NATIONAL COLLEGE OF BUSINESS AND ARTS

RISK MANAGEMENT

By: Prof. Cristy Joy Cortes- Basco

PRELIM PERIOD

WHAT IS RISK??

Risk is defined as the chance of having a loss due to occurrence of an event

Risk is also defined as the probability of something happening that will have an adverse
impact on people, plant, equipment, financials, property or the environment and the
severity of the impact (Australia, Risk Mgt. Standard ASNZA)

The risk is always associated with the loss aspects since the word itself has the
association of DANGER OF LOSS

The definition can be PROBABILITY OF THE OCCURRENCE OF AN EVENT RESULTING IN

LOSS/ GAIN

CLASSIFICATION OF RISKS

SPECULATIVE RISKS & PURE RISKS

SPECULATIVE RISK PURE RISK

Operation of this leads to profit
/loss
Leads to speculation like investment
of capital in a new venture
Operation is desired
These do not change with the risk
The operation of these perils does
bring in loss/damage to
property/assets/ liability
Not desired

DYNAMIC RISKS & STATIC RISKS

DYNAMIC RISKS STATIC RISKS

Changes with the change in fashion,
buying behavior, trends, technology
etc
It denotes dynamic nature of the
customer behavior and the
products they like to own or use
Like pure risks these risks remain
static and do not change due to
other reasons like that of dynamic
risks
The operation of these risks always
bring about losses

1
 If an organization is not prepared Operation is not desired
then it may go out of existence May result in partial or total
cessation of activities

FUNDAMENTAL RISKS & PARTICULAR RISKS

PARTICULAR RISKS FUNDAMENTAL RISKS

Risks which relate to one or few Relates to the society at large

firms, factories or organizations
only

Losses are suffered by one or few Losses are suffered by large section
more members of the society of the society/nation(s)

Losses may be due to natural

catastrophes, riots, epidemics etc

ICEBERG OF LOSSES

INSURED LOSSES - these are losses insured or covered by a policy

UNINSURED LOSSES

loss of goodwill
loss of market
loss of customers
loss of shareholder value
loss of key employees
loss of costs incurred

Risk Management is defined as the systematic way of ensuring protection of business resources
and income against losses so that the aim , goals and vision of the company can be reached.

Thus Risk Management creates stability and contributes to growth and assures profitability of
the Organization.

EVOLUTION OF RISK MANAGEMENT

emerged in the mid-1970s, evolving from the field of insurance management

2
 Insurance Mgt, focused on protecting companies from natural disasters, theft, fire,
employee injuries, employment practices, etc.
Then in 1980s-1990s, risk mgt. grew into a vital part of company planning and strategy
Thus Risk Management came into existence

ADVANTAGES OF RM
To achieve the objectives of the Organization
To ensure that the goals short term and long term are achieved without any disruption
or delay
To optimize the utilization of the resources
To have knowledgeable of insurance arrangements and have considered decisions on
insurances to be availed

Development of Risk Management

The Industries / Business houses want to have incident free/ accident free working to
achieve their objectives
For this purpose it is necessary to understand the loss producing events , the nature of
losses/ extent of losses to come up with the loss control measures.
Risk Management aims to help the owners to have control on loss incidents and to
reduce the extent of losses by proper study of the exposures and actions to be taken to
control the same.

RISK MANAGEMENT PROCESS - describes the steps you need to take to identify, monitor and
control risk.

THE STEPS IN RISK MANAGEMENT PROCESS ARE:

1. Risk analysis- Risk identification (depending on the size of the business or its nature, the risks
may vary)
(Risk measurement)
2. Risk control - Risk avoidance (assess which of the risk listed will have the most impact on the
company
(Risk minimization)
3. Risk Evaluation- (list down the company goals and objectives, so that whatever
repercussions of each risk to the company, then the company will be better prepared to deal
with the outcomes.
4.Creating a Treatment Plan
The Risk Manager must determine what can be done to treat the risk
Decide which risks can be avoided and which ones can only be lessened
3
5. On-going Risk Monitoring
This step must occur throughout the lifetime of a company
Continuous supervision over the effects of risks

HOW THE LOSS IS CAUSED?

