Faculty of Engineering & Technology

Mechanical Engineering
Department

RISK MANGEMENT

Student Name: salem sobhy Student ID:20182734

Dr. DINA MAHMOUD MANSOUR

T.A: Eng. SHROUK AWAD
 Introduction
What is risk management?

the process of discovering, evaluating, and controlling risks to an organization's

resources and profits is known as risk management. These dangers can be caused
by a number of things, such as monetary unpredictability, legal responsibilities,
technological problems, strategic management blunders, accidents, and natural
calamities.
An effective risk management programmed aids a business in taking into account
all potential risks. The relationship between risks and the potential negative
cascade effects on the strategic objectives of an organization are also examined by
risk management.
Due to its focus on predicting and comprehending risk across a business, this all-
encompassing approach to risk management is occasionally referred to as
enterprise risk management. Enterprise risk management (ERM), in addition to
concentrating on internal and external threats, highlights the need of managing
positive risk. Positive risks are chances that, if taken, might boost a company's
worth or, alternatively, hurt it. Any risk management program's goal is, in fact, to
protect and enhance corporate value by taking calculated risks rather than to
completely eradicate all risk.
"In order to avoid risk, we don't manage it. We manage risks so that we can
determine which risks are worthwhile, which ones will help us achieve our goals,
which ones will even pay off for us to take them "Alla Valente, a senior analyst at
Forrester Research and an expert in governance, risk, and compliance.
Consequently, an organizational strategy should be integrated with a risk
management program. Risk management executives must first determine the
organization's risk appetite, or the level of risk it is ready to bear in order to
achieve its goals, before they can link them.
Finding out "which risks fall within the organization's risk appetite and which
require more controls and measures before they are acceptable" is a difficult
process, according to Mike Chapple, senior director of IT at Notre Dame
University, in his paper on risk appetite vs. risk tolerance. Accepting some dangers
won't require any more action. Others will either be completely avoided, shared
with another party, or transferred to them.

Why is risk management important?

Perhaps never before has risk management been more crucial than it is right now.
Because of the quickening speed of globalization, the risks that contemporary
organizations face have gotten more complicated. The widespread usage of digital
technology nowadays has led to the ongoing emergence of new threats. Risk
specialists have nicknamed climate change a "threat multiplier."

The coronavirus pandemic, a recent external risk that initially appeared as a supply
chain issue at many businesses, quickly developed into an existential threat that
affected the health and safety of their employees, the means of conducting
business, their capacity to engage with customers, and their reputations.

Businesses quickly modified their operations in response to the pandemic's threats.

However, they are currently debating new concerns, such as how or if to send
workers back to the office and what steps should be taken to make their supply
networks more resilient to crises.
Risk management process
Numerous bodies of knowledge that describe the steps that organizations must take
to manage risk have been released by the risk management discipline. The ISO
31000 standard, Risk Management Guidelines, created by the International
Organization for Standardization, or ISO, is among the most well-known sources.
ISO's five-step risk management process comprises the following and can be used
by any type of entity:

1. Identify the risks.

2. Analyze the likelihood and impact of each one.
3. Prioritize risks based on business objectives.
4. Treat (or respond to) the risk conditions.
5. Monitor results and adjust as necessary.
Although the processes are simple, risk management committees should not
undervalue the amount of work needed to complete the procedure. It starts with
having a thorough understanding of what drives the organization. The ultimate
objective is to create a system of procedures for identifying the risks that the
organization faces, their likelihood and effects, how each one relates to the
maximum risk the organization is willing to take, and the steps that should be taken
to protect and enhance organizational value.
According to Witte, it's critical to realize that by definition, anything is only a risk
if it has consequences. For instance, according to recommendations from the NIST
Interagency Report (NISTIR 8286A) on identifying cybersecurity risk in ERM, all
four of the following conditions must be met for a negative risk scenario.
1. a valuable asset or resources that could be impacted;
2. a source of threatening action that would act against that asset;
3. a preexisting condition or vulnerability that enables that threat source to
act
4. some harmful impact that occurs from the threat source exploiting that
vulnerability.
Risk management limitations and examples of failures
Failures in risk management are frequently blamed on blatant negligence, blatant
irresponsibility, or a string of unlucky circumstances that no one could have
foreseen. But as technology journalist George Lawton noted in his analysis of
frequent risk management blunders, risk management gone wrong is more
frequently caused by avoidable errors — and standard profit-chasing. Here is a list
of errors to keep away from.
Poor governance. Even the biggest bank in the world can mess up risk
management, despite having updated policies for pandemic work conditions and
numerous controls in place, as evidenced by the 2020 tangled tale of Citigroup
accidentally repaying a $900 million loan, using its own money, to Revlon's
lenders when only a small interest payment was due. Although there were
instances of human mistake and clumsy software, a judge finally decided that weak
governance was to blame. U.S. regulators imposed a $400 million penalties on
Citigroup in exchange for its agreement to update its internal risk management,
data governance, and compliance procedures.
Overemphasis on efficiency vs. resiliency. If everything goes as planned, higher
efficiency can result in higher profitability. However, performing tasks consistently
in the same manner can lead to a lack of resilience, as businesses discovered during
the pandemic when supply networks collapsed. Things change constantly when we
consider the nature of the world, according to Valente of Forrester. So, while
efficiency is important, we also need to plan for all potential outcomes.
Lack of transparency. The incident involving the governor's office's exaggeration
of mortality from the coronavirus in nursing homes in New York is an example of
a widespread problem with risk management. Transparency problems can result
from data hiding, a lack of data, and siloed data, whether as a result of commission
or omission. Data is disconnected and owned by multiple executives, as risk expert
Josh Tesoro told Lawton, "Many processes and systems were not created with risk
in mind." Because the data is difficult to obtain, Tesoro noted that risk managers
frequently choose to ignore essential procedures in favor of the data that is readily
available to them.
Limitations of risk analysis techniques. A lot of risk analysis methods, such
developing a risk model or simulation, call on obtaining a lot of data. Large-scale
data collection can be costly and is not always reliable. Furthermore, if basic
indicators are utilized to depict complicated risk circumstances, the use of data in
decision-making processes may result in subpar results. Inaccurate outcomes might
also result from extrapolating a decision made for one minor area of a project to
the entire project.

Lack of risk analysis expertise. Cost-effective software systems can be created to

mimic potential unfavorable outcomes for a corporation, but appropriate
interpretation of the generated results also necessitates highly skilled employees.
Illusion of control. Organizations may mistakenly believe that they can quantify
and control all possible risk thanks to risk models. An organization might as a
result fail to consider potential unique or unforeseen dangers.