Manage Business Risks/Managing Business Risks

MANAGE BUSINESS RISKS/MANAGING BUSINESS RISKS.

 

9.1.  Introduction of the Unit of Learning / Unit of Competency

This is a core unit in Business Management and attempts to address the competencies required to manage business risks. It involves the identification and assessment of risks, establishment of risk management team, development and implementation of risk mitigation plan, monitoring and evaluation of the risk management process and preparation of business risk management report. Business Risk management is   the identification, evaluation, and prioritization of risks, (defined in ISO 31000, as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of business opportunities.

 

Risks can come from various sources including uncertainty in financial markets, threats from project failures (at any phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an adversary, or events of uncertain or unpredictable root-cause. There are two types of events i.e. negative events can be classified as risks while positive events are classified as opportunities. Learning this unit equips the trainees with elaborate skills hence facilitating the achievement of the business financial goal and sustainability. Strategies to manage threats (uncertainties with negative consequences) typically include avoiding the threat, reducing the negative effect or probability of the threat, transferring all or part of the threat to another party, and even retaining some or all of the potential or actual consequences of a particular threat, and the opposites for opportunities (uncertain future states with benefits). The basic learning resources required for this unit include relevant books and guides related to Business risk, relevant business policies, organizations’ operating procedures etc. The learning activities for this unit will entail interactive activities that will fully engage the learners.

 

9.2.  Performance Standard

The trainee should be able to identify, assess and analyze the business risks according to Political, Economic, Social, Technological, Environmental and Legal factors (PESTEL) and Committee of Sponsoring organization (COSO) models respectively, establish risk management team, develop and implement a risk mitigation plan as per the organizations’ risk management policy.

 

9.3.  Learning Outcomes

  • List of Learning Outcomes
  1. Assess business
  2. Establish risk management team
  3. Develop and implement risk mitigation plan
  4. Monitor and evaluate risk management
  5. Prepare business risk management

 

  • Learning Outcome 1. Assess Business Risk
    • Learning Activities
Learning Outcome #No. 1. Assess Business Risk
Learning Activities Special Instructions
·         Visit a nearby business enterprise and carry out both SWOT and PESTEL.

·         Demonstrate procedure of developing a risk assessment matrix.

·         Group discussions

·         Download a risk assessment matrix template from the

internet (www.smartsheet.com)

 

 

 

  • Information Sheet 9/LO1

Introduction

Risk assessment is the process of identifying, understanding and evaluating potential hazards in the workplace concerning the day to day running of the organization. It entails organization coming up with effective mitigation strategies to control the hazardous effects of risk.

The trainee should be able to identify analyze and classify business risks as well as prepare risk assessment matrix and classify risk perspective according to the type or nature of the business. Definitions of key terms

Business risk– refer to the potential of incurring a loss out of the normal business operations also called operational risk.

Risk assessment matrix– is a project management tools that allows quick view of the probable risks evaluated in terms of likelihood or probability of occurring.

Risk management– This can be defined as the process employed by the organization, set out ways to avoid an occurrence, minimize the impact should it occur or to handle the effects of such an event after occurring.

 

Content

Identification of Business Risks

Risk identification can be done through strategic plan, SWOT and PESTEL analysis.

 

a)  SWOT analysis

SWOT Analysis involves looking at the organization’s internal and external factors namely, Strength and Weaknesses (internal) and Opportunities and Threats (external). The figure below illustrates SWOT analysis in details.

 

Figure 33: SWOT Analysis. Source: Kevan, Williams 2009, Strategic Management, DK publishing, New York

 

 

An organization should aim at enhancing the strengths and opportunities and aim at reducing threats and weaknesses.

 

Importance of SWOT analysis

  1. SWOT analysis outcome could be used to improve the viability of the company/organizations
  2. It assist the organizational to identify both external and internal facts that affect performance
  3. It is part of the overall corporate planning process which assists the setting of set
  4. Could assist to true business operations
  5. Could assist a new organization to come up with the

 

 

 

b)     PESTEL

PESTEL is an acronym for Political, Economic, Social, Technological, Environmental and Legal factors which have an impact on the business performance.

