STUDY GUIDE FOR MODULE NO.

___
1

UNIT I: PRINCIPLES OF RISK AND RISK MANAGEMENT

 
MODULE OVERVIEW

Figure 1: The Risk Management Process.

https://cutt.ly/5Bwc98i

This module reviews the concepts and definitions of risk and risk management. It will also describe
the general and alternative risk management standards and explain enterprise risk management (ERM).
According to Andrew Jaquith, “The purpose of risk management is to improve the future, not to
explain the past.” And that “The key to risk management is never putting yourself in a position where you
cannot live to fight another day”, according to Richard S. Fuld, Jr. 

MODULE LEARNING OBJECTIVES

1. Discuss the concepts and definitions of risk and risk management

2. Describe the general and alternative risk management standards 

3. Explain enterprise risk management (ERM)

4. Analyze risk management situations and give insights on whether they were properly managed or not
 LEARNING CONTENTS (A. Concepts and definitions of risk and risk management.)

1. Definitions of risk 

According to Curracubby Team (2020), “we all manage risk in our daily lives. When we cross the
street, order food (let’s say a fried oreo), or call an old friend, we are analyzing the pros and cons of each
action, along with associated risks. Will I make it across the street in time?   Will the fried food catch up to me?
Is my old friend going to be the same as they were in the past?”

A risk is a danger, or the possibility of danger, defeat, or loss. It could also be someone or something

that could cause a problem or loss.

According to Information Security Risk Management, "Risk is the combination of the risk of exposure
and the impact = combination of likelihood of the threat being able to expose an element(s) of the system and
impact".

Another definition by Managing Successful Programmes is that “Risk is an uncertain event or set of
events which, should it occur, will have an effect on the achievement of objectives; a risk is measured by a
combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on
objectives.”

In economics, risk implies future uncertainty about deviation from expected earnings or expected
outcome. Risk measures the uncertainty that an investor is willing to take to realize a gain from an investment.

The important thing to remember is that risks are part of daily lives, but these can be managed
and may be avoided through preemptive actions.

2. Impact of risk on organizations  

Risk impact is an estimate of the potential losses associated with identified risk. It is a standard risk
analysis to develop and estimate probability or impact. The following are common types of impact.

The impact of risk on organizations can range from low, moderate to significant.

The above chart can be used to strategize in various situations. The two factors that govern the action
required are the probability of occurrence and the impact of the risk. For example, a condition where the
impact is minor and the probability of occurrence is low, it is better to accept the risk without any interventions.
A condition where the likelihood is high, and the impact is significant, extensive management is required. This
is how a certain priority can be established in dealing with the risk.
HIGH or SIGNIFICANT level risks require escalation and thorough risk analysis. Extra risk control
mechanisms need to be put in place, and risk treatment measures clearly identified, budgeted, and
implemented; frequent monitoring; and necessary precautions to ensure staff and personnel safety and
security are not compromised and opportunities are not missed.
Both SUBSTANTIAL and MODERATE level risks require risk analysis scaled to the scope and nature of the
risks with risk treatment and monitoring measures in place and budgeted. SUBSTANTIAL risks require more
detailed risk analysis and risk management plans.
LOW level risks do not require further analysis or treatment.

3. Introduction to types of risk  

Risk can be of two types: positive or negative. The former is also known as an opportunity, and the latter is
called a threat.

Negative Risk
A negative risk is a situation that will negatively impact one or more of your project objectives.
Because they harm your project objective; therefore, you must mitigate their impact. Your strategy will either
avert the negative risk or minimize its chance of happening.
For example, let us say that there is a possibility that a piece of equipment may break due to overuse; this will
hurt your project.

Positive Risk
Positive risk is a condition or situation that will positively impact any of your project objectives.
Since these risks are favorable, you will encourage them. The response strategy is to increase the likelihood of
the event happening or increase the impact.
For example, let us say that you will get another gig if you complete your project a few days before the
scheduled date.

The following are also types of risks that can be applicable in the school organizations and businesses.

