Risk Management in Business Organisations Report (Assessment)

Executive Summary

Risk is always an uncertainty factor. Risk assessment and risk Management are very important area of business organisation to reduce the uncertainty of risk. The risk management standard AS/NZS 4360:2004 provides a series of steps for controlling risks to some extent be discussed here with. Relevance of risk management and its positive and negative impact are a part of this study..

Every organisation has its own objectives and goals and aims at a particular gross profit and operating income and also expects to provide a certain level of dividend income to its shareholders and it also hopes to plough back some profits. Once it identifies its operating level of earnings the degree of variation from this operating level would measure business risk. Business risk is also associated with risks directly affecting the internal environment of the firm and those of circumstances beyond its control. Risks are the integral part of an investment decision of an organisation. Technically risk can be defined as a situation where the possible consequences of the decision that is to be taken are known. Uncertainty is generally defined to apply to situations where the probabilities cannot be estimated. However risk and uncertainty are used interchangeably.

Definition of risk management

Risk management is a process that involves identifying, analysing, evaluating and treating of risk in an organization. So an effective and efficient risk management takes a special privilege of opportunities as they arise in an organization and enables to minimize the barriers in order to secure business objective. Risk management may be generally defined as the process of identifying and evaluating risks while selecting and managing the various techniques involved risking exposures. A risk is defined by the Australia/New Zealand Standard for Risk Management (AS/NZS 4360:2004) as“…the possibility of something happening that impacts on your objectives. It is the chance to either make a gain or a loss. It is measured in terms of likelihood and consequence.” (Guide to risk management, 2004). A risk comes now and then and it’s unpredictable. Thus the risks are should be well managed effectively and efficiently. Managing risks enables the organization to achieve its potential aim with the interference from a risk eventuating

Relevance of Risk Management

Effective risk management leads to better program and service delivery. Risk assessment and risk management have emerged as central organizing principles for an increasing number of health and welfare programs. (Green 2007).

Risk management is recognized as an essential tool to tackle the inevitable uncertainty associated with business and projects at all levels. But if frequently fails to meet expectations with projects continuing to run late and over budget or under performing the business not gaining the expected benefits. Strategy and tactics are connected through project objectives, which are both affected by uncertainty, leading to risk at both strategic and tactical levels. An integrated approach to risk management can create significant strategic advantage by bridging the strategy and tactics gap and dealing with both threats and opportunities helps to enable both successful project delivery and increased realization of business benefits. Risk assessment is usually a precursor to strategic and business planning, and major procurement emphasis on projects and change programs. Risk Management is therefore an integral component of all daily business activities.

Risk is usually construed to be negative (i.e. adverse), but it can provide opportunities for an organization as well. Risk is inherent in the functions and activities of Council and its service providers. As the consequences of an adverse event may include an inability to meet ratepayer and customer requirements, financial loss, organizational or political embarrassment, operational disruption, legal problems, and so forth, it is important that management policies, procedures and practices are in place to minimize Council’s exposure to risk.

Determining assets, both tangible and intangible, for an organization is the first critical step in the risk analysis process. An asset is anything an organization can attach a value to, and hence requires protection. Determining what constitutes an asset, assigning a value to it, and determining who “owns” it, is something that has to be done with the people in the organization. (Brown 2004). Risk Management involves adopting and applying a systematic process to identify, analyse, evaluate, treat and monitor risk so that it is reduced and maintained within an acceptable level. It is said that “Management” may be defined as the process of planning, organizing, leading and controlling the resources and activities of an organization in order to fulfill its objectives most cost-effectively. Whereas “Risk Management” is the process of making and carrying out decisions that will minimize the adverse effects of accidental losses upon an organization.

Risk analysis involves developing an understanding of risk, which is an important step in the risk management process, and provides the foundation upon which informed decisions on mitigation may be based. Analysing risk allows priority areas to be targeted for mitigation and can assist in the allocation of limited resources. Risk analysis may therefore play an important role in cost–benefit studies, which compare the costs of a particular action or project against its potential benefits. To be most effective, risk management should become part of an organization’s culture. It should be embedded into the organization’s philosophy, practices and business processes rather than be viewed or practiced as a separate activity.

Important decisions about an organization’s risks should not be made simplistically but at the same time the processes used should not be over complicated or onerous and should mesh with other management activities. It is hoped that the new AS/NZS 4360 will assist organizations and individuals to better manage risks. Risk analysis may be undertaken to varying degrees of detail depending upon the risk, the purpose of the analysis, and the information, data and resources available. Analysis may be qualitative, semi-qualitative or quantitative or a combination of these, depending on the circumstances. ‘thus the systematic process to understand the nature of and to deduce the level of risk is determined and it provides the basis for risk evaluation and decisions about risk treatment.

Process of risk management

The risk management standard AS/NZS 4360:2004 provides a framework for managing the risk posed by hazards. The steps include: establish the context, identify risks, analyse risks, evaluate risks and treat risks throughout each step of the risk management process, it is essential to communicate and consult with stakeholders, and monitor and review the process.

Risk management process involves a number of steps such as:

1. 1. Establishing the context;
   2. Risk identification;
   3. Analysis of risk;
   4. Evaluation of risk;
   5. Treatment of risk and
   6. Monitoring and review.

Establish the context

It involves establishing both external and internal context. External context particularly important to take into account the perceptions and values of external stakeholders and establish policies for communication with these parties. Establishing the external context is important to ensure that stakeholders and their objectives are considered when developing risk management criteria, that externally generated threats, and opportunities are properly taken into account. Establishing the internal context is important because risk management takes place in the context of the goals and objectives of the organization. In addition, the major risk for most organizations is that they fail to achieve their strategic, business or project objectives, or are perceived to have failed by Stakeholders. The organizational policy and goals and interests help define the organization’s risk policy; and specific objectives and criteria of a project or activity must be considered in the light of objectives of the organization as a whole. Besides it involves risk management context, develop Criteria and define the Structure.

Identify Risks

Identification is a relatively straightforward yet crucial stage in the risk management process.Identify the risks most likely to impact on your outputs, together with their sources and impacts. It is important to be rigorous in the identification of sources and impacts as the risk treatment strategies will be directed to sources (preventive) and impacts (reactive).There arise questions such as what can happen? When and Where? How and Why?

Analyse Risk

It involves identifying existing controls, determine consequences and likelihood occurrence and determine level of risk. Identify the controls currently in place that deal with the identified risks and assess their effectiveness. Based on this assessment, analyse the risks in terms of likelihood and consequence.

Evaluate Risk

This stage of the risk assessment process determines whether the risks are acceptable or unacceptable. The person with the appropriate authority makes this decision. A risk that is determined as acceptable should be monitored and periodically reviewed to ensure it remains acceptable. In all cases, the reasons for the assessment should be documented to provide a record of the thinking that led to the decisions. Such documentation will provide a useful context for future risk assessment.

Treat Risks

This step involves identifying and assessing options, prepares, and implements treatment plans.Potential treatment options are developed according to the selected treatment strategy. The selection of the preferred treatment options takes into account factors such as the costs and effectiveness. The determination of the preferred treatments also includes the documentation of implementation details

Monitor and Review

The relevant manager is required to monitor the effectiveness of risk treatments and has the responsibility to identify new risks as they arise and treat them accordingly. Managers are also required to report on the progress of risk treatments at regular intervals. The person who has the responsibility for a risk treatment is expected to provide feedback on the progress of the ‘project / initiative’ as detailed in the ‘monitoring’ field of the treatment. It is important that any risk management strategy, once implemented, be periodically reviewed to allow for changing circumstances – both within the farm and due to new information received regarding changing weather patterns. An effective risk management strategy requires adaptation, continued improvement, attention to management skills and on-going commitment.

These steps are underpinned by the need to have an appropriate risk management committee structure, and to continually communicate, consult, monitor, review and document each stage of the process. Once risks have been identified, analysed and evaluated, it is time to identify the range of treatment options then assess and select the correct option with the time involvement. Risk treatments need to be planned preferably integrating actions with normal business planning mechanisms should be applied and implemented then regularly monitored and reviewed for effectiveness.

