What are the steps in the risk management process?

  • Risk Management Process

    Risk management is not space science. I consider risk management as an inherent sense that exists within all individuals. I assume many of your reading this post would have crossed a road/path recently where you would have looked at all possible risks by looking at both sides of the road and decided to cross based on evaluating both opportunities and threats. Some of you would have taken care of kids in the park where as a parent/guardian, you would have constantly watched your kids and subconsciously carried risk management in your mind and took appropriate strategies to protect your kid.

    The primary objective of the risk management is to identify, evaluate, mitigate and monitor the risks within the organisation. Detailed steps in the risk management process are as follows:
    Step 1 – Establish the context

    The starting point of effective risk management is to determine the context of risk management. Identify and understand the parameters and variables involved. Establish the criteria against which risk will be evaluated and internal and external conditions (Environmental, Political, etc.) which may affect the achievement of your goal.

    Step 2- Risk Identification

    Risk identification is the next phase in the process which includes using historical data, theoretical analysis; informed opinions; expert advice; and stakeholder input, identify and describe risks which may impact the achievement of your objective.

    They are numerous ways to identify risks such as

    Structured ‘What-if’ Technique
    Scenario Analysis
    Fault Tree Analysis
    Bow Tie Analysis
    Direct Observation
    Expert Judgement
    Incident Analysis
    Step 3 – Analyse the Risk

    Identified risks can be measured/assessed either quantitatively or qualitatively methods depending the nature of the risks and availability of data/information to evaluate the risks. In most cases, a range of likelihood and potential consequences are used to assess the risk.

    Inherent Risk - It is essential to understand the intrinsic value/nature of the risk before planning for any mitigation strategy. The inherent value of the risk is calculated based on the existence of current controls (if any).

    Step 4 – Mitigate / Improvement Strategy

    The intent of this step is to either lower the level of risk (for threats) or increase the degree of risk (for an opportunity) to an acceptable level (differs between businesses). Implementing the right strategy to manage the risk is key to risk management as the strategy dictates the success of risk management.

    Step 5 – Monitor and Control

    In this step, we should monitor the effectiveness of the risk management process and the specific risks and risk treatment. As part of the monitoring process, risk values should be re-evaluated after the application of risk treatment to determine the residual risk. Changing circumstances may alter priorities, and regular monitoring and review will ensure both continuous improvement and relevance.

    Step 6 – Review and Update

    Risk management does not need with monitoring and controlling the risk. Since the current business environment is highly volatile and changes to the environment are frequent, the above Step 1 to 5 should be done at regular intervals to maintain the consistency and alignment of the risk management system.


Suggested posts