Management of risk

From apppm
(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
  
[[File:riskoverview.png|200px|thumb|right|Overview of risk management]]
+
[[File:overviewrisk.png|500px|thumb|right|Overview of risk management]]
From 2009 [[ISO 31000]] defines risk as "the effect of uncertainty on objectives". Looking into that definition it is noted that the word risk does refer to positive possibilities as well as negative ones. This definition was revised under the ISO 31000:2009. Before revision the definition of the word "risk" was "chance or probability of loss". Meaning that only negative results could be associated with risk.
+
  
'''Management of risk''' involves identification, assessment, and prioritization of risks. Coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
+
Risk is part of all our lives. We need to take risks to grow and develop. Effectively managed risk in hospitals, airport security, construction sites, projects, programmes, portfolios and in so many more circumstances help societies achieve.  
  
Among strategies used to manage threats are.
+
'''Management of risk''' involves identification, assessment, and prioritization of risks. Coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.  
  
* Transferring the threat to another party
+
Figure 1 shows what is involved in risk management. Identifying, analysing and evaluating risks are all part of risk assessment and will be further analysed in the risk assessment section.
* Avoid the threat
+
* Reducing both the negative effect and lowering the probability of the threat
+
* Accepting the potential negative consequences of a particular thread is the only option.
+
* For uncertain events with benefits (opportunities) the opposite is done.
+
  
The term Risk management is really broad and can be used by individuals, families, firms, nations and so on. Events such as natural disasters are usually very hard to forecast but usually have large impacts. Whereas events such as minor human errors happen every day and are therefor relatively easy to forecast. Human errors can have from minor to major consequences. This displays the wide range of risk management well as each possible event has to be identified, assessed and prioritized.  
+
Because risk is inherent in everything we do, risk professionals undertake roles that are very diverse. It includes roles in insurance, business, health and safety, corporate governance, engineering, planning and financial services to name a few.
  
In this article risk management in general will be outlined with a special focus on risk management activities as applied to project management. That is one aspect inside of risk management called [[Project risk management]]
+
In this article general methodologies and important principles of risk management will be outlined, risk assessment will be explained and programme risk management introduced. Benefits and limitations of risk management will be discussed before stating the conclusions.
  
 
__TOC__  
 
__TOC__  
Line 143: Line 138:
  
  
 +
Among strategies used to manage threats are.
  
 +
* Transferring the threat to another party
 +
* Avoid the threat
 +
* Reducing both the negative effect and lowering the probability of the threat
 +
* Accepting the potential negative consequences of a particular thread is the only option.
 +
* For uncertain events with benefits (opportunities) the opposite is done.
  
  

Revision as of 20:20, 22 September 2015

Overview of risk management

Risk is part of all our lives. We need to take risks to grow and develop. Effectively managed risk in hospitals, airport security, construction sites, projects, programmes, portfolios and in so many more circumstances help societies achieve.

Management of risk involves identification, assessment, and prioritization of risks. Coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

Figure 1 shows what is involved in risk management. Identifying, analysing and evaluating risks are all part of risk assessment and will be further analysed in the risk assessment section.

Because risk is inherent in everything we do, risk professionals undertake roles that are very diverse. It includes roles in insurance, business, health and safety, corporate governance, engineering, planning and financial services to name a few.

In this article general methodologies and important principles of risk management will be outlined, risk assessment will be explained and programme risk management introduced. Benefits and limitations of risk management will be discussed before stating the conclusions.

Contents


Introduction

ISO Guide 73:2009, Risk management - Vocabulary complements ISO 31000. According to ISO 73:2009 risk management is intended to be used by those engaged in managing risks, those who are involved in activities of ISO and IEC, and developers of national or sector-specific standards, guides, procedures and codes of practice relating to the management of risk. [1]

Risks with great impacts and a high probability of happening are treated before risks with smaller impacts and lower possibility. This is called prioritization. There are several tools that can be used in the process of assessing risks. Those tools will be discussed in CHAPTER XX.

When allocating resources, risk management faces some difficulties. Short term planning would recommend skipping risk management when starting a new project as the process itself costs manpower and is not directly involved in the project itself. While long term thinking would definitely recommend going through the processes of risk management. That is because it could save a lot of money and even lives if it prevents one unfortunate event to happen as it was accounted for in the process. The effect of negative effects of risks is minimized as well as spending in ideal risk management.

General methodology

The following methods are a part of the general methodology, these methods are usually performed in the order as they are listed.

  1. identify and characterize threats
  2. assess the vulnerability of critical assets to specific threats
  3. determine the risk
  4. identify ways to reduce those risks
  5. prioritize risk reduction measures based on a strategy

VANTAR HEIMILD

Important principles

ISO has identified principles of risk management, some mentionable principles are.

