Posted by Nia Dwi Astuti
Concept of risk has been studied
in plenty of business contexts and even in the fields of science and
engineering. The study of risk has promised essential investigation of corporate
functions, for example decision-making tools (Yates and Stone, 2002),
operations (Khan and Burnes, 2007), and strategic management tools (Sitkin and
Pablo, 1992).
So what is risk? The ISO 31000 (Enterprise Risk Management)
definition of risk is the 'effect of uncertainty on objectives. In this definition,
uncertainties include events (which may or may not happen) and uncertainties
caused by ambiguity or a lack of information. It also includes both negative
and positive impacts on objectives.
All projects involve risk, the zero risk project is
not worth pursuing. This is not purely
intuitive but also a recognition that acceptance of some risk is likely to yield a more desirable and appropriate
level of benefit in return for the resources committed to the venture. (Chriss Chapman and Stephen, 2003).
Risk is present in every aspect
of our lives thus risk management is universal but in most circumstances an unstructured activity, based on
common sense, relevant knowledge,
experience and instinct.
Managing risk is the step that should take to know what you don’t know. The
Purpose of Risk Management is not to eliminate risk, if you strive to eliminate
risks to zero level, you are in process to kill your business. Risk management refers
to a coordinated set of activities and methods that is used to direct an
organization and to control the many risks that can affect its ability to
achieve objectives. According to the Introduction to ISO 31000 2009, the term risk management also
refers to the architecture that is used to manage risk. This architecture includes risk management principles, a risk management
framework, and a risk management process.
Risk management encourages value creation by
enabling management to:
- Manage all potential future events that create uncertainty.
- Provide the proper treatment to minimize the potential loss and simultaneously strengthen opportunity.
The characteristics of Enterprise Risk
Management are:
- Support the strategy and planning
- Proactive.
- Driven by the needs of each company's business processes
- Applied to the tangible and intangible assets
- Integrated.
- Manage all potential future events that create uncertainty.
- Provide the proper treatment to minimize the potential for loss
- Identification, risk analysis, evaluation, treatment, and ongoing risk monitoring.
- Clearly specify the party responsible for each risk, determine roles and responsibilities clearly.
The flow lines in Figure 1.1 show the process of
risk management.
1. Risk Identification
Risk identification will produce a
risk register. Risk register lists all identified risks that may affect
the project. It should be as comprehensive as possible to include
all identifiable items that have probability of occurrences and generally
includes estimated probability of the risk event to occur, severity or possible
impact of the risk, probable timing and anticipated frequency.
2. Risk Analyze
The step after Risk Identification
is analyzing the risk. Analyze how much the probability of occurrence of a risk
event and what the impact on the company's operations. Analyze if the risk of
events will cause a financial loss (profit and not achieving the target or not
absorb the cost of the investment budget). Calculate financial losses include
costs such as workers compensation, damage to assets / facilities, and rising
operating costs and / or decrease in the Company's revenue also included in
risk analyze. And also we must analyze qualitatively affect of reputation such
disruption, environmental damage and health - safety (accidents), compared with
the qualitative impact criteria and select the greatest index score.
3. Risk Evaluation
Comparing
Risk Level (Probability x Impact) to make decision regarding further action. Risk
evaluation is a process that is used to compare risk analysis results
with risk criteria in order to determine whether or not a specified level of
risk is acceptable or tolerable.
4. Risk Treatment/Response
This
can include determining risk tolerance, choosing risk appetites, setting risk
limits, performing risk mitigation activities, and optimizing organizational
objectives relative to risk. Risk treatment is a risk modification
process. It involves selecting and implementing one or more treatment
options. Once a treatment has been implemented, it becomes a control or
it modifies existing controls. You have many treatment options. You can avoid
the risk, you can reduce the risk, you can remove the source of the risk,
you can modify the consequences, you can change the probabilities, you
can share the risk with others, you can simply retain the
risk, or you can even increase the risk in order to pursue an opportunity.
Reference:
Chapman, Chris and Stephen Ward, Project Risk Management (Process, Techniques, and Insight), 2013, John Wiley & Sons, Ltd
