What is risk?
Risk is defined as ‘an uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives. A risk is measured by the combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on objectives.’ All organizations, including temporary ones such as those concerned with programmes or projects, will encounter uncertain events when trying to achieve their objectives. These uncertain events may arise inside or outside the organization. Each individual uncertain event that would impact one or more objectives is known as a risk. Within this definition, ‘threat’ is used to describe an uncertain event that would have a negative impact on objectives if it occurred and ‘opportunity’ is used to describe an uncertain event that would have a positive impact on objectives if it occurred. The combined effect of risks to a set of objectives is known as risk exposure, and is the extent of the risk borne by that part of the organization at that time.
What is risk management?
Every organization manages its risk in some way, but not always in a way that is visible, repeatable or consistent, to support effective decision-making. The task of risk management is to ensure that an organization makes cost-effective use of a risk management process that includes a series of well defined steps. The aim is to improve internal control and support better decision-making through a good understanding of individual risks and the overall risk exposure that exists at a particular time.
Accordingly, in this guide, the term ‘risk management’ refers to the systematic application of principles, an approach and a process to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision-making.
■■ Identified This involves considering uncertainties that would affect the achievement of objectives within the context of a particular organizational activity and then describing them to ensure that there is a common understanding.
■■ Assessed This involves estimating the probability, impact and proximity of individual risks so they can be prioritized, and understanding the overall level of risk (risk exposure) associated with the organizational activity.
■■ Controlled This involves planning appropriate responses to risks, assigning owners and
actionees and then implementing, monitoring and controlling these responses.
Why is risk management important?
Some risk-taking is inevitable if an organization is to achieve its objectives. Those organizations that are more risk aware appreciate that actively managing not only potential problems (threats) but also potential opportunities provides them with a competitive advantage. Taking and managing risk is the very essence of business survival and growth. Effective risk management is likely to improve performance against objectives by contributing to:
■■ Fewer sudden shocks and unwelcome surprises
■■ More efficient use of resources
■■ Reduced waste
■■ Reduced fraud
■■ Better service delivery
■■ Reduction in management time spent fire-fighting
■■ Better management of contingent and maintenance activities
■■ Lower cost of capital
■■ Improved innovation
■■ Increased likelihood of change initiatives being achieved
■■ More focus internally on doing the right things properly
■■ More focus externally to shape effective strategies.
Many of these benefits are applicable to both the private and public sectors. Whereas the private sector focuses mainly on shareholder returns and the preservation of shareholder value, the public sector’s role is to perform cost-effectively, in accordance with government legislation and policies.
No comments:
Post a Comment