risk management

Risk management is the process of identifying, assessing and prioritising risks faced by an organisation. But it doesn’t end there, once these risks have been established they can be reduced, monitored and controlled. Lastly, opportunities can potentially be presented as a result of risk, and thorough risk management looks at how they may be made beneficial.

Risks can relate to finances, legality, management error, accidents and even natural disasters. Predicting and attempting to manage risks is an important practice for all organisations. When we understand the risks we face, only then can we develop contingency plans to avoid them, or minimise their effects.

risk management

Enterprise risk management - Helping to mitigate business risks

It is very important to be proactive, not reactive in the face of risk. Enterprise risk management (or ERM) is concerned with the practices put in place to actively manage risk. This includes strategy-setting, governance, communicating with stakeholders and measuring performance across all functions and levels of an organisation. ERM can be used by any organisation, from small businesses to large corporate companies, and even government agencies. Some of the benefits of ERM include :

  • Identifying new opportunities and challenges by considering both positive and negative aspects of risk.
  • Identifying and managing risks throughout a system, to sustain and improve performance.
  • Improving the ability to identify risks and establish an effective response by reducing untoward events and hidden costs.
  • Anticipating risks that affect performance and put in place actions needed to reduce their effects whilst maximising opportunities.
  • Allowing for better resource handling
  • Enhancing an organisation's ability to evolve and expand in the face of increased business complexity and change.

Risk management process - Be compliant whilst minimising risk

The risk management process is basically a framework that identifies which actions should be taken whilst risk is being managed. There are five basic steps that can be followed by every organisation managing risks :

Step 1 : Identify the risk

Risks can originate from; compliance, regulatory, environmental, market, accidental, operational, and strategic. The first step in the risk management process is to identify risks. These risks could be currently prevailing in the organisation, or could be foreseen in the near future. The risk is then recorded and typically made available to all concerned.

Step 2 : Analysing the risk

Analysing a risk is important to understand the link between the risk and how it relates to various factors within an organisation. It helps determine the severity of the risk and the number of business functions that can be affected as a result. While analysing risks you should ask questions such as; what are the chances of the risks occurring and what could be the consequences?.

Within each system, risks should be mapped to different documents, policies, procedures and processes to get a better understanding of its effects at each level.

Step 3 : Evaluate the risk

Risks are prioritised based on factors including :

  • Possible financial loss
  • Amount of time lost
  • Severity of the impact
  • Availability of resources to deal with the risk

Risks with less severe consequences are classed ‘low risk’, whereas those with potential to cause catastrophic consequences are classed as ‘high risk’. Many low level risks may not require intervention. Conversely, a single high level risk will need to be given immediate attention.

Step 4 : Treat the risk

Risks pertaining to each field must be looked into by the experts of that particular field. By using risk management platforms, different risks can be dealt with in different ways so that every process in an organisation is running smoothly and without interruption. Notifications regarding risks are sent from the system to the relevant experts, which can then be discussed and solutions proposed. This can be viewed through the system by high level management and the progress monitored. Efficient use of resources is an effective way of treating each risk. Creating a log of all projects, the potential risks they face and the necessary actions that should be taken will help to anticipate risks in the future, as well as forming strategies to avoid them.

Step 5 : Monitor and review the risk

Though some risks can be eliminated completely, there are some risks which will always be present, as is the case with both market and environmental risks. In manual systems, risks are monitored and reviewed by professionals. However, in a digital system risks are monitored and reviewed entirely by the risk management framework of the organisation. Any changes are immediately notified and made visible to everyone. The risk management system of monitoring and reviewing risks ensures business continuity.

Once risk assessment has been completed, the identified risk factors need to be managed using the below approaches to risk management:

  • Avoidance
  • Reduction
  • Sharing
  • Retention

Why do we need risk management?

Risk management helps identify potential risks before they occur, helping to plan and reduce the adverse impact of risk on an organisation or project. Risk management helps organisations achieve their business goals by turning opportunity into growth.

How do you perform a risk assessment?

The steps to performing risk assessment are :

Step 1 - Identifying the hazards

Step 2 - Identifying the impact of risks and who may be affected by them

Step 3 - Evaluating risks and formulating a plan of action

Step 4 - Documenting findings and implementing them

Step 5 - Periodic review of assessments, updating wherever necessary.


What are the five basic principles of risk management?

Risk identification - As the name suggests, risk identification is all about identifying risks faced by an organisation or project.

Risk analysis - Once a risk has been identified, analysis is then conducted. Questions should be asked, such as; how often might this particular risk pose a problem?, and what could be the severity of losses incurred?

Risk control - Risk control is preventive measures taken to avoid and mitigate risk

Risk financing - This involves the funding of losses incurred as a result of risks

Claims management - Claiming processes concerned with recovering damages caused as a result of a risk occurring.

How do you differentiate between risk assessment and risk management?

Risk management - Are the efforts made by an organisation to reduce the possibility of risk occurring.

Risk assessment - Is the process of risk management, whereby specific problems and issues are resolved.

Who conducts a risk assessment?

It is the responsibility of the employer to conduct risk assessments. An appointed licensed agency or individual can also carry out a risk assessment on behalf of an organisation.