 Political/Regulatory Risk – The impact of political decisions and changes in regulation

 Financial Risk – The capital structure of a company (degree of financial leverage or debt burden)
 Interest Rate Risk – The impact of changing interest rates
 Country Risk – Uncertainties that are specific to a country
 Social Risk – The impact of changes in social norms, movements, and unrest
 Environmental Risk – Uncertainty about environmental liabilities or the impact of changes in the
environment
 Operational Risk – Uncertainty about a company’s operations, including its supply chain and the
delivery of its products or services
 Management Risk – The impact that the decisions of a management team have on a company
 Legal Risk – Uncertainty related to lawsuits or the freedom to operate
 Competition – The degree of competition in an industry and the impact choices of competitors will
have on a company

The risks facing an organization and its operations can result from factors both external and internal to the
organization. The diagram overleaf (Fig. 2) summarizes examples of key risks in these areas and shows that
some specific risks can have both external and internal drivers and therefore overlap the two areas. They can
be categorized further into types of risk such as strategic, financial, operational, hazard, etc.
The diagram is another categorization of risk:

Figure 2. Examples of the Drivers of Key Risks.

4. Definitions and development of risk management 

At the broadest level, risk management is a system of people, processes and technology that enables an
organization to establish objectives in line with values and risks.

Risk management is the process of identifying, assessing, and controlling financial, legal, strategic and
security risks to an organization’s capital and earnings. These threats, or risks, could stem from a wide
variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents,
and natural disasters.
If an unforeseen event catches your organization unaware, the impact could be minor, such as a small impact
on your overhead costs. In a worst-case scenario, though, it could be catastrophic and have serious
ramifications, such as a significant financial burden or even the closure of your business.

To reduce risk, an organization needs to apply resources to minimize, monitor and control the impact of
negative events while maximizing positive events. A consistent, systemic, and integrated approach to risk
management can help determine how best to identify, manage. and mitigate significant risks.

Another definition of risk management is that it is the process of minimizing or mitigating the risk. It starts with
the identification and evaluation of risk followed by optimal use of resources to monitor and minimize the
same. Risk management is the process of anticipating unwelcome events and mitigating their effects as
much as possible. It includes anticipating and assessing risks, planning around them, monitoring them, and
responding to them when appropriate.

Risk management applies to many fields, from Finance to Healthcare, and to many processes, from new
product development to IT projects. Product development projects in particular are exercises in reducing risk to
an acceptably low level.

5. Principles and aims of risk management. 

The various principles are:

1. Organizational Context: Every organization is affected to varying degrees by various factors in its

environment (Political, Social, Legal, and Technological, Societal etc). For example, an organization
may be immune to change in import duty whereas a different organization operating in the same
industry and environment may be at a severe risk. There are also marked differences in
communication channels, internal culture and risk management procedures. The risk management
should therefore be able to add value and be an integral part of the organizational process.
2. Involvement of Stakeholders: The risk management process should involve the stakeholders at
each and every step of decision making. They should remain aware of even the smallest decision
made. It is further in the interest of the organization to understand the role the stakeholders can play at
each step.
3. Organizational Objectives: When dealing with a risk it is important to keep the organizational
objectives in mind. The risk management process should explicitly address the uncertainty. This calls
for being systematic and structured and keeping the big picture in mind.
4. Reporting: In risk management communication is the key. The authenticity of the information has to
be ascertained. Decisions should be made on best available information and there should be
transparency and visibility regarding the same.
5. Roles and Responsibilities: Risk Management has to be transparent and inclusive. It should take
into account the human factors and ensure that each one knows it roles at each stage of the risk
management process.
6. Support Structure: Support structure underlines the importance of the risk management team. The
team members have to be dynamic, diligent and responsive to change. Each and every member
should understand his intervention at each stage of the project management lifecycle.
7. Early Warning Indicators: Keep track of early signs of a risk translating into an active problem. This
is achieved through continual communication by one and all at each level. It is also important to
enable and empower each to deal with the threat at his/her level.
8. Review Cycle: Keep evaluating inputs at each step of the risk management process - Identify,
assess, respond and review. The observations are markedly different in each cycle. Identify
reasonable interventions and remove unnecessary ones.
9. Supportive Culture: Brainstorm and enable a culture of questioning, discussing. This will motivate
people to participate more.
10. Continual Improvement: Be capable of improving and enhancing your risk management strategies
and tactics. Use your learning’s to access the way you look at and manage ongoing risk.
 Aims of Risk management:

1. Ensure the optimal, balanced, and sustainable performance of the company

2. Develop a comprehensive, systematic, integrated, and flexible approach. Thus identifying, assessing,
analyzing, and managing risks
3. Develop better risk management practices
4. Address all types of business risks
5. Take responsible risks
6. Make informed decisions
7. Better manage change

LEARNING ACTIVITY 1

THINK. PAIR. SHARE.

With a colleague/classmate, identify possible risks in school. How does the school manage these risks?
Brainstorm how risk management benefits the school and the administration. Give concrete examples of how
risk management helps in certain situations.

Share to class.

Possible answers:

Risk management is important because it keeps your students, faculty, and finances safe from any harm, while
also protecting your financial assets and lowering your legal liability. Not only will developing a risk
management plan for your school reduce the chances of risks, but it will also mitigate the effects of those risks
if they should occur. 
For example, if you do have a student that is showing symptoms fromCOVID-19 during the school day, you will
already have a response plan in place to make sure the adverse effects stop there. You'll be able to prevent
the spread. 
Risk management comes with these benefits for school administrators: 

 Protect people from harm.

 Limit the possibility of a lawsuit.
 Safeguard your public reputation.
 Reduce potential losses in revenue. 
 Make your students, teachers, and parents feel safe. 

LEARNING CONTENTS (B. Risk management standards.)

1. General risk management standards  

ISO (International Organization for Standardization) is a worldwide federation of national standards bodies.

ISO is a nongovernmental organization that comprises standards bodies from more than 160 countries, with
one standards body representing each member country. For example, the American National Standards
Institute represents the United States.

ISO members are national standards organizations that collaborate in the development and promotion of
international standards for technology, scientific testing processes, working conditions, societal issues and
more. ISO and its members then sell documents detailing these standards.
The ISO's General Assembly is its decision-making body. It consists of representatives from the members and
elected leaders called principal officers. The organization has its headquarters in Geneva, Switzerland, where
a central secretariat oversees operations.

The ISO 31000-2018 standard, Risk Management--Guidelines, lists the following eight principles for any solid
risk management program.

1. Integration - An organization should integrate its risk management efforts into all parts and activities of
the organization.

2. Structured and comprehensive - Creating and following a comprehensive, structured risk management
approach leads to the most consistent, desirable risk management outcomes.

3. Customized - To be most effective, risk management should involve all stakeholders in appropriate
and timely ways. This allows the different knowledge sets, views, and perceptions of all stakeholders
to be considered and implemented into risk management efforts.

4. Inclusive
5. Dynamic - As the organization changes, including its external and internal context, the organization's
risk management program and efforts should change, too. Change is inevitable and successful
organizations know how to work with change. A risk management program should help the
organization anticipate, identify, acknowledge, and respond to changes in an appropriate and timely
way.

6. Uses best available information - Effective risk management is done by considering information
from the past and present as well as anticipating the future. Therefore, (1) the information from the
past and present must be as reliable as possible, and (2) risk managers must consider the limitations
and uncertainties with that past and present information. All relevant stakeholders should receive
necessary information in a timely and clear manner.

7. Considers human and culture factors - Risk management is a human activity, and it takes place
within one or more culture (organizational culture, etc.). Risk managers must be aware of the human
and culture factors that the risk management effort takes place in and know the influence that human
and culture factors will place on the risk management effort.

8. Practices continual improvement - Through experience and learning, risk managers must strive to
continually improve an organization's risk management efforts.

2. Alternative risk management approaches.

 Fig. 3. Alternative Risk Management Approach.

Under Risk Alternatives’ approach, risk management is a seven-step process:

IDENTIFY threats and opportunities faced by the organization.

AVOID engaging in current projects and activities that would trigger unacceptable risks.

DEVELOP (or EXPLOIT) new initiatives that the organization thinks may be of strategic value.

REDUCE the likelihood of adverse events posed by the organization’s ongoing activities by adopting/changing

systems and controls, education and training, or other mitigation steps.

SHIFT (through partnering, changing contract terms, or purchasing insurance) risks that cannot be directly
mitigated.

