1.- INTRODUCTION
“Risk
management is the art of using lessons from the past to mitigate
misfortune and exploit future opportunities, in other words, the
art of avoiding the stupid mistakes of yesterday while recognizing
that nature can always create new ways for things to go wrong.” -
Thomas S. Coleman
All businesses accept risk during their operations. Without risk, commerce would cease to exist. Risk is all about uncertainty or, more importantly, the effect of uncertainty on the achievement of a company goals and targets. The really successful organizations work on understanding the uncertainty involved in achieving their objectives and ensuring they manage their risks so as to ensure a successful outcome. The performance of their current or future projects depend on the analysis performed to determine probabilities and the impact of risks.
"Effective
risk assessment is increasingly important to the success of any
business”.
The difference between an issue or defect and a risk is that risk is
in the future; an issue or a defect is either now or the past. A risk
becomes an issue or defect if it is not addressed.
”If
it’s a fact, it’s not a risk ►
Facts
require immediate action; risks require planning”.
”If it’s an issue, it’s not a risk ► Issues are problems that have occurred and require action; risks might occur”.
”If it’s an issue, it’s not a risk ► Issues are problems that have occurred and require action; risks might occur”.
What is Risk Management?: the
process of combining a risk assessment with decisions on how to
address that risk is called risk management. Risk management is part
of a larger decision process that considers all the aspects of the
risk situation. Risk assessments are performed primarily for the
purpose of providing information and insight to those who make
decisions about how that risk should be managed.
Risk assessment is a systematic process for identifying and evaluating, before they happen, all the possible risks, problems or events that could affect the achievement of objectives of an organization, positively or negatively, as well as the process for setting up procedures in order to avoid the risks, or minimise its impact, or cope with its impact. Such events can be identified in the external environment (e.g., customers, industrial or economic trends, expansion into new markets, changes of the operating environment, suppliers, new projects or products, competitors, etc.) and within an organization’s internal environment (e.g., people, processes, infrastructure, corporate restructurings etc.). When these events intersect with an organization’s objectives — or can be predicted to do so — they become risks. Risk is therefore defined as “the possibility that an event will occur and adversely affect the achievement of objectives”.
Risk assessment is a systematic process for identifying and evaluating, before they happen, all the possible risks, problems or events that could affect the achievement of objectives of an organization, positively or negatively, as well as the process for setting up procedures in order to avoid the risks, or minimise its impact, or cope with its impact. Such events can be identified in the external environment (e.g., customers, industrial or economic trends, expansion into new markets, changes of the operating environment, suppliers, new projects or products, competitors, etc.) and within an organization’s internal environment (e.g., people, processes, infrastructure, corporate restructurings etc.). When these events intersect with an organization’s objectives — or can be predicted to do so — they become risks. Risk is therefore defined as “the possibility that an event will occur and adversely affect the achievement of objectives”.
”The
risk assessment forms the foundation for making a decision about
future actions”.
The ability to identify,
assess, and manage risk is often indicative of an organization’s
ability to respond and adapt to change. The pace of change in today’s
business environment calls for a risk assessment process that is
dynamic and involves continuous monitoring of risk exposures. Risk
assessment therefore helps organizations to quickly recognize
potential adverse events, be more proactive and forward - looking,
and establish appropriate risk responses, thereby reducing
surprises and the costs or losses associated with business
disruptions. This is where risk assessment’s real value lies: in
preventing or minimizing negative surprises and unearthing new
opportunities. The more real - time and forwardlooking the analysis
of potential risks, the more controllable the achievement of
objectives becomes.
Most importantly, an effective risk assessment yields forward - looking insight, not only allowing organizations to avoid risks, but providing greater and more meaningful clarity around the risks they do face. Armed with this insight and perspective, organizations are much better positioned to take the right risks, and can better manage them when they do. In the long run, organizations that continuously reposition themselves to capitalize on both quick wins and longerterm opportunities are more likely to meet — and surpass — their business objectives. It is this capability that will lead to measurable, lasting success in today’s everchanging business environment.
Most importantly, an effective risk assessment yields forward - looking insight, not only allowing organizations to avoid risks, but providing greater and more meaningful clarity around the risks they do face. Armed with this insight and perspective, organizations are much better positioned to take the right risks, and can better manage them when they do. In the long run, organizations that continuously reposition themselves to capitalize on both quick wins and longerterm opportunities are more likely to meet — and surpass — their business objectives. It is this capability that will lead to measurable, lasting success in today’s everchanging business environment.
“Risk assessment is intended to provide management with a view of events that could impact the achievement of objectives. Achieving objectives and managing risk are equally important”.
“To be effective, risk assessment should be integrated into the business process in a way that provides timely and relevant risk information to management”.
“To be effective, risk assessment should be integrated into the business process in a way that provides timely and relevant risk information to management”.
Risk assessments can be mandated by standards demands (for example, the new version of the ISO 9001:2015 Standard requires for organizations to demonstrate awareness and attention to all of their risks), but can also be driven by an organization’s own goals, such as business development, talent retention, and operational efficiency. Regardless of the scope or mandate, risk assessments must identify events that could affect the organization’s ability to achieve its objectives, rate these risks, and determine adequate risk responses.
“Risk
management begins with three basic questions:
►What can go wrong?
►What will we do to prevent it?
►What will we do if it happens?“
►What can go wrong?
►What will we do to prevent it?
►What will we do if it happens?“
Risk assessment provides a mechanism for
identifying which risks represent opportunities and which represent
potential pitfalls.
When risk assessments are performed systematically and consistently throughout the organization, management is empowered to exploit the right risks for their business, to focus its attention on the most significant risks and make more informed risk decisions, all while maintaining the appropriate controls to ensure effective and efficient operations of their organizations. Through effective risk assessment, organizations can also better coordinate multiple risk responses, effectively addressing risks that threaten multiple business areas or functions.
When risk assessments are performed systematically and consistently throughout the organization, management is empowered to exploit the right risks for their business, to focus its attention on the most significant risks and make more informed risk decisions, all while maintaining the appropriate controls to ensure effective and efficient operations of their organizations. Through effective risk assessment, organizations can also better coordinate multiple risk responses, effectively addressing risks that threaten multiple business areas or functions.