Independent work by Nabieva Feruza Theme: Methods of risk management in companies

Different methods of risk management

Download 350,81 Kb.

Pdf ko'rish

bet	10/11
Sana	20.04.2020
Hajmi	350,81 Kb.
	#45907

1 2 3 4 5 6 7 8 9 10 11

Bog'liq
Risk and insurance INDEPENDENT WORK

2. Different methods of risk management

In ideal risk management, a prioritization process is followed whereby the

risks with the greatest loss (or impact) and the greatest probability of occurring are

handled first. Risks with lower probability of occurrence and lower loss are handled

in descending order. In practice the process of assessing overall risk can be difficult,

and balancing resources used to mitigate between risks with a high probability of

occurrence but lower loss, versus a risk with high loss but lower probability of

occurrence can often be mishandled.

Intangible risk management identifies a new type of a risk that has a 100%

probability of occurring but is ignored by the organization due to a lack of

identification ability. For example, when deficient knowledge is applied to a

situation, a knowledge risk materializes. Relationship risk appears when ineffective

collaboration occurs. Process-engagement risk may be an issue when ineffective

operational procedures are applied. These risks directly reduce the productivity of

knowledge workers, decrease cost-effectiveness, profitability, service, quality,

reputation, brand value, and earnings quality. Intangible risk management allows

risk management to create immediate value from the identification and reduction of

risks that reduce productivity.

Opportunity cost represents a unique challenge for risk managers. It can be

difficult to determine when to put resources toward risk management and when to

use those resources elsewhere. Again, ideal risk management minimizes spending

(or manpower or other resources) and also minimizes the negative effects of risks.

Risk is defined as the possibility that an event will occur that adversely affects

the achievement of an objective. Uncertainty, therefore, is a key aspect of risk.

Systems like the Committee of Sponsoring Organizations of the Treadway

Commission Enterprise Risk Management (COSO ERM), can assist managers in

mitigating risk factors. Each company may have different internal control

components, which leads to different outcomes. For example, the framework for

ERM components includes Internal Environment, Objective Setting, Event

Identification, Risk Assessment, Risk Response, Control Activities, Information and

Communication, and Monitoring.

For the most part, these methods consist of the following elements, performed,

more or less, in the following order.

1. Identify the threats

2. Assess the vulnerability of critical assets to specific threats

3. Determine the risk (i.e. the expected likelihood and consequences of specific

types of attacks on specific assets)

4. Identify ways to reduce those risks

5. Prioritize risk reduction measures

There are numerous different techniques available to assist in risk management

and it is important to ensure that the correct techniques are selected and used. None

of these are totally unique to P3 management; what is unique is the context in which

they are employed. Identification techniques draw on various sources of

information. Identification of risks from previous projects, programmes and

portfolios involves looking at lessons learned reports and risk registers. In more

mature organisations these may have been collated and structured in the form of

checklists and prompt lists. A P3 manager can then use these lists as an aide memoire

to instigate identification of risks before moving on to other techniques.

Identifying risks through stakeholders and team members can be on a one-to-one

basis or in groups. Individuals with specific knowledge or expertise may be

interviewed. Groups can be brought together for brainstorming sessions or

coordinated through a ‘Delphi’ process. Since risk is inherent in all aspects of P3

management, risks will be revealed through many other P3 management processes.

Stakeholder management will identify risks associated with stakeholders, solutions

development will highlight technical risks, schedule management will identify risks

with delivery methods, and so on. Risk identification is a component of all P3

management processes. Techniques for assessing risks fall into two categories;

qualitative and quantitative.

Qualitative risk assessment focuses on individual risks and is based on educated

opinion and expert judgement. Qualitative techniques include probability and impact

assessment, influence diagrams and expected value calculations. Quantitative risk

assessment focuses on overall risk and is based on more numerical approaches.

Typical quantitative techniques include Monte Carlo analysis, decision trees and

sensitivity analysis. Planned responses to risks vary according to whether the risk is

a threat or an opportunity. The possible responses to threats are to avoid, reduce,

transfer or accept them. These responses act differently on the probability that a risk

will occur and the impact it will have on objectives. If the risk is an opportunity, the

possible responses are to exploit, enhance, share or reject it. The two sets of

responses are fundamentally the same, but tailored to minimise the detrimental effect

of a threat or maximise the beneficial effect of an opportunity. There is no one size

fits all approach to the selection of techniques and they will be of most value when

selected to match the context in which they are deployed. The cost, benefits and

potential difficulties of using particular techniques should be understood. For risk

management to be successful, a complementary and cost-effective suite of

techniques should be chosen for each project, programme or portfolio.

Project

All the techniques are applicable to projects, but smaller projects can usually only

justify the simpler techniques with a lower management overhead. Large or complex

projects will need to apply the more sophisticated techniques. The resources needed

to implement these must be included in the risk management plan and the cost

implications included in the budget.

Programme

The programme risk management plan will outline the use of techniques in its

component projects. It is vitally important for the programme to set guidelines to

ensure consistency. Without consistency, it is difficult to aggregate risk from the

component projects and business-as-usual to get a value for the overall risk of the

programme. All identification and response techniques are applicable across the

programme, but it is impractical to apply some quantitative assessment techniques,

e.g. Monte Carlo analysis, at the programme level.

Portfolio

Portfolios will establish common guidelines for using risk management

techniques but are also able to develop long-term attitudes and behaviour that ensure

that they are used appropriately. Portfolios are directly affected by the external

environment. They need to identify risks from the broadest range of sources and may

utilise techniques such as PESTLE to assess the external sources of risk. The risk

efficiency technique has been established in financial portfolios for many years. The

term ‘balanced portfolio’ applies equally well to a portfolio of projects and

programmes as it does to stocks, shares and other investments. This is an important

technique during the ‘balance’ phase of the portfolio life cycle.

Download 350,81 Kb.

Do'stlaringiz bilan baham:

1 2 3 4 5 6 7 8 9 10 11