By: Mohamed Sanih, Gn. Fuvamulah, Maldives
What is Risk Management?
Organization should be able to identify and mitigate risks prior to their occurrence and have a strategy in place to deal with most possible scenarios or outcomes, where the probability of such risk occurring is high or medium.
Improper or poor handling of a major risk incident within an organization could ultimately result in it's failure or demise.
This article will be useful for students studying the ACCA P1 Paper: Governance, Risk and Ethics.
Various Definitions of Risk Management exist and i am going to highlight a few which i came across during my research:
Risk can be defined as:
- Hazards / Safeguards (Hazards over safeguards or controls in place within the organization)
- Likelihood / Consequence (Likelihood of its occurrence Vs. the consequence of such an incident happening)
- From Wikipedia: Risk is any particular type of hazard (H), which is equal to probability (P) multiplied by it's consequence (C) of occurring. (H)= (P)*(C)
- Risk= Uncertainity*Consequence. Risk can be also defined as the potential uncertainity of something occurring and the subsequent consequence of such hazard.
Best tool to measure risk management within an organization is the Risk Matrix:
Let's define some the terms mentioned above:
Likelihood of Occurrence: is the probability of such an incident occurring within the organization.
Negligible: means we can either ignore it or the incident is very minor and not of material value.
Marginal: means, several minor injuries or loss to the company and is not very material.
Critical: means: death of an employee or worker with a major loss or public or media backlash to the organization.
Catastrophic: is when the company will file for bankruptcy or there is several deaths of employees and the recovery process from such an incident is unlikely and will result in the ultimate demise of the company.
Now the question arise:
How do we mitigate such risk? Or
Minimize / Reduce such risk within an organization?
The best approach is the TARA model, where we can either Transfer, Avoid, Reduce or finally Accept such risk by the company.
TARA can be best described as:
T: Transfer the risk if: High probability * Low impact
A: Avoid the risk if: High probability * High impact
R: Reduce the risk if: Low probability * High impact
A: Accept the risk if: Low probability * Low impact
Transfer of Risk: occurs when an company wants to wholly or partly transfer the risk to another party e.g. third party and so that in the event of an adverse consequence the organizational doesn't suffer a loss or damage. And the third party bears the loss or damage.
Example: of an transfer of a risk by the company is by taking out an insurance policy for protection against possible losses.
This is an company strategy where the risk is shared, and this can also be done via the use of joint-ventures or franchises where the business risk is shared or transferred.
Avoidance of Risk: A company can choose to avoid an risk by not investing in an risky venture or business proposal or area completely or in the case of non-profit organizations the activities they undertake.
Business risk is unavoidable in joint ventures or franchises however, as mentioned above they can be avoided only by not investing in an risky venture or business proposal or area.
Reduction of Risk: Risk can be reduced in three possible ways which is by:
- Risk Minimization: Organizational controls implemented to reduce risks but this will not prevent them from happening. However, this will reduce the risk of impact.
- Risk Pooling: Pooling of risks is to combine the business risk from various transactions and some make a loss and some make a profit. Although they are treated as part of the same portfolio of risks and overall risks or loss or profit is measured. A typical example can be a stock market portfolio or various company shares traded on a stock exchange, where some make a loss but others may make a profit but the overall portfolio makes a profit or gain for the organization and by the combining the risks of the portfolio or pooling of risks the potential loss for the company is reduced.
- Reduce the Financial Risk: Techniques such as hedging can be used to avoid a future loss or risk for the organization. Example: In negotiating a long term contract with a client we can have a fixed price in order to avoid market volatility and eliminate or reduce the price risk with reasonable price variation clauses for the benefit of the other party.
- Forward exchange contracts and fixed price contracts for transactions which occur in the future are commonly use for the purchase or sale of business currency transaction one for another.
Acceptance of Risk: The last option is to simply acceptance of such risk and the possibility of it occurring. The organization should have a proper plan and strategy in place for dealing with such risks.
Acceptance of risk occur when the damage to company is minimal or is negligible and can be ignored or accepted. This can be best evaluated via the risk matrix shown above.
Examples of Acceptance of Risk are:
Employee being absent to work, there is an always an risk of an employee being absent to work or not coming to work. This is an risk which the company has to accept and have a tolerable level against.
Another example can be a change in weather or if it rains or snows, there is always a risk of change in weather, according to monsoons and seasons, unless the business cannot operate when the weather is bad, the risk is normally not insured against.
Acceptance of risk occur when the damage to company is minimal or is negligible and can be ignored or accepted. This can be best evaluated via the risk matrix shown above.
Examples of Acceptance of Risk are:
Employee being absent to work, there is an always an risk of an employee being absent to work or not coming to work. This is an risk which the company has to accept and have a tolerable level against.
Another example can be a change in weather or if it rains or snows, there is always a risk of change in weather, according to monsoons and seasons, unless the business cannot operate when the weather is bad, the risk is normally not insured against.
Creating an Risk Management Strategy & Map
It is critical and vital to an organization that they have adequate and appropriate internal controls and a proper risk management strategy in place, which ensures the long term success of the company.
A company should always consider the following Macro Risk Factors, best analyzed through an PESTEL analysis, when considering company risk management strategy:
The company should also consider the Risk Factors within their Industry and this can be best analyzed through Porter's five forces:
The company should also consider the Risk Factors within the company and this can be best analyzed through SWOT Analysis:
Organization Risk Map:
This can be useful way to determine the risk factors and areas within an organization, below is another example of an TARA Map:
TARA: Transfer, Avoid, Reduce or Accept risk by the company:
Sources:
http://smallbusiness.chron.com/business-risk-measurement-methods-68122.html
https://www.mindtools.com/pages/article/newPPM_78.htm
http://kfknowledgebank.kaplan.co.uk/KFKB/Wiki%20Pages/Risk%20management.aspx
https://en.wikipedia.org/wiki/Risk_matrix
http://www.hkarms.org/web_resources/20101116_risk_matrix_hkieb_print.pdf
http://www.brighthubpm.com/risk-management/88566-tool-for-assessing-project-risk/
No comments:
Post a Comment