Loss is caused by the operation of perils which refers to the causes for the losses
Loss or damage is caused by the operation of perils such as fire, explosion, flood, storm
etc
The loss potential ( extent of loss) depends on conditions which are favorable for the
incident to assume large proportions. This is known as hazard or potential of the loss.
PERIL ( CAUSE)----------------LOSS(EFFECT)
HAZARD

CAUSES OF LOSSES
Perils- such as fire, explosion etc
Human factors- such as negligence, carelessness, inadequate training, inadequate
supervision, lack of proper systems and controls
Inadequate maintenance ( predictive/ routine/ annual maintenance)
Failure of Plant/ machinery due to breakdowns (failure of safety devices)
Natural perils such as flood, cyclone, earthquake, landslide, rockslide & subsidence
Extraneous: Accidents involving Gas or chemical in nearby units

TYPES OF LOSSES
Property losses- losses which can happen to the Assets
Pecuniary losses- Financial Loss which can be caused by business interruption due to the
loss to the assets, financial loss due to unfaithful acts of employees, storekeepers and
other employees
Liability losses- Loss to the Third Party property or third party personnel due to activities
of the Organization
Personal injuries- accidents resulting in fatal or non-fatal injuries to the employees

HAZARD
Hazard is defined as conditions existing which are favorable for the loss becoming severe

4
CLASSIFICATIONS OF HAZARD
Physical hazard- relating to physical properties.
Moral hazards -relating to the moral behavior of the clients
Morale hazard -Relating to the morale & working conditions of the employees &
employer-employee relationships

RISK ANALYSIS
Risk analysis is the process of identifying and evaluating risk factors, present or
anticipated, and determining both the probability and the impact of identified risk
factors.
It is a preliminary step in establishing a risk management strategy, which is intended to
increase the possibility that the application development project produces the desired
outcome while minimizing risk factors.
It entails both preventive and corrective actions to each of the identified risk factors,
particularly those with a medium to high rating level.

RISK ANALYSIS- METHOD

list all possible risks
investigate
study
inquiry
document review
physical inspection
analyze each risk

RISK EVALUATION
Methods available
Study of Organizational charts/ balance sheets, accounting records
Process flow diagrams
Input- output analysis- contribution from various sections
Study of completed checklists
Threat analysis- Denial of access, Loss of services

EVALUATION METHODS
INPUT OUTPUT ANALYSIS To trace the flow of goods and services to identify the
contribution of parts of organization to the total earnings and to analyze exposures.

5
EVALUATION OF RISKS-THREAT
analyze the threats to business
denial of access- chemical leakage, collapse of nearby buildings, strike, picketing,
damage to water/sewer mains, government restrictions
loss of services water, power, rains, floods, cyclones

RISK HANDLING METHODS

ADOPTION OF LOSS CONTROL MEASURES

Loss control measures involve the nature of the devices utilized and the human factor
For any system to be effective the employees concerned need to be properly trained and
knowledgeable.
The Management need to ensure that the systems employed are in good working order
and that the employees are regularly trained.
RISK AVOIDANCE
This is also known as Risk Elimination
Identify the risk and if possible avoid the risk by eliminating the source
It is like avoiding a location due to seismic activity in the area
Ex:- Avoiding a low lying location which is susceptible for flooding
RISK CONTROL/PLANNING
Risk planning and control, as a shared or centralized activity must accomplish the following
tasks:
Identify concerns that can impact the project implementation
Identify risks, review/assess their intensity and document the risk owners.
Evaluate the risks with reference to probability of their occurrence and possible
consequences
Assess the plausible options for accommodating the recognized risks
Prioritise the efforts required for managing the risks
Develop/discuss and adopt risk management plans
Authorize the implementation of the risk management plans
Monitor the risk management efforts and
Initiate the remedial actions as considered necessary

RISK RETENTION
To keep the costs under control, after analyzing the risks the Management, may decide
to retain some of such losses to its account.

6
 Once a decision is taken , then necessary provision needs to be made to avoid such a
loss ,if happens, eating into the operating budget
Special contingency funds are therefore to be created for this purpose

RISK TRANSFER
Risk transfer involves payment by one party (the transferor) to another (the transferee,
or risk bearer).
The transferee agrees to assume a risk that the transferor desires to escape.

TOOLS OF RISK TRANSFER

incorporation
diversification
hedging
insurance
CONTRIBUTIONS OF RM TO THE BUSINESS
Achievement of objectives/ goals
Reduced anxiety due to losses are of reasonable magnitude and does not cause serious
loss situations
Goodwill is maintained by meeting the obligations
The business is able to survive competition
Successful and continued operations
Resultant growth and sustained earnings
Better care for employees and society at large
Reduction of expenses
Better relationships between customers, suppliers, employees
The best / successful project would be:
Assess risks integrated with business planning and evaluate.
Subject them to critical review
Set priorities based on the requirements
Choose the project
If the risk is high - STOP
If Manageable - PROCEED

Reference: Essentials of Risk Management by Crouthy, Michael

NATIONAL COLEGE OF BUSINESS AND ARTS
Fairview Campus
Lecture Notes in ELEC. 3 (RISK MANAGEMENT)
7
 By: Prof. Cristy Joy Cortes- Basco

MIDTERM PERIOD

Organizations know they must manage strategic risk to create and protect value.

One of the lessons many organizations learned from the global financial crisis is that they need to clearly
link strategy and risk management and be able to identify and manage risk in a highly uncertain
environment. Another is that they must focus risk management on creating value as well as protecting
value.

STRATEGIC RISK MANAGEMENT - is a process for identifying, assessing and managing risks and
uncertainties, affected by internal and external events or scenarios, that could inhibit an organizations
ability to achieve its strategy and strategic objectives with the ultimate goal of creating and protecting
shareholder and stakeholder value.
Strategic risk management is focused on the most consequential and significant risks to
shareholder valueclearly an area deserving the time and attention of executive management
and the board of directors
Managements view of the most consequential risk the firm faces, their likelihood, and
potential effect; are
1.the frequency and nature of updating the identification of these top risks;
2.the influence of risk sensitivity on liability management and financial decisions; and
3. the role of risk management in strategic decision making.

ENTERPRISE RISK MANAGEMENT - is a process, effected by an entitys board of directors, management

and other personnel, applied in strategy setting and across the enterprise, designed to identify potential
events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable
assurance regarding the achievement of entity objectives.

Strategic Risk Management is based on the six principles. These are:

1. Its a process for identifying, assessing, and managing both internal and external events and
risks that could impede the achievement of strategy and strategic objectives.
2. The ultimate goal is creating and protecting shareholder and stakeholder value.
3. Its a primary component and necessary foundation of the organizations overall enterprise
risk management process.
4. As a component of ERM (Enterprise Risk Management), it is by definition effected by boards
of directors, management, and others.
5. It requires a strategic view of risk and consideration of how external and internal events or
scenarios will affect the ability of the organization to achieve its objectives.

8
 6. Its a continual process that should be embedded in strategy setting, strategy execution, and
strategy management. Organizations can adapt the definition and principles of SRM in
developing their action plans for strengthening ERM and focusing it on strategic risks.

Critical Steps for Strategic Risk Management

Strategic risk management increasingly is being viewed as a core competency at both the management
and board levels. The exact steps that an organization should take will depend on the level of maturity of
its overall ERM processes.

Assess the maturity of the organizations ERM efforts relative to its strategic risks.
Consider whether management and the board feel that they have a good understanding of the
organizations strategic risks and the related risk management processes.
Develop action plans to move to a high level of ERM maturity.
Conduct a strategic risk assessment.
Conduct a separate assessment to understand and prioritize the organizations strategic risks.
Consider both internal and external risks and events.
Review the process for strategy setting, including the identification of related risks.
Review the organizations process for setting and updating its strategies and strategic objectives.
Ensure that the process requires the identification and assessment of the risks embedded in the
strategies.
Review the processes to mea sure and monitor the organizations performance.
Expand the processes to include the monitoring and reporting of key performance indicators
(KPIs) related to strategic risks.
Embed risk monitoring and reporting into the organizations core processes for budgeting,
business performance monitoring, and performance measurement systems.
Develop an ongoing process to periodically update the assessment of strategic risks.
Make the strategic risk assessment process an ongoing one with periodic updating and
reporting.

TYPES OF RISK MANAGEMENT

Management uses risk management as a strategic tool to mitigate the loss of property and increase the
success chance of the organization.
There are various kinds of risk and the risk management deals with their timely identification, assessment and
proper handling.
The types of risk management differ on the basis of the nature of operations of a particular organization and
other factors like its overall goals and performance. All these types of financial risk management processes
and risk management reports play a significant role behind the growth of an organization in the long run.

Different Types Of Risk Management Can Be Categorized As Follows:

1. Enterprise Risk Management:
It is a strategic framework that checks the potential risks that have adverse impacts over
9
 the enterprise. These risks could be in terms of risk related to resources , product and
services or the market environment in which the enterprise operates.

Enterprises develop risk management capabilities to deal with these risks and a proper
action plan. Enterprises must note down all the possible risks that may occur and
prepare a set of action plans depending on the nature of risk.

2. Operational Risk Management:

Operational risks are present in every enterprises.

These risks arise due to the execution of the business functions of the enterprises.
Enterprises need to assess these risks and prepare action plans to meet the impact of
risk. At the primary level, operational risk management deals with technical failures and
human errors like: Mistakes in execution; System failures; Policy violations; Legal
infringements; Rule breaches

3. Financial Risk Management:

The process of financial risk management can be defined as minimizing exposure of a
firm to market risk and credit risk using various financial instruments.

Financial risk managers also deal with other risks related to foreign exchange, liquidity,
inflation, non-payment of clients and increased rate of interest. These risks affect the
financial position of the enterprise.

4. Market Risk Management:

Enterprises need to understand the risks present in the market , inherent to the industry
or arising out of competition. Enterprise need to properly assess it and develop their
capabilities . It deals with different types of market risks, such as interest rate risk, equity
risk, commodity risk, and currency risk.

5. Credit Risk Management:

Managing credit risk is one of the fundamental work of the financial institution. Credit
portfolio management is largely becoming essential for the enterprise to keep track of
risk. It deals with the risk related to the probability of nonpayment from the debtors.

6. Quantitative Risk Management:

In quantitative risk management, an effort is carried out to numerically ascertain the
possibilities of the different adverse financial circumstances to handle the degree of loss
that might occur from those circumstances.

7. Commodity Risk Management:

It handles different types of commodity risks, such as price risk, political risk, quantity
risk and cost risk.

10
 8. Bank Risk Management:
It deals with the handling of different types of risks faced by the banks, for example,
market risk, credit risk, liquidity risk, legal risk, operational risk and reputational risk.

9. Non-profit Risk Management :

This is a process where risk management companies offer risk management services on
a non-profit seeking basis.

10. Currency Risk Management:

Deals with changes in currency prices.

11. Project Risk Management:

Deals with particular risks associated with the undertaking of a project.

12. Integrated Risk Management:

Integrated risk management refers to integrating risk data into the strategic decision
making of a company and taking decisions, which take into account the set risk tolerance
degrees of a department. In other words, it is the supervision of market, credit, and
liquidity risk at the same time or on a simultaneous basis.

13. Technology Risk Management:

It is the process of managing the risks associated with implementation of new

technology.

14. Software Risk Management:

Deals with different types of risks associated with implementation of new softwares.

15. IT Risk Management:

It is a part of enterprise risk management as most modern enterprises largely depend on
the information technologies and there is certain inherent risks associated with the
technologies. Most modern enterprises need to face it and prepare plans to deal with
these risks.

RISK ADJUSTED PERFORMANCE

Risk-Adjusted performance measurement can drive improved returns and serve as the key to a well-
structured capital management framework.
Protect Financial Solvency Optimize Shareholder Profitability
The Board and Senior Management challenge is to balance stakeholder expectations
What is the Banks overall risk Is shareholders capital
appetite? invested profitably?
Does the Bank have enough Are there ways to redeploy
11 capital to improve overall
capital to cover its risks?
Can the Bank effectively returns?
monitor and control its risks? Is the financial structure and
dividend policy effective?
IMPLEMENTATION CHALLENGES

Choosing the type and sophistication of the metric which is right for your organization

Developing risk measures and models which are healthy enough to support the applications
Determining the level of implementation
Identifying how it will be used which applications will be developed
Gaining buy-in from business lines
Identifying which business lines and applications to start with

Ultimately, the objective is to achieve a top-down, bottom up consistency

Top Down
1. Set the Banks risk tolerance in line with its strategic objectives
2. Redeploy capital to activities with the best expected risk adjusted returns
3. Align capital structure with the Banks risk and solvency

Bottom Up
4. Control risk to within the Banks risk tolerance
5. Price business so the bank is paid for the risk it is taking
6. Reduce risk by improving diversification

ELECTIVE 3 (RISK MANAGEMENT)

FINAL PERIOD
Prof. Cristy Joy Cortes- Basco

GENERIC PLANNING

12
The concept of generic planning might be set forth as a way of distinguishing the broader view
of planning from the concept of specific planning that might be used to describe what has
typically gone on in the past.

