Risk Management

An 'at a glance' guide to Risk Management

Why Manage Risk?

Good risk management at a strategic level helps protect an organisation's reputation, safeguard against financial loss, minimise disruption to services and increase the likelihood of achieving business objectives successfully.

This also gives assurance on how an organisation's business is managed and at the same time will satisfy any compliance requirements of the organisation, where an internal control mechanism is established. Internal control includes:

What does it require?

How to identify risks?

Step 1 - Clarity of Objectives

Be clear first of all about the overall objectives of the organisation and understand how departmental objectives are aligned to the delivery of same. Think about:

Step 2 - Identify Risks

With your objectives in mind, ask the following questions:

  1. What can go wrong?
  2. How and why can it happen?
  3. What do we depend on for continued success?
  4. What could happen?

Consult with staff and others as appropriate and consider a range of possible scenarios including the best and worst cases. Be as creative with this process as possible. Consider the 'cause and effect' and scope of the risk and state as clearly as possible to avoid misunderstanding and misinterpretation. Try to quantify where possible based on what the effect might be.

Go back to Step 1 above and do the same for external risks by considering the relationship between the organisation and its wider environment and follow the steps above. Consider potential external cause of business disruption, issues affecting relationship with partners, suppliers and any possible changes in government policy and legislation.

Step 3 - Assess Risks
Step 4 - Address Risks

This involves practical steps to managing and controlling risks. Think about:

Step 5 - Review, Quantify and report Risks

Although policy may dictate a review and half yearly update should be enacted, risk owners need to regularly review to ensure there is ongoing relevant management of risks

Advice should be sought where quantification / confirmation is needed, i.e. Finance or Audit Department

Build into the current reporting structure via the business planning round. Where key risks need to be considered, ensure it is given priority within the agreed framework.

Risk Defined

Risk: is the actual exposure of something of human value to a hazard and is often regarded as the product of probability and loss - Source: Smith K 2001; Environmental Hazards Assessing Risk and Reducing Disaster: London: Routledge: 6 -7.

Risk Assessment: The evaluation of a risk to determine its significance, either quantitatively or qualitatively.

Risk Management: Determines the levels at which risk acceptability is set and methods of risk reduction are evaluated and applied.

Resilience: The ability at every relevant level to detect, prevent and, if necessary handle disruptive challenges. Source: CCS Resilience

Business Continuity: A proactive process which identifies the key functions of an organisation and the likely threats to those functions; from this information plans and procedures which ensure that key functions can continue, whatever the circumstances, can be developed.

Custom Search

Valid CSS! Valid HTML 5.

browser implementation

For more information, contact: Managers-Net.