Risk Analysis and Risk Assessment - Coursework Example

Running header: Risk Management Student’s name: Instructor’s name: Subject code: Date of submission: Table of Contents Table of Contents 2 1.0 Introduction 3 2.0 The risk management process 3 2.1 Step 1: Planning 4 2.2 Step 2: Hazard identification 6 2.3 Step 3: Risk analysis assessment 6 2.4 Step 4: Risk control 7 2.5 Step 5: Monitoring and Review 8 3.0 Risk identification tools 9 3.1 Brainstorming 11 Conclusion: 12 References: 13 Risk management 1.0 Introduction Each activity embarked by the organisation entail a certain level of risk and hence organisations must take steps to manage the risk through anticipation, understanding and deciding on whether and how to manage it. Risk management is the methodical application of administrative strategies, practices and measures in a bid to establish the framework, identification, scrutiny, assessment, treatment, evaluation and communication of risk. According to Michael, (2010) the process involves communication and consultation with stakeholders, monitoring and review and setting up of controls against risk. This paper describes the ideal risk management process that every organisation should adopt in order to effectively manage risk and hence help it to be more efficient hence increasing its likelihood of achieving its objectives. The paper will also describe the various risk identification tools with an aim of helping organizations become better risk managers. 2.0 The risk management process In order to prevent undesirable occurrences in the organisation and hence help the organisation achieve its objectives in a timely manner, it is essential that organisations adopt an effective risk management process and strategy (Sa.gov.au). Management of risk entails a number of steps that are depicted in figure 1. 2.1 Step 1: Planning In order for risk management to be effective, there should be careful selection of the people to be involved in the process. Barton, (2001) states that the team so constituted should then gather relevant information pertaining to the process and establish the risk criteria / the acceptable level of risk for the workplace. The team should agree on the risk criteria before commencing the process and set the acceptable level within which to assess risk and determine the kind of actions to be taken in controlling risks. The team also needs to determine the potential likelihood of risk and its magnitude of consequences and hence enable the organisation to always be prepared in terms of cost and means of controlling the risk. Example: A mining company’s risk management team could consist of departments’ heads, production supervisor and a miners’ representative and should gather all information legal or technical regarding workers’ health and safety. The team should then agree on the risk context and criteria (the accepted level of exposure) before proceeding to identify risks. Figure 1: The risk control process 2.2 Step 2: Hazard identification In relation to all the hazards identified, the risk management team needs to identify what is likely to happen, how and why it could happen according to Keizer, (2002). This calls for the team to review all the relevant information gathered in the planning stage and also conducts an actual visit to the work place to observe what is happening and for risk clues and talk to employees on what risks they might be exposed to. This will enable the team come up with an all-inclusive listing of hazards that each section of the organisation could be exposed to. It would be advisable for the team to have a checklist that will ensure identification and documentation of every hazard. Example: The team could identify the following as the hazards faced by workers in a mining company; mine wall failures, vehicle collisions, suffocation, gas poisoning, collapsing roofs and gas explosions. 2.3 Step 3: Risk analysis assessment Having identified possible risks, the team needs to analyze them through identification of their likelihood of occurrence as well as their potential impact. Risk analysis should include everyone likely to be affected by the risk in their analysis. Ana, (2012) is of the view that the team should identify the particular risk each group is exposed to while assessing the adequacy of the existing control measures. Each hazard should be analysed in terms of how one is exposed, the likelihood of exposure and the consequence of exposure. The team should then use the likelihood and consequences to determine the severity of risk. This will form the basis of action. The team should then conduct risk assessment by comparing the risk levels identified during the analysis stage with the pre-established risk criteria during the planning stage based on their severity and plan the course of action to eliminate or reduce the risk to acceptable levels. Example: The team could use the following table in ranking the hazards identified above in terms of likelihood and consequences; Consequences Likelihood Negligible (1) Minor (2) Moderate(3) Major (4) Severe (5) Almost certain (5) Medium High high Very High Very High Likely (4) Medium High High High Very High Possible (3) Low High High High High Unlikely (2) Low low medium Medium High Rare (1) Low low medium medium High Figure 2: Risk level analysis For instance, although the likelihood of a gaseous explosion occurring could be low, its consequences could be severe and hence the team could treat it as a high risk. 2.4 Step 4: Risk control Depending on the level of risk exposure and its potential effects on the company’s objectives, the organisation may decide to treat the risk through risk avoidance, modification of the risk likelihood, treatment of the risk sources, elements of risk sharing and changing consequences (Holman and Keizer,2002). However, it is important that the risk treatment approach adopted enables the company to retain a level of risk that is within its risk appetite or that level that will not adversely affect the company’s objectives and workers health and safety. Example: Although the risk of explosion identified above is a high risk, the risk management team may not go for risk avoidance since this would call for closure of the mine. However, the team will come up with risk reduction measures which could include protective clothing, training and education 2.5 Step 5: Monitoring and Review In order to keep the risk management relevant to the ever changing organisational needs as well as external influences, the organisation should continuously undertake planned and regular monitoring of its risks as well as its risk management framework and processes (ACITIA). This should be done by risk owners, the board and management. In addition, the company should from time to time undertake an independent review of its risk management framework in a bid to ensure its effectiveness hence ensuring the continued ability of the company to deal with all risks it might be exposed to. Example: The above mining company’s risk management team could come up with a risk monitoring and review programme that will be based on risks level of likelihood, consequences and severity. Such a programme could answer questions such as; - Has the frequency of gaseous explosions reduced? -Has the training and education programme helped enhance workers safety? Depending on the answers to such questions, the company will be able to establish the adequacy of its risk control measures and hence decide on future course of action. 3.0 Risk identification tools Risk identification is done using a number of tools that are explained below. a) Documentation reviews This involves performance of structured review of the organisations project plans and reviews in a bid to identify the company might be exposed to while undertaking the projects or as a result of the assumptions. b) Brain storming It is the most commonly used risk identification tool and involves compilation of a comprehensive risks list which could be addressed during the risk analysis stage. c) The Delphi technique This method involves project risk experts who anonymously participate in risk identification. By analyzing their responses, their consensus regarding the organization’s risk is reached (Ana, M2012). d) Interviewing The interview participants identify risks based on their experience, information availed and other information sources deemed important to them. e) SWOT analysis In this case, the organisation analyzes its opportunities, strengths, threats and weaknesses in a bid to identify risk from a broader point of view. f) Checklists This involves the organisation developing risks’ checklists based on experience gathered from the organization’s past projects (Ana, 2012). g) Assumptions analysis The technique explores the accuracy of the organization’s assumptions and hence identifies risks from inconsistency, inaccuracy and incompleteness of the assumptions. h) Diagramming techniques -System flowcharts that depict how various elements in a system relate as well as causation mechanism. - Influence diagrams - graphical representation of problems depicting causal influences, events order as well as similar relationships between outcomes and variables. -Cause and effect diagrams used in identification of risk causes. 3.1 Brainstorming During brainstorming sessions, participants identify risks that a project/firm is exposed to. As such, new risk areas unknown before could become known during the session. It is important that the note taker notes every risk identified while the facilitator avoids giving his/her feedback as this may discourage some participants from contributing. Brainstorming is also ideal for the planning stage in generating mitigation strategies, risk causes and areas of impact according to Michael, (2010). However, it is not suitable for in-depth risk analysis. Advantages of brainstorming Brainstorming is widely used due to its ability to generate a lot of information within very short time periods. In addition, the sessions enable instant sharing of risks with others without incurring additional costs. In addition, it is a relatively cheap risk identification tool. Disadvantages Brainstorming method may not always be desirable since not every person is able to freely express themselves in a group. There is potential for group think and hence the intended results might not be achieved. In addition, the entire planning of the session may be a hassle and hence time consuming. Conclusion: Organisations have a great role in ensuring that people and the organisation are not exposed to risks. As such, deliberate efforts to control risks must be undertaken. This calls for every organisation to employ a risk management process that controls risk exposure to a practically reasonable level. References: ACITIA (2009). AS/NZS ISO 31000:2009, Retrieved from; http://www.treasury.act.gov.au/actia/RMISO.htm Ana, M. (2012).Modern methods of risk identification in risk management, International Journal of Academic Research in Economics and Management Sciences, 1 (6), 67-70. Barton, T. (2001). Risk Management, London, Rutledge. Keizer, N. (2002). Project risk management in the engineering construction industry. International Journal of project management, 22(1),15-61. Michael, U. (2010). Risk management: Strategies for reaction and response, Oxford, Oxford University press. Sa.gov.au (2013). Risk management, Retrieved from; http://sa.gov.au/subject/Community+support/Volunteering/Information+for+or ganisations+that+involve+volunteers/Managing+volunteers/Risk+management Appendix A A typical risk management schedule depicting various steps of the risk management process Activity By when? Frequency of update Outcome expected Risk identification -Assessment of project teams -Expert interviews -Lessons learnt 1/12/2012 1/12/2012 1/12/2012 Quarterly N/A Quarterly Risk identified/ mitigation database Risk identified/ mitigation database Risk identified/ mitigation database Risk Analysis -Decision analysis -Probabilistic network schedules -Probabilistic cost and effectiveness models N/A N/A Reports as required Risk mitigation -milestones Contingency planning 1/12/2012 1/12/2012 Quarterly Quarterly Risk identification/mitigation database Risk identification/ mitigation database Appendix B A risk register for an organisation where risks identified by the risk management team are recorded together with their relevant information as well as corresponding measures to be undertaken. priority title description Probability of impact schedule scope quality cost Action 1 Procurement process Procurement process properly approved and transparent- failure to lead to bad reputation and loss of funding 100% high high high high The current procurement procedures noted to have loopholes that can give room for fraud. -a mitigation strategy to involve redesign and more tight procedures put in place 2 funding There is probability of losing funding due to delays caused by procurement procedures and processes 95% high high high high -need to prioritize most sensitive projects in fund allocation. - Procurement procedures to be reviewed to reduce delays while funds requisition time to be reduced. 3 Governance definition not complete Confusion between participants of roles and decision making organs 85% medium medium low Medium -Clear guidance and instructions to be issued at all times. -clear communication mechanisms to be put in place to allow flow of information in all directions. 4. Personnel Availability of personnel with the right skills and knowledge at all times 75% High Medium Medium High Recruitment process to be aligned to our organizational needs. -Human resources department to be better equipped to ensure recruitment is properly done. Read More