If this year, 2020, has taught us anything, it is that risk is a part of life for humankind. The sooner we come to terms with it, identify the cause, plan and strategise to arrive at effective counter-measures, the greater our chance to survive and prosper!
What is risk?
Organisations have a number of internal and external factors that make it uncertain to meet their vision, missions, values, goals and objectives. These uncertain conditions that persist are collectively termed “risks”.
In general, our tendency is to try avoiding risks as a lot of these instances can lead to negative outcomes, but there can also be positive ramifications of risk. The positive results are an outcome of companies being able to capitalise on the opportunities presented by the risk.
Identifying negative risks and avoiding them, while at the same time being able to take advantage of the opportunities presented by positive risks can be a daunting task for a manager, as a wrong call might result in great loses or a missed opportunity for greater growth.
Risk is a future uncertain event and being able to predict the event and putting in place solutions or strategies to either avoid or take advantage of the event is what risk management is all about. But every organisation’s appetite for risk is different and that is usually directly dependent on the tolerance an organisation might have towards risk.
So, what are risk appetite and risk tolerance?
We have all heard the saying “no risk, no reward”. Taking big risks could lead to big losses, or conversely, could lead to greater rewards.
The risks which are identified as opportunities should be low hanging fruits to deal with and to reap their benefits.
Risk appetite is the willingness of an organisation to take risks, while risk tolerance refers to how much risk an organisation can bear.
According to Douglas Hubbard (The Failure of Risk Management: Why It’s Broken and How to Fix It) – Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.
Risk management can and should be implemented across any industry or vertical, such as project management, operations, finance, military, medical, etc. Like any other department in an organisation, the risk management team should ensure that it is able to justify its costs by first creating value for the organisation by becoming an integral part of the strategy and decision-making process of the organisation. The team should be responsive to changes (both internal and external), systematic and process oriented about their analysis, transparent about their processes, and capable of adapting and growing.
Effective implementation of risk management will provide an organisation with
- Early warning to potential risk due to uncertain events
- Better decision making through a good understanding of risks and their likely impact
- Effective allocation of resources
- Reassuring stakeholders
Risk management can be broken down in five basic steps
- Plan – A risk management plan specifies the management’s intent, systems, and procedures required to manage risks, roles and responsibilities, and tools to be used in identifying risks. The plan will specify how the following four steps are to be executed by the organisation.
- Identify – Identify the potential risks, their causes and their potential consequences. This is usually done by a team of subject matter experts using methods such as brainstorming and tools like SWOT analysis, flow diagrams, Ishikawa diagrams, etc.
- Analyse – Once you have identified the potential risks, analyse them using either qualitative (a subjective analysis that is quick and easy to implement using tools like matrices probability and impact matrices) or quantitative (a detailed and time intensive analysis of risk using tools such as expected monetary value analysis, Monte Carlo analysis, decision tree, etc.) methods to classify them as high, medium, and low priority risks. Organisations may not have the resources to plan for all the risks and might be able to accept some risks without action, some with only periodic monitoring, and finally, some with a detailed action plan to take advantage of or to all together avoid the risk event.
- Plan a response – Depending on the priority of the risk, a strategic response needs to be planned, and resources allocated with the goal of reducing the impact of negative risks, and capitalising on the impact of positive risks. Some of the strategies are avoid/transfer/accept/exploit.
- Monitor and control – Nothing in this world is static, change is the only constant. Risk monitoring and control should be an ongoing and continuous process. A change in external or internal conditions might result in a low priority risk evolving into a high priority risk or a high priority risk devolving into a low priority one. By monitoring them you will not be caught unprepared!
This is why, not only is risk management an important module in a number of our online master’s degree programmes, but we also offer, through an exclusive partnership with the University of Salford, UK, a 100% online M.Sc. programme in MSc Fraud and Risk Management.
You can also chat LIVE on WhatsApp with one of our Education Advisors for more information on the programmes we offer, the application process, and for information on discounts we might be offering at this time.