  • Political environment- the effect of politics on the business environment
  • Economic environment- refers to those economic changes that affect the business g. currency fluctuations, inflation etc.
  • Social environment- refer to social cultural issues that affect business g. religion, cultural beliefs etc.
  • Legal environment the legal requirement g. legislative that affect business environment

e.g. taxation

  • Technology environment- effect that new technology has on business environment eg technology for production efficiency

 

A PESTLE analysis is an early step in creating new strategy since it creates the background in which an organization has to operate and make decisions. It can be performed by an individual but it is best if a team undertake it to allow sharing of ideas and discussion on the same. The figure below illustrates PESTEL analysis.

 

Figure 34: PESTEL Analysis. Source: Kevan, Williams 2009, Strategic Management, DK publishing, New York

 

 

Business Risks Analysis

Business risks can be analyzed according to Committee of Sponsoring Organizations (COSO) model

In 1992, the Committee of Sponsoring Organizations of the Tread way Commission, (COSO) developed a model for evaluating internal controls. This model has been adopted as the generally accepted framework for internal control and is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems of internal control.

 

What Is The COSO Framework?

 

The COSO model defines internal control as “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance of the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations”

 

In an “effective” internal control system, the following five components work to support the achievement of an entity’s mission, strategies and related business objectives.

1.  Control Environment

  • Integrity and Ethical Values
  • Commitment to Competence
  • Board of Directors and Audit Committee
  • Management’s Philosophy and Operating Style
  • Organizational Structure
  • Assignment of Authority and Responsibility

 

  • Human Resource Policies and Procedures

2.  Risk Assessment

  • Company-wide Objectives
  • Process-level Objectives
  • Risk Identification and Analysis
  • Managing Change

3.  Control Activities

  • Policies and Procedures
  • Security (Application and Network)
  • Application Change Management
  • Business Continuity/Backups
  • Outsourcing

4.  Information and Communication

  • Quality of Information
  • Effectiveness of Communication

5.  Monitoring

  • Ongoing Monitoring
  • Separate Evaluations
  • Reporting Deficiencies

These components work to establish the foundation for sound internal control within the company through directed leadership, shared values and a culture that emphasizes accountability for control. The various risks facing the company are identified and assessed routinely at all levels and within all functions in the organization. Control activities and other mechanisms are proactively designed to address and mitigate the significant risks. Information critical to identifying risks and meeting business objectives is communicated through established channels up, down and across the company. The entire system of internal control is monitored continuously and problems are addressed timely.

If you’re looking for even more information on COSO, explore these links:

  1. The Updated COSO Internal Control Framework: Frequently Asked Questions, Third Edition
  2. COSO 2013 Internal Control–Integrated Framework Executive Summary
  3. Control Self-Assessment Questionnaire: COSO
  4. A Risk-Based Approach to Implementing COSO

 

Types of classification/classification of risks

  1. Industry risks- risks that affect a specific industry e. industry specific.
  2. Financial risks- these are risks that are of financial E.g. due to poor capital structure, weak liquidity, rising interest rates and high inflation among others
  3. Strategic risks- risks associated with the companies strategies in the long
  4. Political risks- risks arising from political environment within which a business operates

e.g. changes in political climate or change in legislation.

  1. Operational risks- these are risks that an organization faces in the course of its normal

 

Risk assessment Matrix

A Risk assessment matrix template is as shown below:

 

Figure 35: Risk Management Matrix

 

 

Risk assessment Matrix Template is a simple slide design template that you can use on Risk Management. This risk assessment matrix template can also be used in presentations on risk evaluation to determine the size of a risk and whether or not the risk is sufficiently controlled. There are two dimensions to a risk matrix. In one dimension we can see how severe and likely an unwanted event is while the other probability dimension shows create a matrix. The combination of probability and severity will give any event a place on a risk matrix between Low Risk, Medium Risk and High Risk.

 

Risk Perspectives– this is the classification of risk according to type of organization and nature of business

 

Conclusion

This topic identified, analyzed and classified business risks in accordance to the respect models, as well as prepares a risk assessment matrix, using provided template. This will enable trainee classify risks the risk perspectives according to type of organization and nature of business. It has also analyzed the SWOT and PESTLE analysis.

 

9.3.2.3.  Self-Assessment

  1. What is risk management is defined as what?
    1. decision making process
    2. A wing safety program
    3. Common practices to reduce injuries to personnel
    4. An decision making tool for commanders

 

  1. What/who falls under the scope of risk management?
    1. Only personnel on duty
    2. Only personnel on duty
    3. All personnel, everywhere
    4. No personnel, anywhere

 

  1. Which of the following is NOT a risk management principle?

 

  1. Accept no unnecessary risks
  2. Make risk decisions at the appropriate level
  3. Integrate RM into operations and activity planning at all levels
  4. Apply the process as needed
  1. What is the third step in the risk management process?
    1. Identify hazards
    2. Implement controls
    3. Assess the hazards
    4. Make control decisions

 

  1. In overseas markets higher returns are usually associated with:
    1. High risk and high
    2. High risk and low
    3. Low risk and high
    4. Low risk and low
  2. According to the WEF which of the following is NOT key for efficiency-driven economies?
    1. Higher education and training
    2. Labour market efficiency
    3. Market size
    4. Innovation
  3. Identify various business risks that are likely to arise in a nearby enterprise and provide
  4. Prepare a risk assessment matrix and use it to analyze risks in the nearby
  5. Explain the concept risk assessment
  6. Using the risk assessment matrix develop a mitigation strategy for an organization that has been experiencing constant employee
  7. Identify the various types of risks that organization called encounter.

 

  • Tools, Equipment, Supplies and Materials
  • Textbooks
  • Stationery
  • Felt board
  • LCD projector

 

  • References
  1. Katz, Rosen, Lipton and Watchel(2008) Risk Management and the board of directors
  2. Dowd, K, (2002). An Introduction to Market Risks John Wiley and son’s Ltd, Chichester, England.
  3. Linsmeier, T and Pearson, N (1996) Risk measurement and introduction to value at Risk, University of Illnois, Urbana-

 

  • Learning Outcome 2. Establish Risk Management Team
    • Learning Activities
Learning Outcome #No. 2. Establish Risk Management Team
Learning Activities Special Instructions
·         Visit a nearby enterprise to verify the procedures to apply when formulating a risk management team.

·         Prepare a job specification for the staff in risk management team

 

 

  • Information Sheet 9/LO2

 

 

Introduction

The trainee should be able to recruit staff to form the risk management team. The trainee should be able to develop a job specification and develop an organization structure for the team

 

Definition of Key Terms

Recruitment- The process of selecting and appointing the right candidate to carry out some specific duties.

Job Specification– It entails the requirements for a specific job to be done.

HR Policy– A policy that is put in place by the management of a business organization to guide on all matters related to employees.

Risk Perspectives– A classification of risk according to type of organization and nature of business.

Organization structure– The reporting relationship within an organization or the reporting relationship within the risk management team.

 

Content

Recruitment process for risk management team.

The recruitment of personnel to form the risk management team may be through;

  1. Selection – through a competitive
  2. Referrals – made from reliable people in the industry or
  • Outsourcing – from outside the organization g. engaging a consultancy firm
  1. Head hunting – going out there to physically look for a competent person to handle risk

 

A risk management team (workgroup) is a separate and often independent unit within the project management team headed by the risk manager or the chief risk officer. It helps place a value on the project’s activities (such as procuring, communicating, controlling quality, staffing etc.).The team also develops strategies to mitigate identified risks, applies risk management methodologies and risk analysis tools, and integrates insurance policies of treating prioritized threats with the project management team.

