Scribd
Upload
53 views14 pages

0 - Unit 1 Risk Management

This document provides an overview of risk management concepts and processes. It discusses defining risk, identifying risks, assessing risks through likelihood and impact analysis, and treating risks through avoidance, transfer, retention and control. The risk management process involves establishing context, identifying and assessing risks, developing and implementing treatment plans, and reviewing and updating plans over time.

Uploaded by

Yash Yash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
53 views14 pages

0 - Unit 1 Risk Management

This document provides an overview of risk management concepts and processes. It discusses defining risk, identifying risks, assessing risks through likelihood and impact analysis, and treating risks through avoidance, transfer, retention and control. The risk management process involves establishing context, identifying and assessing risks, developing and implementing treatment plans, and reviewing and updating plans over time.

Uploaded by

Yash Yash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Unit 1:

Introduction to Risk
CONTENT

1. C O N C E P T O F RI S K
2. R I S K A N D U N CE RTA I N T Y
3. D I S T I N C T I O N A N D C L AS S I F I CAT I O N O F
RISK
4. D Y N A M I C N AT U RE O F RI S K
5. TYPES OF RISK
6. Q U A N T I F I C AT I O N O F RI S K A ND VA R I O U S
METHODOLOGY
Concept of Risk

• Risk derives from the early Italian word "risco" which means danger or
"risicare," which means "to dare" or French word "risqué".
• Risk is a choice rather than a fate. The actions companies dare to take are
central to our definition of risk. Risk and reward are two sides of the same coin.
Risk leaders choose their risks well. They look at external and internal risks in
broad context.
• They integrate decisions with corporate strategy, and strike a healthy balance
between risk management as an opportunity and a protection shield.
Definition

Risk management is an integrated process of


delineating (define) specific areas of risk, developing a
comprehensive plan, integrating the plan, and
conducting the ongoing evaluation’ – Dr. P.K. Gupta.
Risk Management Process
1. Establish the Context

The purpose of this stage of planning enables to


understand the environment in which the
respective organization operates, that means the
thoroughly understand the external environment
and the internal culture of the organization.
You cannot resolve a risk if you do not know
that it is. At the initial stage it is necessary to establish
the context of risk.
To establish the context there is a need to collect
relevant data. There is a need to map the scope of
the risks and objectives of the organization.
2. Identification

After establishing the context, the next step in the process


of managing risk is to identify potential risks.
Risks are about events that, when triggered, will cause
problems. Hence, risk identification can start with the
source of problems, or with the problem itself.
Risk identification requires knowledge of the
organization, the market in which it operates, the legal,
social, economic, political, and climatic environment in
which it does its business, its financial strengths and
weaknesses, its helplessness to unplanned losses, the
manufacturing processes, and the management systems and
business mechanism by which it operates.
2. Identification

Any failure at this stage to identify risk may


cause a major loss for the organization.
Risk identification provides the foundation of risk
management. The identification methods are formed
by templates or the development of templates for
identifying source, problem or event.
 The various methods of risk identification are –
Brainstorming, interview, checklists, structured
‘What-if’ technique (SWIFT), scenario analysis,
Fault Tree Analysis (FTA), Direct observations,
incident analysis, surveys, etc.
3. Assessment

 Once risks have been identified, they must then be


assessed as to their potential severity of loss and to
the probability of occurrence.
 These quantities can be either simple to measure, in the
case of the value of a lost building, or impossible to know for
sure in the case of the probability of an unlikely event
occurring.
 Therefore, in the assessment process it is critical to make
the best educated guesses possible in order to properly
prioritize the implementation of the risk management plan.
 The fundamental difficulty in risk assessment is
determining the rate of occurrence since statistical
information is not available on all kind of past incidents.
3. Assessment

Nevertheless, risk assessment should produce such


information for the management of the organization
that the primary risks are easy to understand
and that the risk management decisions may be
prioritized.
Thus, there have been several theories and attempts to
quantify risks.
Numerous different risk formula exist but perhaps the
most widely accepted formula for risk quantification is
rate of occurrence multiplied by impact of the event
[Rate of occurrence x Impact of the event].
4. Potential Risk Treatments

a) Risk Transfer :
Risk transfer means that the expected party transfers whole or part of the losses
consequential to risk exposure to another party for a cost. The insurance contracts
fundamentally involve risk transfers. Apart from the insurance device, there are
certain other techniques by which the risk may be transferred.
b) Risk Avoidance :
Avoid the risk or the circumstances which may lead to losses in another way,
includes not performing an activity that could carry risk. Avoidance may seem the
answer to all risks but avoiding risks also means losing out on the potential gain
that accepting (retaining) the risk may have allowed. Not entering a business to
avoid the risk of loss also avoids the possibility of earning the profits.
4. Potential Risk Treatments

c) Risk Retention :
 Risk retention implies that the losses arising due to a risk
exposure shall be retained or assumed by the party or the
organization.
 Risk retention is generally a deliberate decision for business
organizations inherited with the following characteristics.
 Self-insurance and Captive insurance are the two methods of
retention.
A ‘captive insurer’ is generally defined as an insurance
company that is wholly owned and controlled by its insured’s;
its primary purpose is to insure the risks of its owners, and its
insured’s benefit from the captive insurer's underwriting profits
Risk Control
Risk can be controlled wither by avoidance or by
controlling losses. Avoidance implies that either a
certain loss exposure is not acquired or an existing one
is neglected. Loss control can be exercised in two ways
– (i) Create the plan and (ii) Risk Control.
i. Create the Plan

The risk management plan should propose


applicable and effective security controls for
managing the risks.
A good risk management plan should contain a
schedule for control implementation and responsible
persons for those actions. The risk management
concept is old but is still not very effectively
measured.
Example – An observed high risk of computer
viruses could be mitigated by acquiring and
implementing antivirus software.
Review and evaluation of the plan:

 Initial risk management plans will never be perfect.


 Practice, experience and actual loss results, will necessitate
changes in the plan and contribute information to allow possible
different decisions to be made in dealing with the risk being faced.
 Risk analysis results and management plans should be updated
periodically. There are two primary reasons for this –
 a) To evaluate whether the previously selected security controls
are still applicable and effective and
 b) To evaluate the possible risk level changes in the business
movement. There are risks that do no change and are static in
nature. However, other dynamic risks of not continually
monitored and reviewed may grow like a bubble and their
financial, legal and ethical impacts soon get out of control.

You might also like