RISK MANAGEMENT

1. SCOPE OF RISK MANAGEMENT

1.1: Definition of terms related to risk management

Let us start by defining a risk. Risk is a chance that an actual return from an investment will be different

from the expected. The future outcome in risks is predictable, manageable, measurable, and quantifiable

and you can also assign a probability to risks events.

Often we mistake uncertainty for risk. Uncertainty is when you are totally clueless about the outcome of an

event. I can also state it as an unknown risk. Issue something that has happened previously in the project

which might have been identified or a problem that is unknown and may have a small or large impact.

Now having known the meaning of risk and uncertainty, it becomes easier to define risk management.

Risk management refers to the identification of potential risks, knowing them and taking precautions to

reduce them. When you make decisions about something, you most probably expose yourself to potential

risks.

Some of the risks may be economic risks for example: Recession, inflation, others could be environmental

risks such as: change of weather while some could as well be political risks e.g. change in legislation in the

government.

In ICT environment, risk management revolves around two main areas. They include new projects and

ongoing operations.
When you are launching a new project, you will have to apply a risk assessment of all phases of the project.

When such projects deliver services and products and they become part of ICT regular operations, risk

assessment is necessary for all operations.

1.2: Risk management aspects.

Now let us cover risk management aspects. They are usually many but am going to discuss five of them.

How can you manage risks? By avoiding, preventing, shifting or transferring, sharing and assuming risks.

Let us discuss how each of them is applicable in risk management.

 First, you can manage a risk by avoiding it: this is by deciding not to involve yourself in actions

that might give rise to the occurrence of the risk. For example, you should not bank in a financial

institution that is experiencing management problems to avoid losses that might arise due to

receivership.

 The second one is preventing risks: This is a step you can take to reduce risks. How can you

reduce risk? An example is a business setup where you do a market research. You have to know

about the 4 Ps of marketing which addresses the areas of Price, Place, product, and promotion.

This will help you prevent risks that may arise due to changes in consumer taste and preferences.

For example, if you are investing in the fashion industry, you need to know about fashion and

design so that you produce products that are tailor-made for your consumers.
 Consider shifting risks: You might need to consider the aspects of transferring risk to an

institution or another person. I have several examples of ways you can shift risks. The first one is

insurance. Insurance provides covers for unpredicted risks around the environmental, political,

social and technological issues. You can also consider diversification. Here, you invest in two or

more contracts that are corresponding in nature.

Another way you can consider shifting risks is by underwriting. This involves the promoters of a

company and underwriters entering into a contract where the underwriters agree to buy securities

for a commission. This way the promoters are sure of selling all the securities hence preventing

the company from being wound up.

 Share your risks: consider dividing the risk as another form of risk management. There are two

major forms of sharing risks. One; as a shareholder, you can decide to incur part of the losses that

might arise due to business failure or Two; joint ventures.

A joint venture may be formed between business owners of a same or different countries and the

co-ventures decide to undertake a risky venture. This way the risk is shared between the co-

ventures.

 Lastly but not least you can assume the risk: As you know some risks can neither be avoided,

prevented, shared nor shifted, as a business owner you might consider capitalizing on the
 financial reserves or manpower while assuming the risk. This applies to the proverb no pain no

gain.

1.3 contributions of risk management to project performance

Why should you consider risk management?

We will now examine how risk management has contributed to project performance. Our main objective

here is to get a concrete comprehension on the impact of risk management on the overall success of your

project or business venture.

Adopting risk management practices has a positive impact on the overall performance of business

success. You need to understand critically the uncertainties in the business environment as evaluated by

risk managers and project managers.

I have hereby listed a number of contributions to a properly designed risk management structure.

1. First, assign risk owners. Risk owners have full knowledge and ability to manage projects thus

they can be held accountable for either positive or negative outcome. However, some risks cannot

be assigned to a single owner.

accountability with the business model. Aligning involves grouping together the risks such that

they are assigned to a single owner. You will get to see that a business model provides a platform

to gauge its value to its respective customers and/or clients.

Also, you will be provided with an architectural design structure that gives an overview of the

relationship between employees, partnerships in the best way to add value to the business. There

is a need to match risks with risk owners. By this, you will enhance the smooth functioning of the

alignment.

3. Then, you should centralize risk function as the third contribution: a central risk function refers to

an individual or a unit responsible for coordinating risk across the entity. The goal of a risk

central function is to aid risk owners to manage risks. This, therefore, should have a clear access

to company executives.

A central function can further identify risks gaps omitted by senior executives. A central function

assumes the role of managing risk. It can further aid in buying insurances or controlling losses. It

should, however, be noted that it is not the primary duty of the central function to buy insurance.
 This unit seeks out factors in the changing business landscape such as markets, politics,

regulators, competitors and other risk sources.

The issues addressed by the central function unit revolve around management, human resources,

and leadership life cycles. They are critical and therefore deserve full attention.

4. More so, install a high tech electronic platform (HTEP): This is a management decision support

system structured specifically to aid in understanding risk. This tool will aid in sharing of risks

identified and further recognize the level of exposure to the risk.

This being an evaluation tool, it shows you how the risk owner evaluates risk and allows for

making alternatives or recommendations. Now lets us define risk clusters. This is related to HTEP

as it is a group of related risk that relates exposures resulting from the risks.

5. As part of risk management consider involving Board of Directors (B.O.D). The B.O.D is the top

tone and normally require reports given periodically from the internal audits. The board should

have an independent report on risks.

6. Lastly, employ a standard risk evaluation process. The contribution of enterprise risk

management requires a risk assessment process. This is a problem-solving process used in

exposures.

Now let's consider the following steps of standard evaluation process

i. First, identify the risk: Businesses face external risk arising from environmental, economic

and other external sources. The internal risk in businesses involves structure, management,

leadership, employee relations, customers, suppliers among others.

You will note that most of these risk exists due to faulty business processes, weak internal

control systems, and other departmental weaknesses.

ii. Then assign ownership of risks: in this step, you basically assign accountability to each risk

with a specific function area unit or initiative. You delegate a chain of command in a

reporting line to the risk owner

iii. Do an impact assessment: here you employ both qualitative and quantitative analysis to

ascertain expected chance or likelihood.

iv. Then there are mitigation options: you will now assess choices available. This should give

you a clear choice to either avoid, retain, reduce or transfer the risk. Weigh the balance

between the cost of retaining the risk or mitigating it.

implement it. You need to monitor it so that you make appropriate adjustments. This hence,

ensures flexibility and availability of new information.