This review should take place immediately following implementation and appropriate triggers need to be established with regards to time and major events to determine the frequency of ongoing reviews. The requirements for monitoring and review depend on the nature of the risk and the type of risk treatment selected. For serious risks, or if change from a controlled situation to an uncontrolled situation may be rapid, monitoring may need to be constant that is continuous automated systems or high levels of supervisions are to be maintained. Review frequency and triggers depend on the nature of the risk being managed and the types of risk treatments are to be well used and maintained.

Positive/negative impact for business

Risk may have a negative and positive impact. Profit and success are outcomes of risk taking and positive risk management supports the development and implementation of strategy. Every business has risk and opportunity in everything they do and as the environment in which they operate changes, risks and opportunities change. Effective risk management is a means of monitoring those changes. Effective risk management requires a strategic focus with a forward thinking and proactive approaches to management and there should be a balance between the cost of managing risks and the anticipated benefits and contingency planning in the event that mission critical threats are realized. Fraud and integrity risks are to be considered as part of the overall Risk Management process as they form a subset of each agency’s business risks.

Fraud risks should also be considered in the risk management plans that are prepared for specific activities, programmes, procurements and contracts. The best method of managing fraud and integrity risks is prevention. And prevention requires that you know your employees, vendors and potential business partners, as well as the social political and legal climates of the countries in which you do business. Strong internal controls with proper oversight including frequent audits by independent parties can be powerful and best practice approaches are used in reducing the potential for fraud. Internally generated risks arise within a project management team or its host organization, from their management systems, culture and decisions. (Barber 2005). Risk Management is a business tool and a part of “good management” and good planning processes. It sits within an overarching governance program.

This three-tier approach provides a systematic and documented management process.

• Governance establishes the accountability and responsibility of the Council.
• Risk management is the tool or process used to ensure governance principles are applied.
• Business continuity is the process in place, if a significant risk event occurs that results in a disruption to normal business, to ensure that service delivery continues and returns to normal within a short period.

The three processes are interlinked and each requires effective management to ensure the most effective delivery of the governance principles.

Issues in risk management

Risk management involves anticipating possible changes in expected outcomes, including monetary returns, as part of decision making. This may be due to factors such as weather, interest rate changes, pests, diseases, prices, and economic conditions, changes in the natural resource base, health, family circumstances and personal factors.

Some of the risk associated with investment and money market involves currency risk, interest rate risk and commodity risk. Currency risk arises because the value of the Australian dollar fluctuates due to the market forces of supply and demand. Interest rate risk is simply the risk resulting from fluctuating interest rates. A number of flexible solutions are available to borrowers and investors to help manage this potential risk. By reducing or removing the volatility and uncertainty associated with fluctuations in commodity prices and currency movements are able to deduct commodity risks.

Strategic risk management embraces both the upside and downside of risk. Traditionally the discipline of risk management has been devoted to addressing threats of accidental loss. In this traditional insurance-and-safety context, the most risk management could ever accomplish was to reduce or eliminate losses from accidents, so that organisation could do their best by providing safety measures. This perspective has not addressed any accidental risks of loss from poor business judgment or from errors in forecasting client does not need nor has it entertained the possibility for gain from risk. The result is that the risk management attains their best level of service and most organisations actively seek changes. The sought-after change might be the well being of the constituents or communities that are the focus of the organisation’s mission. For any organisation to succeed its world must change and it cannot stand still, or expect to remain perfectly stable. An organisation cannot do business without incurring some level of risk, just as a human being cannot exist without incurring some level of risk.

Australian Standard AS/NZS4360 2004

Australia Standards makes a strong commitment to the consideration of benefits and opportunities and are also actively managed. Standards Australia (The current third version, AS/ (2004)) comes in two parts: a short standard and very detailed Risk Management Guidelines Companion, which provides a wealth of information in clear language. ISO has approved this as national standard. Furthermore, a number of multi-national enterprises have adopted the basic concept in the Australian standard. The Three main features of the Australian Standard are important in this context.

The first feature is its holistic approach that covers risks and benefits and is applicable to all risk contexts and all organizations. The second feature is the emphasis on establishing a context for risk management. Finally, the third feature is the emphasis on consultation. Main feature is that AS places the monitoring and review activity very explicitly alongside the entire process, instead of highlighting its place only at the end of the process. Risk is defined as “the chance of something happening that will have an impact upon the objectives of an organization. It is measured in terms of consequences and likelihood.” (AS/NZS 4360:2004).

Risk management based on the Australian Standard AS/NZS 4360 is now a foundation for management both in the private and public sectors.

They developed a number of key themes:

• Support from senior management is critical
• Developing a risk management across the whole organization is vital.
• Risk management is a core element of good management practice.
• Risk management needs to have a holistic approach.
• Risk management helps break down silos and divisions in organizations.
• Better understanding of objectives.
• Risk management integrates a systematic way to make informed decisions.

Managing Risk

Controlling risks of both internal and external is one of the top priorities of corporation today. It is important to identify risk in are as such as financial, advertising, operational, IT, brand etc because of regulatory mandates and active shareholders. Companies are looking to systemically identify measure, prioritize and respond to all types of risk in the business, and then manage any exposure based on organization’s strategy and priorities. Presents a new risk management method to analyze general security risks and to determine which countermeasures should be implemented in order to avoid them. (Castillo, et al 2007, P.64-68).

Risk is always present, due to the inherent uncertainties in an ever-changing and increasingly complex society. Moreover government agencies are faced by competing demands for improved service delivery and greater cost efficiencies. Risks can manifest themselves negatively as injuries to personnel or the public, physical damage to assets, financial loss and disruption to services or damaged reputations. However, positive risks such as potential gains, opportunities, efficiencies, improvements and innovations can also present themselves. To manage risk is to implement the appropriate safeguards to protect against negative exposures and to exploit positive opportunities. To balance demands and provide certainty and assurance, government agencies must strengthen their capacity for decision-making, with good judgement being supported by formal and rigorous technical analysis. It is vital for an agency to understand its risk exposures so it can adopt the best treatment strategies and strengthen its defensive systems.

All risk management occurs within a wider context. It is therefore vital that anyone conducting risk management activities within an agency understands the contextual setting before they begin. That is, they must understand the nature of the internal and external forces that act on the agency. Analysing the agency’s strengths, weaknesses, opportunities and threats can increase this understanding and many analytical techniques are available to aid in the identification, analysis and assessment of risks.

An important role of the risk assessment team is to correctly identify potential risks. An agency that holds the authority of risk management must identify where they are now, where they want to be in the future and what do they need to do to get there. Risk-specific standards, processes and activities are essential components of an agency’s risk management system. However in order to effectively guarantee quality outcomes and positive change, they rely on solid management plans, controls and structures and ensures a capable, competent and well-resourced organisation with a positive and receptive culture. Thus the organisations of risk management are shaped and informed by the various demands and constraints imposed on the agencies by government authorities, community expectations and legal systems.

Conclusion

Risk management is an organisational disciplinary function and constitutes a sound management with the applications of valid principles. Risk management may be the exclusive playground of financial mathematicians and droll economists. Technical finance problems only enter the picture as distant subordinate issues to the management problems that necessitate risk management and contribute to the difficulties with its implementation. So a sound risk management process fits into a sound general management framework. Thus a good understanding of risk management requires not only an understanding of value at risk but rather a solid grasp of the basic tenets of finance and strategy.

Risk Register

Likelihood 1=R=Rare

Impact

• 1=N=Negligible
• 2=U=Unlikely
• 2=L=Low
• 3=P=Possible
• 3=M=Medium
• 4=L=Likely
• 4=V=Very High
• 5=A=Almost Certain
• 5=E=Extreme

Bibliography

A, Castillo,et al, (2007). A Risk Management Method Based on the AS/NZS 4360 Standard: Abstract. P.64-68. IEEE Xplore. Web.

Barber, Richard B, (2005). Understanding internally generated risks in projects: Abstract. Science Direct. Web.

Brown, Dr Lawrie, (2004). Security Risk Management Overview: Asset Identification. Web.

Green, David, (2007). Risk and Social Work Practice: Abstract. Vol.60. Issue.4. P.395-405. Informaworld. Web.

Guide to risk management: Definition of Risk: Introduction. (2004). ACTIA: Insurance & Risk management. Web.