Risk Assessment

I Gusti Bagus Yosia Wiryakusuma, S.Si., M.M., AWP.

Liestya Padmawidjaja, S.T., M.M.
Livia Supranata, S.E., M.M.
Risk
The Oxford English Dictionary definition of Risk has two characteristics:
risk is as follows: ‘a chance or possibility of
● Uncertainty: An event may or may not
danger, loss, injury or other adverse
happen.
consequences’, and the definition of at risk is
● Loss: An event has unwanted
‘exposed to danger’.
consequences or losses.
Risk assessment involves the recognition of risks and the rating of them
to determine the significant risks facing the organization, project or
strategy

Purpose:
To identify the significant risks that could impact
the selected feature and find ways to minimize
them
1. Decide what matters most
Think about which areas of your business it will refer to.

For example, you might only be interested in hazard-based risks. Some of the internal and external
things to think about when creating your plan are:

● social, cultural, political and regional issues

● economic, technology and competitive trends
● government policies and law
● your business aims, policies and strategies.
2. Consult with stakeholders
Your risk management plan will be more specific and useful if you ask for feedback from the people,
businesses or organizations you deal with.

Stakeholders can include:

● employees/staffs
● clients, customers and suppliers
● business financiers, investors and insurers
● your local communities and local media
● government agencies.

Consulting with stakeholders will help you to:

● work out what your business considers as high and low risk
● get support for your risk management plan
● bring together different views and areas of expertise
● keep your risk framework up to date
● respond to unexpected risks.
Risk Assessment Approach
1. Top-down risk assessment
- By the board of directors

1. Bottom-up risk assessment

- By individual members of staffs and local departmental management

1. Combination of both
- Collecting information from as many stakeholders as possible
Top-down risk assessment
Advantages Disadvantages

Resulting in an enterprise-wide approach Tend to be more focused on external risks

The most significant strategic risks can be Limited awareness of internal operational
captured quickly risks

Acceptance of risk management activities Danger that the approach becomes too
at all levels superficial, because senior managers
believe they can manage crises

There is likely to be consistent New risks emerging from the operational

methodology throughout the organization activities of the organization might not be
fully identified
Bottom-up risk assessment
Advantages Disadvantages

Significant buy-in at all levels of the Little focus on external risks or strategic
organization should be achieved risks

Can be mirrored to an existing organization Time consuming

chart and operational risks

Giving more awareness towards local risks Too detailed and blinkered, resulting in a
and causes faced by organization silo approach to risk assessment

Variety of methodology according to local New risks emerging might not be reported
norms and culture (useful for a by operational staff
multinational organization)
The organization should decide the risk assessment protocols and
procedures that are most suitable.

If it is a choice between top-down and bottom-up, the organization should

decide whether visible senior management support for the risk management
initiative is more important than the greater involvement of operational
people.
3. Identify the Risks
Working out the risks to your business could be as easy as thinking about what could go wrong, and
how and why it could happen. You might also need to do some research into:

● past events and risks

● possible future changes to your business environment, such as changes in economic trends
● social and community issues that could affect your business
● find out how to conduct market research.
 Risk Assessment Techniques
1. Questionnaires and checklists
Use of structured questionnaires and checklist to collect information that will assist with the
recognition of the significant risks

Advantage:
- Consistent structure
- Greater involvement

Disadvantage:
- Rigid approach may result in some risks being missed
- Questions will be based on historical knowledge
 Risk Assessment Techniques
2. Workshops and Brainstorming
Collection and sharing of ideas to discuss the events that could impact the objectives, core
processes or key dependencies

Advantage:
- Consolidated opinions from all interested parties
- Greeted interaction produces more ideas

Disadvantage:
- Senior management tends to dominate
- Issues will be missed if incorrect people involved
 Risk Assessment Techniques
3. Inspections and audits
Physical inspections of premises and activities and audits of compliance with established
systems and procedures.

Advantage:
- Physical evidence forms the basis of opinion
- Audit approach results in good structure

Disadvantage:
- Inspections are most suitable for hazard risks
- Audit approach tends to focus on historical experience
 Risk Assessment Techniques
4. Flow Charts and Dependency Analysis
Analysis of the processes and operations within the organization to identify critical
components that are key to success.

Advantage:
- Useful output that may be used elsewhere
- Analysis produces better understanding of processes

Disadvantage:
- Difficult to use for strategic risks
- May be very detailed and time-consuming
A convenient and simple way of analysing risks is to identify the key
dependencies faced by the organization.

Key Dependencies can be further analysed by asking what could impact each of
them.

“What could undermine each of these key dependencies?”

“What would cause uncertainty about these key dependencies?”

“What events or circumstances would enhance the status of each of the key
dependencies?”
 The most common of the qualitative brainstorming structures are the SWOT
and PESTLE analysis.

