Risk Assessment and Risk Management
Keywords: risk management process, risk management strategy
Assessment 4
Risk Management
In the world of business, risk is always associated regardless of how small or big your business is. It is essential to have an excellent management plan to protect the entities reputation and assets. To create a good management plan a risk management process, is a process that aides risk managers to set up priorities and assists in ensuring comprehensive management efforts, is being utilized.
Risk management process is composed of six steps namely:
- Determine the objectives of the organisation
- Identifying exposure to loss
- Measure those same exposure
- Select alternatives
- Implement a solution
- Monitor and review the outcomes
These steps are essential in drafting a good management plan to further understand these steps this paper will expound its application and its advantages to the enterprise.
Determine the objectives of the organisation
Each organization has its own and unique objectives. These objectives are the reason a company is being established and also guides them for future development. To be able to identify a risk in an enterprise a thorough understanding of the entities objective should be done by the risk managers. If risk managers completely understood the organisations objectives it will enable them to classify threats and opportunities the enterprise will face in the future and can create solutions or prevent risk associated with an organisations future actions. An example will be a company’s objective is to be globally competitive the risk managers will create a plan that will help the organisation achieve its objectives but prevent the risk associated with it like policies and laws of other country or the consumer needs for the product and service.
Identifying exposure to loss
Loss exposures include loss of financial assets, physical property, human loss and loss of good will. These are the risk that a risk manager might identify when assessing possible risk of the company. These losses can be prevented if proper risk identification is done before any untoward event occurs. Loss of financial assets is usually due to liability judgement, non-compliance and lawsuits. Loss of physical property can be because of bad investment, land ownership problems and natural disasters that may damage the property. Human loss is related to death, injury or resignation of employees that can affect the operations of the company. Reputation is very important for a company to function if consumers trust an organisations services and products this will increase their reputation but otherwise it can lead to loss of good will.
Measure those same exposures
An organisation not only needs to identify the risk or loss but as well as measure the impact of those risks to the organisation. These can be achieve by using different tools is assessing risk for example a client complain and satisfaction survey reports. This survey will help risk managers identify the areas where in they need modifications and improvement let as say in the survey patients complained that the nurses are rude therefore the managers should assess the employees in that department and try to do necessary adjustments to increase client satisfaction at the same time prevent human loss. Another one is incident reports these are usually a common tool used to identify risk it is a report made by employees that includes events that occur beyond the normal daily operations. Others are genetic occurrence screening, employee compensation claims data, contact leases and agreements and informal discussion with managers and staff these can be used to determine the risk and its effect on the organisations operation.
Select alternatives
As stated earlier risk is inevitable in handling these risk a risk manager uses risk treatment strategies categorized into two which is risk control and risk financing. Risk control is preventing losses and justifying the effects of losses. It is composed of three techniques which are exposure avoidance, loss prevention and segregation of loss exposure. Exposure avoidance is the reduction of loss to zero if focuses on the eradication of the possibility of loss to occur. It is used when a potential risk can be critical threat to the organization and there is no way to reduce or transfer those risks. Loss prevention gives emphasis on the possibility of an occurrence of an event and reduction of loss by educating staff and reviewing of policies and procedures. Loss reduction reducing the severity of loss an example is having fire drills, alarm system and immediate incident investigation to an event. Segregation of loss exposure this is distribution of assets like supplies to different department to prevent loss for example in the first floor of the facility the flood damaged the supplies of medicines but on the second floor where other supplies are placed these can be used and distributed to the other department reducing the loss and continues the operations of the facility.
Risk financing is paying losses that have happened it is composed of two techniques which are risk retention and risk transfer. Risk retention is taking responsibility of the potential losses which is related to the given risk and creating plans to cover the monetary consequences of that certain loss. Risk retention are usually used for loss that can’t be transferred like legal laws as well as small risk like paying for personal property damages like loss of a mobile phone, broken chair and others. Risk transfer is transferring of the financial responsibilities of the organisation to a third party like insurance companies.
In selecting a solution to those losses the risk manager should determine which technique will be suited for the current risk. The risk manager should see to it that before choosing a solution he should determine which alternative has a lesser effect on the organisations normal operations and which one is cost effective for the organisation.
Implement a solution
Implementation of the solution is putting the plan into action. This will involve the use of the technique identified by the risk management professional which is the best to prevent further organisational loss. This technique will be assumed by other department managers within the organisation. For example if the risk manager professional identified that the best technique risk financing and risk transfer the risk manager may include selecting an insurer and creating a good insurance policy for the organisation.
Monitor and review the outcomes
The last step in risk management process this is to check the effectiveness of the risk management program. It is an approach done by risk managers, higher management, different department managers, and legal counsel and claim managers to evaluate the risk and its impact to various areas of the organisation. This will enable the organisation to see the flaws and further improve the risk management plan of the organisation. The evaluation is done by comparing the annual report made by the risk manager against the bench mark they have created as well as the previous annual reports in the past years.
Risk assessment process is defines as an organized process for identifying and evaluating events that effects the accomplishment of objectives in a positive or negative way. These events can be related to political, legal, environmental, social and competition. It can also be an internal factor like human resource, organisational processes and infrastructure. Risk assessment like any process is made up off different steps which are:
- Identification of relevant business objectives
- Identifying events that could affect the achievement of objectives
- Determining risk tolerance
- Assessing the inherent likelihood and impact of risks
- Evaluating the portfolio of risk and determining risk responses
- Assessing residual likelihood and impacts of risks
Identification of relevant business objectives
Objectives are the goals that an organisation wants to achieve in order to prosper in the business world. Each organisation has its own set of objectives that may be the same or different from other organisations. Through these objectives a risk manager will be able to extract different risk that could threaten the organisation. Objectives can be constructed by using the SWOT analysis wherein it determines the strength, weakness, opportunities and threats. After the objective identification and finding out the possible risk a risk management plan can be started.
Identifying events that could affect the achievement of objectives
According to an organisation objective the risk managers should create an initial inventory of undertakings that may affect the accomplishment of the organisations objective. These events can be from within the organisation or from the external environment. The internal factors are organisations policies and processes, the human resource, technology and information that are taken from internal sources. Meanwhile, external factors are related to politics, economics, legal, sociological and environmental. After assessing these factors the risk manager can then categorise them as either a threat or an opportunity for the organisation. Written annual reports of internal and external factors will provide the risk manager of accurate numbers and percentage to pinpoint which threats needs immediate action.
Determining risk tolerance
The acceptable level of deviation comparative to the accomplishment of a specific objective of an organisation is called risk tolerance. It is a percentage or level in which a risk can be accepted by the organisation but have a certain range of limitation that could still enable an organisation to operate.
Assess inherent likelihood and impact of risk
In risk assessment it is part of the process to identify the events that has a potential impact on the accomplishment of the organisational objective. These events should be considered to be risk and has to be evaluated based on the chances of it to occur. It is essential that this event should be assessed on natural basis without bearing in mind the risk response that already exists. An inherent risk map should be assess by a risk manager, it is a portfolio view of risk that aides analysis and action, to determine the which risk has more effect and should be a prioritized for an immediate response.
Evaluating the portfolio of risk and determining risk responses
As we all know risk is inevitable it cannot be fully eliminated if an organisation wanted to have a return of investment they should take on some risk associated for their actions. Evaluating the risk portfolio will enable the risk manager and the organisation to see the impacts of the risk to the organisations objectives and goals. It will also evaluate the effectiveness of the risk response they have made and further improve if such risk arises in the future. Risk tolerance varies depending on the risk type as well as the responses to those risks so it is essential to assist the risk response and the action given and its effectiveness.
Assessing residual likelihood and impacts of risks
Assessing residual risk will help evaluate the effectiveness and appropriateness of the risk response if it is in within the acceptable level or within the risk tolerance of the organisation. It is assessing the internal checks and balances are still in place within the organisation.
Therefore, we could see how essential risk management is to an organisations progress. Risk management is not just a simple work just to identify and provide a solution but it is a systematic and scientific way of identifying, implementing and evaluating the effects of risk to the organisation. The organisation will always face risk to be able to move and not stagnate on the current status they are in. It is a must that a risk management professional understand the organisations objective for him or her to extract and create an excellent risk management plan. It is also important to evaluate the effectiveness of the risk management plan and see to it that flaws are modified for better result in the future.
Bibliography:
- Southern Cross University (09 October, 2014).
- Corporate compliance insight. (09 October, 2014).
- Internal Auditor (10,October, 2014).
- Health and Safety Executive (10 October, 2014).
- Work and safety blogs (10 October, 2014).
- Southern Cross Healthcare. (10 October, 2014).