The management of risk is a multi-dimensional activity that entails a range of disciplines and thought processes to ensure that resilience is created and maintained within an organization.
In any given organization, risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, time risk, human risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary.
Risk management’s major purpose is to;
- Identify possible risks.
- Reduce or allocate risks
- Provide a rational basis for better decision making in regards to all risks
In responding to risks, one can choose to accept, mitigate or avoid them which come after a proper risk analysis process that involves risk identification, assessment, development of responses to the risk and development of a contingency plan or risk preventative measures.
- Avoidance: This involves eliminating a specific threat usually by eliminating the cause.
- Mitigation: This involves reducing the expected monetary value of the risk event by reducing the probability of occurrence.
- Acceptance: This involves accepting consequences of the risk and is often a accomplished by development of a contingency plan to execute should the risk occur.
The critical point is that risk management is a continuous process and its objective is to ensure that the business does not close by anticipating potential bad events and ensuring that they don’t occur and where they occur, the impact is properly mitigated or reduced as much as possible through effective measures like insurance/risk transfer, risk acceptance or managing the risk/daily back-ups to ensure that the computer data is not lost.
Application of risk management
Case study of a local bank in Uganda.
In this bank, the server room was put in the basement of the bank’s head office building. Nothing had ever happened in the past. They knew the basement as the most secure place. However, the wet season set it in. It rained too much that water flooded the basement and the entire system went off impacting the going concern of the bank.
What helped the bank? It had an off-site real time back-up (as required by the regulation). The back-up centre was located in another avenue outside the main building. When the entire system went off, it took almost two days to recover up the back-ups because the bank had not tested their recovery plan. If the bank was not backing up, it would have been catastrophic. There would have been many questions to ask. How would the bank know a given customer’s balance? How much they had been deposited or withdrawn?
This shows that business managers had properly assessed the potential occurrence of a risk that would result into loss and had put in place proper measures of handling that risk by creating off-site data back-up locations outside the main building.
An effective risk management system will:
- Reduce the opportunity for finances to be used fruitlessly, making sure that all resources are utilized efficiently while minimizing the potential for injury to employees.
- Provide assurance that an organization can create and implement an effective plan to prevent losses or reduce the impact if a loss occurs
In practice therefore, risk management starts with identifying, assessing and quantifying business risks, then taking measures to control or reduce them. The risks are then reassessed and business decisions are made based on the remaining risk vs. reward. This is all done to ensure that business remains as an on-going concern and successful.