Anda di halaman 1dari 4

Management of Risk

Definition
Organizations of any kind face internal and external factors and influences that make it
uncertain whether, when and the extent to which they will achieve or exceed their
objectives. The effect this uncertainty has on the organizations objectives is risk.
(AS/NZS ISO 31000:2009, p. iv)

Thus risk is the effect of uncertainty on objectives. Typically projects have a variety of
objectives. For example typically construction projects have objectives related to time,
cost, quality, safety and environmental impact.

The uncertainty involved may come from a variety of sources. It may be the result of
some inherent randomness regarding the factor involved. For example it is difficult to
predict the weather. It may be the result of a lack of information that can be rectified by
some investigation. For example the uncertainty in the proportion of soil and required for
an excavation. It may be because the factor is under the control of somebody else. For
example, will a negotiation be successful, and how long will it take to resolve. However,
basic principles for dealing the resulting risk are the same.

Sometimes there are legal requirements of analysing and assessing risk, particularly in
the occupational health and safety area and in environmental issues. These legal issues
will not be covered, however the approach discussed should be applicable to any specific
legislation.

Consequence and Likelihood


A risk event is something that if it were to occur would have an impact on objectives.

Risk is measured in terms of likelihood and consequences.

The likelihood is the chance that the risk will happen. It may be expressed qualitatively or
quantitatively. Quantitative measures include probability and average recurrence interval.

The consequence is the impact that the risk event will have on the objective. Sometimes it
can be measured easily, for example the number of days that a project is late. Other times
it may be difficult to measure, for example the level of injury received in an accident.

The consequences may be beneficial or detrimental. Usually when people think about
risk management they think about dealing with the risks that might have an adverse
effect. However, positive risks should also be measured. Positive risks are called
opportunities. Managing them involves maximising the scope for taking advantage of
them.

Management of Risk Introduction Page 1


Risk Perception
Lay people tend to judge risk by the salience of the risk. For example nuclear power
seems more dangerous than coal power because people can easily recall nuclear disasters
such as Chernobyl and Fukushima Daiichi. However much more coal is needed than
uranium to produce a given amount of electricity and coal mines are dangerous.
Furthermore it does not occur to many people that the exhaust from coal power stations is
carcinogenic.

Factors that increase tolerability of risks


Risks assumed voluntarily
Delayed effects
No alternative
Large benefits
Well understood risk
Encountered occupationally
Familiar
Not dreadful
Will not be misused
Reversible consequences
Person has some control

Risk Management
Risk management is the coordinated activities to direct and control an organisation with
regard to risk.
(ISO Guide 73:2009, definition 2.1)
It involves:
Culture
Processes
Structures

Opposite of crisis management

Risk management needs to fit into the normal management system


Treatment often involves ongoing activities that need to be managed
Ordinary managers should be considering risks whenever they make decisions

Management of Risk Introduction Page 2


Benefits of Risk Management
an increased understanding of the risks ... and their possible impact, which can lead to
the minimisation of risks for a party and/or the allocation of risks to the party best
able to handle them.
an understanding of how risks ... can lead to the use of a more suitable type of
contract.
an independent view of ... risks which can help to justify decisions and enable more
efficient and effective management of the risks.
... assessment of contingencies that actually reflect the risks and which also tends to
discourage the acceptance of financially unsound [approaches].
a contribution to the build-up of statistical information of historical risks that will
assist in better [future] modelling ...
facilitation of greater, but more rational, risk taking, thus increasing the benefits that
can be gained from risk taking.
assistance in the distinction between good luck and good management and bad luck
and bad management. (Simon, 1993).

Those that benefit from risk management include:


an organisation and its senior management for whom a knowledge of the risks ... is
important when considering the sanction of capital expenditure and capital budgets.
clients,[/owners] both internal and external, as they are more likely to get what they
want, when they want it and for a cost they can afford.
... managers who want to improve the quality of their work ...(Simon, 1993)

The move to a more formal recognition of risk and the need for risk management appears
to have been strongest in projects involving large capital, particularly defence, oil and
gas, aerospace and civil engineering sectors; in the insurance industry; in accident and
safety matters; and in the environment.

Costs of Risk Management


The cost of risk management can vary from very little upwards. It depends on the scope
and importance of the project and the degree of commitment to risk management. It can
range from one or two days of a persons time to 10% of a projects management costs
and several months of effort.

Management of Risk Introduction Page 3


Framework for Risk Management
For risk management to be successfully adopted by an organisation requires a strong
mandate and commitment from the senior management of the organisation.

Roles for the senior management in carrying this out include:


define and endorse the risk management policy;
ensure that the organization's culture and risk management policy are aligned;
determine risk management performance indicators that align with performance
indicators of the organization;
align risk management objectives with the objectives and strategies of the
organization;
ensure legal and regulatory compliance;
assign accountabilities and responsibilities at appropriate levels within the
organization;
ensure that the necessary resources are allocated to risk management;
communicate the benefits of risk management to all stakeholders; and
ensure that the framework for managing risk continues to remain appropriate

The diagram below shows the risk management framework (ISO 31000:2009):

Management of Risk Introduction Page 4