Chapter # 8

RISK MANAGEMENT
Risk:

Risk can be referred to like the chances of having an unexpected or negative outcome. Any
action or activity that leads to loss of any type can be termed as risk. There are different types of
risks that a firm might face and needs to overcome. Widely, risks can be classified into three
types: Business Risk, Non-Business Risk, and Financial Risk.

Types of Risks:

1. Business Risk: These types of risks are taken by business enterprises themselves in order
to maximize shareholder value and profits. As for example, Companies undertake high-
cost risks in marketing to launch a new product in order to gain higher sales.
2. Non- Business Risk: These types of risks are not under the control of firms. Risks that
arise out of political and economic imbalances can be termed as non-business risk.
3. Financial Risk: Financial Risk as the term suggests is the risk that involves financial loss
to firms. Financial risk generally arises due to instability and losses in the financial
market caused by movements in stock prices, currencies, interest rates and more.

Risk Management:

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated
and economical application of resources to minimize, monitor, and control the probability or
impact of unfortunate events or to maximize the realization of opportunities.

Types of Management:

1. Risk Avoidance: Avoiding of a risk means one should not involve in such activity which
involves risk.

2. Risk Transfer: The business which is originally exposed to risk; transfer when it to
another party which is willing to bear the risk.

3. Risk Mitigation: Mitigating Risk is meant to lessen any negative consequence or impact
of specific known risk and is often used when those risk are unavoidable.
4. Risk Acceptance: Risk Management can also be implemented through the acceptance of
risk. Companies retain a certain level of risk brought on by specific projects or expansions if the
anticipated profit generated from the activity from the far greater than its potential risk.

Principles Of Risk Management:

 Create value.
 Be an integral part of an organizational process.
 Be part of decision making process.
 Be systematic & structured.
 Be transparent.
 Be responsive to change.
 Be capable of continual improvement and enhancement.
 Be continually or periodically re-assessed.

Risk Analysis:

Risk analysis is the process of identifying and analyzing potential issues that could negatively
impact key business initiatives or critical projects in order to help organizations avoid or mitigate
those risks.

Benefits of Risk Analysis:

Risk analysis can help an organization improve its security in a number of ways. Depending on
the type and extent of the risk analysis, organizations can use the results to help identify, rate and
compare the overall impact of risks to the organization, in terms of both financial and
organizational impacts; identify gaps in security and determine the next steps to eliminate the
weaknesses and strengthen security; enhance communication and decision-making processes as
they relate to information security; improve security policies and procedures and develop cost-
effective methods for implementing these information security policies and procedures; put
security controls in place to mitigate the most important risks; increase employee awareness
about security measures and risks by highlighting best practices during the risk analysis process;
and understand the financial impacts of potential security risks.

Qualitative Vs. Quantitative Risk Analysis:

The two main approaches to risk analysis are qualitative and quantitative. Qualitative risk
analysis typically means assessing the likelihood that a risk will occur based on subjective
qualities and the impact it could have on an organization using predefined ranking scales. The
impact of risks is often categorized into three levels: low, medium or high. The probability that a
risk will occur can also be expressed the same way or categorized as the likelihood it will occur,
ranging from 0% to 100%.

Quantitative risk analysis, on the other hand, attempts to assign a specific financial amount to adverse
events, representing the potential cost to an organization if that event actually occurs, as well as the
likelihood that the event will occur in a given year. In other words, if the anticipated cost of a significant
cyber-attack is $10 million and the likelihood of the attack occurring during the current year is 10%, the
cost of that risk would be $1 million for the current year.

Risk Management Overview:

Risk Management is about anticipating risks and having a plan in place that will resolve it when
it occurs. Risk management saves time, money and efforts. It reduces unnecessary stress on the
project team. Risk management helps prevent many problems and helps make other problems
less likely. Risk Management activities are integral to a project manager's daily work. Through
risk management, the project changes from being in control of the project manager to the project
manager being in control of the project.

Risk management includes risk management planning, risk identification, the qualitative and
quantitative analysis of risks, risk response planning, monitoring and controlling the risk
responses. Risk management helps in increasing the possibility of positive events on the project
and effectively reduces the possibility of negative events on the project.

Threats and Opportunities:

Threats are events when occurred can negatively impact the project, whereas opportunities are
events when occurred can positively impact the project.

Up to 90% of threats identified and investigated in risk management process can be eliminated.

Uncertainty:

Lack of knowledge about an event that may occur and reduce confidence in the conclusions
drawn from the data is termed as uncertainty.

Insurable Risk:
A risk that conforms to the norms and specifications of the insurance policy in such a way that
the criterion for insurance is fulfilled is called insurable risk.
Uninsurable Risk:

Uninsurable risk is a condition that poses an unknown or unacceptable risk of loss or a situation
in which the insurance would be against the law. Insurance companies limit their losses by not
taking on certain risks that are very likely to result in a loss.

A risk could also be uninsurable because it's too expensive for the insurance company to cover.
Many homeowners' insurance policies list flood damage as uninsurable. Since a flood would
damage so many homes at the same time, covering all this damage would create too much of a
loss for insurance companies.