Professional Documents
Culture Documents
Session 1 B - Risk and Risk Management
Session 1 B - Risk and Risk Management
Management
Focus on slides 11 - 27
Common Misconceptions about Risk and Risk
Management
1. All Risk is bad
• Risk and opportunity are intrinsically linked
• Risk can be positive or negative
• If risk is managed effectively it can become an asset rather than a
liability
• A “bad” risk for one can be a “good” risk for another
6. Well established groups are more efficient at identifying and handling risk
• Consider groupthink
• Decision-maker may consider risk to group/team as being more important
than risk to the organisation
5 © Edinburgh Business School
The Increasing Significance of Risk
• The number of risks increases as a function of both human and
organisational evolution and development.
• As organisations become larger and more complex they tend to face an
increasing array of complex and diverse risk.
• Additionally as the array of risk increase so to does the interconnectivity of
the risk.
• Risk Analysis is based on the consideration of risk and reward, which is a
basic function of the human cognitive process.
• The was in which people think is important as risk are perceived and
evaluated by people. This also applies to the design and implementation of
Risk Management Systems.
6 © Edinburgh Business School
The Increasing Significance of Risk (Cont’d)
• Risk is not a negative concept
• Change is time-driven and observers an only look in one direction on
the time continuum.
• The key issue is the ability to identify risk and manage them. The
development of a Risk Management System in which risk can be
controlled at acceptable levels while corresponding opportunities are
exploited.
• Speculative and Static Risk – Speculative risk is dynamic and is concerned with
both positive and negative values (gains and losses). It is unavoidable as it relates
to factors outside the control of the organization. Static risk considers losses only.
• Internal and External Risk – Internal risk originates inside the organization and as
such are ‘controllable’. External risk originate outside of the organization, within
the external environment.
• Planned and Responsive Risk – Planned risk are accepted by the organization as a
result of some planned initiative or venture. Responsive risk are required of the
organization in response to forces that impact upon it.
* Note Combination of Risk Levels and Risk Types – Individual risk can be
characterised
12 by many different combinations of risk levels and types. © Edinburgh Business School
The Need for an Effective Risk Management
System
It is clear that: -
1. There are many misconceptions about risk
2. The significance of risk in all applications is increasing
3. Risk has to me managed, as not managing risk is a risk in itself
4. There are also numerous different levels of risk
As such: -
• The overall risk profile facing decision-makers is highly complex and variable
• Risk cannot be managed on a tactical or response basis
• There is a need for an effective Risk Management System
• Risk has to be managed at a strategic level, using a strategic approach.
13 © Edinburgh Business School
The Need for an Effective Risk Management
System (Cont’d)
• Most organisations are: -
• Subject to internal change
• Operate within an environment, over which the organization has no
control, and which is also subject to change
• Therefore, the internal and external risk profile changes constantly and as
such there is a need for a formal and structured approach to risk
management.
• The risk management system must also be designed and operated very
carefully with due analysis and evaluation in a range of different
design/operational considerations.
14 © Edinburgh Business School
The Need for an Effective Risk Management
System (Cont’d)
The risk management system must also be designed and operated very
carefully with due analysis and evaluation in a range of different
design/operational considerations: -