The primary responsibility of the team is to ensure that the project is provided with a complete risk management information system that ultimately determines how to control and oversee the project’s effectiveness and fulfillment. The team also approves risk management policies and defines their framework.

 

The risk management team oversees the execution of the following five-step process:

1)   Admit and Identify

The implementation of every activity within a project involves some degree of threat or uncertainty about future events. The first step in managing such threats is to acknowledge and identify them. Some of the threats are generic and inherent to the execution of the project so virtually any activity has a risk to fail. For example, some necessary goods to be procured for executing the project are delivered out of schedule so completion of the respective project’s phase or the overall project completion is under the risk of failure, or at least delay. Other risks and threats are unique to the performing company, for example a possibility of vehicular crashes or copyright infringements. By means of risk management workshops, seminars and meetings, the risk management group needs to admit a probability of risk occurrence and then use risk identification tools to reveal and describe the probable risks.

In case the team envision any threats and uncertainties happening in the existing system, it should list those threats at the very beginning of the risk management process. Insight will play a considerable role for identifying risks, so appropriate risk management education of the team members will be appreciated.

2)   Measure and prioritize.

At the second step, the team evaluates the probability of each risk’s occurrence and estimates its possible (negative or positive) effect and cost to the project and its activities. The group can use a retrospective risk assessment methodology to get a look at past accidents (if they took place) and check with similar situations in order to try developing risk probability estimates and cost estimates. A given retrospective risk assessment methodology allows using lessons learnt and consider the potential public reaction considering the past experience. If no similar threats are detected in past projects after a retrospective risk assessment methodology has been conducted, the team can use strategic risk management tools and assessment methods to evaluate the risks. The PMBOK Guide offers a variety of such tools and methods. The team uses results obtained to identify priority areas of concern for the risks that are most likely to occur and are expensive when they do happen. Such risks get High Priority. Lower Priority’s risks are those ones that occur rather rarely and are unlikely to cost as much when they do happen.

3)   Implement a Strategy.

The team decides how to manage the prioritized risks by using risk management strategies. So the next task of the workgroup is to develop a written plan which outlines what steps should be taken to manage major risks and allow the performing company to carry out the project with the minimal probability of failure. That plan describes a suggested strategy, or combination of such strategies being implemented into the project. The PMBOK Guide offers the four basic risk management strategies. All the strategies are usually implemented with help of risk management software solutions.

  • Avoidance” Strategy. The workgroup uses a risk management application to develop actions plans and risk management templates that let focus on ways to avoid or cease to provide a service or conduct an activity considered too

 

  • “Modification” Strategy. The workgroup strives at changing and modifying the project’s activities so that the chance of threat occurring and the impact of potential harm can be taken within acceptable
  • Retention” Strategy. With help of a risk management software solution, the workgroup evaluates the success of admitting all or a portion of the identified risks and gets prepared for the
  • Sharing” Strategy. By means of a risk management application’s functionality for user collaboration and online communication, the workgroup is able to consider sharing the identified risks with another team or organization. Examples of risk sharing strategy include mutual procurement agreements with other performing companies, insurance,

·         Job Specification

Specify the job requirements for the risk management team. These should be brief and clear to avoid duplication of duties as well as clearly defined roles.

·         Organizational Structure

The risk management team should have a working organizational structure that describes the reporting relationships so as to create harmony within the team.

 

·         Risk Data Information and governance

 

Data governance allows an organization to:

  • Improve functionality across the organization;
  • Optimize customer or donor data analytics, trends, and anomalies;
  • Highlight potential vendor fraud;
  • Identify sources of protected data to enhance data security and privacy programs, such as masking or anonymous sensitive data;
  • Identify business and operational issues; and
  • Improve insight into the organization, such as improved forecasting, higher degree of personalization, and targeted marketing.
  • Establishing a general framework that aligns with your business is key to an effective data governance Equally important is a data governance committee focused on promoting enterprise information as a core asset to the business. BDO’s Data & Information Governance framework (see below) focuses on governance, data quality, security, availability, management, and business alignment

 

 

Conclusion

By the end of this learning outcome, the trainee shall be able to establish a risk management team (following the organization’s policy and procedures) that will help in management of risks. In addition the trainee shall be able to obtain risk data information from the organizational data according to procedures for identifying and mitigating risks. The trainee shall also be able to develop and implement risk mitigation plan as well as develop internal controls to mitigate against risks.

 

  • Self-Assessment
    1. John Strauss is a Project Manager for a reforestation To identify the risks involved, John sends a questionnaire to gather inputs from experts. Which technique is John using?
      1. Delphi technique
      2. Interviews
      3. Brain storming
      4. Documentation review
    2. Mathew is a Project Manager for software migration at a bank. A major risk that has been identified is attrition of resources. As a strategy to respond to this risk, Mathew, with support from Senior Management, provides good increments to his team What type of risk response is Mathew following?
      1. Accept
      2. Avoid
      3. Transfer
      4. Mitigate

 

 

  1. Illustrate the risk management process for a risk management
  2. Prepare a job specification for members in the risk management
  3. Why is it important for organization to have risk management team?
  4. Explain how employees in an
  5. What are some of the function of risk management team?

 

  • Tools, Equipment, Supplies and Materials for the specific learning outcome
  • Textbooks
  • Stationery
  • Felt board
  • LCD projector
  • Felt boards

 

  • References
    1. Karen Schuler and Mark (2018); Integration of Data privacy into a Data Governance Programme
    2. Katz, Rosen, Lipton and Watchel (2008) Risk Management and the board of directors
    3. Dowd, K, (2002) an introduction to market risks John Wiley and son’s ltd, Chichester, England.
  • Learning Outcome 3. Develop and Implement Risk Mitigation Plan
    • Learning Activities
Learning Outcome #No. 3. Develop and Implement Risk Mitigation Plan
Learning Activities Special Instructions
·         Visit a nearby institution and Evaluate risk impact according to the risk assessment matrix,

·         Develop a risk mitigation plan according to the evaluation of the risk assessment matrix and budget,

·         Verify the internal control in the organization and the procedures used in the development of a risk

mitigation plan

 

 

 

 

  • Information Sheet 9/LO3

 

 

Introduction

The trainee should be able to develop and implement risk mitigation plan.

The trainee should also be able to develop internal controls and comply with legal and regulatory requirement in accordance with enterprise risk management (ERM) policy.

 

Definition of key terms

Risk mitigation plan– A plan that is put in order to reduce risk impact if the risk actually rise. Internal control– a system of controls i.e. physical, non-physical and financial that are put in place within an organization.

 

Enterprise risk management (ERM) policy– a policy put in place by the management of the business to manage risks.

Risk mitigation report– a report prepared by the risk management team to reduce possible risks in an enterprise.

Risk impact– the impact/effect that arise out of a risk occurring

 

Content

Developing a risk mitigation plan

  • Evaluate the risk assessment matrix giving priority to those most risky
  • The plan developed should be within reasonable budget

 

Risk mitigation planning is the process of developing options and actions to enhance opportunities and reduce threats to project objectives. Risk mitigation implementation is the process of executing risk mitigation actions. Risk mitigation progress monitoring includes tracking identified risks, identifying new risks, and evaluating risk process effectiveness throughout the project.

Risk mitigation planning, implementation, and progress monitoring are depicted in Figure below. As part of an interactive process, the risk tracking tool is used to record the results of risk prioritization analysis (step 3) that provides input to both risk mitigation (step 4) and risk impact assessment (step 2).

