Risk Management Principles - Essay Example

Running Head: Principles of risk management Insert Name Institution Date Introduction According to (ISO\DIS 31000 2009), risk management is the combined probability of an occurrence and the consequences that are suffered thereof. Otherwise risk management can be defined as a process whereby risks are identified, prioritized and assessed. Together with this, resources are applied in an economical way in order to check and reduce the possibility or effects of disastrous occurrences. It is also meant to bring about the most of opportunities realizable. Various things can cause risks such as failures in projects, accidents, natural causes, disasters and attacks from enemies, (Alexander and Sheedy 2005). Risk management therefore is the application of the principles managing of risks into the running of a given enterprise. This is meant to take care of those unfortunate incidences mentioned in the examples above. This essay looks at what risk management is, its problems and principles, how it is practiced, its importance and limitations. A section of the discussion is also dedicated to the comparison between safe and secure facilities and those that are insecure due to lack of risk management initiatives.        Principles of risk management   In all operations there are occurrences that result into opportunities that bring benefit and those that threaten success. Risk management continues to be seen as involving both the negative and positive dimensions of risks. Therefore the principles that govern risk management should put into perspective risks from both sides, (Baker 1993). In the field of safety however it is considered that the consequences of risks are negative. As a result managing the risk of safety is concerned with prevention and reduction of harmful effects. A proper management of risks should be able to integrate all the necessary principles in the process. Risk management is supposed to respond to change, create value, consider human factors, have transparency and inclusiveness, take care of uncertainty and be structured. It should also base on the best information, be included in decision making and the organizational process and finally be possible to be improved upon, (Ariel and Levine 2004). A good risk management system should follow a priority. In this those risks that occur easily and have high losses are taken care of a head of the others. Those that rarely occur and have low losses are taken on later. Problems in risk management However (Bent 2006) notes that problems can occur in balancing losses and probability of occurrence for risks with highest possibility of happening but are overlooked because of not being identified. A knowledge risk can occur when inadequate knowledge is used in any given operation. Intangible management of risks discovers new risks that have the cooperation a relationship risk can be encountered. Sometimes bad procedure can be followed in operations resulting into process engagement risks, (Bhansali 2008). These risks impact negatively by reducing cost effectiveness, quality of earnings, quality, value of brands, reputation, service and the amount of profits. There is always a problem in allocating resources. In reference to (Leibowtz and Bova 2009), Most of the resources wasted on management of risks could be used to on other operations that can yield profits. The best risk management practice must reduce spending as much as possible and reduce also the bad effects caused by risks. However not all risks or effects of risks can be controlled or prevented from happening. The risk management process is made up of a number of steps such as context establishment of risks, identifying and assessing the risks. After a risk is identified it has to be assessed. This is done basing on how severe the loss is and possibility of occurrence. These measurements can be very difficult to determine for example in the case of unlikely events coming to happen, (Airmic, Alarm, (IRM 2010). A basic problem in assessment of risks is how to know the rate at which a risk occurs because records on past occurrences may not be available. It is also hard to determine how severe the consequences may be in the case of assets that are not material in nature. Such steps can only be accomplished through guess work and approximation which may not be so good in such circumstances. Operations in risk management When identification and assessment of risks is completed management of those risks is undertaken through practices such as risk reduction, risk avoidance, risk retention and sharing as discussed below. Risk avoidance This is the inclusion of measures to ensure risks are prevented from happening. Hazard prevention is the stopping of risks from happening in cases of emergency. Eliminating hazards should be the beginning step in preventing hazards, (Hubbard 2009).  Sometimes it takes along time or is too expensive then the following step which is mitigation is taken. Risk avoidance may not be the best solution to risks because in the process it blocks the gains that would otherwise have been made if the risk was taken. For example one may avoid an opportunity in fear of the risks involved but loose out on the potential profits in case the business is started.     Risk reduction This involves cutting down the magnitude of the loss or the possibility of the loss from happening. In reference to (Neil 1986), risk reduction should find a balance between the benefits that accrue from an operation and the negative risks involved. This is because if the possibility of a risk occurring is reduced to zero then the possibility of gain associated with the positive side of that risk is also reduced to nothing. Risk sharing This can be said to be the dividing of the burden caused by loss or the gains achieved from risks between parties. Transferring of risks is also used to mean that a risk can be given to another party by way of insurance. This is seen as a way of escaping the undesired losses sustained in any case the risk has occurred by passing them over or sharing the pain, (Dorfman 2007). Risk retention This means that a loss or gain is accepted from an occurring risk. This method is practical in cases where the cost of insurance after some time becomes bigger than the loss caused by the risk. It is suitable for small risks. Generally every risk not transferred or avoided is normally a retained risk. However (Hubbard 2009) argues that risk retention may not be the best practice since risks that are not managed may result into massive disasters in the future. Such risks during assessment may