Analysis of Organisational Risk Management
Disclaimer: This work has been submitted by a student. This is not an example of the work written by our professional academic writers. You can view samples of our professional work here.
Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.
Published: Mon, 25 Sep 2017
You are asked to research, critically examine and discuss the ‘risk management’ process within an organisation.
- Examine and discuss each step below which forms part of the risk management process followed within an enterprise. Explain the reasons behind each step, what each step achieves for the enterprise and give examples.
Risk Management process is a five step process first is by establishing or clearly understanding the risk in which the situation exist by considering the strategic context or the environment within the organization operates, the organizational context or the objectives, core activities and operations of the enterprise.
Identify the risks or to recognize what could be wrong and what the consequence of it occurring. Risk can be physical relating individual injuries, ecological and weather conditions and the physical assets of the organisation such as property, equipment, buildings, vehicles, stock and grounds
Financial risks are those that involve the resources of the organisation and include theft, attendances, loans, fraud, license fees, membership fees, insurance costs, and lease payments, pay-out of damages claims or penalties and fines by the government.
Ethical risks that involve potential or actual harm to the reputation or beliefs of your club, while legal risks consist of responsibilities imposed on providers, participants and consumers arising from laws made by federal, state and local government authorities
Analysing the likelihood and consequences of each known risk and deciding which risk factors will potentially have the most effect and should, therefore obtain priority with regard to how they will be managed it also involves comparing the level of risk found during the investigation process with earlier established risk criteria, and deciding whether risks can be established
Risk management involves identifying the range of options for treating the risk, evaluating those options, preparing the risk treatment strategy and implementing those strategies it is about considering the options for treatment and choosing the most suitable method to achieve the required outcome. Options for treatment need to be balanced to the significance of the risk, and the cost of treatment matching with the potential benefits of treatment this includes:
Accepting the risk for instance most individuals would consider minimal injuries in participating in the sporting activity as being an inherent risk.
Avoiding the risk is about your organization deciding either not to continue with an activity, or choosing an alternate activity with tolerable risk which meets the objectives of your club. For example, a club wanting to raise funds may decide that a competition without a properly trained and accredited instructor, equipment etc. may decide a safer way of raising funds.
Reducing the risk likelihood or consequences or both is usually practiced treatment of a risk within sport, for example use of mouth guards for players in some sports i.e. contact sports.
Transferring the risk in full or in part, will usually occur through contracts or notices for example your insurance contract is perhaps the most frequently used risk transfer form used. Other examples consist of waivers, lease agreements, warning signs, disclaimers and tickets
Retaining the risk is knowing that the risk treatment is not about risk removal, rather it is about acknowledging the risk is an vital part of the sport activity and some must be retained because of the inherent nature of the sport activity. It is important to consider the intensity of risk which is inherent and tolerable.
Financing the risk means the organization funding the consequences of risk i.e. providing finances to cover the costs of implementing the risk treatment.
- Determine the objectives of the organisation
Risk management is designed to provide the general methodology and approach to conducting a risk assessment. This includes the preparation work, risk workshop and reporting requirements. The purpose of the risk assessment is to identify the potential risks and opportunities and then rank them according to priorities and to Identify existing and potential control measure or risk mitigations to eliminate or minimise the risk in an organization
- identify exposures to loss
Risk management begins with the identification process. It is important to keep in mind that risk are not static but are subjected to change in many ways, examples of how it can change is introduction of new products and services, new laws and regulations and new employees and customers.
The element of change requires that identification process be ongoing, prior to the development of risk management as a recognized method for dealing with the risk of loss.
Risk of loss can be categorized under three general categories property loss, liability and personnel loss
- Measure those same exposures
Motor vehicle liability to the extent that operations of a automobile results in injury to others. In addition exposure represented by owned vehicles can incur liability from the operation of non-owned automobiles such as leased, rental or personal automobiles of employees used in business.
- Product liability or anyone who makes, sells or distributes products to be used by others is susceptible to liability if the product is defective or not fit for its intended use.
- Contractual liability is the risk of loss arising out of a particular undertaking that can be transferred from one party to another by the use of contracts.
- Pollution liability can be gradual occurrence over a period of time such as leakage form tanks or sudden or accidental such as fire, explosion or tank collapse.
- Professional liability is a growing area of liability exposure that is relating to the errors or omissions of employees acting in a professional capacity
Damage to owned or leased property has the loss potential associated with damage to or destruction of owned or leased property. The exposures are those related to buildings and their contents. Examples are electronic data equipment, media, machinery and equipment breakdown.
Loss of use of property can result in both direct and indirect losses. A direct loss includes the loss of revenues and indirect loss include such as employee overtime, air freight, rental expenses for temporary equipment
- Select alternatives
The economic models are formulated to provide the analyst with a quantitative base for studying the operations under his control. The method consists of four steps:
- Define the problem
- Formulate the model
- Run the model
- Make the decision
5. Implement a solution
Managing the risk associated with the hazards presents a number of unique challenges if properly managed, loss exposures can be significantly minimized. A key element in such plans is clear instructions concerning notification of appropriate agencies. It is important to have basic understanding of some of the laws that affect the management of the hazards and knowing agencies involved and the resources available that can reduce critically important response time.
