What is Risk

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA & SAP Consultant 1

What are the Business Risks

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA 2

& SAP Consulant
Some concepts of Risk Management

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA 3

& SAP Consulant
Why Risk Needs to be Managed
 Life is full of unexpected events – and it is the same for individuals and business organisations.
While some are positive (and, indeed, rare), however, others are negative and may occur with
enough frequency to warrant your attention as a business owner.
 1. It Helps to Reduce Uncertainty
 2. It is Crucial for Successful Planning
 3. It helps Reduce Expenses and Losses
 4. It Helps Improve Your Reputation
 Management of risk is vital in making sure a company and leadership understand what the
potential problems could be, helping them create solutions for those problems and mitigate their
risk. A company that has heavy risk or doesn't have the management aspect worked out may find
investors are not excited about giving money. They may also find that they run into more
problems then they have money or time to fix. Taking risk management seriously can help a
company be prepared for the future.

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA 4

& SAP Consulant
 Why Risk Management is Important
• Risk management is the process of identifying, assessing and controlling financial, legal, strategic, and
security risks to an organization’s capital and earnings. These threats, or risks, could stem from a wide
variety of sources, including financial uncertainty, legal liabilities, strategic management errors,
accidents and natural disasters.
• If an unforeseen event catches your organization unaware, the impact could be minor, such as a small
impact on your overhead costs. In a worst-case scenario, though, it could be catastrophic and have
serious ramifications, such as a significant financial burden or even the closure of your business.
• To reduce risk, an organization needs to apply resources to minimize, monitor and control the impact of negative
events while maximizing positive events. A consistent, systemic, and integrated approach to risk management can
help determine how best to identify, manage and mitigate significant risks.

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA & SAP Consultant

5
Redefining The Risk towards It’s Management

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA & SAP Consultant 6

R>Reasoning
• Reasoning
• Whatever a person’s role—in business or in life— decisions that involve elements of risk need
to be made.

• Risk comprises two parts: the probability of something going wrong and the negative
consequences if something goes wrong. Once a decision is made, logic needs to be applied to it—
this is the concept of reasoning. Reasoning is the action of thinking about something in a logical
and sensible way.
• There is a chance of both success and failure in this process. In the risk management process, the
probability of something terrible happening based on a decision should be identified; this process is
defined as risk analysis. Risk analysis is used to analyze a situation, identify the potential problems,
and provide guidance in managing these problems that could undermine key business initiatives or
projects.

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA & SAP Consultant 7

 I>Intelligence
• Intelligence
• Risk is always guided by the perceived intelligence of human beings. Whether a
certain event is to be considered as a risk is based on a person’s intelligence,
knowledge, and understanding of the subject matter, and the ability to handle such
risk as acceptable or not acceptable. The risk needs to be identified based on its
association with assets or business processes.
• This identification process requires common intelligence or business intelligence for
accepting the risk designation. Once the risk associated with a business process or
assets is identified, the risk needs to be addressed.
•
• Effective information is key in the risk management process. After collecting the
necessary information, intelligence is applied to manage the risk. Computer-based
tools and artificial intelligence (AI) can assist in risk identification and impact analysis.
•

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA & SAP Consultant 8

S> Strategy
• Strategy
• Risk mitigation requires the development of a strategy that manages the perceived risk.
Things to consider include how much risk to avoid, how much risk to mitigate, how much risk
to transfer through insurance coverage or some other established process, and how much
risk to accept.
• Enterprise risk management (ERM) and risk management in general cover a wider range of
risk factors than any enterprise could potentially face.
• A risk may seem harmful, but if it does not actually negatively impact the overall health of
an enterprise or its ability to meet its business objectives, then it is an acceptable risk.
• The uncertainties in business have given rise to the application of strategic risk management.
Business owners and process owners need to perform a risk analysis along with their business
impact analysis.
• After completing a business impact risk analysis, strategies must be applied with respect to
the treatment of each perceived risk area. This strategic process guides business owners and
process owners on what action is required and when.
• Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA & SAP Consultant 9
K>Knowledge
• Knowledge
 In the context of risk management, intelligence includes the capacity for understanding a
thing and applying a logic toward considering an event as a risk, while knowledge refers to
the values developed through a learning process and ideas generated from past events.
 Developing a good strategy for managing risk also requires adequate knowledge of the
perceived risk. Without the required knowledge of how to manage risk based on external
inputs such as technical knowledge, knowledge on financial support or knowledge from
recorded case studies, it is difficult to develop a risk management strategy.
 Knowledge of the market, knowledge of third-party services and knowledge of past data are
basic necessities for generating strategies to address any perceived risk. Without knowledge,
the risk management process is not possible.

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA & SAP Consultant 10

Risk Management Process Steps
Steps Purpose Action

One (1) Identify the Risk Strong Reasoning(R) is required to

identify and analyze

Two(2) Analyze The Risk Do

Three(3) Evaluate and Rank the List Intelligence (I) is needed for impact
analysis and ranking.

Four(4) Treat The Risk Strategic (S) decisions must be made for
treating the risk.

Knowledge (K) is needed for managing the

Five (5) Monitor & Review the Risk risk.

Presented By -Dr.Tapas Bhattacharya , Ph.D., CISA(USA) , FCMA & SAP Consultant 11