Module 1 Flashcards
is the process of identifying, assessing and controlling threats to an organization’s capital, earnings and operations. These risks stem from a variety of sources, including financial uncertainties, legal liabilities, technology issues, strategic
management errors, accidents and natural disasters.
Risk Management
also examines the relationship between different types of business risks and the cascading impact they could have on an organization’s strategic goals.
Risk Management
ISO 31000:2018 Risk management – Guidelines,
- Identify the risks faced by your organization.
- Analyze the likelihood and possible impact of each one.
- Evaluate and prioritize the risks based on business objectives.
- Treat – or respond to – the risk conditions.
- Monitor the results of risk controls and adjust as necessary.
describes how an organization will manage risk. It lays out
elements such as the organization’s risk approach, the roles and responsibilities of risk management teams, resources that will be used in the risk management process and internal policies and procedures.
risk management plan
risk management plan steps
- Communication and consultation.
- Establishing the scope and context.
- Risk identification.
- Risk analysis.
- Risk evaluation.
- Risk treatment.
- Monitoring and review
means withdrawing from a risk scenario or deciding not to participate.
risk avoidance
is applied to keep risk to an
acceptable level and reduce the severity of loss through.
risk reduction
Risk can be reduced or made more acceptable if it is shared.
risk transfer
When risk is agreed, accepted, and accounted for in
budgeting, it is retained.
risk retention
are the lifeblood of any business, they are also the business element that incurs the most risk.
contracts
are elements of the risk management program that should be kept under constant review as they fluctuate in
relation to the company’s financial position.
risk appetite and risk tolerance
four types of risk management
Risk Avoidance
Risk Reduction
Risk Transfer
Risk Retention
There are four elements to contract risk avoidance that arise after the risk associated with a contract is deemed to be too high.
refuse of proposal
renegotiation
non-renewal
cancellation
If due diligence reveals the contract risk to be too high
during the first stage of the contract life cycle, the company will simply decline the
contract as proposed.
refuse of proposal
When risk has increased during the course of the contract life
cycle, opportunities to review and renegotiate terms may be taken to introduce new
conditions that avoid new risk.
renegotiation
At the end of the initial contract life cycle, the business may
decline to renew the contract if the risk is estimated as being too high.
non-renewal
Where circumstances cause risk to increase beyond acceptable
levels during the course of the contract life cycle and outside of the agreed renewal timeframe, cancellation clauses may be enacted.
cancellation
2 types of Risk Reduction
Contract Negotiation
Standardization
When necessary, renegotiation at later contract life cycle stages can be effective in contract risk reduction, including at the renewal stage. This should always be aimed toward the mitigation of risk and the reduction of loss.
Contract Negotiation
Creating a library of standardized terms, conditions, and clauses is an important method of contract risk reduction. It ensures a cohesive
approach by all personnel and enables teams to author contracts with the confidence of knowing that legal language is pre-approved and falls within the acceptable risk profile of the business.
Standardization
When developing your risk management plan, it’s vital to identify all the risks that may affect the operation of your company.
Risk Identification Techniques
Risk Identification Techniques
Decision Tree Program
SWOT Analysis
Fishbone Diagram
helps project teams and enterprise risk managers to assess each decision’s potential impact and then choose the best option to minimize risk.
Decision Tree Program
is a method for evaluating these four components of your project and the environment that may affect your project. With the aid of a SWOT analysis, you can determine where your business performs well right now and where to be wary of potential risks to create a winning plan.
SWOT Analysis
is also known as a “cause-and-effect diagram.” It is an effective tool for identifying the root causes of a particular problem and factors influencing specific effects.
Fishbone Diagram
Additional business risk identification techniques include:
- Brainstorming
- Risk surveys
- Root cause and checklist analyses
- Assumption analyses
To analyze and prioritize risks, you can use any of these tools:
-Risk probability and impact matrix
-Pareto chart
-Fault tree analysis
rate and prioritize potential risks based on probability and impact.
Risk Probability and impact matrix
identify risks based on the cumulative effects.
pareto chart
identify the probabilities of various potential outcomes from given faults.
fault tree analysis
5 Effective Project Risk Management Techniques
-Identify Past and Future Risks
-Identify Direct and Indirect Results of a Risk
-Conduct Risk Audits
-Design a Risk Action Plan
-Prepare a Contingency Plan
Perform a historical analysis of past projects and the risks that affected them. How did
you address them? Then identify any new risks that could affect this project. Next, check each potential threat and the critical risks associated with each. Finally, log all these risks
in a database so you can develop a risk register.
Identify Past and Future Risk
A futures wheel diagram is an effective way to identify every potential risk’s direct and
indirect results. Brainstorm with relevant stakeholders to chart out this diagram. Consider the impact of the risk on the project’s timeline, quality, and cost.
Identify Direct and Indirect Results of a Risk
If your organization already has a risk response plan, that’s great, but you’ll still need to
examine and document the effectiveness of risk responses and controls as they apply to
your project. Such an audit will reveal any gaps to be addressed to shore up your risk
management program.
Conduct Risk Audits
If a risk comes to fruition, how will your project team members respond?
Design a Risk Action Plan
Each risk on your risk register should have a corresponding response strategy. There are
four primary strategies:
Risk Avoidance
Risk Transfer
Risk Mitigation
Risk Acceptance
avoiding risk means you seek to eliminate all uncertainties
risk avoidance
pass risk liability to a third party, such as by taking out an insurance policy
risk transfer
implement controls to reduce the risk probability below a certain acceptable threshold
risk mitigation
accept risks and devise strategies to control and monitor them
risk acceptance
is vital for project risk management and mitigation.
Prepare a contingency plan
Since raising risk awareness is an essential part of risk management, risk leaders must also develop a communication plan to convey the organization’s risk policies and procedures to employees and relevant parties. This step sets the tone for risk decisions at
every level. The audience includes anyone who has an interest in how the organization takes advantage of positive risks and minimizes negative ones.
communication and consultation
This step requires defining both the organization’s risk appetite and risk tolerance – the latter is how much the risks
associated with specific initiatives can vary from the overall risk appetite.
Factors to consider here include business objectives, company culture, regulatory requirements and the political environment, among others.
establishing the scope and context
This step defines the risk scenarios that could have a
positive or negative impact on the organization’s ability to conduct business. As noted above, the resulting list should be recorded in a risk register and keptup to date.
Risk Identification
it provides a visual representation of the nature and impact of a company’s risks.
risk assessment matrix
The likelihood and impact of each risk is analyzed to help sort risks. Making a risk heat map can be useful here; also known as a risk assessment matrix, it provides a visual representation of the nature and impact of a company’s risks.
risk analysis
Here is where organizations assess risks and decide how to
respond to them through the following approaches:
risk evaluation
This step involves applying the agreed-upon controls and
processes and confirming they work as planned.
risk treatment
Are the controls working as intended? Can they be
improved? Monitoring activities should measure performance and look for key risk
indicators that might trigger a change in strategy.
monitoring and review