- Monitor and review the outcomes.
Monitoring and review is an ongoing part of risk management that is integral to every step of the process. It is also the part of risk management that is most often given inadequate focus, and as a result the risk management programs of many organisations become irrelevant and ineffective over time. Monitoring and review ensure that the important information generated by the risk management process is captured, used and maintained.
Few risks remain static. Factors that may affect the likelihood and consequences of an outcome may change, as may the factors that affect the suitability or cost of the various treatment options. Review is an integral part of the risk management treatment plan.
- Examine and discuss a risk management frameworks standards model. Discuss the principles behind the model, the drivers and components involved in the process.
Risk Management Frameworks
A risk management framework is a description of an organizational specific set of functional activities and associated definitions that define the risk management system in an organization and the relationship to the risk management organizational system. A risk management framework defines the processes and the order and timing of processes that will be used to manage risks.
Operations to reduce risk which includes the ongoing programs and activities performed by an organization to reduce risks to an acceptable and cost-effective level. These activities might include standard setting, performance audits, training and other risk management options
Decision-making or corporate management where long term “strategic” decisions are made and responsibility for decisions at the other two levels lies. Activities at this level might include consultation with stakeholders, monitoring operations to reduce risk and priority-setting among risk issues
Risk assessment and treatment options where risk assessment is carried out and risk treatment options are identified. This high level framework provides a “benchmark framework” for evaluation of other risk management frameworks.
Elements of risk management frameworks as well as categories of risk criteria and basic capacities required by an organization for effective risk management.The design of a framework depends on the nature of risks it must manage, legal and regulatory considerations, available resources, and the relative value of risk assessment, operations to modify risks, risk communications, monitoring and review.
The risk management framework closely follows the typical management decision-making structure of:
- Identify and assess the situation
- Consider treatment (decision) options
- Implement management control
- Monitor decision
- Examine and discuss each step below which forms part of the risk assessment process followed within an enterprise. Explain the reasons behind each step, what each step achieves for the enterprise and give examples
- Identification of relevant business objectives
Historically, businesses have viewed risk as a necessary evil that should be minimized or mitigated whenever possible. Increased regulatory requirements have forced businesses to expend signify cant resources to address risk, and shareholders in turn have begun to scrutinize whether businesses had the right controls in place.
- Risk assessment provides a mechanism for identifying which risks represent opportunities and which represent potential pitfalls.
A good assessment is anchored in the organization’s defined risk appetite and tolerance, and provides a basis for determining risk responses. A robust risk assessment process, applied consistently throughout the organization, empowers management to better identify, evaluate, and exploit the right risks for their business, all while maintaining the appropriate controls to ensure effective and efficient operations and regulatory compliance
- Identifying events that could affect the achievement of objectives.
- Determining risk tolerance.
Risk tolerance is so vital to any risk management program, that you cannot include a risk management process without evidently understanding the organization’s risk tolerance. Risk tolerance is the equilibrium between risk-adverse or accepting very little risk and risk-seeking or accepting high levels of risk
Setting risk tolerance is very significant, since an enterprise will make key decisions based on what has been determined to be acceptable risk. There are regularly used key risk indicators, but understanding how those metrics influence risk tolerance is a not easy and demanding task. Risk tolerance is also a persistently moving goal.
- Assessing the inherent likelihood and impact of risks.
When assessing likelihood of occurrence of a risk, participants tend to over-evaluate risks which occurred recently or at all. If there is a reference point, people charged with evaluating will often attribute a higher likelihood to these recent events, even if the probability of occurrence has in effect been reduced by the (over)reaction to the event.
If we cannot imagine a risk occurring, we cannot assess the potential impact of it and we tend to underestimate its impact. On the contrary, the more informed we are, and the more concrete a risk is formulated, the better we are at assessing its impact.
- Evaluating the portfolio of risks and determining risk responses.
A portfolio selector for selecting an investment portfolio from a library of assets based on investment risk and risk-adjusted return is provided. The selector chooses a tentative portfolio from the library and determines a risk-adjusted return for the portfolio. The risk-adjusted return is computed by subtracting the average of multiple segment shortfalls from the average of multiple segment performances, over the same segments, based on analysis of market value data for the assets in the portfolio and for a baseline asset. The asset selection and computation is repeated until the risk-adjusted return of the portfolio satisfies criteria derived from preference data specific to an investor. A data storage medium encoded with instructions for performing the method is also provided
- Assessing residual likelihood and impact of risks.
Residual Risk Impact is multiplied by likelihood to produce an ‘Inherent Risk Score’.
For each risk, the controls in place will then be identified and assessed and the risk score generally reduced to arrive at the ‘Residual Risk Score’
The control should either reduce the likelihood that a risk will occur, or the impact of that risk if it were to occur. Residual risk is what is left after considering controls.
If you rate risks on both Inherent and Residual Risk then you can show the change from Inherent to Residual which indicates the organizations dependence on the effectiveness of the control. If a critical risk is largely mitigated due to the presumed operation of a control or set of controls then it would be very useful for Internal Audit to validate that those controls are working as assumed.
Cite This Work
To export a reference to this article please select a referencing stye below: