Risk Management

  1. Risk Management Process
  2. Risk Management Usmc

What Is Risk Management?

Risk Management Use these resources to identify, assess and prioritize possible risks and minimize potential losses. Make a plan to minimizing the impact of disasters using Hazard Mitigation resources.

  • Risk Management: In the world of finance, risk management refers to the practice of identifying potential risks in advance, analyzing them and taking precautionary steps to reduce/curb the risk. Description: When an entity makes an investment decision, it exposes itself to a number of financial risks. The quantum of such risks depends on the.
  • Risk Management is the process of identifying, analyzing and responding to risk factors throughout the life of a project and in the best interests of its objectives. Proper risk management implies control of possible future events and is proactive rather than reactive.
  • Risk management encompasses the identification, analysis, and response to risk factors that form part of the life of a business Business Life Cycle The business life cycle is the progression of a business in phases over time, and is most commonly divided into five stages: launch, growth, shake-out, maturity, and decline.
  • This blog was written by a third party author What is cybersecurity risk management? Cybersecurity risk management is the practice of prioritizing cybersecurity defensive measures based on the potential adverse impact of the threats they're designed to address. Establishing a risk management approach to cybersecurity investment acknowledges that no organization can completely eliminate every.

Risk Management is the process of identifying, analyzing and responding to risk factors throughout the life of a project and in the best interests of its objectives. Proper risk management implies control of possible future events and is proactive rather than reactive.

For example:

An activity in a network requires that a new technology be developed. The schedule indicates six months for this activity, but the technical employees think that nine months is closer to the truth. If the project manager is proactive, the project team will develop a contingency plan right now. They will develop solutions to the problem of time before the project due date. However, if the project manager is reactive, then the team will do nothing until the problem actually occurs. The project will approach its six month deadline, many tasks will still be uncompleted and the project manager will react rapidly to the crisis, causing the team to lose valuable time.

Proper risk management will reduce not only the likelihood of an event occurring, but also the magnitude of its impact. I was working on the installation of an Interactive Voice Response system into a large telecommunications company. The coding department refused to estimate a total duration estimation for their portion of the project work of less than 3 weeks. My approach to task duration estimation is that the lowest level task on a project whose total duration is 3 months or more should be no more than 5 days. So… this 3 week duration estimation was outside my boundaries. Nevertheless, the project team accepted it. It appeared an unrealistic timeline for the amount of work to be done but they were convinced that this would work. No risk assessment was conducted to determine what might go wrong. Unfortunately, this prevented their ability to successfully complete their tasks on time. When the 3 weeks deadline approached and it appeared that the work wouldn’t be completed, crisis management became the mode of operation.

Risk Management Systems

Risk Management Systems are designed to do more than just identify the risk. The system must also be able to quantify the risk and predict the impact of the risk on the project. The outcome is therefore a risk that is either acceptable or unacceptable. The acceptance or non-acceptance of a risk is usually dependent on the project manager’s tolerance level for risk.

If risk management is set up as a continuous, disciplined process of problem identification and resolution, then the system will easily supplement other systems. This includes; organization, planning and budgeting, and cost control. Surprises will be diminished because emphasis will now be on proactive rather than reactive management.

Risk Management…A Continuous Process

Once the Project Team identifies all of the possible risks that might jeopardize the success of the project, they must choose those which are the most likely to occur. They would base their judgment upon past experience regarding the likelihood of occurrence, gut feel, lessons learned, historical data, etc.

Early in the project there is more at risk then as the project moves towards its close. Risk management should therefore be done early on in the life cycle of the project as well as on an on-going basis.

The significance is that opportunity and risk generally remain relatively high during project planning (beginning of the project life cycle) but because of the relatively low level of investment to this point, the amount at stake remains low. In contrast, during project execution, risk progressively falls to lower levels as remaining unknowns are translated into knowns. At the same time, the amount at stake steadily rises as the necessary resources are progressively invested to complete the project.

The critical point is that Risk Management is a continuous process and as such must not only be done at the very beginning of the project, but continuously throughout the life of the project. For example, if a project’s total duration was estimated at 3 months, a risk assessment should be done at least at the end of month 1 and month 2. At each stage of the project’s life, new risks will be identified, quantified and managed.

Risk Response

Risk Response generally includes:

  • Avoidance…eliminating a specific threat, usually by eliminating the cause.
  • Mitigation…reducing the expected monetary value of a risk event by reducing the probability of occurrence.
  • Acceptance…accepting the consequences of the risk. This is often accomplished by developing a contingency plan to execute should the risk event occur.

In developing Contingency Plans, the Project Team engages in a problem solving process. The end result will be a plan that can be put in place on a moment’s notice.

What a Project Team would want to achieve is an ability to deal with blockages and barriers to their successful completion of the project on time and/or on budget. Contingency plans will help to ensure that they can quickly deal with most problems as they arise. Once developed, they can just pull out the contingency plan and put it into place.

Why do Risk Management?

The purpose of risk management is to:

  • Identify possible risks.
  • Reduce or allocate risks.
  • Provide a rational basis for better decision making in regards to all risks.
  • Plan.

Assessing and managing risks is the best weapon you have against project catastrophes. By evaluating your plan for potential problems and developing strategies to address them, you’ll improve your chances of a successful, if not perfect, project.

Additionally, continuous risk management will:

  • Ensure that high priority risks are aggressively managed and that all risks are cost-effectively managed throughout the project.
  • Provide management at all levels with the information required to make informed decisions on issues critical to project success.

If you don’t actively attack risks, they will actively attack you!!

How To Do Risk Management

First we need to look at the various sources of risks. There are many sources and this list is not meant to be inclusive, but rather, a guide for the initial brainstorming of all risks. By referencing this list, it helps the team determine all possible sources of risk.

Various sources of risk include:

  • Project Management
    • Top management not recognizing this activity as a project
    • Too many projects going on at one time
    • Impossible schedule commitments
    • No functional input into the planning phase
    • No one person responsible for the total project
    • Poor control of design changes
    • Problems with team members.
    • Poor control of customer changes
    • Poor understanding of the project manager’s job
    • Wrong person assigned as project manager
    • No integrated planning and control
    • Organization’s resources are overcommitted
    • Unrealistic planning and scheduling
    • No project cost accounting ability
    • Conflicting project priorities
    • Poorly organized project office
  • External
    • Unpredictable
      • Unforeseen regulatory requirements
      • Natural disasters
      • Vandalism, sabotage or unpredicted side effects
    • Predictable
      • Market or operational risk
      • Social
      • Environmental
      • Inflation
      • Currency rate fluctuations
      • Media
    • Technical
      • Technology changes
      • Risks stemming from design process
    • Legal
      • Violating trade marks and licenses
      • Sued for breach of contract
      • Labour or workplace problem
      • Litigation due to tort law
      • Legislation

The Risk Analysis Process

The Risk Analysis Process is essentially a quality problem solving process. Quality and assessment tools are used to determine and prioritize risks for assessment and resolution.
The risk analysis process is as follows:

  • Identify the Risk
    • This step is brainstorming. Reviewing the lists of possible risk sources as well as the project team’s experiences and knowledge, all potential risks are identified.
    • Using an assessment instrument, risks are then categorized and prioritized. The number of risks identified usually exceeds the time capacity of the project team to analyze and develop contingencies. The process of prioritization helps them to manage those risks that have both a high impact and a high probability of occurrence.
  • Assess the Risk
    • Traditional problem solving often moves from problem identification to problem solution. However, before trying to determine how best to manage risks, the project team must identify the root causes of the identified risks.
      The project team asks questions including:
      • What would cause this risk?
      • How will this risk impact the project?
  • Develop Responses to the Risk
    • Now the project team is ready to begin the process of assessing possible remedies to manage the risk or possibly, prevent the risk from occurring. Questions the team will ask include:
      • What can be done to reduce the likelihood of this risk?
      • What can be done to manage the risk, should it occur?
  • Develop a Contingency Plan or Preventative Measures for the Risk
    • The project team will convert into tasks, those ideas that were identified to reduce or eliminate risk likelihood.
    • Those tasks identified to manage the risk, should it occur, are developed into short contingency plans that can be put aside. Should the risk occur, they can be brought forward and quickly put into action, thereby reducing the need to manage the risk by crisis.

Literally speaking, risk management is the process of minimizing or mitigating the risk. It starts with the identification and evaluation of risk followed by optimal use of resources to monitor and minimize the same.

Risk generally results from uncertainty. In organizations this risk can come from uncertainty in the market place (demand, supply and Stock market), failure of projects, accidents, natural disasters etc. There are different tools to deal with the same depending upon the kind of risk.

Ideally in risk management, a risk prioritization process is followed in which those risks that pose the threat of great loss and have great probability of occurrence are dealt with first. Refer to table below:

SIGNIFICANTConsiderable Management RequiredMust Manage and Monitor RisksExtensive Management essential
MODERATERisk are bearable to certain extentManagement effort worthwhileManagement effort required
MINORAccept RisksAccept but monitor RisksManage and Monitor Risks

The above chart can be used to strategize in various situations. The two factors that govern the action required are the probability of occurrence and the impact of the risk. For example a condition where the impact is minor and the probability of occurrence is low, it is better to accept the risk without any interventions. A condition where the likelihood is high and the impact is significant, extensive management is required. This is how a certain priority can be established in dealing with the risk.

Apart from this, typically most of the organizations follow a risk management cycle. Refer diagram below:

According to this cycle there are four steps in the process of risk management. The first step is the assessment of risk, followed by evaluation and management of the same. The last step is measuring the impact.

Risk identification can start at the base or the surface level, in the former case the source of problems is identified. We now have two things to deal with the source and the problem.

Risk Management Process

Risk Source: The source can be either internal or external to the system. External sources are beyond control whereas internal sources can be controlled to a certain extent. For example, the amount of rainfall, weather over an airport etc!

Problem: A problem at the surface level could be the threat of accident and casualty at the plant, a fire incident etc.

When any or both of the above two are known beforehand, certain steps can be taken to deal with the same.

After the risk/s has been identified then it/they must be assessed on the potential of criticality. Here we arrive upon risk prioritization. In generic terms ‘likelihood of occurrence × impact’ is equal to risk.

Risk Management Usmc

This is followed by development of a risk management plan and implementation of the same. It comprises of the effective security controls and control mechanisms for mitigation of risk.

A more challenging risk to organizational effectiveness is the risk that is present but cannot be identified. For example a perpetual inefficiency in the production process accumulates over a certain period of time and translates into operational risk.

Next Article ❯

Authorship/Referencing - About the Author(s)

The article is Written By “Prachi Juneja” and Reviewed By Management Study Guide Content Team. MSG Content Team comprises experienced Faculty Member, Professionals and Subject Matter Experts. We are a ISO 2001:2015 Certified Education Provider. To Know more, click on About Us. The use of this material is free for learning and education purpose. Please reference authorship of content used, including link(s) to ManagementStudyGuide.com and the content page url.