Scribd
Upload
13 views34 pages

Effective Risk Management Strategies

Risk management involves identifying, assessing, and controlling various risks to an organization's capital and earnings. The process includes qualitative risk analysis to measure the likelihood and impact of risks, and risk treatment strategies such as avoidance, transfer, and reduction. Preventive, detective, and reactive controls are implemented to manage risks effectively, ensuring organizational safety and compliance.

Uploaded by

kokoa.treat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
13 views34 pages

Effective Risk Management Strategies

Risk management involves identifying, assessing, and controlling various risks to an organization's capital and earnings. The process includes qualitative risk analysis to measure the likelihood and impact of risks, and risk treatment strategies such as avoidance, transfer, and reduction. Preventive, detective, and reactive controls are implemented to manage risks effectively, ensuring organizational safety and compliance.

Uploaded by

kokoa.treat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

RISK MANAGEMENT

UNIT 2
RISK
MEANING

Risk management is the process of identifying, assessing and

controlling financial, legal, strategic and security risks to an

organization's capital and earnings.


Risk analysis is the process of identifying and
analyzing potential issues that could negatively
impact key business initiatives or projects. This
process is done to help organizations avoid or
mitigate those risks.
Qualitative Risk Analysis
Qualitative risk analysis tends to be more subjective. It
focuses on identifying risks to measure both the
likelihood of a specific risk event occurring during the
project life cycle and the impact it will have on the
overall schedule should it hit.
The goal is to determine severity. Results are then
recorded in a risk assessment matrix (or any other
form of an intuitive graphical report) in order to
communicate outstanding hazards to stakeholders.
EXAMPLES
For example, you may not know the precise price that a
new competitor will set for their product, but you can
estimate it by calculating the costs of production,
marketing, distribution and other factors.
Once you have identified the sources of risk and the levels of
uncertainty associated with them, you can estimate their effects.
To estimate risk value, the most straightforward method is to
calculate the probability of the event occurring and multiply it by
the cost of the event.
Risk value = Probability of event x Cost of event
• Example: Let’s say you want to assess the risk that the cost of a component
of your product will increase substantially. You estimate that there is a 75%
chance of the event happening based on market conditions. The cost to
your business will be approximately $100,000 if the price of the component
increases.
You would calculate the risk value as follows:

Risk value = 0.75 x $100,000


Risk value = $75,000
Qualitative risk analysis in project management involves
assessing risk factors in operations through non-numerical
and non-quantifiable information. The idea is to determine
an activity to produce quick results with minimum
resource utilization and research investment. Such an
analysis is done to receive primary observations.
https://www.indeed.com/career-advice/career-development/how-to-p
erform-a-risk-analysis

https://www.indeed.com/career-advice/career-development/sensitiviti
es-analysis
RISK MANAGEMENT PROCESS
RISK TREATMENT

Risk Treatment is the process of selecting and implementing


of measures to modify risk. Risk treatment measures can
include avoiding, optimizing, transferring or retaining risk.

e.g: Installing fire alarms to mitigate the risk of fire within a


building
RISK ACCEPTANCE
Risk Acceptance concerns the communication of residual risks to the
decision makers. Once accepted, residual risks are considered as risks
that the management of the organization knowingly takes.

E.g: ABC Ltd exports goods to Australia through Waterways and hasn’t
insured their goods with Marine Insurance.
RISK AVOIDANCE
Risk avoidance is the elimination of hazards, activities and
exposures that can negatively affect an organization and its
assets

E.g: A manufacturing business not using certain hazardous materials or


chemicals due to the dangers of handling and storing them; or, an
organization limiting the type of customer data it stores on its computers
in case of a cyberattack.
RISK TRANSFER
Risk transfer is a risk management and control strategy that involves the
contractual shifting of a pure risk from one party to another.

E.g.: the purchase of an insurance policy, by which a specified risk of


loss is passed from the policyholder to the insurer.
RISK REDUCE
Risk reduction deals with mitigating potential losses by reducing the
likelihood and severity of a possible loss. Managing and reducing risk
involves putting processes, methods and tools in place to deal with the
outcomes of events you have identified as threats to your business.

E.g.: A company may outsource software development to an expert


company while handling the business management itself. Nestle
outsourcing software development to IBM.
BASIS OF RISK CONTROL

Preventive

Basis
Detective
Reactive
PREVENTIVE CONTROLS
Preventive controls are the measures and
strategies a company implements to avoid or
minimize risks, hazards, or undesirable outcomes
in a system, process, or organization. These
controls aid in identifying, addressing, and
correcting potential issues before they escalate
into significant concerns.
TYPES OF PREVENTIVE CONTROL
• Administrative Controls: Administrative controls involve policies, procedures, and guidelines that

guide the behavior of individuals within an organization. These controls focus on human factors and
the organizational aspects of security.

• Physical Controls: Physical controls are measures implemented to restrict access to physical areas,

assets, and resources. These controls are tangible and help prevent unauthorized individuals from
gaining physical access.

• Technical Controls: Technical controls involve the use of technology to protect systems, data, and
networks. These controls are often automated and focus on securing the digital aspects of an
organization.
EXAMPLES
• Suppose Ryan owns a travel company. The business stores large
volumes of customer data, including sensitive customer information,
for online transactions. The company establishes clear security
policies, requires secure password practices, and limits access to
customer data. The controls also include installing security cameras
and restricted access to the server room.
• Moreover, the company implements antivirus software to prevent
malware attacks. Additionally, employees undergo regular
cybersecurity training to enhance awareness. The business establishes
a strong defense against data breaches and unauthorized access with
the help of preventive controls.
EXAMPLES
• The FDA has issued a warning letter to a New Jersey food company
for significant violations of the Current Good Manufacturing Practice,
Hazard Analysis, and Risk-Based Preventive Controls for Human
Food regulation. Porfirio's Italian Foods Inc.’s pasta manufacturing
facility in Trenton, New Jersey, was inspected on January 13, 17, and
March 17, according to a warning letter sent by the FDA on June 21,
2023.
• The FDA found that the company’s pasta products were adulterated
because they were prepared, packed, or stored in unhygienic settings,
potentially infecting them with filth or jeopardizing their consumers’
safety. This is an example of preventive controls.
DETECTIVE CONTROL
Detective control is an accounting term that refers to a type of
internal control intended to find problems within a company's
processes once they have occurred. Detective controls may be
employed in accordance with many different goals, such as
quality control, fraud prevention, and legal compliance.

One example of a detective control is a physical inventory


count, which can be used to detect when actual inventories do
not match those in accounting records.
REACTIVE CONTROL
Reactive business strategies are aimed at providing a
response to unexpected changes or events without any
extra initiative and implementing strategic plans for
sustainable growth. Reactive strategy is focused on
control over existing policies and determines the change
of a course in case of a crisis event only. Actions in
response to hazard/risk occurrence.
EXAMPLES
ABC Ltd experiences an unfortunate incident
where one of the employees loses his hand during
the process of handling a machine repair work due
to negligence & absence of safety measures from
the company.
The company send memo to implement safety
measures after the incident.
MATRIX
THANK YOU

You might also like