The Theoretical Concept of Risk Management - Coursework Example

? The Theoretical Concept of Risk Management The Theoretical Concept of Risk Management Introduction Risk management is adiscipline that is focused on the determining, planning and implementing of the different was and resolving different risks in organisations and companies. Risks are related to the different aspects and divisions in the organisation such as the shareholders and members of the organisation. Risk management is referred to as “necessary evil” that makes the organisation in its survival (Culp, 2001, p.ix). The necessity of risk management increases due to growing complexity of the different organisations and companies in their own niches (Institute of Risk Management, 2002, p.2). Thus, the study is focused on presenting a view on risk management. Objectives of the Study The risk management is necessary to be able to survive and plan the different problems and trials facing the organisations. The study is aimed to review the theoretical concepts of risk management specifically related to projects and practical implementation of strategies, plans and procedures. In addition, relevant corporate governance aspects of organisations are also included. Included in the specific topics covered in the research are the key challenges and applications in risk management, risks associated in research and development, risks in new product development, change management, technology transfer, and system integration of technology and the manpower. The needs for team working skills appropriate to risk management and the methods for formulating risk management strategies such as project risk models, migration, and contingency plans for appropriate action. Background of the Study Risk is the “combination of the probability of an event and the consequences which can either be beneficial or detrimental to the organisation or particular project. Due to the implications of the risks involved, the need to prepare for the risks is essential (Institute of Risk Management, 2002, p.2). Risks are inevitable in any type of activities, projects or organisational operation, thus, methods and techniques in recognising, resolving and working the risk as opportunities and chances of growth and excellence are being established (Loosemore and Raftery, 2006, p.1). One example of risks considered is in the safety field wherein the main concentration is the preparation for the negative risks to be able to ensure safety (Institute of Risk Management, 2002, p.2). The risks can affect different aspects of an organisation or project including physical, monetary, cultural, and social dimensions (Loosemore and Raftery, 2006, p.1). In addition to the complex effects of risk that serves as stimulus for action undertaken by organisations, risk can either serve as threat or opportunity which lead to essential benefits such as exploits more opportunities, enables trade-offs, increases the chances of success, sustains creative exploration and innovation, increases efficiency, and promotes motivation within teams (Hillson, 2009, p.9). There are different types of key risks that can affect risk management. These can be classified into the external and internal factors that are categorised as financial risks, strategic risks, operational risks and hazard risks. External financial risks are composed of factors related to interest rates, foreign exchange, and credit. External strategic risks include competition, customer or stakeholder changes, industry changes, customer or stakeholder demand, and M & A integration, which is also an internally driven risk. External operational risks include factor such as regulations, culture, board composition, and the recruitment and supply chain which are also considered as internally driven risk factors. Contracts, natural events, suppliers, and factors related to the environment are classified as the externally driven hazard risks. Other types of external hazard risks are the public access, employees, properties, product and services which are also classified as internally driven risks (Institute of Risk Management, 2002, p.3). The internally driven risks also had similar categories. Liquidity and cash flow is the internally driven financial risk. Research and development and intellectual capital are included in the internally driven strategic risks. Internally driven operational risks are accounting controls and information systems (Institute of Risk Management, 2002, p.3). Defining and analysing the risks can be considered as one of the most important phases in the process of risk management, since it is the initial step in the process. Risks can be analysed through qualitative and quantitative types which both determines the nature, advantages, and disadvantages of the different risks (Van Well-Stam, Lindenaar, and Van Kinderen, 2004, p.34). Theoretical Concepts of Risk Management Risk management is the main topic of the study undertaken which is focused on the effects of the different risks, either threat or opportunity. It is the process which is considered as the ‘central part of the strategic management’ of an organisation. Specifically, organisations move forward in the implementation of their plans and goals by responding and tackling the possible risks that can be encountered. Even within an organisation, different teams and divisions have their own unique risks, thus, identification and treatment of such risks is one of the priorities. Management of the actions toward different forms of risks can affect every aspect of the organisation, thus, through the years risk management is increasingly becoming a recognised necessity in the operation of a project or organisation (Institute of Risk Management, 2002, p.2). Specifically, project risk management had been defined as the ‘art and science of identifying, assessing and responding to the different types of risks the project will encounter through the course of operation while achieving the set goals and objectives’ as quoted by Alexander and Andresen (2007, p.4). Importance of Risk Management Risk management is one of the most essentials process in an organisation due to its importance in facing the risks which are considered inevitable in the establishment, operation and achievement of goals of the said organisation. Specifically, the process of risk management is aimed to provide ‘better project outcomes on the basis of time efficiency, cost efficiency and operational performance (Cooper, Grey, and Raymond, 2005, p.13). Another advantage of risk management is the ‘protection and recognition of the value of an organisation and the stake holders’ through various points. One is the increase of control and consistency in future activities of the organisation based on the establishment of a systematic framework based on the possible risks. Improvement of the different processes within an organisation can be achieved including the decision making, planning and prioritising. This can be attributed to the fact that risk management leads to the comprehensive study of the different factors that can affect the organisation. The improvement in the efficiency of use and allocation of capital and resources is also an important point that is contributed by risk management. Through the study of risks, the flexibility of the company is increased, thus, limiting the ‘volatility’ of the aspects in the organisation that is considered secondary in terms of importance. With the different aspects of the organisation given proper attention, improvement can occur in the other facets such as company image, people support, and organisational knowledge base and culture (Institute of Risk Management, 2002, p.4). Risks are important in an organisation due to the fact that it provides the company opportunities to excel and to improve. In addition, the preparation undertaken to face risks in different aspects of operation is an important mechanism of adaptability to different events and challenges (Doherty, 2000, p.234). The Process of Risk Management The process of risk management starts with the determination the strategic objectives of an organisation. It is then followed by the risk management and risk evaluation. Then, risk reporting, decision, risk treatment, residual risk reporting, and monitoring follow. Modification and formal audit are connected with the different phases of the risk management process. The process is presented in Figure 1 (Institute of Risk Management, 2002, p.3). Risk Assessment 1. Risk Analysis Risk analysis is an essential preliminary phase that is focused on the definition and classification of the different risks involved in an organisation. It is a detailed process that identifies, describes, estimates, and classifies risks in preparation for management and resolution (Institute of Risk Management, 2002, p.3). Source: (Institute of Risk Management, 2002, p.3). Figure 1. Risk Management Process. Risk analysis is a method that is used to clarify different issues that can be considered as risks that can affect the project or the organisation (Chapman, Ward and Ward, 2003, p.71). It is the process of determining the exposure of the organisation to uncertainty thus, knowledge on data and information related to the operation and different aspects such as legal, social, political, and cultural environment is essential to the process. There are different types of decisions made within the process of risk identification. This is related to the types of risks that are both intrinsic and extrinsic to an organisation (Institute of Risk Management, 2002, p.5). The strategic type is related to the strategic objectives of an organisation such as capital availability, sovereign and political factors, legal aspects and regulations, reputation and factors that can affect the physical environment. Operational factors are related to the challenges encountered by the organisation in aiming to achieve the set goals. Financial type of risks is related to the management of finances within the organisation as well as the effect of the factors external to the organisational structure. Knowledge management is concerned with the administration of the knowledge production, resources, assimilation and communication. Compliance is another type that is commonly neglected but needed to be given attention. This include issues intrinsic and extrinsic to the organisation such as health and safety, environmental, trade provisions, data protection, manpower, and different forms of regulations (Institute of Risk Management, 2002, p.5). 2. Risk Identification Risk identification is involved in the determination of the sources and nature of the risk. Included in the possible sources of failure, that pose risk to the organisation, are hardware failure, software failure, organisational failure, and human failure. Possible causes of risks that can be identified are demographic, economic, hydrologic, technological, meteorological, environmental, institutional, and political elements (Haimes, 2009, p.63). 3. Risk Description Risk description is a component of risk analysis that is used to assess and describe the different types of risks that can affect the organisation. Parameters in description includes name of the risk, scope of the risk, nature of the risk, stakeholders, quantification of the risk, risk tolerance or appetite, risk treatment and control mechanisms, potential action for improvement, and strategy and policy developments (Institute of Risk Management, 2002, p.5). 4. Risk Estimation The subsequent stage in risk analysis is involved in the quantitative, semi-quantitative or qualitative determination and definition of the risks such as the level of threat or negative effect a particular issue or factor is. It can also be related to the positive or upside risks or opportunities (Institute of Risk Management, 2002, p.6). Risk Evaluation After the process of analysing of risks, the successive phase is risk evaluation. It is the comparative analysis of the risks to the different criteria established by the organisation which include costs, benefits, legal requirements, socio-economic and environmental factors, stakeholders concerns, and other related factors (Institute of Risk Management, 2002, p.8). Risk evaluation is considered as overlap of the process of risk assessment and risk management. Thus, in this part of the risk management process, there are different components such as the formulation, development, and optimisation of policy options (Haimes, 2009, p.63). Risk Reporting There are two components of risk reporting, the internal and external reporting. Internal reporting is composed of the different teams and departments in an organisation lead by the Board of Directors. Also included are the different units and the individual members of the company and the workforce (Institute of Risk Management, 2002, p.10). The Board of Directors considered as the leaders of the organisation are expected to be aware of the significant risks in the path, as well as the performance and knowledge within the organisation environment. The role of the Board of Directors involves the totality of the organisations. On the other hand, the business units are the components of the organisational structure. Each unit then is needed to be responsible in every aspect of the team or unit structure. This is important since it can affect the performance of other units and ultimately, the whole organisation. The responsibility of every unit then, covers the same components as the Board of Directors but with smaller coverage. Communication from the unit to the leaders of the organisation is important to maintain cohesiveness within the organisation (Institute of Risk Management, 2002, p.10). External reporting is targeted to inform the stakeholders of the organisation, the content of which are the risk management policies and achievement of the goals. Stakeholders commonly based the performance on different aspects which also include community affairs, human rights, employment practices, health and safety, and the environment (Haimes, 2009, p.720; Institute of Risk Management, 2002, p.10). Risk Treatment The process of modifying the risk to change the effect is referred to as risk treatment. The risk control or mitigation is the main component of the concept. Other components include risk avoidance, risk transfer and risk financing. The main characteristic of possible risk treatments are effectiveness ad efficiency in operation of organisation, internal controls, compliance of laws and regulations (Institute of Risk Management, 2002, p.10). Risk treatment determines responses to risk which prevents overall risk exposure. It is based on the risk identification and assessment undertaken. The system then tends to continuously improve since the errors of the prior process can be corrected with established risk treatment method (Cooper, Grey, and Raymond, 2005, p.73). Monitoring Monitoring is another important phase in risk management. It is involved in procedures used and information assimilated in the assessment process. By monitoring, better decisions can be made and solutions can be established (Institute of Risk Management, 2002, p.11). There are important rules in monitoring which are needed to be considered. One is the need for distinction between the data in the front data and the risk management data. The data used are required to be reconciled with the records, e.g. the bank books. Prior to the analysis and assessment of data, consolidation, assimilation and synthesis are needed to be undertaken. Measuring important parameters in the study of risks is also needed to be undertaken (Crouhy, Galai, and Mark, 2006, p.101). The Risk Management Structure The risk management structure is composed of different important concepts. The risk management policy serves as the guideline for action, specifically in terms of coping with risks. The main content of the policies includes ways and methods that segregates and instigate responsibilities of units within an organisation or project. The different groups within an organisation with unique roles are Board and the business units. Also, due to the focus on risk management, an independent unit can be established which is related to the size of the organisation. The said unit can be composed of a single risk champion or personnel, a part time risk manager or even a full scale risk department. This group is referred to as the risk management function, that is responsible for risk management from risk analysis and assessment to the establishment of policies and resolutions that can help prepare the organisation (Institute of Risk Management, 2002, p.12-13). Applications of Risk Management In the process of risk management, the important aspect is the application in different settings such as corporate, organisational, and project-based. Basically the different applications are related to the corporate governance in different organisations. Due to the increasing necessity of risk management, organisations and companies are establishing an independent unit that will focus on the said task (Chance and Brooks, 2009, p.569). In project risk management, risks can result from inaccuracy and errors in forecasts of project costs, demand, and other factors (Flyvberg, 2006). Such challenges can be observed in the different applications of risk management. These applications include research and development, new product development, change management, technology transfer and system integration of technology and manpower Research and development is a process of within an organisation that utilizes risk management methods in an organisation. It is involved in innovative projects, the type of which depends on the type of organisation. Research and development also functions in the assessment, improvement and development of the methods and processes in the different units and teams within an organisation. One example is incorporation of new method in an organisation such as outsourcing of the provision of goods and services. Prior to the implementation of changes, risk management process is undertaken. Outsourcing has different rules in terms of payment and contractual and partnering agreements, thus, in depth study is required (Cooper, Grey, and Raymond, 2005, p.171). New product development is another example of application of risk management. In the development of new product, it can be treated as a separate project wherein a specific system of risk management process can be applied. In the said situation, the holistic study of the benefits, limitations, advantages, dangers of the new product