appear to be small only to turn out into huge unfortunate incidents. Proper and fruitful risk management needs a review and reporting structure. This helps to confirm that identifying and assessing the risk is done so that necessary controls and actions are taken. There should be constant audits for compliance with performance of standards and policies. This will help to know if there is any improvement that needs to be done. Any change in the environment of any facility should be identified and the corresponding action taken on the systems. The corresponding action in this case is the measure that is required to carter for a risk if it happens to come, (Morteff 2005). Monitoring procedures should confirm that the needed controls that are implemented are well mastered and followed. This is important because if they are not followed properly, their implementation may be disastrous to an organization. Limitations of risk management Principles of management of risks when practiced may bring safety and security to both property and human life. However, (Leibowitzt and Bova 2009) they have their own demerits. When the risk management process is elevated above other activities, it tends to consume resources meant for other activities. Other projects can also be delayed when too much concentration is channeled in managing risks. Poor assessment and prioritization of risks can cause a waste of time and resources in attending to risks that are unlikely to occur. For example if those risks were insured then the money paid for that insurance goes to waste, (Albert and Dorofee 2008). Facilities or places where risks are managed may also tend to cause false confidence in people. This is because the principles of risk management will not eradicate the effects of every risk that occurs. People may tend to be carefree since risks have been taken care of and in the process they may end up with losses through accidents or theft. Small risks where the impact is expected t be small are not normally covered. This may be disastrous in case of an under estimation because it may be hard to estimate the magnitude of risks. Lack of proper attention when implementing the principles of management of risks may be detrimental to an organization, (Ariel and Levine). This can happen in the event of errors of incompetence. Lack of the necessary know how on risk management may also result into losses when the principles are put in place. Safe and secure facilities Risk management measures are applied on facilities to protect them from safety and security problems. Such problems include damage from disasters and accidents and theft or vandalism among others. Such occurrences are bound to cause losses to the owner of the facilities. Application of principles for risk management in such cases can help the owner to avoid such losses or mitigate their impacts. (Bent 2006), notes that resources that are spared when losses are avoided can be used to further other useful projects resulting into the growth and expansion of an organization.  Information in any operation or business is very important and may be the source of success and expansion. The results of a breach in security may be overwhelming. Losing important information may affect competitiveness and the inflow of cash as well as destroy one’s reputation. Reputation is a difficult thing to build up and may take many years to restore. Information also needs not be shared with other organizations for purposes of competition and credibility, (Dorfman 2007). Also, well maintained and conditioned facilities will bring comfort and satisfaction to the people using them. Such facilities will help to reduce inconveniences and wastage of time that could occur if they were not protected. Protection and security may bring extra costs but in the long run it brings benefits that would not have been realized at all. In the case of a business establishment for example customers may be tempted to try the services and products of secured enterprises as opposed to the others. Business partners may also be attracted to do trade with that specific organization. This will in turn translate to increased trade hence overwhelming profits to the organization. Acoording to (Alexander, Carol 2005), application of the process of managing the risks is a way of complying with the legal requirements of some localities. Some authorities will require any establishment of whatever nature to adhere to their risk management guidelines for them to operate in that locality. Risk management principles help in the smooth running of an organization and contribute to the long term operation of that establishment. Principles that help in decision making for example can ensure that the most useful decisions in running an organization are made. They help in coordination and collaboration in the organization (Bent 2006). Management of risks in any operation is crucial because it helps to secure the lives of those people involved. Take the example of a disaster like fire. The people working in the facilities involved can be saved from injuries or even death if risk management measures are put in place. (Hubbard 2005) notes that organizations and facilities that have the principles of risk management in place display a certain level of professionalism and modern business operation ethics that cannot be found if it they didn’t have them. Unsafe and insecure facilities  Principles of risk management when applied to facilities tend to create a big difference when compared to those that have no such measures. The major reason for this difference is the aspect of security and safety of those facilities, (Alexander et al 2005) . Management of risks brings in a certain level of safety and protection of facilities that is absent when risks are not managed. As a result of these practices it is possible to have a distinct clear cut line or discrimination between these two types of facilities. Facilities without risk management may not be as successful as those with risks being managed. Many facilities that need risk management may be in the commercial sector. However for any other operation to pick up successfully, those people involved need an assurance that any risk ahead of them has been taken care of (Morteff 2005). This makes it hard to operate without proper control of risks that can befall an organization. In case of a business venture potential customers and business partners or creditors need assurance that the business they are transacting with is under cover. Employers need confirmation that the organization they are working for is secure and that in the event of risks