Question

Give some examples of potential risks and risk management options that need to be identified and quantified to the client.

Answer 1

Risk management options are usually cited as risk handling options subdivided as: avoidance, control, assumption, risk transfer, and knowledge and research. Generally, the assessment of management options is a hip shot since the necessary decisions must occur early in a programme when things are still fuzzy. However, if experienced personnel are given the facts, one can expect very good decisions since there is seldom any real mystery about the practicality of options available. (The practicality of any option is usually just an issue of schedule and funding.)

Avoidance: Use an alternate approach that does not have the risk. This mode is not always an option. There are programmes that deliberately involve high risks in the expectation of high gains. However, this is the most effective risk management technique if it can be applied.

Control: Controlling risks involves the development of a risk reduction plan and then tracking to the plan. The key aspect is the planning by experienced persons. The plan itself may involve parallel development programmes, etc.

Assumption: Simply accepting the risk and proceeding. However, there can be a tendency within organisations to gradually let the assumption of a risk take on the aura of a controlled risk.

Risk Transfer: Means causing another party to accept the risk, typically by contract or by hedging. Liability among construction or other contractors is often transferred this way.

Knowledge and Research: This mode is not "true" risk handling, but rather a technique for strengthening other techniques. This approach can best be viewed as an adaptation of the approach used by a student writing a thesis: intensive study with specialised testing - in other words doing your homework.

Never expect initial risk management plans to be perfect. Practice, experience, and actual loss results will dictate changes in the plan to allow different decisions to be made in dealing with the risks being faced. In order for companies to succeed in the twenty-first century, they need to excel in all aspects of their business, which includes risk management, so they can fulfil their own and their customer's goals.

Risk management is an on-going process, and is a combination of proactive management directed activities within a programme that are intended to accommodate the possibility of failures.

After establishing the context, the next step in the process of managing risk is to identify potential risks. Risks are about events that, when triggered, cause problems or benefits. Hence, risk identification can start with the source of our problems and those of our competitors (benefit), or with the problem itself.

Source analysis– Risk sources may be internal or external to the system that is the target of risk management (use mitigation instead of management since by its own definition risk deals with factors of decision-making that cannot be managed).

Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an airport.

Problem analysis [citation needed] – Risks are related to identified threats. For example: the threat of losing money, the threat of abuse of confidential information or the threat of human errors, accidents and casualties. The threats may exist with various entities, most important with shareholders, customers and legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. For example: stakeholders withdrawing during a project may endanger funding of the project; confidential information may be stolen by employees even within a closed network; lightning striking an aircraft during take-off may make all people on board immediate casualties.

The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are:

Objectives-based risk identification [citation needed] – Organizations and project teams have objectives. Any event that may endanger achieving an objective partly or completely is identified as risk.

Scenario-based risk identification – In scenario analysis different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk – see Futures Studies for methodology used by Futurists.

Taxonomy-based risk identification – The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks.[7]

Common-risk checking – In several industries, lists with known risks are available. Each risk in the list can be checked for application to a particular situation.[9]

Risk charting – This method combines the above approaches by listing resources at risk, threats to those resources, modifying factors which may increase or decrease the risk and consequences it is wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can begin with resources and consider the threats they are exposed to and the consequences of each. Alternatively one can start with the threats and examine which resources they would affect, or one can begin with the consequences and determine which combination of threats and resources would be involved to bring them about.