 

 

Source; Systems Engineering Guide; Risk mitigation planning, Implementation and progress monitoring

 

Internal control

Internal control refers to all those controls, physical, non-physical and financial controls that help in the management of business organizations. (Should be carried out in accordance to organizations internal control procedures)

To ensure internal control is efficient to mitigate risks, the following should be addressed:

 

  1. Organizational plan- ensures that there is a working organization structure such that the reporting relationship is well It also ensures that everyone’s duties are well spelt out and there is no duplication of tasks.
  2. Recording-  maintain proper records on risk management as per the organization policy
  3. Division of work- Ensure that different tasks in the risk management team is well This ensures that there is internal check among the team members.
  4. Authorization- ensure that authority is clearly defined ie who authorizes
  5. Segregation of duties- clearly define the task that everyone does so that there is no conflict when carrying out business
  6. Internal audit- this ensures that risks are identified early and addressed before its
  7. Approvals- approval of risk management plan must be done by authorized personnel

 

Compliance with legal and regulatory requirements

To develop a risk mitigation plan ensure all the legal requirements are met. Such legal requirements include;

  1. Adherence to tax legislation
  2. Registration of the business with relevant authorities
  3. Compliance with both county and national legislation

 

This reduces risks and costs associated with non-compliance

  • Risk mitigation report
  1. The report should contain; risks identified
  2. Risk mitigation plan carried out
  3. Suggestions for improvement of mitigation plans

 

Sample of a risk management Plan

Risk Management Plan- Single Homeless Housing Support Service

 

Risk Implication Risk

Level

Impact Contingency/Mitigation
Service does not start on the planned date on 1st April ·         No housing support services                 in

place         1st April

·         TUPE staff will not have a contract at the start of 1st April

·         Reputational damage due to             non- delivery of a planned service

Medium High ·         Understand full impact of the service not starting on the 1st April and ensure contingency plan is in place.

·         Ensure we are fully aware of the implications for current staff

·         Ensure that current provider/s are kept informed

·         Detailed project plan in place and commitment of project board to timescales.

·         Decision to be made by county on whether it may be possible for them to extend existing contracts for limited time period

We do not receive any tenders for the service No support services in place for customers on 1st April

TUPE staff will not have a contract at the start of 1st April

Low-we anticipate that     the current providers will      be interested in tendering High ·         Decision to be made by county on whether it may be possible for them to extend existing contracts for limited time period

·         Advise                      identified interested parties of the dates when the tender will be advertised

·         Give adequate time for return of tenders

·         Provide clear and concise                            tender documents

·         Service tendered for its achievable within budget.

 

We do not receive all or part of the funding from county now or in the future We may not have a support service in place or may have a reduces support service High (amended from medium after receipt of email from county) High ·         Regular communication                             and updates with     county council

·         Regular communication      with successful provider and exit strategy is in place.

·         Ensure that the tender documents and contract reflect the insecurity of future funding.

·         Receipt of funding in one lump sum up front.

 

 

Conclusion

At the end of this learning outcome the trainee shall be able to evaluate risk impact according to the risk assessment matrix, develop a risk mitigation plan and appreciate the importance of efficient internal controls in management of risks in business enterprises.

 

1.3.4.3. Self-Assessment

  1. Develop a risk mitigation plan to address the risk of fire of an
  2. Outline some of the central systems that are put in place to avoid disaster from occurring frequently in an organization.
  3. Why is it critical for organization to have a functional risk management plan?
  4. Development of a risk mitigation plan?
  5. Assess and determine an efficient internal control system?
  6. Developing a working risk management plan?
  7. Your project has met with an unexpected problem. The supply of a critical component of your final product is delayed by 25 days. You need to show an alpha prototype of the product in 15 You’ve called a brainstorming team meeting to? Determine if you can deliver this limited version without the critical component. What are you trying to create

 

 

 

  • Tools, Equipment, Supplies and Materials for the specific learning outcome
    • Textbooks
    • Stationery
    • Felt board
    • LCD projector
    • Felt boards

 

  • References
  1. Katz, Rosen, Lipton and Watchel(2008) Risk Management and the board of directors
  2. Dowd, K, (2002) An Introduction to Market Risks John Wiley and Sons ltd, Chichester, England.