is undertaken (Hillson, 2009, p.99). One example is the development of products for the space program. In depth on the risks of the different products cannot be tested since the conditions are different. Thus, simulation studies determine the risks and then analysed through the process of risk management (Haimes, 2009, p.688). Even the change in management needs risk management to be able to lessen the effects on the performance of the organisation. This is related to the possible effects of the change in management to the policies, leadership style, organisational culture and the attitude of the members of the organisation (Doherty, 2000). Another application of risk management in an organisation is the system integration of technology and manpower. This can be attributed to the fact that incorporation of a new technology in a project or in an organisation can affect every aspect of the structure. In such case risk management prior to the introduction of new technology is needed to determine the possible impact. It is also required as a guide through the process. Once introduced, risk management is needed, specifically the process of risk monitoring, evaluation and assessment (Loosemore and Raftery, 2006; Renn, 1998). Case Study Application There are different applications of risk management process in various fields of discipline. One example is the risk assessment and management for supply chain networks. The main objective of the study is to present the different risks and risk management methods that can be used in the said context. The focus of the study is a medium size company in Turkey that is involved in the production of supplementary parts for electric, automotive, and home appliance industries. The particular supply chain operated by the company is composed of 4 subsystems namely, the inbound/outbound logistics, the operations at the manufacturer, the operations at the suppliers, and the final customers via retailer (Tuncel and Alpan, 2010). Different types of errors and risks can occur in any stage of the said operation. The company was able to identify the possible risks and presented ways to resolve them. Included in the said risks in the supplier systems are decline in business relations, loosing competitive advantage, poor quality of purchased products and raw parts scarcity. In the inbound/outbound logistics subsystem human errors, technical problems with transportation vehicles and natural hazards are included in the possible risks. Lack of operator, technical problems and human errors are the common risks in the manufacturer subsystem. Lastly, in the customer subsystem possible risks are fluctuations in customer demands, rapid changes in customer expectations and loss of market share (Tuncel and Alpan, 2010). Summary The study on the theoretical concepts of risk management covers the different terms pertinent to the understanding of risk management such as risk. The different phases and concept related to risk management had been defined in the presentation of the process. This includes establishment of strategic objectives, risk assessment, risk evaluation, risk reporting, risk treatment and monitoring. The importance of risk management had also been presented. One of the main points of importance is in terms of the increase in the awareness, preparedness, adaptability and flexibility of the organisation to the challenges and opportunities in the future. The application of risk management in different fields, projects and activities had also been discussed. Through the presentation of the application of risk management, the importance and necessity of the process is more realized. Conclusion The study is aimed to define and discuss the concept of risk management in an organisation. Project risk management is the specific focus but based on the data gathered, the process is similar to the organisation risk management. For that matter, the study presented the process of risk management both in terms of organisation and project perspective. The phases, concepts and components of the process of risk management had been discussed. In general, one point can be learned in the study that is the necessity of risk management. Through the study conducted, with the importance and applications of risk management, the continuous increase in popularity and utilisation had been realized. Bibliography Alexander, M. and Andresen, C. (2007). The Process of Risk Management for Physics. GRIN Verlag. Chance, D.M. and Brooks, R. (2009). Introduction to Derivatives and Risk Management. Cengage Learning. Chapman, C.B., Ward, S. and Ward, S.C. (2003). Project Risk Management: Processes, Techniques, and Insights. John Wiley and Sons. Cooper, D.F., Grey, S., and Raymond, G. (2005). Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements. John Wiley and Sons. Crouhy, M., Galai, D. and Mark, R. (2006). The Essentials of Risk Management. McGraw-Hill Professional. Culp, C.L. (2001). The Risk Management Process: Business Strategy and Tactics. New York: John Wiley and Sons. Doherty, N.A. (2000). Integrated Risk Management: Techniques and Strategies for Managing Corporate Risk. New York: McGraw-Hill. Flyvberg, B. (2006). From Nobel Prize to Project Management: Getting Risks Right. Project Management Journal, 37 (5), p.15-15. Haimes, Y.Y. (2009). Risk Modeling, Assessment, and Management. John Wiley and Sons. Hillson, D. (2009). Managing Risks in Projects. Gower Publishing Ltd. Institute of Risk Management (2002). A Risk Management Standard. London: Institute of Risk Management. Kutsch, E. and Hall, M. (2010). Deliberate Ignorance in Project Risk Management. International Journal of Project Management, 28, p. 245-255. Loosemore, M. and Raftery, J. (2006). Risk Management in Projects. Taylor & Francis. Renn, O. (1998). Risk Perception and Risk Management: A Review. Reliability Engineering & System Safety, 59.1, p. 49-62. Tuncel, G. and Alpan, G. (2010). Risk Assessment and Management for Supply Chain Networks: A Cased Study. Computers in Industry, 61 (3), p.250-259. Van Well-Stam, D., Lindenaar, F. and Van Kinderen, S. (2004). Project Risk Management: An Essential Tool for Managing and Controlling Projects. Kogan Page Publishers. Read More