Professional Documents
Culture Documents
PART 1:
Understand the Nature of Risk
Identify and Prioritize Risks
Consider the Acceptable level of risk
Understand why risks become reality
Apply a simple risk management process
Risk Assessment and analysis
Risk management and control
Avoiding and mitigating risks
Create a Positive Climate for managing risk
Overcoming the fear of risk
• When identifying risks, it helps to define the categories into which they fall. This
allows for a more structured analysis and reduces the chances of a risk being
overlooked.
• Organizational Change – risks are triggered by, for example, new management structures
or reporting lines, new strategies and commercial agreements (including mergers, agency
or distribution agreements.
• Processes– New products, markets and acquisitions all cause change and can trigger
risks. The disastrous launch of “New Coke” by Coca- Cola was an even bigger risk than
anyone at the company had realized; it outraged Americans who felt angry that an iconic
US product was being changed. That Coca-Cola eventually turned the situation to its
advantage shows that can be managed and controlled, but such success is rare.
• People– Hiring new employees, losing key people, poor succession planning or weak
people management can all create dislocation, but the main danger is behavior:
everything from laziness to fraud, exhaustion and simple human error can trigger this
risk.
• External Factors– Changes to regulation and political, economic or social developments
can all affect strategic decisions by bringing to the surface risks that may have lain
hidden. The economic disruption caused by the sudden spread of the SARS epidemic
from China to the rest of Asia in 2003 highlights this risk.
If you plot the ability to control a risk against its potential impact, as shown in the
figure next slide, you can decide on actions either to exercise greater control over
the risk or to mitigate its potential impact. Risks falling into the top-right quadrant
require urgent action, but those in the bottom right quadrant (total/significant control,
major/critical impact) should not be ignored because complacency, mistakes and a lack
of control can turn the risk into a reality.
• Start by reducing or eliminating those risks that results only in costs: the non-trading
risks.
• These can be thought of as the fixed costs of risk and might include property damage
risks, legal and contractual liabilities and business interruption risks.
• Reducing these risks can be achieved through quality assurance programs, environmental
control processes, enforcing health and safety regulations, installing accident prevention
and emergency equipment and training people to use it.
• Taking security measures to prevent crime, sabotage, espionage and threats to people and
systems. Reducing a risk may also mean that the cost of insuring against it goes down.
• Everyone accepts that taking risks is needed to keep ahead of the competition.
• Consequently, employees need to understand better what the real risks are, to share
responsibility for the risks being taken and to see risk as an opportunity.
• Understanding how organization manage risk effectively is important but managing risk
is only one possible strategy.
• Another approach is to look for ways to use the risk to achieve success by adding value
or outstripping competitors –or both.
Additional information: