The process of identification, analysis and either acceptance or mitigation of uncertainty in investment decision-making. Essentially, risk management occurs anytime an investor or fund manager analyzes and attempts to quantify the potential for losses in an investment and then takes the appropriate action (or inaction) given their investment objectives and risk tolerance. Inadequate risk management can result in severe consequences for companies as well as individuals. For example, the recession that began in 2008 was largely caused by the loose credit risk management of financial firms.
Method of Risk Management
For the most part, these methods consist of the following elements, performed, more or less, in the following order.
- Identify, characterize, and assess threats
- Assess the vulnerability of critical assets to specific threats
- Determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
- Identify ways to reduce those risks
- Prioritize risk reduction measures based on a strategy
Principles of risk management
- Organizational Context
- Involvement of Stakeholders
- Organizational Objectives
- Roles and Responsibilities
- Support Structure
- Early Warning Indicators
- Review Cycle
- Supportive Culture
- Continual Improvement
Every organization is affected to varying degrees by various factors in its environment (Political, Social, Legal, and Technological, Societal etc). For example, an organization may be immune to change in import duty whereas a different organization operating in the same industry and environment may be at a severe risk. There are also marked differences in communication channels, internal culture and risk management procedures. The risk management should therefore be able to add value and be an integral part of the organizational process.
Involvement of Stakeholders
It is easy for a management team to become internalised and forget that stakeholders are also key participants in everyday business procedures, short-term projects and business-wide change programmes.
Understanding the roles of individual stakeholders and managing stakeholder involvement is crucial to successful. Stakeholders should, as far as is appropriate, be made aware of risks to a project or programme. Within the context and stakeholder involvement, "appropriate" concerns: the identity and role of the stakeholder, the level of influence that the stakeholder has over and outside of the organisation, the level of investment that the stakeholder has in the organisation, and the type, probability and potential impact of the risk.
The purposes, missions, and goals of an individual organization or its units, established through administrative processes. It includes an organization's long-range plans and administrative philosophy.
In risk management communication is the key. The authenticity of the information has to be ascertained. Decisions should be made on best available information and there should be transparency and visibility regarding the same.
Roles and Responsibilities
Make sure that everyone understands the role they play at each stage of the Risk Management Life cycle i.e.Identify, Assess, Respond, Review. Ensure that all bases are covered by someone.
A support structure is the provision within an organisation of standardised guidelines, information, training and funding for individuals managing risks that may arise in any specific area or project.
Early Warning Indicators
Give yourself the best chance of forecasting/anticipating the transition of a Risk to an active Issue. Ensure that everyone is communicating and that any potential issues are highlighted in the Daily Scrum.
It’s also important to know how you should react in the event a risk does or is about to be realised e.g. who needs to know and how will you inform them – in the Daily Scrum also? Or, maybe in the Scrum of Scrums? Or, maybe you’ll just walk over and tell them.
Related to the need for early warning indicators is the review cycle. This establishes the regular review of identified risks and ensures that risk managers remain sensitive to new risks, and to the effectiveness of current policies.
Brainstorm and enable a culture of questioning, discussing. This will motivate people to participate more.
Use the Retrospective to review the way you manage risk and to assess ongoing risks. Learn from your mistakes.
The Benefits of Risk Management
- Supporting strategic and business planning
- Supporting effective use of resources
- Promoting continuous improvement
- Fewer shocks and unwelcome surprises
- Quick grasp of new opportunities