Finally, the idea of general planning might be taken as the comprehensive name for the
integration of generic and specific planning to form the ultimate total body of knowledge
concerning all planning.

GENERIC RISK ASSESSMENT

Generic Risk Assessments - highlight commonly identified hazards (i.e. things with the
potential to cause harm) and control measures/precautions (i.e. ways of reducing the likelihood
of the hazard causing harm) associated with general locations, events or activities.

How should Generic Risk Assessments be used?

Generic Risk Assessments provide a useful starting point for discussion and consideration, BUT
they must never be regarded as:
Foolproof accidents can still happen! (but the risk assessments do give written
evidence to help show that leaders have given reasonable prior thought to the risks and
control measures involved!);
Comprehensive even as generic risk assessments seek to identify and highlight key
hazards and control measures, it should never be assumed that all significant issues have
been recognized and included. It is still up to the leaders to identify and add any other
hazards or control measures that may appropriate;
Rigid risk assessment forms are flexible, and must be adapted to each groups own
circumstances by adding further hazards/control measures that may be relevant, or
deleting those hazards/control measures that are not appropriate or acceptable, or
cannot practically be implemented for some reason. Indeed, while the control measures
suggested might all be worthy of consideration, it is understood that they are not all
universally applicable for all groups and situations. However, if an accident were to occur
as a consequence of a control measure not being adopted, a court of law might expect
the leader to justify that decision!
One persons sole responsibility - all risk assessments should be shared and discussed in
advance with all the other leaders (including volunteer helpers) involved. Wherever
possible, the group members should also be involved in discussions - this will help them
to recognize hazards, to identify suitable control measures, and to take more
responsibility for their own safety and welfare;
Complete the generic risk assessments identify likely hazards and suggest control
measures to consider, but they do not provide a comprehensive list of all options. Users
should delete inappropriate and unacceptable options, and add extra measures in each

13
 section of the form, as necessary. In addition to using relevant generic risk assessments,
a Specific Visit Risk Assessment form should be completed to identify hazards and
control measures that are unique to the precise locations visited, activities undertaken,
and individuals within the group.
- In addition to using relevant generic risk assessments, a Specific Visit
Risk Assessment form should be completed to identify hazards and
control measures that are unique to the precise locations visited,
activities undertaken, and individuals within the group on a particular
visit.
- Furthermore, it must be clearly understood by all leaders that risk
assessment and management is an ongoing process that involves far
more than written documents. Therefore, during a visit, all leaders must
maintain a Dynamic or Ongoing Risk Assessment by remaining alert to,
and responding to, changing circumstances or additional unforeseen
hazards;

When, and how often, should Generic Risk Assessments be completed?

For generic risk assessments that apply to all visits (e.g. All Educational Visits or All
Travel or All Overseas Visits) or for visits that are organized frequently and/or
regularly (e.g. Sports Matches or Visits to Cities or Visits to
Theatres/Cinemas/Museums), it is appropriate and acceptable for the form to be
completed once initially, then reviewed, amended, and signed annually by all those staff
who might be involved in organizing and leading those type of visits during the year. It is
suggested that staff are directed to read the standard generic forms online, and then to
sign a hard copy that is kept for reference in a clearly marked file in the staff room.
For other occasional, non-routine visits, the relevant generic risk assessments can be
completed and signed as required as the foundation for the risk assessment.
New staff arrivals and prospective new leaders should be made aware of any generic
risk assessments that are used regularly, and should be asked to read and add their
signatures, in acceptance of the recognized and adopted safety measures.

Are these Generic Risk Assessments compulsory?

By law, those who are responsible for organizing and leading visits should be able to
show evidence of the risk assessments they have undertaken, and of the preventative
control measures they have established to safeguard those in their care. There is no
single acceptable method for this, and it would ultimately be up to the law courts to
decide what level of risk assessment and management is deemed reasonable.

It is not mandatory for staff to use these exact format, and it is perfectly acceptable for
leaders to complete their own risk assessments in a different format, if preferred,
provided they are suitable and sufficient.

14
CONTINGENCY PLANNING

Contingency planning - aims to prepare an organization to respond well to an emergency and

its potential humanitarian impact.
Developing a contingency plan involves:
making decisions in advance about the management of human and financial
resources,
coordination and communications procedures, and
being aware of a range of technical and logistical responses.
Such planning is a management tool, involving all sectors, which can help ensure timely
and effective provision of humanitarian aid to those most in need when a disaster
occurs.
Time spent in contingency planning equals time saved when a disaster occurs.
Effective contingency planning should lead to timely and effective disaster-relief
operations.

