Risk management Model :- There is a risk when there is a probability that a harmful or harmful event will occur and have a negative effect on the performance of the business. Good risk management ensures optimal, balanced and sustainable performance of the company.
Objectives of Risk Management
- Ensure optimal, balanced and sustainable performance of the company
- Develop a comprehensive, systematic, integrated and flexible approach to identifying, assessing, analyzing and managing risks
- Develop better risk management practices
- Address all types of business risks
- Take responsible risks
- Make informed decisions
- Better manage change
Conditions for good Risk Management
- Risk management needs to be aligned with the company’s strategy
- Risk management must support performance management
- Risk management should focus on the same management activities as performance management , performance conditions, performance tools, management skills, stakeholder satisfaction
- The risk assessment system should focus on the most important risks
- The risk management process must be simple and remain simple and flexible
Provenance of Risks
Risks can come from two main sources: outside the company (external risks) and inside the company (internal risks).
- External risks come from changes or threats in the business environment (political, economic, technological, sociological changes, market changes, customers, competitors, products, suppliers) that may have a negative influence on the objectives and strategies of the company.
- Internal risks can come from different sources: corporate strategy, processes, resources, intangible factors, management information.
Risks from the Strategy
- The strategy is not clear and precise
- The strategy was not communicated properly
- The strategy has not been implemented properly
- The strategy has not been adequately evaluated
Risks from Processes
Process risks occur when processes are not performing well. The following examples illustrate risks from underperforming processes:
- The process is not aligned with the company’s strategy;
- The process is not satisfying to customers;
- The process does not operate effectively and efficiently;
- The process has been modified.
Risks from Resources
- Changes in human resources
- Changes in technological resources
- Changes in material resources
- Changes in financial resources
- Resources are not aligned with the strategy
Risks from Intangible Factors
- Changes in the organizational structure
- Changes in performance conditions
- Changes in management tools
- Changes in management skills
- Changes in stakeholder satisfaction
- Intangible factors are not aligned with the strategy.
Risks from Management Information
Management information can also be a risk when the information used to make decisions is incomplete, outdated, incorrect, late, irrelevant, etc.
Risk Management Process
- Identify the risks
- What are the changes?
- What are the potential problems?
- What are the risks that can occur?
- Identify the level of risks:
- Assess the risks
Assess risks according to their importance and likelihood.
- Analyze the Risks
- Where do the risks come from?
- What are the causes and consequences of the risks?
- What are the uncontrollable risks?
- What is the acceptable level of risk?
- Can we control unacceptable risks?
- Can we control acceptable risks at their current level?
- Develop action plans
The risk can be reduced or eliminated by taking corrective or preventive actions.
- Correct at the source risks whose importance and probability are high.
- Check for risks that are of high importance and low probability.
- Analyze risks of low significance and high probability.
- Temporarily ignore risks of low significance and probability.
Risk Management Practices
- Enhance risk management across the enterprise.
- Develop an ongoing business risk assessment process and a continuous process of risk control.
- Integrate the process of risk control into processes.
- Assess the risks against the strategic objectives of the company.
- Overcome the financial aspect to extend risk management to all aspects and levels of the business.
- Evaluate performance factors, processes, development projects, departments, and strategic, operational and financial decisions taking into account possible risks.
- Evaluate the risks and reassess them continually according to their importance and probability.
- Develop risk reduction strategies based on assessed risk levels.
- Review and regularly improve methods and tools for identification, evaluation, analysis and risk reduction.
- Perform extreme situation simulations to measure the effectiveness of risk reduction methods and tools.
- Involve managers in the process of identification, evaluation, analysis and risk reduction.
- Organize training courses to master risk management concepts and tools.
- Form a risk management committee to approve the risk management policy and tools and to regularly assess the risks.
- Develop information systems to provide all the information needed for risk management.
- Regularly evaluate the performance of the risk management process.
- Communicate the results to the managers.