Professional Documents
Culture Documents
com/blog/risk-management-process
MODULE CONTENT
COURSE TITLE: Governance, Business Ethics, Risk Management,
TOPICS:
ASSESSMENT METHOD/S:
REFERENCE/S:
https://www.investopedia.com/
https://survey.charteredaccountantsanz.com/risk_management/small-
firms/monitor.aspx
Learning Objectives:
One of the most critical factors affecting the efficiency and effectiveness of the
organization’s risk management process is the establishment of an ongoing
monitor and review process. This process makes sure that the specified
management action plans remain relevant and updated. In today’s continuously
changing business environment, factors affecting the likelihood and
consequences of a risk are very likely to change also. This is even truer for factors
affecting the cost of the risk management options. It is therefore necessary to
repeat the risk management cycle regularly.
Besides being an extremely valuable information asset for the organization, the
records of such processes are an important aspect of good corporate governance
provided of course that they are in line with:
Continuous monitoring by the project risk manager and the project team ensures
that new and changing risks are detected and managed and that risk response
actions are implemented and effective. Risk monitoring continues for the life of
the project.
Risk monitoring and control keeps track of the identified risks, residual risks,
and new risks. It also monitors the execution of planned strategies for the
identified risks and evaluates their effectiveness.
Risk monitoring and control continues for the life of the project. The list of project
risks changes as the project matures, new risks develop, or anticipated risks
disappear. Risk ratings and prioritizations can also change during the project
lifecycle.
update the status of risks in the risk register and add new risks. This is not
necessary for minor level projects and may only be needed annually for moderate
level projects. Periodic project risk reviews repeat the process of identification,
analysis, and response planning.
Responsibilities for monitoring and review should be clearly defined. The firm's
monitoring and review processes should encompass all aspects of the risk
management process for the purposes of:
▪ Ensuring that controls are effective and efficient in both design and
operation
▪ Obtaining further information to improve risk assessment
▪ Analyzing and learning lessons from risk events, including near-misses,
changes, trends, successes, and failures
▪ Detecting changes in the external and internal context, including changes
to risk criteria and to the risks, which may require revision of risk
treatments and priorities
▪ Identifying emerging risks.
Risk control is the set of methods by which firms evaluate potential losses and
take action to reduce or eliminate such threats. It is a technique that utilizes
findings from risk assessments, which involve identifying potential risk factors
in a company's operations, such as technical and non-technical aspects of the
business, financial policies and other issues that may affect the well-being of the
firm.
Risk control also implements proactive changes to reduce risk in these areas.
Risk control thus helps companies limit lost assets and income. Risk control is
a key component of a company's enterprise risk management protocol.
• Loss prevention accepts a risk but attempts to minimize the loss rather
than eliminate it. For example, inventory stored in a warehouse is
susceptible to theft. Since there is no way to avoid it, a loss prevention
program is put in place. The program includes patrolling security guards,
video cameras and secured storage facilities. Insurance is another
example of risk prevention that is outsourced to a third party by contract.
• Loss reduction accepts the risk and seeks to limit losses when a threat
occurs. For example, a company storing flammable material in a
warehouse installs state-of-the-art water sprinklers for minimizing
damage in case of fire.
No one risk control technique will be a golden bullet to keep a company free from
potential harm. In practice, these techniques are used in tandem with one
another to varying degree and change as the corporation grows, as the economy
changes, and as the competitive landscape shifts.
RISK AVOIDANCE
Risk avoidance is the elimination of hazards, activities, and exposures that can
negatively affect an organization’s assets.
When determining your risk mitigation strategies, don’t confuse the strategies
of risk avoidance or risk acceptance with risk ignorance. Risk ignorance is a
situation where the knowledge about the risk (and any underlying phenomena
and processes) is poor. Just because there are no remediation strategies
currently in place does not mean that a conscious decision has been made to
accept the risk.
Take a moment and think about the type of organization you work with – are
your colleagues seat belt wearers or seat belt rejecters? How do we become a risk
avoidance-based organization, and is that a desirable state?
▪ Understand the risk and impacts. An assessment of how the risk will
impact only one area does not allow for good organizational decisions.
▪ Update the risks and impacts. You should revisit your risk profile on a
regular basis, at least annually.
▪ Assess the criticality of the task. Consider why performing the task is
important or why a risk remediation solution is appropriate.
▪ Calculate the financial benefits of the task. Directors must decide when
the cost of the risk is greater than the cost of risk management and
manage their plans accordingly.