they are not bound to loose. Facilities without risk management practices in place are bound to incur many operational losses that are avoidable. Such facilities may miss out on the opportunities of expansion since funds are wasted on repair and replacement of equipment incase of disasters. Take the example of a business that has been insured and one that has no insurance cover. In the event of a disaster the one insured can recover easily because of the compensation from the insurance company. The business without insurance on the other hand may collapse and close down because of lack of money to reinvest into it, (Neil 1986). However some principles such as avoidance may also cause losses when one avoids a given venture that could bring profit gain in the long run. People may be justified to discriminate facilities based on risk management because their safety and the safety and security of their property may be put in jeopardy if risks are not controlled. This can happen in case of attacks, thefts disasters and loss of important and confidential information to other people who are not supposed to access it. Many people may not want to get involved with an organization whose reputation is low because of poor safety and security of its facilities. According to (Airmic 2010) facilities or organizations without risk management measures may stand out to gain in cases where risks don’t happen. Sometimes risks may not be common in some places or they may come after a very long time. In such cases the organizations without risk management will save those resources they would have spent on controlling those risks and their effects. For example money used for insurance can be channeled into other projects. Again there is no time wasting on risk management something that is an advantage for such an organization. Time saved in such ways can be channeled into other useful and profitable activities that can contribute to the wellbeing of an organization, (Bhansali 2008). In places where risk management compliance is a condition for operation it becomes very hard for some enterprises to be allowed to operate because of legal reasons. In such cases risk management become a priority and therefore creates a distinction between various organizations. People who are not willing to practice risk management in such circumstances will suffer the loss of being denied the permission of operation in certain areas which may be so profitable and potentially fruitful for them, (Dorfman 2007). Managing risks and not managing can cause some establishments, businesses and enterprises to be termed as stable or not stable. Those that have no risk management mechanisms may be termed as unstable because they may not be able to have their operations running smoothly for long. This is due to the fact that risk management practices bring in an organization some element of quality. For example when they take into consideration human factors then they tend to enhance collaboration and cooperation in that organization, (Baker 1993). Conclusion Management of risks in any operation or establishment is vital for the smooth and continued existence of a facility. Risk management is either negative or positive. The best risk management exercise should be responsive to changes, be able to create value, put human factors into perspective, be transparent have a structure and consider uncertain occurrences. Risk management has its problems especially where wrong procedures are taken or lack of knowledge results into ineffective management. (Hubbard 2009) observes that the process of managing risks is conducted through practices such as avoiding risks, reducing them, sharing and retaining some other risks. Management of risks through the application of the necessary principles does have its shortcomings also. Limitations in risk management may occur when people focus a lot of attention on the process at the expense of other projects. Resources and time may be wasted on this as other important activities are delayed until the risk has been taken care of fully. When risks are managed the organization is bound to realize growth due to increased operations. This is brought about by the willingness of people to get involved with that kind of operation because they are sure of their security and that of their interests, (Dorfman 2007). Risk management practices therefore can be a reason for discrimination between facilities that are safe and secure and those that are insecure and with low safety.  It is therefore true that people will always tend to discriminate between facilities based on their risk management status. References Alexander, Carol and Sheedy, Elizabeth (2005). The Professional Risk Managers' Handbook: A Comprehensive Guide to Current Theory and Best Practices. PRMIA Publications. Alberts, Christopher; Audrey Dorofee, Lisa Marino (March 2008). Mission Diagnostic Protocol, Version 1.0: A Risk-Based Approach for Assessing the Potential for Success. Software Engineering Institute. Amazon publishers. Moteff, John (2005) Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences . Washington DC: Congressional Research Service. (Report). Crockford, Neil (1986). An Introduction to Risk Management (2 ed.). Cambridge, UK: Woodhead-Faulkner. Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. Dorfman, Mark S. (2007). Introduction to Risk Management and Insurance (9 ed.). Englewood Cliffs, N.J: Prentice Hall Standards Association of Australia (1999). Risk management. North Sydney, N.S.W: Standards Association of Australia. Airmic / Alarm / IRM (2010) "A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 Flyvbjerg, Bent (August 2006). "From Nobel Prize to Project Management: Getting Risks Right" (PDF). Project Management Journal (Project Management Institute) 37 (3): 5–15. http://flyvbjerg.plan. Baker, B. (1993). The project manager and the media: Some lessons from the stealth bomber program. Project Management Journal, 24 (3), 11–14. Cleland, D. I., & King, W. R. (1983) Systems analysis and project management Journal. New York: McGraw-Hill. Conference Announcement 1st International Conference on Sustainable Construction & Risk Management Journal,12 - 13 June 2010 Chongqing Municipality, P. R. China Ariel Levine.(2004) "Bepress adds a new journal on risk management to its list" Berkeley Electronic Press Published in J. Environ. Qual. 33:410. Bhansali, V.(2008) “Tail Risk Management.” Journal of Portfolio Management, Vol. 34, No. 4 pp. 68–75 Leibowitz, M., and Bova.(2009) “A. Diversification Performance and Stress-Betas.” Journal of Portfolio Management, Vol. 35, No. 3 pp. 41–47.   Read More