Risk Management
Essay Preview: Risk Management
Report this essay
The steps involved in managing risk
Establish Goals and Context
As outlined in the Risk Management process, the risk assessment is undertaken within the context of your goals. The identification / validation of your goals is therefore a critical first step in the risk management process.
Effective risk management requires a thorough understanding of the context in which your Department or Agency operates. The analysis of this operating environment enables you to define the parameters within which the risks to your outputs need to be managed.
The context sets the scope for the risk management process. The context includes strategic, organisational and risk management considerations. According to the Standard, strategic context defines the relationship between the organisations and its environment. Factors that influence the relationship include financial, operational, competitive, political (public perceptions / image), social, client, cultural and legal. The definition of the relationships is usually communicated through frameworks such as the SWOT (Organisational strengths, weaknesses, opportunities and threats) and PEST (Political, Economic, Societal, and Technological).
The organisational context provides an understanding of the organisation, its capability and goals, objectives and strategies. According to the Standard, organisational context is important because:
risk management occurs within the context of endeavouring to achieve the goals and objectives,
failure to achieve the objectives is one set of risks that need to be managed, and
the goals and strategies assist to define whether a risk is acceptable or unacceptable.
The risk management context defines that part of the organisation (goals, objectives, or project) to which the risk management process is to be applied.
Identify risks
Identify the risks most likely to impact on your outputs, together with their sources and impacts. It is important to be rigorous in the identification of sources and impacts as the risk treatment strategies will be directed to sources (preventive) and impacts (reactive).
Analyse risks
Identify the controls (currently in place) that deal with the identified risks and assess their effectiveness . Based on this assessment, analyse the risks in terms of likelihood and consequence. Refer to the Risk Matrix to assist you in determining the level of likelihood and consequence, and the current risk level (a combination of likelihood and consequence).
Evaluate risks
This stage of the risk assessment process determines whether the risks are acceptable or unacceptable. This decision is made by the person with the appropriate authority. A risk that is determined as acceptable should be monitored and periodically reviewed to ensure it remains acceptable. A risk deemed unacceptable should be treated (see below). In all cases the reasons for the assessment should be documented to provide a record of the thinking that led to the decisions. Such documentation will provide a useful context for future risk assessment.
Determine the treatments for the risks
Treatment strategies will be directed towards:
Avoiding the risk by discontinuing the activity that generates it, (rarely an option when providing services to the public),
Reducing the likelihood of the occurrence,
iii. Reducing the consequences of the occurrence,
Transferring the risk, and
Retaining the risk.
Potential treatment options are developed according to the selected treatment strategy. The selection of the preferred treatment options takes into account factors such as the costs and effectiveness.
The determination of the preferred treatments also includes the documentation of implementation details (eg responsibilities, a timetable for implementation and monitoring requirements).
The intention of these risk treatments is to reduce the risk level of unacceptable risks to an acceptable level (ie: the target risk level). Use the Risk Matrix to determine the expected reduction in level of risk (expected consequence, likelihood and Target risk level) resulting from the successful implementation of the treatment.
Monitor and report on the effectiveness of risk treatments
The relevant manager is required to monitor the effectiveness of risk treatments and has the responsibility to identify new risks as they arise and treat them accordingly. Managers are also required to report on the progress of risk treatments at regular intervals. The person who has the responsibility for a risk treatment is expected to provide feedback on the progress of