 

  1. Linsmeier, T and Pearson, N (1996) Risk measurement and introduction to value at Risk, University of Illnois, Urbana-
  2. Systems Engineering Guide; Risk mitigation planning, Implementation and progress monitoring

 

 

  • Learning Outcome 4. Monitor and Evaluate Risk Management Process
    • Learning Activities
Learning Outcome #No. 4.Monitor and Evaluate Risk Management Process
Learning Activities Special Instructions
Visit a nearby organization and;

·         Identify new potential risk areas,

·         Prepare a monitoring and evaluation plan according to risk management procedures,

·         Preparation of a monitoring and evaluation tool

·         Group discussions

 

  • Information Sheet 9/LO4

Introduction

By the end of this learning outcome the trainee should be able to prepare monitoring and evaluation plans according to risk mitigation procedures.

The trainee should also be able to train all staff on risk management as well as integrate risk management to organizational change processes per the enterprise risk management (EMR) policy.

 

Definition of key terms

  • Risk areas- refers to those areas in a business enterprise that are prone to risk eg finance, labor turnover, assets and liabilities
  • Risk avoidance- refers to strategy of not engaging in risky
  • Risk reduction- strategies used to minimize the probability of risk occurrence
  • Risk monitoring plan- is a plan that is used to monitor risks
  • Risk evaluation plan- a plan that is used to assess the extent to which risk management plans have been met.

 

Content

Identification of new risk areas through;

  • Observation on current market trends
  • Industry related risks
  • Political risks
  • Operational risks
  • Financial risks

 

Effective Risk Mitigation Strategies

Identifying risk is an important first step. It is not sufficient though.Taking steps to deal with risk is an essential step. Knowing about and thinking about risk is not the same as doing something about the risk.

Risk will occur. Some good, some bad. Some minor, some catastrophic. Your ability to mitigate risk allows you to proactively acknowledge and accommodate risks. Let’s talk about four different strategies to mitigate risk: avoid, accept, reduce/control, or transfer.

Avoidance

If a risk presents an unwanted negative consequence, you may be able to completely avoid those consequences. By stepping away from the business activities involved or designing out the causes of the risk you can successfully avoid the occurrence of the undesired events.

 

One way to avoid risk is to exit the business, cancel the project, close the factory, etc. This has other consequences, yet it is an option.

Another approach is to establish policies and procedures that assist the organization to foresee and avoid high-risk situations. By not starting a project that includes a high unwanted risk successfully avoids that risk.

Testing or screening of products that may have a latent defect which may lead to unwanted and unacceptably high field failures is an option. Screening is not 100% effective yet may reduce the risk of field failures sufficiently.

Design out of a product or process the elements that permit an unwanted risk to arise. A product design change to a more robust material avoids unwanted failures due to unacceptable wear of a less robust material. Implementing engineering design reviews in the product lifecycle process may help identify high-risk areas of a new product or process prior to the decision to start shipping.

 

  1. Acceptance

Every product produced has a finite chance of failing in the hands of your customer. When that risk is at an acceptable level, sufficiently low estimated field failure rate, then ship the product. Accept the risk.

When the decision to accept the risk is in part based on an estimate or prediction, there is the risk the information incorrectly forecasts the future. Therefore, for high consequence related field failures, closely monitoring field performance or establishing early warning systems may be prudent.

 

  1. Reduction or control

FMEA, hazard analysis, FTA, and other risk prioritization tools focus help you and your organization identify and prioritize risks.

Reducing the probability of occurrence or the severity of the consequences of an unwanted risk (say product failure) is a natural outcome of risk prioritization tools.If it is not possible to reduce the occurrence or severity, then implementing controls is an option. Controls that either detect causes of unwanted events prior to the consequence occurring during use of the product, or the detection of root causes of unwanted failures that the team can then avoid.

Controls may focus on management or decision-making processes. Improving the ability to find design flaws or to improve the accuracy of field failure rate prediction both improve the ability to make the appropriate decisions concerning risk.

Another method to reduce or control risk is to diversify. Thinking through the mix of products, technologies, markets, operations and supply chains permit the team the ability to limit the high-risk opportunities to a manageable or (Linsmeier, T and Pearson, N (1996)

 

3.  Risk monitoring plan

Development of a risk monitoring plan should be based on the risk mitigation plan

An increase or decrease of risk should be noted from time to time to avoid a high risk impact if the risk actually occurs.

