Essay on "Steps in Risk Management Program"

Essay 5 pages (1584 words) Sources: 4 Style: MLA

[EXCERPT] . . . .

Risk Management Program

First, we need a basic definition of what we are about to describe. BusinessDictionary.com defines risk management as, "Policies, procedures, and practices involved in the identification, analysis, assessment, control and avoidance, minimization, or elimination of unacceptable risks." Most other variations of this definition say about the same thing. Risk management can be applied to all areas of life, work, business, sports, medicine, meteorology, and any other area where any type of risk is present. What we will describe here is a general risk management program that may then be "customized" to more specific areas.

Internal Education

This step is usually overlooked within an organization before, during and after a risk management program is initiated. (Strategies and Tactics) This step consists of a basic education and training program for your management team, staff, and all other employees. The importance of this is that, once created, the entire company must be aware of the criticality of risk management and awareness of anything that might affect it. Since this can be a complicated process of education, it should begin in parallel with creating the risk program. Many risk management programs assume that this process will take place as a result of the creation of the program -- in otherwords, an afterthought.

Identify the Risk(s) and Calculate Potential Loss

The key to identifying all of the risks, is looking around the organization and finding anything that could cause significant problems if left alone. A fire could destroy the company's data center, so it needs to be backed up with a second offline data center that could be brought online immediately so business can go on uninterrupted. A company comptroller embezzles millions of dollars that could ruin the financial end of the business, or a hurricane destroys the building the company owns and a backup plan is needed to be able to continue the business.

Identification of risks is not just company-wide. Each functional area needs to identify what problems could arise that they need backup plans or other methods to fix.

The second part of identifying risks is to assess the level of threat or problem that exists and how significant the fix would be if it happened. What would it cost the organization and what are the chances a particular "disaster" might occur? How long might the "downtime" be? These questions would definitely need an answer if the identification of risk evaluation is to be complete and accurate.

That is not to say that identifying the size of the risk and the amount of the loss does not have their own difficulties. There may be no precedent for a particular occurrence so that it would be almost impossible to do other than estimate the risk and amount of loss with the best data available. However, it is crucial that this step be performed accurately, as the step of identifying and assessing the size of the risk determine the whole infrastructure of the eventual risk management program designed and carried out.

All potential losses discovered in a risk management program must be expressed numerically, specifically, and accurately despite the problems stated above. A general potential loss statement which describes a range of dollar loss or general terms like "significant" or "excessive" is unacceptable. In order to formulate a program and assess each risk, a dollar value must be attached.

Assessing risk should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized. Thus, there have been several theories and attempts to quantify risks. Numerous different risk formulas exist, but perhaps the most widely accepted formula for risk quantification is: (Risk Management)

Rate of occurrence multiplied by the impact of the event equals risk

It must be remembered, however, that how often risk assessment is performed and updated, and how thorough the process is in the first place, are better determining factors on financial impact than any formula.

Make a Decision

At the point that a management team has accurately identified the risks and evaluated the impact on the bottom line of each risk, a decision must be made as to whether to manage that risk, accept it, or modify it in some way. This will involve reviewing the company business plan and profitability, along with future business forecasts and the impact of the risks on solvency if left unchecked.

There are often cases, in particular at the department level, where certain risks, because of rarity of occurrence or the lack of magnitude to impact the books, are not worth managing.

Manage the Risks

Once a decision has been made to manage a given risk, management's attention should then turn to an evaluation of the effectiveness (risks, costs, and benefits) of the various risk management alternatives. (Strategies and Tactics)

And what are those alternatives? Generally speaking they consist of avoiding the risk, minimizing the impact of the risk, or accepting some or all of the negative impact of the risk. Management's attention needs to be focused on evaluating the risk/reward profile associated with each alternative to manage the remaining exposure. (Risk Management) in accomplishing that evaluation of risk and reward, however, there are other hurdles for management to overcome.

Managers are people and people have individual beliefs and think in different ways. In other words, while a decision such as risk management should be analytical and logical, there are human obstacles that also become involved.

Amos Taversky and Daniel Kahneman, who have published many scientific papers since 1970, were among the first to recognize that there are obstacles to rational decision-making about risks that are imbedded in human psychology. (Borge 85) We can list a few that managers must be aware of in making risk decisions. Most of them are from Taversky and Kahneman.

Overconfidence, optimism, hindsight, overcompensation, myopia, looking for patterns, complacency, and zealotry are but a few. (Borge 86+) in this paper we are not going to delve into each of these, since that information is available in the Borge source book, and they are not a primary goal of this discussion.

The point is that it is necessary to be aware that a management team (or any other group) will all have individual personal traits, beliefs and characteristics that will affect the decisions they make. Being aware of this gives us a better idea of how to reach a rational decision, be better equipped to understand where you might be falling short, and be on guard against unnecessary mistakes. (Borge)

Brief Summary

First, we initiated a program of internal education for all employees. We scouted the company and identified all of our risks and assessed the level of impact for each one. We filtered out the ones we are just going to live with because they have only a minor impact. For the risks that were left we assessed the risk/reward for each one, being careful to accurately and completely establish a dollar impact for each. Then we applied our risk management formula and have our final prioritized list of risks that need to be managed. We took a final look at each one and decided if our management of that particular risk would consist of maximizing effort to avoid the risk, minimizing the risk, or accepting some or all of the negative impact of the risk. Our decisions here rank from spending the most time and money to avoid the risk, doing what we can to minimize the risk but not going all out on it, or spending minimum time and money to alleviate some of the negative impact and decide we can afford to let the risk play out.

Create the Plan & Implement

There is more than one "strategy" to implement to allow either company or department management… READ MORE

How to Reference "Steps in Risk Management Program" Essay in a Bibliography

Related Essays:

Risk Management I Will Measure Severity Business Plan

Risk Management

I will measure severity by means of various factors, including system loss/damage; dollars lost; personnel injuries; and mission impact; and environmental damage. Being a manufacturing company of aircraft… read more

Business Plan 2 pages (640 words) Sources: 2 Topic: Management / Organizations

---

Risk Management and Sentinel Event Reporting Thesis

Risk Management and Sentinel Event Reporting

Explain the basics of Sentinel Event Reporting, including Root Cause Analysis, procedures, timelines, etc.

One of the harsh realities of a medical center or… read more

Thesis 3 pages (927 words) Sources: 2 Style: APA Topic: Healthcare / Health / Obamacare

---

Construction Risk Management of Channel Tunnel Project Term Paper

Construction Risk Management of Channel Tunnel Project

This is a Construction Risk Management Report on the construction of the Capitol Hill Light Rail station in the city of Seattle, WA.… read more

Term Paper 7 pages (1856 words) Sources: 9 Style: Harvard Topic: Business / Corporations / E-commerce

---

Risk Assessment Report Assessment

Risk Assessment Report of the Center for Disease Control (CDC)

Risk Assessment Report

This is a Risk Assessment Report formulated for the staff of the IT department of the Centers… read more

Assessment 9 pages (2612 words) Sources: 12 Topic: Management / Organizations

---

Safety Risk Management a Risk Management Plan Essay

Safety

Risk Management

A risk management plan is a step-by-step program that serves as a blueprint for a proactive approach to risk management. By tackling the topic in a structured… read more

Essay 2 pages (672 words) Sources: 1+ Topic: Recreation / Leisure / Tourism

---

View 100+ more related papers  >>