context of risk management the ‘mathematical valuation of risk’ is indeed important.

Risk management plan

7 steps of risk management are;

  1. Establish the context,
  2. Identification,
  3. Assessment,
  4. Potential risk treatments,
  5. Create the plan,
  6. Implementation,
  7. Review and evaluation of the plan.

The risk management system has seven(7) steps which are actually is a cycle.

1. Establish the Context

Establishing the context includes planning the remainder of the process and mapping out the scope of the exercise, the identity and objectives of stakeholders, the basis upon which risks will be evaluated and defining a framework for the process, and agenda for identification and analysis.

2. Identification

After establishing the context, the next step in the process of managing risk is to identify potential risks. Risks are about events that, when triggered, will cause problems.

Hence, risk identification can start with the source of problems, or with the problem itself.

Risk identification requires knowledge of the organization, the market in which it operates, the legal, social, economic, political, and climatic environment in which it does its business, its financial strengths and weaknesses, its vulnerability to unplanned losses, the manufacturing processes, and the management systems and business mechanism by which it operates.

Any failure at this stage to identify risk may cause a major loss for the organization.

Risk identification provides the foundation of risk management.

The identification methods are formed by templates or the development of templates for identifying source, problem or event. The various methods of risk identification methods are.

3. Assessment

Once risks have been identified, they must then be assessed as to their potential severity of loss and to the probability of occurrence.

These quantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring.

Therefore;

In the assessment process, it is critical to making the best-educated guesses possible in order to properly prioritize the implementation of the risk management plan.

The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents.

Furthermore;

Evaluating the severity of the consequences (impact) is often quite difficult for immaterial assets. Asset valuation is another question that needs to be addressed.

Thus, best educated opinions and available statistics are the primary sources of information.

Nevertheless, a risk assessment should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized.

Risk Management Magazine

Thus, there have been several theories and attempts to quantify risks.

Numerous different risk formula exists but perhaps the most widely accepted formula for risk quantification is the rate of occurrence multiplied by the impact of the event.

In business, it is imperative to be it’s to present the findings of risk assessments in financial terms. Robert Courtney Jr. (IBM. 1970) proposed a formula for presenting risks in financial terms.

The Courtney formula was accepted as the official risk analysis method of the US governmental agencies.

The formula proposes the calculation of ALE (Annualized Loss Expectancy) and compares the expected loss value to the security control implementation costs (Cost-Benefit Analysis).

4. Potential Risk Treatments

Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories;

  1. Risk Transfer

    Risk Transfer means that the expected party transfers whole or part of the losses consequential o risk exposure to another party for a cost. Insurance contracts fundamentally involve risk transfers.

    Apart from the insurance device, there are certain other techniques by which the risk may be transferred.

  2. Risk Avoidance

    Avoid the risk or the circumstances which may lead to losses in another way, Includes not performing an activity that could carry risk.

    Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning the profits.

  3. Risk Retention

    Risk-retention implies that the losses arising due to a risk exposure shall be retained or assumed by the party or the organization.

    Risk-retention is generally a deliberate decision for business organizations inherited with the following characteristics. Self-insurance and Captive insurance are the two methods of retention.

  4. Risk Control

    Risk can be controlled either by avoidance or by controlling losses. Avoidance implies that either a certain loss exposure is not acquired or an existing one is abandoned. Loss control can be exercised in two ways.

5. Create the Plan

Decide on the combination of methods to be used for each risk. Each risk management decision should be recorded and approved by the appropriate level of management.

For example,

A risk (concerning the image of the organization should have a top management decision behind it whereas IT management would have the authority to decide on computer virus risks.

The risk management plan should propose applicable and effective security controls for managing the risks.

A good risk management plan should contain a schedule for control implementation and responsible persons for those actions.

The risk management concept is old but is still net very effectively measured. Example: An observed high risk of computer viruses could be mitigated by acquiring and implementing antivirus software.

6. Implementation

Follow all of the planned methods for mitigating the effect of the risks.

Purchase insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that can be avoided without sacrificing the entity’s goals, reduce others, and retain the rest.

7. Review and Evaluation of the Plan

Initial risk management plans will never be perfect.

Risk Management Definition

Practice, experience and actual loss results will necessitate changes in the plan and contribute information to allow possible different decisions to be made in dealing with the risks being faced.

Risk Management Process

Risk analysis results and management plans should be updated periodically. There are two primary reasons for this;

Risk Management In Healthcare

  1. To evaluate whether the previously selected security
    controls are still applicable and effective, and,
  2. To evaluate the possible risk level changes in the business
    environment. For example, information risks are a good example of the rapidly changing business environment.