Introduction – Risk Management Process

There are methods of “Risk definition and control”, which are documented in a systematic approach known as “Risk Management Process”. This Risk Management Process provides a reasonable defense mechanism against the potential risk that an organization is about to face. Risk Management training can, therefore, be defined as “a group of actions that are integrated within the wider context of a company organization, which are directed toward assessing and measuring possible risk management techniques.

There is eight major and minor risks management process in the above picture. Try to spot them if you can! (Answer at the end)

From the picture, we can infer that Walters Inc. has to implement the Risk Management process at the earliest. So let’s try to understand this risk management process as well as the phase involved in it.

The Story of Risk Management Process…

Each organization has a “mission” and a “vision” for its formation. And therefore, in general terms, it must address the problem of protecting itself against events that bring potential risk management strategies to the organization as a whole. Earlier, companies faced different types of risk management strategies in a specific or unconnected manner. But today It also elaborates on the risk management strategies necessary for managing the same. Company risks are normally classified into three broad categories:

1. Risks inherent to the external context

The emergence of unfavorable laws and regulations
Absurd changes in market conditions
Technological innovations that favor competitors

2. Risks inherent to operative management

Noncompliance with contractual requirements
Possible loss of market share
Possible loss of skills
Possible physical damage to personnel
Possible environmental pollution

3. Risks inherent to financial management

Difficulty in collecting accounts receivables
Unfavorable changes in exchange rates
Imbalances in liquidity

Each of these risks management process may lead to direct or indirect damage to the organization, with economic implications in the short, medium and long-term. From this point of view, therefore, the attention given to Risk Management techniques, in terms of the quality and quantity of allocated resources, must be consistent. This not only stands true for the type of risk management strategies, but also for the potential negative event could occur and the gravity of its consequences.

A complete risk management process aims to protect:

# Value already created by the organization

# Future opportunities

Phases of Risk Management Process

Generally, risk management process is strongly connected to one another. Hence they cannot be taken care of in a fragmented manner. At the same time nor they can be taken care of by an individual department of an organization. by independent functions and/or departments, but a dedicated process is necessary that requires a structured organization and effective communication mechanisms. Traditionally, the phases of a Risk Management process are as follows:

Popular Course in this category

All in One Financial Analyst Bundle (250+ Courses, 40+ Projects)250+ Online Courses | 1000+ Hours | Verifiable Certificates | Lifetime Access
4.9 (3,296 ratings)

Course Price

View Course

context definition
risk identification
risk assessment
risk control
communication
planning
checking and supervision
process review

To be effective, each of these phases must be fully integrated within the company organization.

1. Context definition

Context definition stresses the following important things:

The first and foremost thing is identifying the areas of risk. Risks may arise due to a specific combination of market, product or service, manufacturing or distribution process as well as other external factors.
Next thing is to identify and define an assessment activity schedule.
Based on that it becomes necessary to organize resources, and also defining duties and responsibilities.

2. Risk identification

The next phase of Risk management process is risk Identification Process, it is important to identify the potential risks and then give their detailed description. Hence all possible sources of risk management training such as the positions of the stakeholders, market changes, manufacturing errors or work accidents should be thoroughly analyzed. The process of identifying potential risks management techniques must include:

Objectives that the organization has set.
Scenarios that the organization may face in carrying out its business.
Procedures that the organization adopts for its management and operational purposes.

Effective risk identification finally requires the support of reasonable confirmations, which states if the analysis about the risk has been correct or not. These confirmations may be:

Confirmation stating that the event has already occurred (Direct confirmation)
Confirmation stating that the event has already occurred in a similar situation. (Indirect confirmation)
Confirmation stating the cause-effect relationships stressing on the probability of the event. (Deductive nature)

In this way, a “risk profile” is outlined that is specific to each organization.

3. Risk assessment

When the risks have been identified, it must be assessed based on the following parameters:

The probability that the negative event will occur;
The seriousness of the direct or indirect consequences of the event itself.

The assessment made in such cases is largely dependent upon

Criticality of the situation,
Relevance, availability of statistical data
Confirmed analysis procedures.

The other important job in this step of risk management process is to assess the level of risks. This step helps in making the action plan in the context of that particular risk.

Extreme / High-Risk	Serious danger. Immediate action required in this type of risk. Identify and implement controls to reduce risk to as low as reasonably practical. The controls can be temporary or permanent
Medium Risk	Moderate danger. Action as soon as possible to implement controls to reduce the risk to as low as reasonably practical. Actions can be for a long & short term.
Low Risk	It may range from Minor to negligible danger. Assess if further action can be taken. Steps should be taken to monitor the controls so the hazard is maintained as “low ” (If the hazard cannot be eliminated completely).

# Likelihood Scale

Level	Likelihood	Description
4	Very likely	Happens more than once a year in this industry
3	Likely	Happens about once a year in this industry
2	Unlikely	Happens every 10 years or more in this industry
1	Very unlikely	Has only happened once in this industry

# Consequence scale

Level	Consequence	Description
4	Severe	Financial losses greater than $50,000
3	High	Financial losses between $10,000 and $50,000
2	Moderate	Financial losses between $1000 and $10,000
1	Low	Financial losses less than $1000

The following formula is used to calculate risk rating: Likelihood x Consequences = Risk rating, For example, you may decide the likelihood of a fire is ‘unlikely’ (a score of 2) but the consequences are ‘severe’ (a score of 4). Then using the tables above, a fire, therefore, has a risk rating of 8 (i.e. 2 x 4 = 8).

# Risk rating table

Risk rating	Description	Action
12-16	Severe	Needs immediate corrective action
8-12	High	Needs corrective action within 1 month
4-8	Moderate	Needs corrective action within 3 months
1-4	Low	Does not currently require corrective action

Example- Crack in the Pathway of a company main office

The assessor rates the likelihood as high (likely). The reasons for the same are: The path is frequently used by employees and visitors daily. Therefore there is a high probability that someone will be exposed to the hazard. The assessor rates consequences of a trip in this section of a path as moderate, with a sprain or break as the worst case scenarios. Therefore the risk management process rating for this particular hazard was assessed as high. Your risk evaluation should consider:

the importance of the activity to your business
the amount of control you have over the risk
potential losses to your business
any benefits or opportunities presented by the risk.

4. Risk Control

In this phase of risk management process, the decision-making process becomes particularly important. It includes one or more of the following conditions:

Transfer of the risk
Exclusion of the risk
Reduction of the risk
Acceptance of the risk or an amount of the risk

The selected one of the options from the above conditions will depend on the specific company situation. Also, it should consider the cost-benefit analysis. It can stress the quantitative aspects in reference to short, medium and long-term period.

Risk transfer

Here the company transfers the risk to another party that is ready to accept the risk. This generally includes the risk management process insurance companies that are ready to take up the risk management techniques. But in such a case risks such as liabilities of a criminal nature cannot be transferred.

Risk exclusion

This condition foresees the non-execution of the activity that involves a risk that cannot be transferred and/or is considered to be unacceptable. Naturally, the result is a loss of opportunity that the activity at risk management training would have represented in any case.

Risk reduction

Risk reduction takes into account the managerial, technological and behavioral action that lowers the probability of risk. This, in turn, reduces the seriousness of its consequences.

Acceptance of an amount of the risk

Some risks that are not transferred or not excluded are accepted. The acceptance applies when the risk has:

Low probability of the event
Consequences are of little relevance
Great benefits if successful

5. Communication

Communication of risk is another important step in the risk management process. In this step the following things must be properly documented in detail in a Risk Management Report:

The profile
The matrix
The risk treatment
The control planning

The above things must be presented to all personnel who are involved in any manner. If required targeted training courses should be developed, making the Risk Management training Report an effective management instrument. The Risk Management Report establishes the document of reference for the entire Risk Management process.

6. Planning

The Planning step defines the risk control methods, that is:

Interpretation, sending or storing of incoming data for the control process;
Appropriate level and localization for the decisions and actions the operative procedures and/or practice;
Control instruments
Interpretation, sending or storing of output data from the control process.

The planning activity is documented in the Risk Management strategies Plan. As the planning step is mainly directed toward coordinating all activities and their communication it is recommended that the position of a Risk Manager is created.

7. Checking and Supervision

One time plan is not enough in risk management process. It is important that Checking and supervision are carried out time and again. The checking and supervision results must be always documented, evaluated and recorded.

8. Process review

Risk Management Process is not a one time but a dynamic process. And that is why it must be reviewed in a sufficiently frequent manner. It must be based upon the experience gathered in a direct manner (w.r.t the organization) or indirectly (outside of the organization. The purpose of such an activity should be:

Evaluating possible evolutions that concern any phase of the process
Evaluating the efficiency and effectiveness of the adopted Risk Management Plan
Evaluating the checking and supervising results.

If revisions are made, another Risk Management process Report must be created which is updated with respect to the changes that were made.

This is all about the Risk Management process. The picture below gives the answers to the spot the risks in Walters Inc.

Spot the Risks Answers!

If you find other risks involved in this picture, please feel free to mention them in the comments below, so that you can have your own share in improving Walter’s Inc.