The contingency planning process can basically be broken down into three simple questions:

What is going to happen?

What are we going to do about it?
What can we do ahead of time to get prepared?

This guide helps planners think through these questions in a systematic way.
Contingency planning is most often undertaken when there is a specific threat or hazard; exactly
how that threat will actually impact is unknown.
Developing scenarios is a good way of thinking through the possible impacts.
On the basis of sensible scenarios it is possible to develop a plan that sets out the scale of the
response and the resources needed.

CONTINGENCY PLANNING IS BROKEN DOWN INTO SEVEN MAIN STEPS

1. Develop the contingency planning policy statement. A formal policy provides the authority
and guidance necessary to develop an effective contingency plan.

2. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information
systems and components critical to supporting the organizations mission/business functions.

15
3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can
increase system availability and reduce contingency life cycle costs.

4. Create contingency strategies. Thorough recovery strategies ensure that the system may be
recovered quickly and effectively following a disruption.

5. Develop an information system contingency plan. The contingency plan should contain
detailed guidance and procedures for restoring a damaged system unique to the systems
security impact level and recovery requirements.

6. Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas
training prepares recovery personnel for plan activation and exercising the plan identifies
planning gaps; combined, the activities improve plan effectiveness and overall organization
preparedness.

7. Ensure plan maintenance. The plan should be a living document that is updated regularly to
remain current with system enhancements and organizational changes.

TRAINING

The purpose of risk management training is to:

raise basic awareness of risk management concepts and mechanisms,
to enable participants to identify and manage risks in their own units; and
to strengthen project management through adequate forward planning of
potential risks.

RISK IN DECISION MAKING PROCESS

Lowering the risk is realized by the decision the final product of the risk control process.

Decision is the final result of the risk control phase.

Based on the processed problems of decision process, there are following possibilities for risk
occurrences.
1. First phase - definition and setting of objectives, there can be risks of:
decision makers missing verification of collected information, late identification of
problem, high cost of information processing etc.
2. Second phase - analysis of information and documents can be risks:
Omitting of important information that clearly define the declared objective and
decision process.
3. Third phase - finding the variants (an event that departs from expectations) can be risks:
Choosing the wrong solution,

16
 4. Fourth phase - criteria determination can be risks:
risk of creating a large criteria that complicates making of the decision
5. Fifth phase - determining the variant outcomes can be risks:
creating of duplicity or criteria overlapping (redundancy) etc.
6. Sixth phase - variant rating and selection can be risks:
wrong variant selection, choosing the optimal variant without considering the two
side aspects by the decision maker: benefit and their risks
7. Seventh phase - realization and control of chosen variant can be risks:
wrong communication and cooperation of managers and other workmen, missing
the fact, whether the problem still exists, or has been suppressed, etc.

It is necessary for the decision makers to know and what risk the individual decision makers are
willing to take.

Decision making is the cognitive process leading to the selection of a course of action among
variations. There are lots of risks in every phase. The purpose of risk management is to ensure
levels of risk and uncertainty are properly managed.

COMMUNICATE THE POLICY

Develop, establish and implement an infrastructure or arrangements to ensure that managing

risk becomes an integral part of the planning, management processes and the general culture of
the organization. This may include:

establishing a team containing senior management personnel to be responsible for

internal communications about the policy;
raising awareness about managing risks;

communication/dialogue throughout the organization about managing risk and the

organizations policy;

acquiring risk management skills, e.g. consultants, and developing the skills of staff
through education and training;

ensuring appropriate levels of recognition, rewards and sanctions; and

establishing performance management processes.

REFERENCES
[1] http://www.bozpinfo.cz/citarna/clanky/rizeni_bozp/management_rizeni.html
17
 [2] http://en.wikipedia.org/wiki/Decision_making

Exercise: For each of the three contexts below, identify the cause, uncertain event and impact
based on the following model:

As a result of (definite cause), (an uncertain event/risk) may occur, which would lead to (an
impact on objectives)

Situation A The plan states a team of 10, but we only have 6 available, so we might not be able
to complete the work in time

Situation B Use of new / novel hardware, unexpected errors may occur which would lead to
overspending

Situation C We have to outsource production, we may be able to learn new practices from our
new partner, leading to increased productivity

18