ACCEPT the remaining risks, having taken the reasonable steps outlined above. But

IMPROVE the process by reviewing the results and modifying the approach going forward, so that over time
the organization grows nimbler and more resilient.

LEARNING ACTIVITY 2

Create a Risk Management Plan for Your School. Take into considerations all the discussed concepts.

Use the rubric below as your guide in providing your answer.

Criteria 6 pts 4 pts 2 pts

Content: Write up had  Write up had a  Write up
Comprehensive,  an exceptional  good amount of  contained little
Relevant and amount of  material and was valuable 
detailed  valuable material  able to provide material.  
and was able to provide some information
what are being asked. being asked.
Organization: The write up The write up The write up
Logical  was well  had organizing  lacked 
organized, well  ideas but could  organization and 
prepared and easy  have been much  had little evidence 
to follow.  stronger with  of preparation.
better preparation.
Construction: No grammatical errors With 2-4 With 5 or more
Grammar and seen and followed the grammatical errors grammatical errors
Composition three parts of a and one missing and two missing
composition. part of a parts of a
composition. composition.
Number of Did not exceed 500 500-550 words 551 words or more
words words
References and Learner reviewed and Learner reviewed Learner reviewed
citations  cited sufficient and cited references and cited references
references (at least 5) (3-4) (1-2)
 LEARNING CONTENTS (C. Enterprise Risk Management (ERM))

1. Concept of enterprise risk management  

What Is ERM and Why Is It Important?

ERM is a company's approach to managing risk. It is the practices, policies, and framework for how a
company handles a variety of risks its business faces. ERM is important because it helps prevent losses or
unexpected negative outcomes. ERM is also important because it helps a company set the plans in place to
strategically approach risk and garner employee buy-in.

Enterprise risk management (ERM) is a methodology that looks at risk management strategically
from the perspective of the entire firm or organization. It is a top-down strategy that aims to identify, assess,
and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an
organization's operations and objectives and/or lead to losses.
Enterprise risk management takes a holistic approach and calls for management-level decision-making that
may not necessarily make sense for an individual business unit or segment. Thus, instead of each business
unit being responsible for its own risk management, firm-wide surveillance is given precedence.

It also often involves making the risk plan of action available to all stakeholders as part of an
annual report. Industries as varied as aviation, construction, public health, international development,
energy, finance, and insurance all have shifted to utilize ERM.

ERM, therefore, can work to minimize firmwide risk as well as identify unique firmwide
opportunities. Communicating and coordinating between different business units is key for ERM to be
successful, since the risk decision coming from top management may seem at odds with local assessments
on the ground. Firms that utilize ERM will typically have a dedicated enterprise risk management team that
oversees the workings of the firm.

What Are the 3 Types of Enterprise Risk?

ERM often summaries the risks a company faces into operational, financial, and strategic risks. Operational
risks impact day-to-day operations, while strategic risks impact long-term plans. Financial risks impact the
general financial standing and health of a company.

2. Implementing ERM  
ERM practices will vary based on a company's size, risk preferences, and business objectives.
Below are best practices most companies can use to implement ERM strategies.

 Define risk philosophy. Before implementing any practices, a company must identify how it
feels about risk and what its strategy around risk will be. This should involve strategic discussions between
management and an analysis of a company's entire risk profile.
 Create action plans. With a company's risk philosophy in hand, it is time to create an action
plan. This defines the steps a company must take to protect its assets and plans to protect the future of the
organization after a risk assessment has been performed.
 Be creative. When considering risks, ERM entails thinking broadly about the problems a
company may face. Though far-fetched, it is in a company's best interest to think of as many challenges it
may face and how it will respond (or decide to not respond) should the event happen.
 Communicate priorities. A company may determine several high-important risks are critical
to mitigate for the continuation of the company. These priorities should be communicated and broadly
understood as the risks that should not be incurred under any circumstance. Alternatively, a company may
wish to communicate the plans if the event were to occur.
 Assign responsibilities. When an action plan has been devised, specific employees should
be identified to carry out specific parts of the plan. This may include delegating tasks to specific positions
should employees leave the company. This not only allows for all action items to be worked on but will hold
members responsible for their area(s) of risk.
  Maintain flexibility. As companies and risks evolve, a company must design ERM practices
to be adaptable. The risks a company faces one day may be different the next; the company must be able to
carry its current plan while still making plans for new, future risks.
 Leverage technology. ERM digital platforms may host, summarize, and track many of the
risks of a company. Technology can also be used to implement internal controls or gather data on how
performance is tracking to ERM practices.
 Continually monitor. Once ERM practices are in place, a company must ensure the
practices are adhered to. This means tracking progress towards goals, ensuring certain risks are being
mitigated, and employees are performing tasks as expected.
 Use metrics. As part of monitoring ERM practices, a company should develop a series
of metrics to quantifiably gauge whether it is meeting targets. Often referred to as SMART goals, these
metrics keep a company accountable on whether it met objectives or not.

