Risk is more than just a four-letter word!

The very mention of the word RISK evokes different responses from different perceptions, thus no wonder it even has different formal definitions, subject to its context, but with the most common terminology used, that most can identify with are the terms “uncertainty and undesirable outcomes”.

We are inadvertently exposed to risk in our everyday lives and again, the context of risk is of great value in understanding what some adapt as a simple solution, while others prefer a more complex and intricate approach to managing risk.

For example, parents are faced daily with risks that are relevant to their children, health care workers are subject to risks due to the very nature of their occupation and then globally there are risks as imposed by climate change and now most recently the war in Ukraine, but this is not aimed at trying to solve either personal or global risks, this is hopefully a different perspective on how risk is viewed, controlled and mitigated and also introduced as a positive opportunity for consideration as opposed to all doom and gloom.

It further aims to illustrate the advantages of a better understanding of risk and deliberation of how organizations can benefit in implementing a risk-based-thinking approach as managing risk in an organizational context is so much more than just maintaining a spreadsheet with a list of possible threats to an organization, if carefully considered and understood, risks can also be indicative of opportunities for organizations to adapt to possible uncertainties and change their approach as demonstrated by the global pandemic.

Suddenly work environments went from travelling to a common place of work, sitting in traffic, to simply getting out of bed and walking to a dedicated space within your home to get on with that which is expected, and granted, while working from home was not the ideal for all, suddenly smaller organizations came to the realization that having a physical place of work was not critical to the performance of their employees and thus presented the organization with an opportunity to rethink their operational performance.

Risk management is the process of identifying, assessing and controlling unwanted outcomes (threats) to an organization’s operations and performance. Risks can originate from a host of sources be it financial, legal, health and safety, environmental, strategic oversight, accidents or natural disasters.

A successful risk management program can assist an organization to consider the full range of possible risks and also examines the relationship between risks and the surging impact they could have on an organization’s strategic objectives and performance.

In addition to a focus on internal and external threats, Enterprise Risk Management (ERM) emphasizes the importance of managing positive risk (opportunities that could increase organizational value). Undeniably, the objective of any risk management program is not to eradicate all risk but to sustain organizational success by making intelligent risk decisions, hence managing risk should be closely linked with organizational strategy.

The first step to effective risk management would be for organizations to define their risk appetite – i.e. the amount of risk it is willing to accept in alignment with its objectives, thus evaluating which risks are acceptable and which would require additional controls before they are acceptable, some risks might be accepted with no further action necessary, while others might be mitigated, shared with or reassigned to another party, or averted altogether.

It is worthy to note the difference between Risk Appetite vs Risk Tolerance: Risk Appetite the amount of risk an organization is willing to accept to achieve its objectives, whereas Risk Tolerance is the acceptable deviation from the organization’s risk appetite.

Risk management has perhaps never been more important than it is now, promoted by the rapid pace of globalization and the emergence of the global call for compliance to i.e. GRC and ESG, risk is constantly evolving.

In industries that are strictly regulated i.e. financial industries, risk management is part of a formal function where risks are more quantitative and therefor managed in adherence to prescribed frameworks as prescribed by statutory and regulatory requirements, whereas in most other industries, risk tends to be more qualitative and thus more difficult to manage, thus increasing the need for a conscious, methodical and consistent approach to risk management.

Risk management process

The risk management discipline is referenced in many published bodies of knowledge that document a prescribed process to manage risk, the most familiar is the ISO 31000 standard, Risk Management — Guidelines, developed by the International Organization for Standardization, a standards body commonly known as ISO.

ISO’s five-step risk management process comprises the following and can be used by any type of entity:

1. Identify the risks.

2. Analyze the likelihood and impact of each one.

3. Prioritize risks based on business objectives.

4. Treat (or respond to) the risk conditions.

5. Monitor results and adjust as necessary.

The steps are rather self-explanatory, however, organizations are cautioned not underestimate the effort required to complete the process. Initially, it requires a fundamental understanding of the organizational context and strategic objectives.

The main objective for managing risk should be to develop the set of processes for identifying the possible organizational risks, the likelihood and impact of such risks, how each relates to the maximum risk the organization is willing to accept, and what actions should be taken to maintain and augment organizational value.

With risks that has the possibility of a threat or adverse effect on the organization, it is worth measuring the effectiveness of controls and if such controls need to be changed or adapted to reduce either the likelihood or impact of such risks, similar to in the instance where there is an opportunity, consideration should be given to how the organization can expedite the controls to ensure that opportunities are realized.

For the complete articles, visit: https://www.ariscu-africa.com/post/risk-more-than-just-a-4-letter-word

ARISCU
ARISCU
https://www.ariscu.com
netishac@ariscu.com
+27-81-531-5841
221 Lynnwood Road
Brooklyn
Pretoria
South Africa

comtex tracking

COMTEX_405647957/2764/2022-04-13T07:53:15

Disclaimer: The views, suggestions, and opinions expressed here are the sole responsibility of the experts. No Boston New Times  journalist was involved in the writing and production of this article.

Written by