Monday, September 14, 2009

Steps in the risk management process

Establish the context: It involves the following
  • Identification of risk in a selected domain of interest
  • Planning the remainder of the process.
  • Mapping out the following:
      • The social scope of risk management
      • The identity and objectives of stakeholders
      • The basis upon which risks will be evaluated, constraints.
  • Defining a framework for the activity and an agenda for identification.
  • Developing an analysis of risks involved in the process.
  • Mitigation of risks using available technological, human and organizational resources.
Identification

After establishing the context, the next step in the process of managing risk is to identify potential risks. Risks are about events that, when triggered, cause problems. Hence, risk identification can start with the source of problems, or with the problem itself.
  • Source analysis Risk sources may be internal or external to the system that is the target of risk management.
  • Problem analysis Risks are related to identified threats. The threats may exist with various entities, most important with shareholders, customers and legislative bodies such as the government.
Common risk identification methods: Common risk identification methods include the following
  • Objectives-based risk identification
  • Scenario-based risk identification
  • Taxonomy-based risk identification
  • Risk Charting
  • Common-risk Checking
AssessmentThe fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents. Furthermore, evaluating the severity of the consequences (impact) is often quite difficult for immaterial assets. Asset valuation is another question that needs to be addressed. Thus, best educated opinions and available statistics are the primary sources of information. Nevertheless, risk assessment should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized. Thus, there have been several theories and attempts to quantify risks. Numerous different risk formulae exist, but perhaps the most widely accepted formula for risk quantification is:
Rate of occurrence multiplied by the impact of the event equals risk

Potential risk treatments
Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories:
  • Avoidance
  • Reduction
  • Retention
  • Transfer

No comments: