Introduction to Risk Management

Definition of Risk
• Risk means “the possibility that something unpleasant or unwelcome
will happen”.
• A risk is an uncertain event which may occur in the future.
• The word ‘risk’ derives from the early Italian “risicare”, which means ‘to
dare’.
• In this sense, risk is a choice rather than a fate. The actions we dare to
take, which depend on how free we are to make choices, are what the
story of risk is all about.
• Note that not all risk is bad, some level of risk must be taken in order to
progress / prevent stagnation.
 Definition of Risk
• Risk is defined in financial terms as the chance that an outcome or
investment's actual gains will differ from an expected outcome or
return.
• Risk includes the possibility of losing some or all of an original
investment.
• A risk may prevent or delay the achievement of an organization’s or
units objectives or goals.
• ‘Risk’ is dynamic and subject to constant change.
• A risk is not certain – Its likelihood can only be estimated.

Internal Risks
 Human Risks
 Equipment and Information
Technology Risks
 Other Internal Risks
Classification of Risks
External Risks
 Competition and Market Risks
 Business Environment Risks
 Human Risks
Death Theft and fraud
 Owner  Product and inventory theft
 Employee  Time sheet fraud
 Accounting and cash fraud

Illness Low morale, dissatisfaction

 Short term  Failure to perform
 Long term  Sabotage of systems,
 Indefinite equipment or customers
 Equipment and Information Technology Risks
Equipment breakdowns Information technology
 New equipment integration downtime
 Worn older equipment  Lack of backup or recovery
 Damage to vehicles system
 Updates and repairs
 Power and connectivity (physical
damage and outdated systems)
 Lack of administrative controls
 Other Internal Risks
Physical plant repairs Cash flow changes
 Breaks in lines or utilities  Unexpected costs
 Routine maintenance  Loss of credit lines
 Expenses to establish lines of
Incidents credit
 Work related injuries
 Damage to others’ property by
employees
 Damage to your property by
others
 External Risks
Competition and Market Risks Business Environment Risks
 Loss of clients or customers  Laws
 Loss of employees  Weather
 Decrease in sales  Natural Disaster
prices/fluctuating markets  Community
 Increases in vendor costs
 Oil or gasoline price increases
 Fixed cost changes (e.g., rent)
 Risk Appetite
• Risk appetite is the amount of risk an individual or organization is
willing to take on.
• This tends to be situational. For example, an individual may be
comfortable taking health risks but extremelyadverse to financial
risk.
• Likewise, an organization may take on one type of risk and be
adverse to another type of risk.
 Types of Risk Appetite
Risk-seeker
• This refers to an attraction to risk.
• This includes individuals who are comfortable with high risk but are only
willing to take calculated risks that are rational.
• For example, an investor who buys stocks that are equally likely to go up 2x
or fall 49% within a month.

Risk-neutral
• Comfort with risk that is taken for a good reason such as risks that are taken
rationally based on an analysis of risk-reward.
• For example, an individual who makes a risky career choice who knows it
may be a difficult path is willing to face this risk to reach a goal they feel is
important.
 Types of Risk Appetite
Risk adverse
• A tendency to prefer the safest choices in every list of options.
• In some cases, efforts to avoid risk can create larger secondary risks.
• The classic example of this is an investor who avoids all risk who fails to
preserve the value of their wealth due to inflation.
 What is Risk Management?
• Risk Management is the name given to a logical and systematic
method of identifying, analysing, treating and monitoring the risks
involved in any activity or process.
• Risk Management is a methodology that helps managers make
best use of their available resources
• Risk Management practices are widely used in public and the
private sectors, covering a wide range of activities or operations.
These include: Finance and Investment, Insurance, Health Care,
Public Institutions and Governments
 Risk Management

• It is a process to:
– Identify all relevant risks
– Assess / rank those risks
– Address the risks in order of priority
– Monitor risks & report on their management
 Risk Management – why do we need it?
• Identifying areas of threat to the business
• Assessing the potential impacts and managing these
• Growth and continued existence of the business
• Promotes good management
• May be a legal requirement depending upon industry or sector
• Resources available are limited – therefore a focused response to
Risk Management is needed
 How is Risk Management used?
• The Risk Management process steps are a generic guide for any
organisation, regardless of the type of business, activity or function.
• There are 7 steps in the RM process. The basic process steps are:
1. Establish the context
2. Identify the risks
3. Analyse the risks
4. Evaluate the risks
5. Treat the risks
6. Monitoring and review
7. Communication & consultation
 Risk Management Process
1. Establish the context
 The strategic and organisational context in which risk
management will take place.
 For example, the nature of your business, the risks inherent in
your business and your priorities.

2. Identify the risks

 Defining types of risk, for instance, ‘Strategic’ risks to the goals
and objectives of the organisation.
Identifying the stakeholders, (i.e.,who is involved or affected).
Past events, future developments.
• Risk Identification – what are the threats and uncertainties
associated with my organization’s or units objectives?
– Separate out the risk into its cause & possible effect
– Be concise & clear
– Do not concentrate on symptoms only
 Risk Management Process
3. Analyse the risks
 How likely is the risk event to happen? (Probability and
frequency?)
 What would be the impact, cost or consequences of that event
occurring? (Economic, political, social?)

4. Evaluate the risks

 Rank the risks according to management priorities, by risk
category and rated by likelihood and possible cost or
consequence.
 Determine inherent levels of risk.
 Risk Management Process
5. Treat the risks
 Develop and implement a plan with specific counter-measures to
address the identified risks.
 Consider:
Priorities (Strategic and operational)
Resources (human, financial and technical)
Risk acceptance, (i.e., low risks)
 Document your risk management plan and describe the reasons
behind selecting the risk and for the treatment chosen.
 Record allocated responsibilities, monitoring or evaluation
processes, and assumptions on residual risk.
 Risk Management Process
6. Monitor and review
 In identifying, prioritising and treating risks, organisations make
assumptions and decisions based on situations that are subject to
change, (e.g., the business environment, trading patterns, or
government policies).
 Risk Management policies and decisions must be regularly
reviewed.
 Risk Managers must monitor activities and processes to
determine the accuracy of planning assumptions and the
effectiveness of the measures taken to treat the risk.
 Methods can include data evaluation, audit, compliance
measurement.