3. Establishing the context for risk management. 

Components of Enterprise Risk Management
The COSO enterprise risk management framework identifies eight core components that define how
a company should approach creating its ERM practices.

Internal Environment
A company's internal environment is the atmosphere and corporate culture within the company set
by its employees. This sets the precedence of what the company's risk appetite is and what management's
philosophy is regarding incurring risk. The internal environment may be set by upper management or the
board and communicated throughout an organization, though it is often reflected through the actions of all
employees.

Objective Setting
As a company determines its purpose, it must set objectives that support the mission and goals of a
company. These objectives must then be aligned with a company's risk appetite. For example, an ambitious
company that has set far-reaching strategic plans must be aware there may be internal risks or external risks
associated with these lofty goals. In response, a company can align the measures to be taken with what it
wants to accomplish such as hiring additional regulatory staff for expansion areas it is currently unfamiliar
with.

Event Identification
Positive events may have a great impact on a company. On the other hand, negative events may
have detrimental outcomes on a company's ability to continue to operate. ERM guidance recommends that
companies identify important areas of the business and associated events that may have dire outcomes.
These high risk events may pose risks to operations (i.e. natural disasters that force offices to temporarily
close) or strategic (i.e. government regulation outlaws the company's primary product line).

Risk Assessment
In addition to being aware of what may happen, the ERM framework details the step of assessing
risk by understanding the likelihood and financial impact of risks. This includes not only the direct risk (i.e. a
natural disaster yields an office unusable) but residual risks (i.e. employees may not feel safe returning to the
office). Though difficult, the ERM framework encourages companies to consider quantifying risks by
assessing the percent change of occurrence as well as the dollar impact.

Risk Response
A company can respond to risk in the following four ways:

The company can avoid risk. This results in the company leaving the activity that causes the risk as the
company would rather forgo the benefits of the activity than incur the risk. An example of risk avoidance is a
company shutting down a product line and discontinuing selling a specific good.
The company can reduce risk. This results in the company staying engaged in the activity but putting forth
effort in minimizing the likelihood or magnitude of the risk. An example of risk reduction is a company keeping
the product line above open but investing more in quality control or consumer education on how to property
use the product.
The company can share risk. This results in the company moving forward as-is with the current risk profile of
the activity. However, the company leverages an independent third party to share in the potential loss in
exchange for a fee. An example of risk sharing is purchasing an insurance policy.
The company can accept risk. This results in the company analyzing the potential outcomes and determining
whether it is financially worth pursuing mitigating practices. An example of risk acceptance is the company
keeping open the product line with no changes to operations and risk sharing.

Control Activities
Control activities are the actions taken by a company to create policies and procedures to ensure
management carries out operations while mitigating risk. Control activities, often referred to as internal
controls, are broken into two different types of processes:

Preventative control activities are in place to stop an activity from happening. These controls aim to
mitigate risk by disallowing certain events from happening. An example of a preventative control is a keypad
or physical lock preventing all employees from entering into a sensitive area.
Detective control activities are in place to recognize when a risky action has taken place. Although
the event is allowed to happen (or was not supposed to happen but still did), detective controls may alert
management to ensure appropriate follow-up steps occur. An example of a detective control is an alarm for
the room or a l
Information and Communication
Information systems should be able to capture data useful to management to better understand a company's
risk profile and management of risk. This means not granting exceptions for departments outperforming
others; all aspects of a company should be continually monitored. By extension, some of this data should be
analyzed and communicated to employees if it is relevant to mitigating risk. By communicating with
employees, there is more likely to be greater buy-in for processes and protection over company assets.

