Business of any kind without risk is unthinkable. The market trends and dynamics being variable, fluid and uncertain, make it extremely difficult for the managers and the entrepreneurs to exactly calculate their chances of success given as set of market trends. Generally, the assessment of risk is vaguely ascertained hoping things would improve – but the market dynamics are seldom friendly and any casual homework can land one in serious trouble – which may span from lost opportunities for the future, business losses, capital losses, loss of one’s as well as company’s reputation. Still worse, people suffer from heart attacks on the news of market crash and may sometimes lose their lives as well. Therefore, before entering into any venture, one must very elaborately calculate each step of the entire plan before execution.
ISO 31000 defines Risk as the effect of uncertainty on objectives (whether positive or negative). Risk management can also be defined as a practice of systematically selecting cost effective approaches for minimizing the effect of threat realization to the organization. All risks can never be fully avoided or mitigated simply because of financial and practical limitations. Therefore all organizations have to accept some level of residual risks. So a manager must ascertain and identify, assess and prioritize RISKS involved in a project while planning and then must work out a detailed methodology to ensure minimization of risk, and keeping contingency planning at hand to apply timely corrections to avert a situation before it gets out of hand.
The failure to achieve the desired output can be attributed to both internal and external factors and forces. Internal factors include lack of forethought, incorrect market reading, lack of contingency planning, unawareness of ones resources, strengths and weaknesses and inability of the team to properly comprehend the entire project. While the external factors can be many: uncertainty in financial markets, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary. Any miscalculation would result into the project failure.-->
Since “risks” have to be minimized, it has to be applied to every facet of the business. From project management to technical matters like the industrial process, financial matters, security, engineering, HR, safety or other related matters. The strategies to manage risk include avoiding the risk in the first place, reducing the negative effect of the risk, transferring the risk to another party, and be ready to take the responsibility of the consequences in case things go wrong.
Ideally speaking, whenever taking an assignment, either the projects involving greater risk be shelved altogether. But if the risk is to be taken, owing to other positive indicators, then risks with the greatest loss and the greatest probability of occurring should be handled first, followed by risks with lower probability of occurrence and lower loss. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be disastrous.
The methodology to Risk Management generally includes the following format:-
- Identification (of the character and threat)
- Assessment (of the vulnerability of critical assets to specific threats)
- And most importantly, the Determination of the Risk (which should include the expected consequences of specific types of attacks on specific assets)
- Methodology and strategy to reduce the expected risks
- Finally, The Prioritization of the risk reduction measures based on the already thought-out strategy
We shall continue to talk more on Risk Management in our future posts.
: Why Risk Management is Vital? Reading