Risk Management: What Is the Objective?

A recent study has shown that, many companies have still failed to properly implement such a program, while most companies recognize the need fora good risk management program. An even greater number have said that they were developing a program while over half of the companies polled in the study said that they had systems in place for taking risks into consideration. However, these efforts are far from sufficient and had actually ceased altogether in some cases according to a follow-up study. Only a third of the companies involved in this study have successfully implemented a system and had employees well trained in order to handle risk issues, this is a two percent decrease from the previous year.

It is more than a little difficult to understand how anyone could fail to follow through on such an important aspect of defending their company against such threats by not implementing a fully developed risk management program, given the high number of unforeseen variables and risk factors currently plaguing the economy and corporate market, as well as the recent crackdown on corporate governance and fraud being conducted by government agencies.Though most indicate that it should be an executive level officer, the exact assignment of duty ends there and part of the issue here seems to be a disagreement as to whom the responsibility of developing and maintaining such a program should fall.Human capital risk, strategic risk, compliance risk, enterprise risk, and credit/market risk are contributing factor is the various divisions and contributing factors of risk management which seems to complicate matters.

Unfortunately, to have any chance of success, these are exactly the challenges that a risk management program must face, companies should begin creating these programs with this in mind. Developing a fundamental understanding of the various risk factors facing an organization and the insight to assess the degree and potential of these threats is, at its core, the most basic function of any risk management program. This will require a well-trained and dedicated team of employees to take it on effectively as this is a big job for any company to do. Also, these programs are a full time job and not something that can be set up and then checked on every now and then and this one of the biggest issues that many companies fail to recognize when putting a risk management system into effect is that. On the contrary, shifting compliance regulations, incidents of corporate fraud, and any number of other circumstances, in order to be truly effective, risk management teams must be working all the time to keep track of new threats that can arise from the chaotic global market.

So, while there are numerous factors that must be accounted for and safeguarded against, this is no excuse for a company failing to develop and implement a risk management program, while the matter of appropriation of responsibility is one that a company’s executives must work out for themselves.Admittedly, itis no easy task to develop a strong program, one which can stand up to all the various types of threats which face a company on a regular basis,though it is a necessary one if companies do not want to find themselves caught off guard when such an problem does arise.

Read the rest of this entry »

In this ever changing current business environment, organizations are exposed to several unforeseen situations. If favourable, it can leapfrog organizations to prosperity. Similarly, if unfavourable, it can have a detrimental effect on organizational objectives. Uncertainty can be caused by anything. Hence, the need to deal with such uncertainties and balance the effect of each becomes paramount. Risk can be either threats or opportunities or both. For example, in an office move project, a possible threat could be an increase in real estate prices due to increase in demand whereas an opportunity could be to contract with suppliers on favourable leasing terms. Hence, threats should be avoided or reduced and opportunities should be maximised.

Risk Management, which is the identification, assessment and prioritized control of uncertain events, should be deeply embedded in the organizations way of working. At the least it should be practiced while managing projects. PRINCE2, a popular project management method details how risks can be managed effectively. PRINCE2 details the steps involved in the risk management procedure as Identify, Assess, Plan, Implement and Communicate with the communicate step running in parallel to the other 4 steps which run sequentially.

These steps are iterative in nature and when additional information is available, it may be necessary to revisit earlier steps. The steps described provide a sound understanding of the tasks which needs to be carried out and any techniques which can be adopted. For instance, the assess step involves 2 sub-steps: Estimate and Evaluate. The estimate step proposes that each risk should be assessed for probability, impact and proximity without neglecting the stakeholders’ viewpoint. The evaluate step assess the net effect of all threats and opportunities on a project when aggregated together and whether the project has continued business justification. It also lists some examples of techniques such as Monte Carlo analysis or Expected monetary value which can be used to evaluate risks. It provides guidance on the possible risk responses which can be carried out and the aspects of risks which these responses can control. It goes a step forward and explains the need of a risk budget which is used to fund risk responses and that it is a combination of budget set aside for known risks and provisions for unknown risks. PRINCE2 also provides templates for the Risk Management Strategy, an approved reference document maintained as part of a project which contains all necessary information required to manage project risks and the Risk Register, where information regarding specific risks are documented for the various stakeholders.

Read the rest of this entry »

Risk has always been a part of business, whether it is related to investment in new technology or taking on board a new vendor. There is a risk factor in all daily decisions. Standards have been applied for a long time as a tool to reduce risk and assist better decision making. ISO 14001 helps companies deal with environmental risk, ISO 27001 offers companies a way to manage information security risk and ISO 9001 is all about quality.

London was the victim of terrorist attacks three years ago, hurricane Wilma and Katarina shook USA and tsunami devastated Indonesia. It seems that every month a new type of threat shows up. Today, companies need to start thinking about the swine flu as a threat to business continuity. Most recent news states that the flu virus may mutate into a drug resistant dangerous illness. So we have to hope for the best but be prepared for the worst. The H1N1 virus started a chain of events which greatly affected the world economy. Based on those facts it is not strange that risk management and business continuity are issues frequently seen in the media. Despite an increased awareness of these things, companies continue to expose themselves to unnecessary risk by not organizing protection for their information systems and preventing disruptions in their supply chain.

Surveys reveal a direct correlation between the level of implementation of information security standards within an organization and how prepared that organization is for dealing with security incidents. A survey conducted by British Standards Institution (BSI) found that 78% of companies that have implemented security standards feel they are ready for security attacks compared to 28% of e companies that have not implemented information security standards.

Additionally 71% of companies that have implemented information security standards feel they are ready to deal with incidents in their supply chain compared to 43% that have not implemented information security standards.

The same survey also revealed that many companies realize the benefits of implementing standards yet they don’t do anything about it. 87% of senior management acknowledged that with increased outsourcing, the importance of implementing information security standards increase as well. Such standards provide greater assurance that an outsourcing provider is operating at a certain level of quality.

Knowing this, it is difficult to understand the relaxed approach of companies who are not applying Information Security Standards. It is important to realize that business continuity plans are not limited to systems and information technology within the organization.

Business continuity deals with all aspects of the business, from staff to buildings and vendors. It also addresses legal reaction and communication in the aftermath of an incident.

Insecure situation.

It is in fact the holistic risk management that matters. Some say that risk management is a subsector in business continuity planning i.e. all risk means a threat to continuous business.
Not everybody agrees on that. There are many managerial and business issues (such as theft of intangible assets, delayed payments, and changes in plans) which belong to risk management in the broad spectrum, though not related to business continuity directly.

Risk management deals with the basic elements that make a business function. Plans on business continuity are an important factor in business. Through business continuity plans, companies strive to analyze what needs to be done before and after an incident occurs to ensure the safety of staff, property and systems. Plans on business continuity also shed light on the knowledge that is required to keep the business running, and to deal with issues regarding the company’s reputation.

Business continuity plans is a holistic managerial process which create an environment to protect the company from possible negative incidences. They are not limited to one division or a vendor but needs to be considered for the entire company. The key element in risk management is good business continuity plans that protect the business, its reputation, goodwill and trademarks.

Business continuity is a framework dealing with knowledge management, health, safety, crisis management and Public Relations.

There are many reasons why companies should start thinking about risk management and particularly business continuity plans. Corporate management is about demonstrating good risk management and thus good management practices. For companies listed on the stock market it is especially important to be prompt in establishing risk management practices. Successful business continuity management can bring enormous benefits to a company in such cases as when there is a need to verify responsibility to multiple parties. It can create goodwill, and increase a company’s chances of survival.

Read the rest of this entry »

The Definition of Risk Management

Risk management is a management practice that helps identify risks, in order to minimize loses. It is a logical method used to identify, analyze, resolve and continuously monitor the risks in an organization. Risk means everything that can impede an organization from functioning well and from achieving its plans. It is anything that can cause harm to the company’s employees, assets, or clients. Risk management is a process used in both private and public institutions, in varied fields of activity, in finances, etc.

Risk management is a standardized process that includes several steps. It begins, as a first step, by identifying the risks. The next step is to analyze them, then resolve them. The final step is the continuous monitoring of the risks in that organization.

The first step, identifying the risks, needs to be considered in the organization´s business context. Depending on the nature of the business, there are particular risks that may emerge. That is the reason why, when working to identify them, professionals need to take into account the business context where the management processes occur. The probability and the frequency of the appearance of a risk need to be evaluated. Also, the impact it has on the organization needs to be determined.

The next step is the analysis. This is also called risk assessment. Risks need to be evaluated both from a qualitative and a quantitative perspective. Now that they have been identified, it needs to be determined which risks are most likely to occur, and also which ones will have the most severe consequences. These would be the most dangerous to the organization. These risks need to be prioritized also according to the costs they may cause to the organization. Risk levels must be defined, according to how severe their impact is. The levels are high, moderate and low. A high level means a damaging effect to the organization, so measures must be taken at once to resolve the problem. A moderate level means a less devastating consequence, while a low level indicates a risk that may not be important to deal with. In this case, management needs to decide if it is worthy to allocate time and money resources to solve the situation or not.

In risk management procedures, the high level risks should be handled first, while the ones with lower probability of occurrence and less impact should be handled next. Organizations need a risk management plan that details the procedures used as solutions. Risk management consultants may help you create this plan and the best solutions to deal with any problems you may face.

The last step needs to be continuously performed. In an organization, risks do not stay the same. The general business environment changes, the regulations change, the company changes, so new problems may appear, while others will go away. The strategies need to be continuously reviewed and adapted to the new circumstances.

Read the rest of this entry »

Constructing something is never an easy task. It requires elaborate planning, a lot of effort and a lot of time and energy is spent along the way. Imagine you spend all your time making the perfect construction plan, only to find out that it involves some heavy risks. This is where Construction Risk Management comes in, which would guide you of the risks involved in the environment you are working in and the project you are working on.

This kind of risk management has become increasingly popular and now most construction companies make it a point that they hire experts who would look at all the risks involved in a particular construction project, in order to avoid accidents and other damages to the project and to the people involved in that project. It is not a simple process and it requires careful observations of all the things, involved in a construction project, like the place where the thing is going to be constructed, the material used for the construction, the machinery used for the construction so on and so forth.

One of the biggest advantages of this type of risk management is that it helps construction companies to formulate the right kind of insurance programs. Considering a situation where an actual accident does take place, the construction company would be ready with an insurance plan to handle the damage done. This type of management also helps in making sure that the project is finished within the allotted time frame and is within the budget.

People who offer this type of risk management service are primarily concerned with the safety of the people who actually involved in the construction and spend their time at the construction site. They make sure that on site incidents should not happen. They make sure that the each employee who is handling particular machinery or a tool, knows how to operate it, correctly. They also provide instructions to the employees to be ready for any emergency situation.

Like all the other types of risk managements, this type, too, is focused on identifying the risks which are involved in a construction project, making plans to manage those risks, having back up plans if something does not work out or something goes wrong and making the employees emergency ready, so that they may not panic during an actual emergency situation. So, it’s time to take the right decision and choose the best services for the safety of your property.

Read the rest of this entry »