What is Risk Management?
2 Jan 2019 | Strategy & Risk
“Risk comes from not knowing what you’re doing.” – Warren Buffett
Why take risk?
Risk is an uncertain future event or condition, which, if it happens, affects a mission’s objective. So why take risk? What can sometimes be pushed into the background is the fact that taking risks can have positive or negative effects, and there is always a balance between risk and rewards. Generally, more risks lead to more rewards, but that is not always true.
All types of businesses and organizations face some form of risk (internal and external), which may affect their chance of success. Understanding these risks and effectively managing them helps organizations in achieving long-term success.
Why risk management matters: Navigating the future
Risk management refers to the process of identifying, analyzing, and responding to risk factors that may occur in the lifetime of a project, followed by a coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. If risk management is done properly, it can prevent potential threats by controlling future events.
Suppose that a new technology is needed to carry-out a task in a project. The project manager sets up a six-month plan. However, the technical team believes that at least nine months are required. If the project manager is innovative and acts in a quick manner, the project team will immediately develop an emergency plan. In this case, the issue of time will be resolved before the deadline.
Otherwise, if the project team lacks an emergency plan, the project is doomed to fail. While most of the work is still unfinished, the deadline for completing the project will come to pass, and only then the project manager will think of an emergency plan. In this case, a lack of risk management means that the team members’ time has been wasted.
Risk Management Systems can help to identify risk and the degree of effect it has on the project or business. Acceptance or non-acceptance of risk usually depends on the tolerance level of the project manager or the risk appetite of the organization.
How to effectively manage risk
The risk management process has six steps:
● Risk Identification
● Risk Analysis
● Risk Evaluation
● Risk Response
● Risk Monitoring
The first step is to identify, recognize and describe risks that might affect the project or its outcomes. This is a systematic and methodic process, best done in a group environment. A large number of people participate in this process, including management, employees, customers, and other stakeholders.
Once risks are identified, the probability and consequences of each risk is determined. Risks are analyzed to set priority and the focus should be on high priority risks. There are two ways to perform risk analysis: qualitative and quantitative. Qualitative risk analysis is a subjective risk analysis and is quick and easy to perform in comparison to quantitative analysis, which is more detailed, time-consuming and analytic. There are various qualitative and quantitative methods and tools one can use to find project and business risks. Qualitative examples are brainstorming, interviewing, reviewing historical records, expert judgement, and quantitative examples are Expected Monetary Value (EMV) analysis, Monte Carlo analysis and Decision Tree.
In the evaluation step, one determines the magnitude of the risk, which is the combination of the risk and the likelihood. Decisions need to be made on whether the risk is acceptable or whether it is serious enough to require action.
In the fourth step, risk response, highest-ranked risks are assessed, and a plan is set out to treat each one. This plan should include how to minimize the likelihood of the negative risks, but at the same time enhancing the opportunities. Risk mitigation and transfer strategies and contingencies are planned in this step.
In the last and final step, all the prior four steps are monitored, tracked and reviewed. In this step, not only new risks are identified, but irrelevant risks are removed.
Signs of effective risk management
One cannot cover all risks because of limited resources. For a risk management process to be effective, it should:
● Create value
● Be performed systematically
● Be an integral part of an organizational processes
● Be transparent
● Be responsive to change
● Be capable of continual improvement and enhancement
● Be continually or periodically re-assessed
Benefits of risk management
Effective risk management brings a whole range of benefits for businesses. These include:
● The cost of capital
● The cost of insurance
● Rating agency approval
● Client and supply chain approval
● Regulatory compliance
While it is evident that risk needs to be addressed before the start of a project and business, sometimes this is not done by businesses or one risk was not considered by the risk management team. In such cases, businesses can seek the help of risk experts that have dealt with such risk in the past and know the solution to act in a fast manner.
Strategy & Risk
To capitalize on new opportunities, a strong strategy needs to keep pace with rapid change while navigating risk with foresight and confidence.
Nima Noghrehkar | Senior Consultant
Nima focuses on strategy, stakeholder mapping, due diligence and geopolitical analysis to realize potential in companies and individuals. Read more
What did you learn from 2019 – and how to slide into 2020.
What geopolitical shifts are happening from China to West Asia and Europe? And what future opportunities exist in Eurasia?
Following an analysis of recent Iran-US relations, possible scenarios and signposts for 2020 are discussed.
Sign up to receive the Eunepa Quarterly.
Eurasian Nexus Partners
Office: +43 1 996 2078