  • Create value
  • Be part of decision making process
  • Be a systematic and structured process
  • Take human factors into account
  • Be continually or periodically re-assessed

VANTAR HEIMILD


Risk assessment

Risk assessment is the determination of quantitative or qualitative estimate of risk related to a concrete situation and a recognized hazard. Two components of risk are required for calculations in quantitative risk assessment. The magnitude of the potential loss (L) and the probability (p) that the loss will occur. If the countermeasure for handling a certain risk exceeds the value of the expected loss it is called acceptable risk. That kind of risk is understood and tolerated

Qualitative

A pre-defined rating scale is used to prioritize the identified project risks. The probability or likelihood and the impact on a project objectives should they occur gives the score for a certain risk. A qualitative risk analysis also includes the appropriate categorization of the risks. Source-based or effect-based.

Quantitative

A further analysis of the highest priority risks during which a numerical or quantitative rating is assigned in order to develop a probabilistic analysis of the project. Possible outcomes for the project are quantified and the probability of achieving specific project objectives is assessed. When there is uncertainty a quantitative approach can be used to make decisions. It also creates realistic and achievable cost, schedule or scope targets.

Quantitative risk analysis can only be successfully carried out if there is high-quality data, a well-developed project model, and a prioritized lists of project risks. That usually yields from performing a qualitative risk analysis. [2]


Qualitative Quantitative
risk-level project level
subjective evaluation of probability and impact probabilistic estimates of time and cost
quick and easy to perform time consuming
no special software or tools required may require specalized tools

Programme risk management

There are four defined steps in programme risk management. Identify step, assess step, plan step and implement step. In order for a programme to run as smoothly as possible, these four steps must be followed. Other factors play along these four steps, good and effective communication is the most important factor. Communication has to be good throughout each and every step. Let's take a better look at the four steps.

Identify step

In the beginning of programme management, the identification of uncertain events which can both be threats and opportunities takes place. The programme's objectives and scope, what assumptions have been made, who the stakeholders are and where the programme fits inside the organization as well as the environment should be understood. If those aspects are understood it enables the programme to search for risk methodically and take the correct actions should a response be needed at some point.

Actual risks should then be identified. Both threats to the programme objectives and opportunities to overachieve on outcomes and benefits.

Assess step

The assessment of risk can be broken down into two activities. Estimate the threats and the opportunities in terms of their probability impact and proximity on the one hand, and on the other hand to evaluate the net aggregated effect of the identified threats and opportunities on the programme. This is explained in detail in the Risk assessment section.

Plan step

Preparation of specific management response to the threats and opportunities that have been identified are the primary goal of the plan step. The objective is to remove or reduce the threats and to maximize the opportunities.

Implement step

Here it shall be ensured that the previously planned risk management actions are successfully implemented and monitored as to their effectiveness. Corrective actions should be taken where responses do not live up to expectations. It is an important factor that roles and responsibilities are allocated. Someone has to be responsible for the management and control of the risk. Key roles in that perspective are: Risk owner is responsible for the management and control of all aspects of the risks assigned to them. Managing, tracking and reporting the implementation of the selected actions to address the threats or to maximize the opportunities is included in that role. Risk actionee is responsible for the implementation of risk response actions. Support and take directions from the risk owner.

Tools

There are many tools used in risk assessment, sometimes it is recommended to use more than one tool in risk assessment. They all have their own focus areas. Lets take a better look at the most frequently used tools.

Hazard and operability study (HAZOP)

Failure mode effect analysis (FMEA)

Structured What-IF technique (SWIFT)

Fault Tree Analysis (FTA)

Benefits

The most notable potential benefits of a well-structured and efficiently run risk management are. [3]

  • Improved strategic and business planning
  • More effective use of resources
  • An ability to quickly grasp new opportunities
  • Fewer unwelcome surprises
  • Enhanced communication
  • Ability to reassure key stakeholders throughout the organization
  • Continuous improvement
  • robust contingency planning

For projects

Contingency in projects can make or break them. Too much contingency is uncompetitive and too little increases the chance of failure. Risk assessment helps set contingency levels. It aims to figure out the most probable level of risk and gives the confidence level of outcome targets.

For portfolios

For businesses

Limitations

Conclusions

References

Among strategies used to manage threats are.

  • Transferring the threat to another party
  • Avoid the threat
  • Reducing both the negative effect and lowering the probability of the threat
  • Accepting the potential negative consequences of a particular thread is the only option.
  • For uncertain events with benefits (opportunities) the opposite is done.



  1. http://www.iso.org/iso/catalogue_detail?csnumber=44651
  2. https://www.passionatepm.com/blog/qualitative-risk-analysis-vs-quantitative-risk-analysis-pmp-concept-1
  3. http://irisintelligence.com/risk-management-explained/why-manage-risk.html
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox