Risk Managem

ent Process

derek hendrikz

Copyright © 2014

Derek Hendrikz Consulting

www.derekhendrikz.com

Basic Principles of Risk Management…

• RM should create value.

• RM should be an integral part of organizational processes.

• RM should be part of decision making.

• RM should explicitly address uncertainty.

• RM should be systematic and structured.

• RM should be based on the best available information.

• RM should be tailored.

• RM should take into account human factors.

• RM should be transparent and inclusive.

• RM should be dynamic, iterative and responsive to change.

• RM should be capable of continual improvement and enhancement.

www.derekhendrikz.com

The Risk Management Process:

www.derekhendrikz.com

Risk Identification…

• Risk identification starts with the source of problems or with the problem itself.

• This implies both source analysis and problem analysis.

• Major risk identification entails the identification of major risks that may have a significant impact (financial or otherwise) on the organisation.

• Micro risk identification aims to identify sub-risks within the major risk class, where such activity is pivotal to the risk control objectives.

www.derekhendrikz.com

Risk Evaluation…

• Risk evaluation is the expression of risk in numerical terms.

• Areas of risk evaluation includes:• Loss dimensions;• Loss frequencies and probabilities;• Loss frequency distributions; and• Variability as measure of risk.

www.derekhendrikz.com

Risk Control (risk response)…

• Risk control aims to prevent and control organizational risks and resultant losses.

• Risk control is therefore any process which prevents losses or curtails their effects.

• Risk control counters risks in the following ways:• It eliminates or reduces the factors that may cause

loss to a person or organization;• It minimizes the actual loss that occurs when

preventative methods have not been fully effective.

www.derekhendrikz.com

Risk Financing…

• Risk financing pursues the minimizing of ‘total cost-of-risk’ to an organization.

• Cost of risk will include:• Insurance cost;• Un-reimbursed losses (inadequate insurance,

excess payments, etc);• Loss prevention and risk control cost; and• Administrative cost

www.derekhendrikz.com

6-Step Process to Managing

Risk

1. Develop your assumptions regarding risks

and possible risk scenarios;

2. Assume the risks relating to your task;

3. Determine the signals or early warning

systems that will alert the risk as soon as

possible;

4. Quantify and prioritise the risks;

5. Develop risk management plan with control

measures; and

6. Monitor the risk management plan.www.derekhendrikz.com

Traditional Approach to Risk Management

Risk

Establish Context

Risk Identification

Risk Assessment

Risk Management

www.derekhendrikz.com

Establish Context…

• Establish social scope• Identify objectives of stakeholders• Establish criteria for risk evaluation• Identify constraints• Define a risk management framework

www.derekhendrikz.com

Risk Identification…

• Source analysis• Problem analysis• Objectives-based risk identification• Taxonomy-based risk identification • Common-risk checking• Risk charting

www.derekhendrikz.com

Risk Assessment…

• Establish probability of occurrence• Establishing potential severity & impact• Ability to detect possible risk events• Quantification of occurrence rate• Quantification of severity of

consequence• Prioritising risk values

www.derekhendrikz.com

Risk Management…

• Mitigate the risk• Retain the Risk• Avoid the risk• Transfer the risk• Monitor the risk

www.derekhendrikz.com

In your team....Develop a relevant disaster management process....

www.derekhendrikz.com

Objectives?

Assumptions?

Purpose?

Risk Management Purpose…

The purpose of risk management is to understand,

quantify and manage events that pose threats to the

health and safety of people, damage to infrastructure

& assets, the survival of our organisation and

environment through providing effective solutions

and processes for the prevention and management of

such risks.

www.derekhendrikz.com

www.derekhendrikz.com

Risk Management Objectives…

(1) To understand risk events, where possible to do so, and the

effect of its consequence, return and cost on organisational

mission and outcomes. www.derekhendrikz.com

(2) To quantify the probability and impact relating to any specific

risk.

www.derekhendrikz.com

(3) To manage identified risks through mitigative strategies and

contingency planning.

www.derekhendrikz.com

Process to Objectives…

Understand Quantify Manage

www.derekhendrikz.com

Risk Management Assumptions (1)…

1. That analysis of the relationship between probability and impact is the best way to understand risk and disaster management.

2. That a risk is an event of which we have an understanding of both the impact and the probability of occurrence.

3. That a disaster is an event which we have failed to prevent or avoid.

4. That the difference between disaster and risk management stays academic in nature, and that it is practically never possible to separate the two concepts when managing disaster risks.

5. That risk management is most effective when abdicated and that where we have to take the risk, we should find effective ways in reducing the uncertainty surrounding such risk.

6. Where the management of probability is inadequate, we have to manage impact. This is best done through effective response control and recovery management techniques.

www.derekhendrikz.com

Risk Management Assumptions (2)…

7. That effective policy formulation, risk-exposure analysis and adequate risk-disaster funding are three essential pillars for the effective management of risks and disasters.

8. That essentially, there are only four ways of managing risks, which are transference, avoidance, mitigation and retention.

9. That risk retention has both pre-loss and a post-loss retention dimensions, and that pre-loss retention primarily concerns itself with risk mitigation whereas post-lost retention concerns itself with risk response and risk recovery. Furthermore the field of disaster management encapsulates the response and recovery elements of risk management.

10. That the primary outcome of risk avoidance and transference is abdication of risk.

11. That the primary outcome of pre-loss risk retention is eradication of the uncertainty surrounding risk.

12. That the primary outcome of post-loss risk retention is to restore, business operation, environment and people dynamics to its original state.

www.derekhendrikz.com

http://www.derekhendrikz.com/

http://www.derekhendrikz.com/