One of the strengths of the SWOT analysis is that it can
be linked to strategic decisions because SWOT
evaluating both internal and external environment
However, because it is not a structured risk
classification system, there is a possibility that not all
of the risks will be identified.
PESTLE risk classification system has more
detail.
PESTLE is a well-established structure with
proven results for undertaking brainstorming
sessions during risk assessment workshops.
4. Analyze the Risks
After identifying the risks to your business, it’s time to work out which ones are
urgent.

To analyze the risks of an event, you should first look at the:

● Likelihood of the risk happening

● Severity/consequence/damage if the risk happened.
 Risk Matrix
When a risk has been recognized as significant, the organization needs to rate
it so that the priority significant risks can be identified.

The risk matrix can be used to record the outcome of the risk rating exercise
and this will provide a simple visual presentation of the significant risks that
have been recognized or identified.
5. Evaluate the Risks
To evaluate risk, compare the level of risk for various events against your risk criteria. You
should also check if your existing risk management methods are enough to accept the risk.

When to accept risk

Your strategy for managing risk may be more than just deciding whether to accept the risk or not. If
your business is part of a bigger supply chain that involves retailers, distributors or primary
producers, you can spread the risk across a number of areas.

Sometimes businesses choose to accept risks and not spend any resources on avoiding them. You
might decide to accept a level of risk for the following reasons:

● The cost of treatment is much higher than the potential results of the risk.
● The risk level works out to be very low.
● The benefits of taking the risk greatly outweighs the possible damage.
6. Treat Risk to Your Business
Your evaluation will have helped you to identify any risks that need to be treated. Develop a
plan to treat risks, so you can:

● identify each risk type and the level of risk to your business
● suggest strategies to treat each risk
● create timeframes for each strategy
● decide who's responsible for specific parts of the plan
● work out resources required such as money, staff and external help
● schedule future action such as regular checking and updating of risks, if needed.
7. Commit to Reducing Risks
Committing to quality risk management can help you create a stable business that prepares for
unexpected events.

As a business owner, it's a good idea to:

● make sure your business aims link to your risk management plan
● clearly describe your risk management plan to everyone in your business
● show support for risk management
● set up a way of measuring the success of your risk management plan
● regularly check that your way of measuring is giving you useful information
● make it clear who's responsible for what
● provide enough resources at all levels of your business
● ask for feedback from everyone in your business, including customers and suppliers
● use feedback to update your plan
● explain risk management to new employees and in training programs.
 RISK
Mitigation
Risk Mitigation
Risk mitigation is the practice of reducing the
impact of potential risks by developing a plan to
manage, eliminate, or limit setbacks as much as
possible. After management creates and carries
out the plan, they’ll monitor progress and assess
whether or not they need to modify any actions if
necessary.
 Acceptance

Which means accepting the risk as it stands.

Sometimes the possibility of reward
outweighs the risk, and it’s more beneficial in
the long run to take the chance. With risk
acceptance, it’s vital to monitor the risk
carefully for any changes to impact or
likelihood of occurrence. You may also want
to keep weighing the risk against your risk
appetite and assess whether carrying the
burden of risk continues to be the best move.
Avoidance

With a risk avoidance strategy, you take

measures to avoid the risk from occurring.
This may require compromising other
resources or strategies to make sure you’re
doing everything you can to avoid the risk. For
example, you may face a risk where you won’t
be able to complete a task for an important
project due to a lack of specialists. To avoid
this risk, you could hire multiple specialists,
just in case one got sick or wasn’t available. Of
course, hiring more resources would take a
bigger slice out of the budget, so assessing
how much you can compromise is an
important step in this strategy.
 Transference

Transferring risks involves passing the risk

consequence to a third party. For many
businesses, that might involve paying an
insurance company to cover certain risks.
There might also be risk transference written
into contracts with suppliers, outsourcing
partners, or contractors.
Reduction

With this mitigation approach, once you’ve

completed your risk analysis, you would take
steps to reduce the likelihood of a risk
happening or the impact should it occur. Let’s
say your budget is tight and there’s a risk you
can’t complete a particular project due to a
lack of funds. You can reduce the likelihood
of that risk occurring by proactively managing
the costs within the budget. In this scenario,
you could choose a cheaper option for raw
materials or reduce the project scope so it
can be completed within budget, such as in
the gif below.
Tips for mitigating risk in your business
● Have adequate insurance coverage to help mitigate the financial impact of risks such as fire, theft
or liability.
● Develop contingency plans so that you can continue operating if an incident, such as a natural
disaster or power outage, occurs.
● Implement risk management processes and procedures. This could involve anything from regular
risk assessments to employee training on identifying and dealing with potential risks.
● Regularly monitor and review risks and make sure you have effective mitigation strategies in place.
● Maintain good relationships with suppliers and customers. This can help to minimise the impact of
risks such as supply chain disruptions. Also, ask for feedback on their experience with your
products or services, so you can identify potential risks before they become major problems.
● Have strong internal financial controls and IT security measures.
● Stay up to date on changes in laws and regulations. This will help you avoid compliance-related
issues, including risks specific to your industry and general risks all businesses face.