Monitoring
A company can turn to an internal committee or an external auditor to review its policies and
practices. This may include reviewing what is actually performed compared to what policy documents
suggest. This may also entail getting feedback, analyzing company data, and informing management of
unprotected risks. In an ever-changing environment, companies must also be ready to assess their ERM
environment and pivot as needed.

LEARNIWhat Types of Risks Does Enterprise Risk Management Address?

ERM can help devise plans for almost any type of business risk. Business risk threatens a company's ability
to survive, and these risks may be further classified into different risks discussed below. In general, ERM
most commonly addresses the following types of risk:

 Compliance risk threatens a company due to a violation of external law or requirement. An example

of compliance risk is a company's inability to produce timely financial statements in accordance with
applicable accounting rules such as GAAP.
 Legal risk threatens a company should the company face lawsuit or penalty for contractual, dispute,
or regulatory issues. An example of legal risk is a billing dispute with a major customer.
 Strategic risk threatens a company's long-term plan. For example, new market participants in the
future may supplant the company as the lowest-cost provider of a good.
 Operational risk threatens the day-to-day activities required for the company to operate. An
example of operational risk is a natural disaster that damages a company's warehouse where
inventory is stored.
 Security risk threatens the company's assets if physical or digital assets are misappropriated. An
example of security risk is insufficient controls overseeing sensitive client information stored on
network servers.
 Financial risk threatens the debt or financial standing of a company. An example of financial risk is
translation losses by holding foreign currency.

What Is the Difference Between Risk Management and Enterprise Risk Management?
Risk management has traditionally been used to describe the practices and policies surrounding a specific
risk a company faces. More modern risk management has introduced ERM, a comprehensive, company-
wide approach to view risk holistically for the entire company.
 NG ACTIVITY 1

RISK MANAGEMENT IN SCHOOLS

1) Identify Risks
Before you can develop response plans, you need to know which risks are out there. Some will be obvious,
such as a COVID-19 infection, while others will be more hidden, such as an unsafe part of the playground.  
To track down every risk, brainstorm with your team. Also, include other stakeholders and industry experts in
your identification process. They might have experience which sheds light on risks your team hadn't thought
about. 
Once you have found all the risks, put them in a centralized location, accessible to your entire team. That way,
your team can continuously monitor the risks. It also helps to divide your risks up into categories. For
example, you could have a section for operational risks and one for financial risks. Or, you could separate
them by parts of the school-day, by creating categories like recess risks or cafeteria risks.

2) Assess Each Risk's Likelihood and Impact 

Once you have the list of risks, you can start analyzing each one. Start by going through the list and giving
them a likelihood score (low to high). Then, give them an impact score (low, moderate, or severe).  

Image Source: Risk Academy

You can also assign probabilities or numbers to each risk. You can use these numbers in this formula to
calculate each event's risk. 
Risk = Probability x Impact.
Then, put the organized matrix of risks into a live document where your team members can track and update
them. For instance, if one child became sick from a certain contagious skin infection, then the probability, and
therefore risk, of the event would increase. 

3) Create Response Plans

Next, you should create plans to lessen the chances of risks occurring and responses if the risks should
occur. A plan to lessen the chances of risk of infection on a school bus could be limiting bus capacity. And a
response would be what actions to take if a child shows symptoms on the bus. 
 Remember, the magnitude of loss prevention measures taken in schools for each risk depends on the risk's
probability and severity. So, when creating response plans, you need to keep your resources (time, budget) in
mind. It's unwise to spend a lot of a teacher's time on preventing a low probability, low impact risk, like a
student losing their favorite pencil. 

4) Choose a Lead for Each Risk

In the book, "Influence", Robert Cialdini writes about how social psychology influences our actions. 
In one passage, he shares advice that could be lifesaving. If you were to ever feel a stroke coming on while in
a large group (a concert, train station, etc.) you should point to someone and say, "You, yes, you in the green
shirt. Call 911. I'm in trouble and need help."  
Why so forward? Well, when you pick a leader, you assign them responsibility, and the selected person is,
therefore, more likely to take immediate action. On the other hand, if you were to just sit there and yell for
help, the response would lag. Every person, no matter how kind or caring, would pause and look at everyone
else, wondering who is most qualified or equipped to help. 
So, for each response to each risk, you need to select a leader. That way, if the event should take place, there
will be no confusion on who needs to begin the response plan. The leader will put water on the fire as quickly
as possible.  

5) Make Contingency Plans

Because life seems to love testing us, even risk responses have associated risks. Sometimes the first
response plan will go wrong because you lack the right resources at the time. Or perhaps the circumstances
are slightly different than your team had anticipated. For example, sometimes afire renders one escape route
unusable. You need another safe way out. 
So that these possible problems don't completely derail your response efforts, you need contingency
plans (plan Bs) for each risk, especially the most likely and severe ones. Make sure to put these in your
centralized location also, and ensure the owner of the risk is aware of the plan B.  

6) Continuously Monitor Risks

New risks will come into play as the school year progresses, especially during such unprecedented times, So,
it's critical to monitor your risks and continue adding new ones or editing the probabilities of old ones. This is
where a management system designed for running schools comes in handy. 

SUMMARY

Risk is an uncertain event or set of events which, should it occur, will have an effect on the
achievement of objectives; a risk is measured by a combination of the probability of a perceived threat or
opportunity occurring and the magnitude of its impact on objectives.
The impact of risk varies. Risk impact is an estimate of the potential losses associated with identified
risk. It is a standard risk analysis to develop and estimate probability or impact. The following are common
types of impact. This can be classified as: high or significant level risks require escalation and thorough risk
analysis. Both substantial and moderate level risks require risk analysis scaled to the scope and nature of the
risks with risk treatment and monitoring measures in place and budgeted. SUBSTANTIAL risks require more
detailed risk analysis and risk management plans. Low level risks do not require further analysis or treatment.
Risk can be of two types: positive or negative. The former is also known as an opportunity, and the
latter is called a threat. Because of the many risks that an organization may face, risk management has been
done to mitigate, if not total go away from, the detrimental effects of these risk to organizations.

Risk management is the process of identifying, assessing, and controlling financial, legal, strategic and
security risks to an organization’s capital and earnings. These threats, or risks, could stem from a wide
variety of sources, including financial uncertainty, legal liabilities, strategic management errors,
accidents, and natural disasters.
 These are the aims of Risk management: Ensure the optimal, balanced, and sustainable performance
of the company; Develop a comprehensive, systematic, integrated, and flexible approach. Thus identifying,
assessing, analyzing, and managing risks; Develop better risk management practices; Address all types of
business risks; Take responsible risks; Make informed decisions; and better manage change

REFERENCES

E-Sources:

What is a Risk? 10 definitions from different industries and standards. Date retrieved: 10.01.2022.
https://www.stakeholdermap.com/risk/risk-definition.html

What is Risk? Definition of Risk, Risk Meaning - The Economic Times (indiatimes.com)

RISK | meaning, definition in Cambridge English Dictionary.

ERM - Step 2 - Risk Assessment (undp.org)

Usmani, Fahad. (2022). Different Types of Risk. Types of Risks: Different Types of Risks in Risk
Management | (pmstudycircle.com)

Everything you need to know about risk management in schools. https://cutt.ly/mBuY5iW

Risk Management: Definition, Types, Model, Process, Strategies, Practices (businessstudynotes.com)

Video clips:

What is risk management? https://cutt.ly/CBuE768

Enhanced Risk Management Video https://cutt.ly/xBuRvzA

COSO ERM - Risk Management Framework (Simple Explanation) COSO ERM - Risk Management
Framework (Simple Explanation) - Bing video

https://cutt.ly/kBoTm1M

Daniels, Richard. (2022). Risk Management: Definition, Types, Model, Process, Strategies, Practices. Risk
Management: Definition, Types, Model, Process, Strategies, Practices (businessstudynotes.com)

https://cutt.ly/0BoFGiR

Enterprise Risk Management in Concept. https://cutt.ly/wBoJQIK