“What is life, without a little risk” JK Rowling
Risk management is a non-stop process that adapts and changes over time, repeating and continually monitoring the processes helps manage known and unknown risks. It forms part of the life of a business, the act of attempting to control as much as possible future outcomes by acting proactively rather than reactively. If you ask me, risk management applies to our day-to-day lives, like they say charity begins at home. Good risk managers are made at home not so much in the workplace; laughs in learning on the job. Not to digress here, we focus on business/projects, however at your convenience and your bill we can talk about risk and its management in individuals, ‘winks’.
Risk is the chance of something happening, a pessimist would say the possibility of an adverse outcome from a particular event while an optimist insists there is a likelihood of opportunity to gain in risk. Plainly put, we are faced with different risks on a day-to-day basis, but we hope someone (risk manager) saw it coming and had a plan for it, risk management.
Risk management refers to the process of identifying, assessing/evaluating, and prioritizing risks followed by the coordinated economical application of resources to minimize, monitor, and control the impact of unfortunate events or to maximize the realization of opportunities. The goal of risk management is to minimize, monitor, and control the impact of negative events while maximizing positive outcomes.
Where do risks originate? To each industry, their own, however broadly; financial uncertainties, legal liabilities, natural disasters, regulation, accidents, operational risks, environmental, social, and governance risks; these present threats in different ways to an organization’s capital and earnings. Risks can be characterized by; subjectivity to change (Dynamic or Static risks), breadth of impact (Fundamental or Particular risks), and likelihood of gain (Pure or Speculative risks).
Now that we know where risks originate and their traits, let us look at the steps in risk management.
Firstly, Risk identification; is where the events that could disrupt a business’s operations are identified, the same are also assessed and they identify to what extent the said risks affect operations and the workforce. ‘What could happen, could it happen in this situation?’ The risk analysts will use various methods at this stage including brainstorming and questionnaires with different people in the workforce as each single individual presents a different risk though some may cut across. It helps if the engagements are specific and subjective to identify the details of all potential outcomes. Methods of loss risk identification such as loss reporting, and studying incidents, current and past, to isolate areas of appropriate risk management. In the famous words of Marilyn Vos Savant; To acquire knowledge one must study, but to acquire wisdom, one must observe. Many risks can be identified by observation and better understood through study. Coincidentally while I was coining this, I visited a client who did something for World Safety Day 2023; some of the tag lines that caught my eye; Stop Look Assess Manage, this alone shows the process of identifying and handling the risks involved in their workplace safety. The other was ‘Safety in your hands.’ It was nice seeing something as risky as workplace safety simplified into an impactful and easy-to-carry message for the employees and stakeholders. This goes without saying, a simplified message demystifies the risk.
Secondly Risk analysis and assessment; after various risks have been identified, analysts establish the likelihood of a risk event occurring and the potential consequences, they compare the magnitude of each and rank them according to prominence and consequences depending on various factors including operations, natural disasters, governance, social risks among others and consider the hazards both physical and moral that propagate the risk. There is never enough information to predict with enough accuracy but it’s vital to estimate possible risks and plan for them, better safe than sorry, they said. Asking how frequently an event is likely to occur and what are the possible outcomes.
Thirdly, Risk mitigation and monitoring, is where the business acumen of the stakeholders is tested, the process of planning, and developing methods and options to reduce threats to business/project objectives. This stage is crucial because it is where a business/project can be protected from the adverse effects of a risk and later maximize the benefits from the risk. The monitoring bit is what makes it a continuous process, the risk analyst does not sail into the abyss after they have made a risk management policy, they must stay on their toes as we have seen, the proactive approach is better than the reactive one. Here is where the risk is also evaluated, levels of risk must be compared with the risk acceptance levels in the risk management policy. Important to ask is: Who implements the risk strategy and how is performance measured?
Thank you for making it this far, we have seen what, why, where, and now hear me out on how to manage/treat the risk. The methods of risk management are broadly categorized but some have options since there are various risk exposures due to the different business/project operations:
- Risk avoidance. As a solution to certain risks seems to work as some risks are avoidable by not taking part in certain businesses/projects. The approach is one bites exactly/less than what they can chew. The downside is that the stakeholders miss out on the would-be opportunities and benefits of participating with the risks. But it can’t be the first spanner one throws into the works. You are better safe than sorry they said. It’s better to participate cautiously than to be sorry you missed out on some gains.
- Risk reduction and prevention. Here, a business/project makes attempts to minimize the loss, focusing on keeping the loss contained and preventing it from spreading. Stop loss measures are put in place to reduce the adverse effects of the risk for instance to reduce the likelihood of a fire and its consequences after occurring buildings have fire extinguishers, fire exits, assembly points, lightning conductors, and proper electrical installations among others. There is also increased capacity building among building occupants in firefighting.
- Risk sharing. The risk is shared in agreed proportions between an individual/business/project and another usually equally large(r) party.
- Risk transfer. The consequences of the likelihood of a loss are passed on to another party. Given the complexity of this, it is many a time housed in a contract that stipulates terms, conditions, and exclusions to govern both parties for one to be able to take on the financial responsibility of covering the risk. You and I know this comes at a cost; Premium.
- Risk acceptance and retention. This involves accepting the inevitability of certain risks. One exposed to the risk accepts, retains a portion, and cedes the other to a more capable party. The retained risk is a cost to help offset larger risks along the road.
If risk management is a cake, then the importance of risk management is the cherry on top and I can’t go without hinting at these.
Risk management ensures financial stability as certain mitigation measures act as shock absorbers and prevent financial loss.
There is compliance with legal requirements, and implementing risk management measures sees compliance to rules and regulations come naturally in the day-to-day operations, in tandem less is spent on fines and penalties.
Business continuity and sustainability, with risk management measures in place, an organization can continue its operations even when faced with unexpected events. By identifying and mitigating risks, businesses/projects can maintain stability and minimize disruptions over time.
I will use my last breath to tell you, excitedly, that this writer has chosen to do a certificate in Risk management (send upkeep). I will keep you posted on how this goes. However, the long and short of my letter to the risk takers world over, individuals/businesses/projects that adopt a prospector risk management policy tend to outperform defenders, analyzers, and reactors. In addition, there needs to be a focus on Environmental, Social, and Governance factors to bolster risk management.
Marvin Guma | Claims Department - EMOT Department | Minet Uganda
Comments
Post a Comment