RISK MANAGEMENT

Session objectives

• Delegates should have an understanding of the concept of risk management.

• Identify risk and the attributes of risk. • Understand how to manage (control)risk.

What is risk?

Risk is defined as ;• An uncertain event or condition in the future,which, if it occurs, will affect the project in some way.• “The threat or possibility that an action or

event will adversely or beneficially affect an organization’s ability to achieve its objectives.”

Attributes of risk.

• loss (an undesirable outcome.

• Risk is also characterized by a negative or positive.

• It also involves uncertainty. That is, the existence of more than one possibility. The "true" outcome/state/result/value is not known.

Risk identification.

• Risk identification is the second step in the process of managing risk.

• Risk identification means determining what risk or hazards exist or are anticipated.

• It can also be defined as a process that involves finding, recognizing, and describing the risks that could affect the achievement of an organization’s objectives.

• Historical data, theoretical analysis, informed opinions, expert advice, and stakeholder input can be used to identify risks.

Why do people take risk?

• Some people are addicted to taking risks. The more they do it, the more they want to do it. I don't know anybody personally who takes things to the edge, but I guess that they do dangerous things.

• Others are extremist.• The need to challenge themselves to do things

they think they couldn’t do.

What is risk management?

• Risk management refers to a coordinated set of activities and methods that is used to direct an organization and to control the many risks that can affect its ability to achieve objectives.

• It can also be defined as the identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks.

How to manage(control) risk.

Risk management begins with three basic questions:• What can go wrong? • What will we do to prevent it?• What will we do if it happens?

Steps for risk management.

1) Establish the context.

To establish the context means to define the external and internal factors that organizations must consider when they manage risk. An organization’s external context includes its stakeholders, its local, national, and international environment, as well as any external factors that influence its objectives. An organization’s internal context includes its internal stakeholders, its approach to governance, its contractual relationships, and its capabilities, culture, and standards. A stakeholder is a person or an organization that can affect or be affected by a decision or an activity.

2) Identify possible risk.

Recognize what can go wrong. Identify possible sources of risk in addition to the events and circumstances that could affect the achievement of objectives. It also includes the identification of possible causes and potential consequences.

3) Analyze the risk.

Analyze each risk to estimate the probability that it will occur and the impact (that is, effect) that it will do if it does occur. Risk analysis is a process that is used to understand the nature, sources and causes of the risks that you have identified and to estimate the level of risk.

It is also used to study impacts and consequences and to examine the controls that currently exist. How detailed your risk analysis ought to be will depend upon the risk, the purpose of the analysis, the information you have, and the resources available.

4) Evaluate the risk.

It is a process that is used to compare risk analysis results with risk criteria in order to determine whether or not a specified level of risk is acceptable or tolerable. Risk criteria are terms of reference used to evaluate the significance or importance of an organization’s risks. They should reflect your organization’s values, policies, and objectives, should be based on its external and internal context, should consider the views of stakeholders, and should be derived from standards, laws, policies, and other requirements.

5) Treat the risk.

Risk treatment is a risk modification process. It involves selecting and implementing one or more treatment options. Once a treatment has been implemented, it becomes a control or it modifies existing controls. You have many treatment options. You can avoid the risk, you can reduce the risk, you can remove the source of the risk, you can modify the consequences, you can change the probabilities, you can share the risk with others, you can simply retain the risk, or you can even increase the risk in order to pursue an opportunity.

QUESTIONS