 

4.  Risk evaluation plan

This plan should be developed to measure the extent to which the risk mitigation plans are working.

 

5.  Risk management training for staffs

Various methods of training staff on risk management should be employed.

This includes use of on-job trainings, bench marking, involving risk consultancy firms, seminars and workshops.

Figure 36: Risk Evaluation Table (Source.www.riskinteg.com)

 

Conclusion

Finally, at the end of this topic, the trainee will be able to prepare risk monitoring and evaluation plans as well as conduct risk management training for all staff. The trainee should also be able to identify new risk areas, modify risk likelihood and conduct risk management training for all staff.

The trainee should also be competent to adopt any of the suggested mitigation strategies.

 

  • Self-Assessment
  1. Prepare risk monitoring and evaluation tool to manage risk.
  2. Apply appropriate mitigation strategy in order to modify risk likelihood and
  3. Outline some of the ways in which organization could identify new risk areas.
  4. Explain some of the risk mitigation strategies that organization could put in place to ensure organizational
  5. Explain why it is important to have a risk monitoring plan in
  6. Justify the need for frequent training of employees on effective risk management in an

 

 

 

  • Tools, Equipment, Supplies and Materials for the specific learning outcome
  • Textbooks
  • Stationery
  • Felt board
  • LCD projector
  • Felt boards

 

  • References
  1. Katz, Rosen, Lipton and Watchel (2008) Risk Management and the board of directors
  2. Dowd, K, (2002) an Introduction to Market Risks John Wiley and Sons ltd, Chichester, England.
  3. Linsmeier, T and Pearson, N (1996) Risk measurement and introduction to value at Risk, University of Illnois, Urbana-

 

 

  • Learning outcome 5. Prepare Business Risk Management Report.
    • Learning Activities
Learning Outcome #No. 5. Prepare Business Risk Management Report.
Learning Activities Special Instructions
·         Prepare a business risk management report for a nearby organization.

·         Develop risk management recommendations for the above business organization

·         Use a sample report

 

  • Information Sheet 9/LO5

Introduction

The trainee is expected to be able to prepare and share risk management report as well as implement risk management report recommendations.

 

Definition of key words

Risk management report– report prepared by the risk management team upon evaluation of the risk management plans.

Risk management recommendations – these are opinions of the risk management team on how to better manage the business risks.

 

Content

Preparation of risk management report The report should include the following;

  1. Risks identified
  2. Risks mitigation plan
  • Any modification to plans monitoring
  1. Evaluation of the mitigation plans e. both process evaluation and terminal evaluation Benefits of implementing risk management report recommendations

Sample risk management reports

There are different templates that can be used to present risk management report depending on the organizations activities

 

 

 

Conclusion

In conclusion, the trainee shall be able to prepare a risk management report using a preferable template. The trainee shall also be able to come up with viable recommendations on how to manage the specific business risk.

 

  • Self-Assessment
  1. Prepare and share a risk management report of business
  2. Outline the value of having an business risk management report
  3. Explain some of benefits of implementing risk management report recommend
  4. Which among the following is not a true statement on preparation of a business risk management report?
    1. The business risk management report must be made yearly
    2. The report should not have recommendation to implement
    3. The report should only be shared with op management
    4. The risk management report should always be keep

 

  • Tools, Equipment, Supplies and Materials
  • Textbooks
  • Stationery
  • Felt board
  • LCD projector
  • Felt boards

 

  • References
  1. Katz, Rosen, Lipton and Watchel(2008) Risk Management and the board of directors

 

  1. Dowd, K, (2002) An Introduction to Market Risks Management, John Wileyv and Sons Ltd, Chichester,
  2. Linsmeier, T and Pearson, N (1996) Risk measurement and introduction to value at Risk, University of Illnois, Urbana-
  3. smartsheet.com
(Visited 2 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *