Global searching is not enabled.
Skip to main content
Page

Practices of Risk Management

Completion requirements
View

For the most part, theories and practices of risk management consist of the following elements, performed, more or less, in the following order.

Risk management should...

Step 1: Identify Risk

The first stage of a risk analysis is to identify threats facing you…

Human - from individuals or organisations, illness, death, etc.

Operational - from disruption to supplies and operations, loss of access to essential assets, failures in distribution, etc.

Reputational - from loss of business partner or employee confidence, or damage to reputation in the market.

Procedural - from failures of accountability, internal systems and controls, organisation, fraud, etc.

Project - risks of cost over-runs, jobs taking too long, of insufficient product or service quality, etc.

Financial - from business failure, stock market, interest rates, unemployment, etc.

Technical - from advances in technology, technical failure, etc.

Natural - threats from weather, natural disaster, accident, disease, etc.

Political - from changes in tax regimes, public opinion, government policy, foreign influence, etc.

This analysis of threats is important because it is so easy to overlook important threats. One way of trying to capture them all is to use a number of different approaches:

  • Run through a list such as the one above, to see if any apply.
  • Review the systems, organisations or structures you operate in, and analyse the risks identified.
  • See if you can see any vulnerabilities within these systems or structures.
  • Ask other people who might have different perspectives.

Step 2: Estimate Risk

Once you have identified the threats you face, the next step is to work out the likelihood of the threat being realised and to assess its impact.

One approach to this is to make your best estimate of the probability of the event occurring, and to multiply this by the amount it will cost you to set things right if it happens. This gives you a value for the risk.

Step 3: Determine Ways to Reduce the Risk

Once you have worked out the value of risks you face, you can start to look at ways of managing them. When you are doing this, it is important to choose cost effective approaches - in most cases, there is no point in spending more to eliminating a risk than the cost of the event if it occurs. Often, it may be better to accept the risk than to use excessive resources to eliminate it.

Risk may be managed in a number of ways:

Step 4: Review

Once you have carried out a risk analysis and management exercise, it may be worth carrying out regular reviews. These might involve formal reviews of the risk analysis or may involve testing systems and plans appropriately.

Click here to view a video about the risk management process steps.